Commit 90554e6e authored by Mario de la Ossa's avatar Mario de la Ossa

GraphQL: Add timeout to all queries

parent 981c7ed7
---
title: 'GraphQL: Add timeout to all queries'
merge_request:
author:
type: security
......@@ -5,3 +5,7 @@ GraphQL::Field.accepts_definitions(authorize: GraphQL::Define.assign_metadata_ke
GraphQL::Schema::Object.accepts_definition(:authorize)
GraphQL::Schema::Field.accepts_definition(:authorize)
GitlabSchema.middleware << GraphQL::Schema::TimeoutMiddleware.new(max_seconds: ENV.fetch('GITLAB_RAILS_GRAPHQL_TIMEOUT', 30).to_i) do |timeout_error, query|
Gitlab::GraphqlLogger.error(message: timeout_error.to_s, query: query.query_string, query_variables: query.provided_variables)
end
......@@ -8,6 +8,18 @@ describe 'GitlabSchema configurations' do
set(:project) { create(:project) }
shared_examples 'imposing query limits' do
describe 'timeouts' do
context 'when timeout is reached' do
it 'shows an error' do
Timecop.scale(50000000) do # ludicrously large number because the timeout has to happen before the query even begins
subject
expect_graphql_errors_to_include /Timeout/
end
end
end
end
describe '#max_complexity' do
context 'when complexity is too high' do
it 'shows an error' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment