1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
namespace GraphQL\Validator\Rules;
use GraphQL\Error\Error;
use GraphQL\Language\AST\FieldNode;
use GraphQL\Language\AST\FragmentSpreadNode;
use GraphQL\Language\AST\InlineFragmentNode;
use GraphQL\Language\AST\Node;
use GraphQL\Language\AST\NodeKind;
use GraphQL\Language\AST\OperationDefinitionNode;
use GraphQL\Language\AST\SelectionSetNode;
use GraphQL\Validator\ValidationContext;
class QueryDepth extends AbstractQuerySecurity
{
/**
* @var int
*/
private $maxQueryDepth;
public function __construct($maxQueryDepth)
{
$this->setMaxQueryDepth($maxQueryDepth);
}
/**
* Set max query depth. If equal to 0 no check is done. Must be greater or equal to 0.
*
* @param $maxQueryDepth
*/
public function setMaxQueryDepth($maxQueryDepth)
{
$this->checkIfGreaterOrEqualToZero('maxQueryDepth', $maxQueryDepth);
$this->maxQueryDepth = (int) $maxQueryDepth;
}
public function getMaxQueryDepth()
{
return $this->maxQueryDepth;
}
public static function maxQueryDepthErrorMessage($max, $count)
{
return sprintf('Max query depth should be %d but got %d.', $max, $count);
}
public function getVisitor(ValidationContext $context)
{
return $this->invokeIfNeeded(
$context,
[
NodeKind::OPERATION_DEFINITION => [
'leave' => function (OperationDefinitionNode $operationDefinition) use ($context) {
$maxDepth = $this->fieldDepth($operationDefinition);
if ($maxDepth > $this->getMaxQueryDepth()) {
$context->reportError(
new Error($this->maxQueryDepthErrorMessage($this->getMaxQueryDepth(), $maxDepth))
);
}
},
],
]
);
}
protected function isEnabled()
{
return $this->getMaxQueryDepth() !== static::DISABLED;
}
private function fieldDepth($node, $depth = 0, $maxDepth = 0)
{
if (isset($node->selectionSet) && $node->selectionSet instanceof SelectionSetNode) {
foreach ($node->selectionSet->selections as $childNode) {
$maxDepth = $this->nodeDepth($childNode, $depth, $maxDepth);
}
}
return $maxDepth;
}
private function nodeDepth(Node $node, $depth = 0, $maxDepth = 0)
{
switch ($node->kind) {
case NodeKind::FIELD:
/* @var FieldNode $node */
// node has children?
if (null !== $node->selectionSet) {
// update maxDepth if needed
if ($depth > $maxDepth) {
$maxDepth = $depth;
}
$maxDepth = $this->fieldDepth($node, $depth + 1, $maxDepth);
}
break;
case NodeKind::INLINE_FRAGMENT:
/* @var InlineFragmentNode $node */
// node has children?
if (null !== $node->selectionSet) {
$maxDepth = $this->fieldDepth($node, $depth, $maxDepth);
}
break;
case NodeKind::FRAGMENT_SPREAD:
/* @var FragmentSpreadNode $node */
$fragment = $this->getFragment($node);
if (null !== $fragment) {
$maxDepth = $this->fieldDepth($fragment, $depth, $maxDepth);
}
break;
}
return $maxDepth;
}
}