Add limits to API graphql server to prevent dos (#425)

ChainSafe · Oct 27, 2023 · ccfb1e2 · ccfb1e2
1 parent 6c5de55
commit ccfb1e2
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 24 deletions.
diff --git a/packages/ui/graphql.config.json b/packages/ui/graphql.config.json
@@ -1,6 +1,6 @@
 {
   "overwrite": true,
-  "schema": "https://squid.subsquid.io/multix-kusama/v/v1/graphql",
+  "schema": "http://localhost:4350/graphql",
   "documents": "src/**/*.graphql",
   "generates": {
     "src/gql/": {

diff --git a/packages/ui/src/gql/gql.ts b/packages/ui/src/gql/gql.ts
@@ -13,10 +13,10 @@ import { TypedDocumentNode as DocumentNode } from '@graphql-typed-document-node/
  * Therefore it is highly recommended to use the babel or swc plugin for production.
  */
 const documents = {
-    "query MultisigById($id: String!) {\n  accounts(where: {id_eq: $id, isMultisig_eq: true}) {\n    signatories {\n      signatory {\n        id\n        address\n      }\n    }\n    threshold\n    id\n  }\n}": types.MultisigByIdDocument,
+    "query MultisigById($id: String!) {\n  accounts(where: {id_eq: $id, isMultisig_eq: true}) {\n    signatories(limit: 50) {\n      signatory {\n        id\n        address\n      }\n    }\n    threshold\n    id\n  }\n}": types.MultisigByIdDocument,
     "subscription MultisigCallsByMultisigId($multisigs: [String!]) {\n  multisigCalls(\n    limit: 10\n    orderBy: timestamp_DESC\n    where: {multisig: {id_in: $multisigs}}\n  ) {\n    blockHash\n    callIndex\n    id\n    timestamp\n  }\n}": types.MultisigCallsByMultisigIdDocument,
-    "subscription MultisigsBySignatoriesOrWatched($accountIds: [String!], $watchedAccountIds: [String!]) {\n  accountMultisigs(\n    where: {OR: [{multisig: {id_in: $watchedAccountIds}}, {signatory: {id_in: $accountIds}}, {signatory: {id_in: $watchedAccountIds}}]}\n  ) {\n    multisig {\n      address\n      threshold\n      signatories {\n        signatory {\n          address\n        }\n      }\n      delegateeFor {\n        type\n        delegator {\n          address\n          isPureProxy\n        }\n      }\n    }\n  }\n}": types.MultisigsBySignatoriesOrWatchedDocument,
-    "subscription PureByIds($pureIds: [String!]) {\n  accounts(where: {AND: [{id_in: $pureIds}, {isPureProxy_eq: true}]}) {\n    address\n    delegatorFor {\n      id\n      type\n      delegatee {\n        address\n        isMultisig\n        threshold\n        signatories {\n          signatory {\n            address\n          }\n        }\n      }\n    }\n  }\n}": types.PureByIdsDocument,
+    "subscription MultisigsBySignatoriesOrWatched($accountIds: [String!], $watchedAccountIds: [String!]) {\n  accountMultisigs(\n    where: {OR: [{multisig: {id_in: $watchedAccountIds}}, {signatory: {id_in: $accountIds}}, {signatory: {id_in: $watchedAccountIds}}]}\n    limit: 500\n  ) {\n    multisig {\n      address\n      threshold\n      signatories(limit: 100) {\n        signatory {\n          address\n        }\n      }\n      delegateeFor(limit: 100) {\n        type\n        delegator {\n          address\n          isPureProxy\n        }\n      }\n    }\n  }\n}": types.MultisigsBySignatoriesOrWatchedDocument,
+    "subscription PureByIds($pureIds: [String!]) {\n  accounts(where: {AND: [{id_in: $pureIds}, {isPureProxy_eq: true}]}, limit: 50) {\n    address\n    delegatorFor(limit: 50) {\n      id\n      type\n      delegatee {\n        address\n        isMultisig\n        threshold\n        signatories(limit: 50) {\n          signatory {\n            address\n          }\n        }\n      }\n    }\n  }\n}": types.PureByIdsDocument,
 };
 
 /**
@@ -36,19 +36,19 @@ export function graphql(source: string): unknown;
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "query MultisigById($id: String!) {\n  accounts(where: {id_eq: $id, isMultisig_eq: true}) {\n    signatories {\n      signatory {\n        id\n        address\n      }\n    }\n    threshold\n    id\n  }\n}"): (typeof documents)["query MultisigById($id: String!) {\n  accounts(where: {id_eq: $id, isMultisig_eq: true}) {\n    signatories {\n      signatory {\n        id\n        address\n      }\n    }\n    threshold\n    id\n  }\n}"];
+export function graphql(source: "query MultisigById($id: String!) {\n  accounts(where: {id_eq: $id, isMultisig_eq: true}) {\n    signatories(limit: 50) {\n      signatory {\n        id\n        address\n      }\n    }\n    threshold\n    id\n  }\n}"): (typeof documents)["query MultisigById($id: String!) {\n  accounts(where: {id_eq: $id, isMultisig_eq: true}) {\n    signatories(limit: 50) {\n      signatory {\n        id\n        address\n      }\n    }\n    threshold\n    id\n  }\n}"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export function graphql(source: "subscription MultisigCallsByMultisigId($multisigs: [String!]) {\n  multisigCalls(\n    limit: 10\n    orderBy: timestamp_DESC\n    where: {multisig: {id_in: $multisigs}}\n  ) {\n    blockHash\n    callIndex\n    id\n    timestamp\n  }\n}"): (typeof documents)["subscription MultisigCallsByMultisigId($multisigs: [String!]) {\n  multisigCalls(\n    limit: 10\n    orderBy: timestamp_DESC\n    where: {multisig: {id_in: $multisigs}}\n  ) {\n    blockHash\n    callIndex\n    id\n    timestamp\n  }\n}"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "subscription MultisigsBySignatoriesOrWatched($accountIds: [String!], $watchedAccountIds: [String!]) {\n  accountMultisigs(\n    where: {OR: [{multisig: {id_in: $watchedAccountIds}}, {signatory: {id_in: $accountIds}}, {signatory: {id_in: $watchedAccountIds}}]}\n  ) {\n    multisig {\n      address\n      threshold\n      signatories {\n        signatory {\n          address\n        }\n      }\n      delegateeFor {\n        type\n        delegator {\n          address\n          isPureProxy\n        }\n      }\n    }\n  }\n}"): (typeof documents)["subscription MultisigsBySignatoriesOrWatched($accountIds: [String!], $watchedAccountIds: [String!]) {\n  accountMultisigs(\n    where: {OR: [{multisig: {id_in: $watchedAccountIds}}, {signatory: {id_in: $accountIds}}, {signatory: {id_in: $watchedAccountIds}}]}\n  ) {\n    multisig {\n      address\n      threshold\n      signatories {\n        signatory {\n          address\n        }\n      }\n      delegateeFor {\n        type\n        delegator {\n          address\n          isPureProxy\n        }\n      }\n    }\n  }\n}"];
+export function graphql(source: "subscription MultisigsBySignatoriesOrWatched($accountIds: [String!], $watchedAccountIds: [String!]) {\n  accountMultisigs(\n    where: {OR: [{multisig: {id_in: $watchedAccountIds}}, {signatory: {id_in: $accountIds}}, {signatory: {id_in: $watchedAccountIds}}]}\n    limit: 500\n  ) {\n    multisig {\n      address\n      threshold\n      signatories(limit: 100) {\n        signatory {\n          address\n        }\n      }\n      delegateeFor(limit: 100) {\n        type\n        delegator {\n          address\n          isPureProxy\n        }\n      }\n    }\n  }\n}"): (typeof documents)["subscription MultisigsBySignatoriesOrWatched($accountIds: [String!], $watchedAccountIds: [String!]) {\n  accountMultisigs(\n    where: {OR: [{multisig: {id_in: $watchedAccountIds}}, {signatory: {id_in: $accountIds}}, {signatory: {id_in: $watchedAccountIds}}]}\n    limit: 500\n  ) {\n    multisig {\n      address\n      threshold\n      signatories(limit: 100) {\n        signatory {\n          address\n        }\n      }\n      delegateeFor(limit: 100) {\n        type\n        delegator {\n          address\n          isPureProxy\n        }\n      }\n    }\n  }\n}"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "subscription PureByIds($pureIds: [String!]) {\n  accounts(where: {AND: [{id_in: $pureIds}, {isPureProxy_eq: true}]}) {\n    address\n    delegatorFor {\n      id\n      type\n      delegatee {\n        address\n        isMultisig\n        threshold\n        signatories {\n          signatory {\n            address\n          }\n        }\n      }\n    }\n  }\n}"): (typeof documents)["subscription PureByIds($pureIds: [String!]) {\n  accounts(where: {AND: [{id_in: $pureIds}, {isPureProxy_eq: true}]}) {\n    address\n    delegatorFor {\n      id\n      type\n      delegatee {\n        address\n        isMultisig\n        threshold\n        signatories {\n          signatory {\n            address\n          }\n        }\n      }\n    }\n  }\n}"];
+export function graphql(source: "subscription PureByIds($pureIds: [String!]) {\n  accounts(where: {AND: [{id_in: $pureIds}, {isPureProxy_eq: true}]}, limit: 50) {\n    address\n    delegatorFor(limit: 50) {\n      id\n      type\n      delegatee {\n        address\n        isMultisig\n        threshold\n        signatories(limit: 50) {\n          signatory {\n            address\n          }\n        }\n      }\n    }\n  }\n}"): (typeof documents)["subscription PureByIds($pureIds: [String!]) {\n  accounts(where: {AND: [{id_in: $pureIds}, {isPureProxy_eq: true}]}, limit: 50) {\n    address\n    delegatorFor(limit: 50) {\n      id\n      type\n      delegatee {\n        address\n        isMultisig\n        threshold\n        signatories(limit: 50) {\n          signatory {\n            address\n          }\n        }\n      }\n    }\n  }\n}"];
 
 export function graphql(source: string) {
   return (documents as any)[source] ?? {};