Skip to content
KeystoneJS LogoKeystoneJS
👋🏻 Keystone 5 has officially moved to maintenance only. For the latest release of Keystone please visit the Keystone website.

Query validation

Stop maliciously complex or invalid queries against your Keystone instance.

JS
const { validation } = require('@keystonejs/app-graphql');

const app = new GraphQLApp({
  apollo: {
    validationRules: [validation.depthLimit(3)],
  },
});

Validators

  • depthLimit: limit nesting depth of queries
  • definitionLimit: limit number of definitions (queries, fragments, mutations)
  • fieldLimit: limit total number of fields returned in results (after expanding fragment spreads)

The following GraphQL has two definitions (contact, info), four fields (name, email, allUsers, friends), and a total depth of three:

GraphQL
fragment contact on User {
  name
  email
}
query info {
  allUsers {
    friends {
      ...contact
    }
  }
}

On this page

  • Validators
Edit on GitHub