Feat: Allow skipping complexity check in Harden Plugin

[martijnvdbrug]

Description

We are using the Harden Plugin, but would like to be able to skip the complexity check for storefront SSR builds.

This PR introduces an optional skip function, inspired by express-rate-limit, that allows the consumer to skip certain requests.

Screenshots below we're tested with the following config:

  skip: (ctx) => {
    return !!ctx.request.http?.headers.get("x-skip-complexity")
  }

This skips the complexity check when the header x-skip-complexity is present. In production use, you would check for a token or something.

Breaking changes

No

Screenshots

Complex query without header

The same complex query with custom header

And, another test without a skip function specified.

Checklist

📌 Always:

• I have set a clear title
• My PR is small and contains a single feature
• I have checked my own PR

👍 Most of the time:

• I have added or updated test cases
• I have updated the README if needed

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
docs	✅ Ready (Inspect)	Visit Preview	Feb 11, 2025 1:26pm

[martijnvdbrug]

@michaelbromley Not sure why tests are failing, HardenPlugin doesn't seem to be included in any e2e tests. Someone else broke the minor branch maybe?

[michaelbromley]

Great addition. I made a suggestion on the naming/documentation.

[michaelbromley]

I think we should note that the ctx is not the RequestContext object here, since I think a lot of people will make that assumption based on typical Vendure patterns.

Maybe even rename it to context to make it even more explicit.

[martijnvdbrug]

@michaelbromley Valid concern. Fixed :-)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[michaelbromley]

Thanks!