Prerequisites
🚀 Feature Proposal
Most GraphQL requests are POST and every request has the same URL, only what changes is a query param value, commonly operation. Adding support for rating limiting based on query param instead of the route.
I was not able to locate a proper example of such an example. If it is supported and I could not find out, I guess we can close the issue, if you can share one.
Motivation
I have been using mercurius with fastify for the GraphQL server, I want to rate limit some critical paths. fastify-rate-limit does pretty good job, if you want route-based rate limiting. I was looking to rate limit based on query param. The server gets operation as a query param with values such as signIn or forgetPassword and so on.
Example
May not be very useful example signature, but guess send the message across.
await app.register(rateLimit, {
global: true,
timeWindow: 60 * 1000,
max: 1000,
queryBasedRateLimit: {
[{ operation: ['signIn', 'signUp'], rateLimite: { timeWindow: 6 * 1000....etc. } }],
[{ operation: ['verifyEmail', 'resendValidationEmail'], rateLimite: { timeWindow: 1 * 1000....etc. } }],
}
} )
Prerequisites
🚀 Feature Proposal
Most GraphQL requests are POST and every request has the same URL, only what changes is a query param value, commonly
operation. Adding support for rating limiting based on query param instead of the route.I was not able to locate a proper example of such an example. If it is supported and I could not find out, I guess we can close the issue, if you can share one.
Motivation
I have been using
mercuriuswithfastifyfor the GraphQL server, I want to rate limit some critical paths.fastify-rate-limitdoes pretty good job, if you want route-based rate limiting. I was looking to rate limit based on query param. The server getsoperationas a query param with values such assignInorforgetPasswordand so on.Example
May not be very useful example signature, but guess send the message across.