Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Graphql: How to cancel a graphql query for protect DOS attack? #26026

Closed
orangeagain opened this issue Oct 21, 2022 · 5 comments
Closed

Graphql: How to cancel a graphql query for protect DOS attack? #26026

orangeagain opened this issue Oct 21, 2022 · 5 comments
Labels
good first issue help wanted type:feature

Comments

@orangeagain
Copy link

orangeagain commented Oct 21, 2022
edited
Loading

Rationale

Why should this feature exist?
Hackers could construct a huge query to block the service,We need to abort this query after it has taken a lot of time

What are the use-cases?
Both front-end, back-end and data analysts need graphql public services

Implementation

Do you have ideas regarding the implementation of this feature?
maybe use cancelable greenthread to limit task execution time and count cpu cost
Are you willing to implement this feature?
yes
@orangeagain orangeagain changed the title graphql: hpw to cancel a graphql query for protect DOS attack graphql: how to cancel a graphql query for protect DOS attack? Oct 21, 2022
@fjl
Copy link
Contributor

fjl commented Oct 25, 2022

This can be implemented by adding a context with timeout here:

go-ethereum/graphql/service.go

Lines 43 to 46 in a2b7481

response := h.Schema.Exec(r.Context(), params.Query, params.OperationName, params.Variables)
responseJSON, err := json.Marshal(response)
if err != nil { 

ctx, cancel = context.WithTimeout(r.Context(), 60 * time.Second)
defer cancel()

response := h.Schema.Exec(ctx, params.Query, params.OperationName, params.Variables)

@s1na
Copy link
Contributor

s1na commented Oct 26, 2022

@orangeagain You indicated you're willing to implement this feature. Can you please open a PR with the above solution?

@orangeagain
Copy link
Author

@orangeagain You indicated you're willing to implement this feature. Can you please open a PR with the above solution?

I have no expirence on golang, and I am planning make a standalone graphql server by c#

@ahmetavc ahmetavc mentioned this issue Nov 5, 2022
Merged
@ahmetavc
Copy link
Contributor

ahmetavc commented Nov 5, 2022

Hey @s1na, I opened a pr #26116 , added timeout as @fjl suggested. This is my first pr to geth repo. Thanks in advance.

@orangeagain orangeagain changed the title graphql: how to cancel a graphql query for protect DOS attack? Graphql: How to cancel a graphql query for protect DOS attack? Nov 6, 2022
@holiman
Copy link
Contributor

holiman commented Nov 8, 2022

Fixed by #26116

@holiman holiman closed this as completed Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue help wanted type:feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@fjl @ligi @holiman @s1na @orangeagain @MariusVanDerWijden @ahmetavc