What are I am talking about today ▸ How GraphQL rate limiting differs from REST API
▸ Walking through the GraphQL AST by using graphql-js
▸ Introduce three examples to walk through GraphQL API based on actual use cases from graphql-cost-calculator NOTE:
1. I believe the basic concept is not signi fi cantly different from other languages. However, this assumes NodeJS environment, as I'm not familiar with GraphQL tooling in other languages.
2. There’s some other libraries to provide a way to calculate a GraphQL cost but I am not talking about them today.
The GraphQL API rate limiting is different from REST API’s ▸ We can’t simply count the number of queries for GraphQL rate limiting because GraphQL query can replace multiple REST API calls.
▸ Small queries only consume minimal server resources, but a single complex GraphQL query could be equivalent to thousands of REST API calls.
▸ Until the server executes actual GraphQL calls, we can’t determine their true cost.
Static analysis is important for blocking queries before they are executed ▸ It’s the popular way to calculate GraphQL queries cost to use rate limit instead of counting number of requests call.
▸ This should be done statically by analyzing the query's AST before execution.
▸ Because if some huge queries are executed once, it could consume huge server resources.
A rate limiting score on GitHub GraphQL API Refer: https://docs.github.com/en/graphql/overview/resource-limitations 3. Although we're returning 60 labels, the API has to connect to each of the 5,000 potential total issues to get the list of labels. So, requests for labels = 5,000 2. Although we're returning 50 issues, the API has to connect to each of the 100 repositories to get the list of issues. So, requests for issues
= 100 4. Total = 5,101 1. Although we're returning 100 repositories, the API has to connect to the viewer's account once to get the list of repositories. So, requests for repositories = 1 5. Dividing by 100 and rounding gives us the fi nal score of the query: 51
Example1: Counting requests for each unique connection 1. When it enters SelectionSet, get fi rst/last from arguments 2. If it has a fi rst/last argument, the multiplier is incremented and pushed to the stack 3. If it lacks a fi rst/last argument,
the current multiplier value is pushed to the stack. 4. If it’s a connection node, calculates a cost based on current multiplier 5. When it leaves SelectionSet,
the current multiplier value is reduced from the stack.
Example2: Resolving Fragment 1. First, store all fragment de fi nitions. 2. Upon encountering a FragmentSpread, it is replaced with the fragment de fi nition stored in the fi rst step.
Example3: Identifying Object Type 1. Retrieve the parent type because a parent know what type is for each fi eld.
While the AST doesn't recognize the actual fi eld type, the GraphQL Schema does. With this combination, you can obtain the actual type name. 2. Obtain the node's fi eld class from the schema.
This class includes a `.type` attribute that provides the actual type name of the fi eld.
joere
takesection
you
nttcom
nishiuma
inureyes
peisuke
coconala_engineer
sekido
takasehideki
i35_267
niftycorp
lauravandoore
dougneiner
caitiem20
reverentgeek
eileencodes
jonyablonski
panda_program
iamctodd
vanstee
jcasabona
keavy
tammielis