Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent api spam with GQL complexity limits #1676

Merged
merged 19 commits into from
Jun 26, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,22 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
## [Unreleased]

### Added
- [#1676](https://github.com/FuelLabs/fuel-core/pull/1676): Added new CLI arguments:
- `graphql-max-depth`
- `graphql-max-complexity`
- `graphql-max-recursive-depth`
- [#1889](https://github.com/FuelLabs/fuel-core/pull/1889): Add new `FuelGasPriceProvider` that receives the gas price algorithm from a `GasPriceService`

### Changed
- [#1676](https://github.com/FuelLabs/fuel-core/pull/1676): Changed default value for `api-request-timeout` to be `30s`.
- [#1942](https://github.com/FuelLabs/fuel-core/pull/1942): Sequential relayer's commits.
- [#1952](https://github.com/FuelLabs/fuel-core/pull/1952): Change tip sorting to ratio between tip and max gas sorting in txpool

#### Breaking

- [#1676](https://github.com/FuelLabs/fuel-core/pull/1676): Now, GraphQL API has complexity and depth limitations on the queries. The default complexity limit is `20000`. It is ~50 blocks per request with transaction IDs and ~2-5 full blocks.
- [#1676](https://github.com/FuelLabs/fuel-core/pull/1676): New `fuel-core-client` is incompatible with the old `fuel-core` because of two requested new fields.

### Fixed
- [#1950](https://github.com/FuelLabs/fuel-core/pull/1950): Fix cursor `BlockHeight` encoding in `SortedTXCursor`

Expand Down
Binary file not shown.
39 changes: 17 additions & 22 deletions bin/fuel-core/src/cli/run.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ use crate::{
default_db_path,
run::{
consensus::PoATriggerArgs,
graphql::GraphQLArgs,
tx_pool::TxPoolArgs,
},
ShutdownListener,
Expand All @@ -19,6 +20,7 @@ use fuel_core::{
CombinedDatabase,
CombinedDatabaseConfig,
},
fuel_core_graphql_api::ServiceConfig as GraphQLConfig,
producer::Config as ProducerConfig,
service::{
config::Trigger,
Expand Down Expand Up @@ -73,6 +75,7 @@ pub const CONSENSUS_KEY_ENV: &str = "CONSENSUS_KEY_SECRET";
mod p2p;

mod consensus;
mod graphql;
mod profiling;
#[cfg(feature = "relayer")]
mod relayer;
Expand All @@ -81,12 +84,6 @@ mod tx_pool;
/// Run the Fuel client node locally.
#[derive(Debug, Clone, Parser)]
pub struct Command {
#[clap(long = "ip", default_value = "127.0.0.1", value_parser, env)]
pub ip: net::IpAddr,

#[clap(long = "port", default_value = "4000", env)]
pub port: u16,

/// Vanity name for node, used in telemetry
#[clap(long = "service-name", default_value = "fuel-core", value_parser, env)]
pub service_name: String,
Expand Down Expand Up @@ -169,6 +166,10 @@ pub struct Command {
#[clap(flatten)]
pub tx_pool: TxPoolArgs,

/// The cli arguments supported by the GraphQL API service.
#[clap(flatten)]
pub graphql: GraphQLArgs,

#[cfg_attr(feature = "relayer", clap(flatten))]
#[cfg(feature = "relayer")]
pub relayer_args: relayer::RelayerArgs,
Expand Down Expand Up @@ -198,14 +199,6 @@ pub struct Command {
#[clap(long = "time-until-synced", default_value = "0s", env)]
pub time_until_synced: humantime::Duration,

/// Time to wait after submitting a query before debug info will be logged about query.
#[clap(long = "query-log-threshold-time", default_value = "2s", env)]
pub query_log_threshold_time: humantime::Duration,

/// Timeout before drop the request.
#[clap(long = "api-request-timeout", default_value = "30m", env)]
pub api_request_timeout: humantime::Duration,

/// The size of the memory pool in number of `MemoryInstance`s.
#[clap(long = "memory-pool-size", default_value = "32", env)]
pub memory_pool_size: usize,
Expand All @@ -217,8 +210,6 @@ pub struct Command {
impl Command {
pub fn get_config(self) -> anyhow::Result<Config> {
let Command {
ip,
port,
service_name: name,
max_database_cache_size,
database_path,
Expand All @@ -243,15 +234,14 @@ impl Command {
max_da_lag,
max_wait_time,
tx_pool,
graphql,
min_connected_reserved_peers,
time_until_synced,
query_log_threshold_time,
api_request_timeout,
memory_pool_size,
profiling: _,
} = self;

let addr = net::SocketAddr::new(ip, port);
let addr = net::SocketAddr::new(graphql.ip, graphql.port);

let snapshot_reader = match snapshot.as_ref() {
None => crate::cli::local_testnet_reader(),
Expand Down Expand Up @@ -335,8 +325,14 @@ impl Command {
);

let config = Config {
addr,
api_request_timeout: api_request_timeout.into(),
graphql_config: GraphQLConfig {
addr,
max_queries_depth: graphql.graphql_max_depth,
max_queries_complexity: graphql.graphql_max_complexity,
max_queries_recursive_depth: graphql.graphql_max_recursive_depth,
api_request_timeout: graphql.api_request_timeout.into(),
query_log_threshold_time: graphql.query_log_threshold_time.into(),
},
combined_db_config,
snapshot_reader,
debug,
Expand Down Expand Up @@ -372,7 +368,6 @@ impl Command {
relayer_consensus_config: verifier,
min_connected_reserved_peers,
time_until_synced: time_until_synced.into(),
query_log_threshold_time: query_log_threshold_time.into(),
memory_pool_size,
};
Ok(config)
Expand Down
34 changes: 34 additions & 0 deletions bin/fuel-core/src/cli/run/graphql.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
//! Clap configuration related to GraphQL service.

use std::net;

#[derive(Debug, Clone, clap::Args)]
pub struct GraphQLArgs {
/// The IP address to bind the GraphQL service to.
#[clap(long = "ip", default_value = "127.0.0.1", value_parser, env)]
pub ip: net::IpAddr,

/// The port to bind the GraphQL service to.
#[clap(long = "port", default_value = "4000", env)]
pub port: u16,

/// The max depth of GraphQL queries.
#[clap(long = "graphql-max-depth", default_value = "16", env)]
pub graphql_max_depth: usize,

/// The max complexity of GraphQL queries.
#[clap(long = "graphql-max-complexity", default_value = "20000", env)]
pub graphql_max_complexity: usize,

/// The max recursive depth of GraphQL queries.
#[clap(long = "graphql-max-recursive-depth", default_value = "10", env)]
pub graphql_max_recursive_depth: usize,

/// Time to wait after submitting a query before debug info will be logged about query.
#[clap(long = "query-log-threshold-time", default_value = "2s", env)]
pub query_log_threshold_time: humantime::Duration,

/// Timeout before drop the request.
#[clap(long = "api-request-timeout", default_value = "30s", env)]
pub api_request_timeout: humantime::Duration,
}
2 changes: 1 addition & 1 deletion bin/fuel-core/src/cli/run/tx_pool.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
//! Clap configuration related to consensus parameters
//! Clap configuration related to TxPool service.

use fuel_core::txpool::types::ContractId;
use fuel_core_types::{
Expand Down
2 changes: 2 additions & 0 deletions ci_checks.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
# - Rust `1.75.0`
# - Nightly rust formatter
# - `cargo install cargo-sort`
# - `cargo install cargo-make`
# - `cargo install cargo-insta`
# - `npm install prettier prettier-plugin-toml`

npx prettier --check "**/Cargo.toml" &&
Expand Down
3 changes: 3 additions & 0 deletions crates/client/assets/schema.sdl
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ type Block {
height: U32!
header: Header!
consensus: Consensus!
transactionsIds: [TransactionId!]!
Dentosal marked this conversation as resolved.
Show resolved Hide resolved
transactions: [Transaction!]!
}

Expand Down Expand Up @@ -317,6 +318,7 @@ input ExcludeInput {

type FailureStatus {
transactionId: TransactionId!
blockHeight: U32!
block: Block!
time: Tai64Timestamp!
reason: String!
Expand Down Expand Up @@ -1034,6 +1036,7 @@ type Subscription {

type SuccessStatus {
transactionId: TransactionId!
blockHeight: U32!
block: Block!
time: Tai64Timestamp!
programState: ProgramState
Expand Down
9 changes: 3 additions & 6 deletions crates/client/src/client/schema/block.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
use super::Bytes32;
use crate::client::schema::{
schema,
BlockId,
ConnectionArgs,
PageInfo,
Signature,
Tai64Timestamp,
TransactionId,
U16,
U32,
U64,
Expand All @@ -14,11 +16,6 @@ use fuel_core_types::{
fuel_types::BlockHeight,
};

use super::{
tx::TransactionIdFragment,
Bytes32,
};

#[derive(cynic::QueryVariables, Debug)]
pub struct BlockByIdArgs {
pub id: Option<BlockId>,
Expand Down Expand Up @@ -90,7 +87,7 @@ pub struct Block {
pub id: BlockId,
pub header: Header,
pub consensus: Consensus,
pub transactions: Vec<TransactionIdFragment>,
pub transactions_ids: Vec<TransactionId>,
Dentosal marked this conversation as resolved.
Show resolved Hide resolved
}

#[derive(cynic::QueryFragment, Clone, Debug)]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,6 @@ query($height: U32) {
signature
}
}
transactions {
id
}
transactionsIds
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,6 @@ query($id: BlockId) {
signature
}
}
transactions {
id
}
transactionsIds
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,7 @@ query($after: String, $before: String, $first: Int, $last: Int) {
signature
}
}
transactions {
id
}
transactionsIds
}
}
pageInfo {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,7 @@ query {
signature
}
}
transactions {
id
}
transactionsIds
}
consensusParameters {
version
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,7 @@ query($id: TransactionId!) {
}
... on SuccessStatus {
transactionId
block {
height
}
blockHeight
time
programState {
returnType
Expand Down Expand Up @@ -58,9 +56,7 @@ query($id: TransactionId!) {
}
... on FailureStatus {
transactionId
block {
height
}
blockHeight
time
reason
programState {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@ query($owner: Address!, $after: String, $before: String, $first: Int, $last: Int
}
... on SuccessStatus {
transactionId
block {
height
}
blockHeight
time
programState {
returnType
Expand Down Expand Up @@ -61,9 +59,7 @@ query($owner: Address!, $after: String, $before: String, $first: Int, $last: Int
}
... on FailureStatus {
transactionId
block {
height
}
blockHeight
time
reason
programState {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@ query($after: String, $before: String, $first: Int, $last: Int) {
}
... on SuccessStatus {
transactionId
block {
height
}
blockHeight
time
programState {
returnType
Expand Down Expand Up @@ -61,9 +59,7 @@ query($after: String, $before: String, $first: Int, $last: Int) {
}
... on FailureStatus {
transactionId
block {
height
}
blockHeight
time
reason
programState {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,7 @@ query($id: TransactionId!) {
}
... on SuccessStatus {
transactionId
block {
height
}
blockHeight
time
programState {
returnType
Expand Down Expand Up @@ -142,9 +140,7 @@ query($id: TransactionId!) {
}
... on FailureStatus {
transactionId
block {
height
}
blockHeight
time
reason
programState {
Expand Down
Loading
Loading