Skip to content

Obsidian 3.1 - Added support for variables and directives and the ability to limit query depth #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 38 commits into from
Jul 1, 2021
Merged

Obsidian 3.1 - Added support for variables and directives and the ability to limit query depth #54

merged 38 commits into from
Jul 1, 2021

Conversation

@cssim22
Copy link
Contributor

@cssim22 cssim22 commented Jul 1, 2021

Checklist

  • Bugfix
  • New feature
  • Refactor

Related Issue

  • Obsidian 3.0 does not support GraphQL variables and directives, which are features that allow dynamic changes to a query's fields and structure. Additionally, GraphQL servers are known to be susceptible to various forms of malicious activity due to the ability to craft individual queries that are complex and expensive. Obsidian 3.0 does not have any features to mitigate these risks.

Solution

  • Obsidian 3.1 has been updated to support variables and directives using standard GraphQL syntax. The parsing algorithm has been modified to account for variables and directives, altering the input query before resuming the existing destructuring algorithm.
  • Obsidian 3.1 enables the ability to limit query depth on the Obsidian Router app. Query depth is determined before being sent to GraphQL runtime and if the desired limit is exceeded, obsidian responds with a null query and throws an error. The depth limit is disabled by default, but can be enabled when invoking the Obsidian Router.

kyunglee1 and others added 30 commits June 15, 2021 15:28
@kyunglee1
Swap query variables with their values
b0225fa
@kyunglee1
Store queries with a single variable in cache
f62fe76
@kyunglee1
Store queries with multiple variables in cache
8e2582e
@kyunglee1
Add comments to destructur.js
b423920 
Co-authored-by: Justin McKay justinmckay99@gmail.com
Co-authored-by: Raymond Ahn ray.ahn@gmail.com
@kyunglee1
Replace variables in directives with their values
a2e9900
@kyunglee1
Destructure queries with directives
e930225
@pjmsullivan
Implemented DoS security module enabling developers to set a maximum …
51644d6 
…query nesting depth value, above which, queries will be rejected.
@kyunglee1
Fix cache read() when query has nested types
4dbc2dd
@pjmsullivan
Refactored DoS Security module and added DoS Securuty tests
03b86ca
@kyunglee1
Fix caching when directive is false
4955bc4
@pjmsullivan
Removed extraneous console log
1fcc3a0
@pjmsullivan @kyunglee1
@raymond-a1 @cssim22 @justinwmckay
Add co-authors
9617459 
Co-authored-by: kyunglee1 <kyunglee3@yahoo.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
@pjmsullivan
Fix queryDepthCheck return type (to remove undefined)
acf10bf
@pjmsullivan
Fix import statement on destructure_test.ts to accommodate change in …
86a5844 
…default export in destructure.js
@pjmsullivan
Fix DoSSecurity depth check level (change from 10 to 2)
09a734c
@kyunglee1 @justinwmckay
@raymond-a1 @cssim22 @pjmsullivan
Implement support for skip directive
cc2e073 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: kyunglee1 <kyunglee3@yahoo.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@pjmsullivan @justinwmckay
@kyunglee1 @raymond-a1 @cssim22
Added tests for multiple queries or mutations for DoSSecurity module
170e1a8 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: kyunglee1 <kyunglee3@yahoo.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@pjmsullivan
Removed extraneous console log
aac58fc
@kyunglee1 @justinwmckay
@raymond-a1 @cssim22 @pjmsullivan
Add single/multi variable Rhum tests
94871b5 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@kyunglee1 @justinwmckay
@raymond-a1 @cssim22 @pjmsullivan
Add single @include directive tests
ed1cc42 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@kyunglee1 @justinwmckay
@raymond-a1 @cssim22 @pjmsullivan
Fix serverCache_test
0384f18 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@cssim22
Merge pull request #1 from pjmsullivan/security
e97bfc8 
Implemented DoS security module. Now queries and mutations have selectable nesting depth limit.
@kyunglee1
Merge security features
3db213c
@kyunglee1 @justinwmckay
@raymond-a1 @cssim22 @pjmsullivan
Add @Skip directives tests
b76057b 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@kyunglee1 @justinwmckay
@raymond-a1 @cssim22 @pjmsullivan
Add comments to destructure.js
4a91436 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@pjmsullivan @justinwmckay
@kyunglee1 @raymond-a1 @cssim22
Updated Readme to indicate new features and contributors
bac39cd 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: kyunglee1 <kyunglee3@yahoo.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@pjmsullivan @justinwmckay
@kyunglee1 @raymond-a1 @cssim22
Updated Readme to indicate new features and contributors
126fae3 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
Co-authored-by: kyunglee1 <kyunglee3@yahoo.com>
Co-authored-by: raymondcodes <ray.ahn@gmail.com>
Co-authored-by: cssim22 <cssim22@gmail.com>
Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@kyunglee1 @pjmsullivan
Remove extra comments
0a9e35f 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
    Co-authored-by: raymondcodes <ray.ahn@gmail.com>
    Co-authored-by: cssim22 <cssim22@gmail.com>
    Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@kyunglee1 @pjmsullivan
Remove unnecessary comments
27435c4 
Co-authored-by: justinwmckay <justinmckay99@gmail.com>
    Co-authored-by: raymondcodes <ray.ahn@gmail.com>
    Co-authored-by: cssim22 <cssim22@gmail.com>
    Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@pjmsullivan
Merge branch 'master' of https://github.com/oslabs-beta/obsidian
99193fa 
Merge security into master
justinwmckay and others added 8 commits June 29, 2021 11:05
@justinwmckay
Merge pull request #2 from pjmsullivan/security
a24c9c2 
Updated Readme to indicate new features and contributors
@pjmsullivan
Merge branch 'master' of https://github.com/oslabs-beta/obsidian
3683bb9 
Merge security into master
@kyunglee1
Remove unnecessary files
906ee65 
    Co-authored-by: justinwmckay <justinmckay99@gmail.com>
    Co-authored-by: raymondcodes <ray.ahn@gmail.com>
    Co-authored-by: cssim22 <cssim22@gmail.com>
    Co-authored-by: pjmsullivan <patrick@jsullivan.org>
@pjmsullivan
Merge pull request #3 from kyunglee1/feature/directives
07bed1f 
Feature/directives
@pjmsullivan
Merge branch 'master' of https://github.com/oslabs-beta/obsidian
53598b2 
Merged new directive and variable pull req
@pjmsullivan
Fixed Readme typo
c88e53b
@pjmsullivan
Fixed Readme typo
5f5808b
@cssim22
Merge pull request #4 from pjmsullivan/master
6731962 
Fixed readme typo
pjmsullivan
pjmsullivan approved these changes Jul 1, 2021
View reviewed changes
Copy link
Contributor

@pjmsullivan pjmsullivan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commits merged in beta, successfully tested, and ready for release

@pjmsullivan pjmsullivan merged commit 893f1a8 into open-source-labs:master Jul 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pjmsullivan pjmsullivan pjmsullivan approved these changes

@travismfrank travismfrank Awaiting requested review from travismfrank

@raymond-a1 raymond-a1 Awaiting requested review from raymond-a1

@kyunglee1 kyunglee1 Awaiting requested review from kyunglee1

@justinwmckay justinwmckay Awaiting requested review from justinwmckay

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cssim22 @pjmsullivan @kyunglee1 @justinwmckay