QueryDepthLimiter
This extension adds a validator to limit the query depth of GraphQL operations.
Usage example:
import strawberryfrom strawberry.extensions import QueryDepthLimiter schema = strawberry.Schema( Query, extensions=[ QueryDepthLimiter(max_depth=10), ])API reference:
class QueryDepthLimiter(max_depth, ignore=None, callback=None)max_depth: int
The maximum allowed depth for any operation in a GraphQL document.
ignore: Optional[List[IgnoreType]]
Stops recursive depth checking based on a field name. Either a string or regexp to match the name, or a function that returns a boolean.
callback: Optional[Callable[[Dict[str, int]], None]
Called each time validation runs. Receives a dictionary which is a map of the depths for each operation.
More examples:
Ignoring fields
import strawberryfrom strawberry.extensions import QueryDepthLimiter schema = strawberry.Schema( Query, extensions=[ QueryDepthLimiter( max_depth=2, ignore=["user"] ), ])
# This query failsschema.execute("""
query TooDeep {
book {
author {
publishedBooks {
title
}
}
}
}
""")
# This query succeeds because the `user` field is ignoredschema.execute("""
query NotTooDeep {
user {
favouriteBooks {
author {
publishedBooks {
title
}
}
}
}
}
""")Ignoring fields with regex
import reimport strawberryfrom strawberry.extensions import QueryDepthLimiter schema = strawberry.Schema( Query, extensions=[ QueryDepthLimiter( max_depth=2, ignore=[re.compile(r".*favourite.*"] ), ])
# This query succeeds because an field that contains `favourite` is ignoredschema.execute("""
query NotTooDeep {
user {
favouriteBooks {
author {
publishedBooks {
title
}
}
}
}
}
""")Ignoring fields with a function
import strawberryfrom strawberry.extensions import QueryDepthLimiter schema = strawberry.Schema( Query, extensions=[ QueryDepthLimiter( max_depth=2, ignore=[lambda field_name: field_name == "user"] ), ])
schema.execute("""
query NotTooDeep {
user {
favouriteBooks {
author {
publishedBooks {
title
}
}
}
}
}
""")