ValidationRules migration to v2

[ZaninAndrea]

In a medium article on the apollo publication (https://blog.apollographql.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b) the suggested solution for mitigating malicious queries was graphql-cost-analysis.

graphql-cost-analysis allows an onComplete callback which we use to ratelimit the queries of each user, unfortunately with v2 apollo moved away from the middleware sintax and thus validationRules cannot access the express req nor the context anymore, so we cannot ratelimit the various users with the cost calculated by graphql-cost-analysis.

Is there a way to implement the same behaviour with Apollo Server Express v2?

Code used in previous apollo version:

  validationRules: ({ req }) => [
    costAnalysis({
      variables: req.body.variables,
      maximumCost: 500,
      onComplete: cost => {
        if (cost < MAX_COST) req.rateLimitCost(cost + 1) // function defined when reading the authentication token
      },
    }),
  ],

[trevor-scheer]

👋 Hey @ZaninAndrea, I'm going to close this since this doesn't appear to be a bug with Apollo Server, but rather a question about how to use it or one of its components.

Rather than asking it here in GitHub Issues — where efforts are focused on fixing bugs and adding new features — I'd ask that you take this question to the Apollo Server channel within the Apollo community on Spectrum.chat where there are community members who might be able to relate to a similar problem, or might be able to help you out more interactively. Thanks for your understanding!

[yareyaredesuyo]

This thread is helpful to solve this issue.

• How to use it with Apollo Server? slicknode/graphql-query-complexity#7
• https://github.com/MichalLytek/type-graphql/blob/4501867fffe3e6f5b3e71af0b71651efcd48d9c3/examples/query-complexity/index.ts#L16-L64