2021-08-13 17:32:20 +03:00
|
|
|
Validators
|
2021-08-13 15:52:12 +03:00
|
|
|
==========
|
|
|
|
|
|
2021-08-13 17:34:42 +03:00
|
|
|
Validation rules help validate a given GraphQL query, before executing it. To help with common use
|
2021-08-13 15:52:12 +03:00
|
|
|
cases, graphene provides a few validation rules out of the box.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Depth limit Validator
|
|
|
|
|
-----------------
|
|
|
|
|
The depth limit validator helps to prevent execution of malicious
|
|
|
|
|
queries. It takes in the following arguments.
|
|
|
|
|
|
|
|
|
|
- ``max_depth`` is the maximum allowed depth for any operation in a GraphQL document.
|
|
|
|
|
- ``ignore`` Stops recursive depth checking based on a field name. Either a string or regexp to match the name, or a function that returns a boolean
|
|
|
|
|
- ``callback`` Called each time validation runs. Receives an Object which is a map of the depths for each operation.
|
|
|
|
|
|
|
|
|
|
Example
|
|
|
|
|
-------
|
|
|
|
|
|
|
|
|
|
Here is how you would implement depth-limiting on your schema.
|
|
|
|
|
|
|
|
|
|
.. code:: python
|
2021-08-14 05:15:34 +03:00
|
|
|
from graphql import validate
|
|
|
|
|
from graphene import ObjectType, Schema, String
|
2021-08-13 17:54:53 +03:00
|
|
|
from graphene.validation import depth_limit_validator
|
2021-08-13 15:52:12 +03:00
|
|
|
|
|
|
|
|
|
2021-08-14 05:15:34 +03:00
|
|
|
class MyQuery(ObjectType):
|
|
|
|
|
name = String(required=True)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
schema = Schema(query=MyQuery)
|
|
|
|
|
|
|
|
|
|
# Queries which have a depth more than 20
|
|
|
|
|
# will not be executed.
|
|
|
|
|
|
|
|
|
|
validation_errors = validate(
|
|
|
|
|
schema=schema,
|
|
|
|
|
document='THE QUERY',
|
|
|
|
|
rules=(
|
2021-08-13 15:52:12 +03:00
|
|
|
depth_limit_validator(
|
|
|
|
|
max_depth=20
|
2021-08-14 05:15:34 +03:00
|
|
|
),
|
|
|
|
|
)
|
2021-08-13 15:52:12 +03:00
|
|
|
)
|
