Skip to content
KeystoneJS LogoKeystoneJS
👋🏻 We're working on the next generation of KeystoneJS! If you're using the @keystone-next packages, click here to learn more

Query validation

Stop maliciously complex or invalid queries against your Keystone instance.

JS
const { validation } = require('@keystonejs/app-graphql');

const app = new GraphQLApp({
  apollo: {
    validationRules: [validation.depthLimit(3)],
  },
});

Validators

  • depthLimit: limit nesting depth of queries
  • definitionLimit: limit number of definitions (queries, fragments, mutations)
  • fieldLimit: limit total number of fields returned in results (after expanding fragment spreads)

The following GraphQL has two definitions (contact, info), four fields (name, email, allUsers, friends), and a total depth of three:

GraphQL
fragment contact on User {
  name
  email
}
query info {
  allUsers {
    friends {
      ...contact
    }
  }
}

On this page

  • Validators
Edit on GitHub