Review GraphQL endpoints to avoid node overload #623
Assignees
Labels
Comments
xgreenx
added
question
|
GraphQL endpoints should probably also implement some size check on request bodies to prevent that DOS vector |
This was referenced Jun 14, 2024
This was referenced Oct 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some GraphQL endpoints have complexity
O(n),O(n^2), wherencan be a number of arguments or internal data stored in the blockchain.In the mainnet, it can affect GraphQL nodes and cause them to be stuck.
Each request should have some limitations. It can be a limitation of input or output arguments or query frequency.
The code has many simple queries (like getting block by height, transaction by id, and so on). The DevOps and infrastructure can limit the rates for those requests(for example, Apollo, but it requires investigation). So we don't need to modify the code and only care for it during cluster deployment.
We need to review all queries and decide which queries should be limited in the code(we need to implement some custom logic, maybe pagination, etc.) and which by the infra team(also, we need to decide how to do that).
The text was updated successfully, but these errors were encountered: