feat(harden-plugin): Allow skipping complexity check in Harden Plugin (…

…#3340)
vendure-ecommerce · Feb 11, 2025 · 0bef00b · 0bef00b
1 parent c820f42
commit 0bef00b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/packages/harden-plugin/src/middleware/query-complexity-plugin.ts b/packages/harden-plugin/src/middleware/query-complexity-plugin.ts
@@ -20,16 +20,20 @@ import { HardenPluginOptions } from '../types';
 export class QueryComplexityPlugin implements ApolloServerPlugin {
     constructor(private options: HardenPluginOptions) {}
 
-    async requestDidStart({ schema }: GraphQLRequestContext<any>): Promise<GraphQLRequestListener<any>> {
+    async requestDidStart(context: GraphQLRequestContext<any>): Promise<GraphQLRequestListener<any>> {
         const maxQueryComplexity = this.options.maxQueryComplexity ?? 1000;
         return {
             didResolveOperation: async ({ request, document }) => {
-                if (isAdminApi(schema)) {
+                if (isAdminApi(context.schema)) {
                     // We don't want to apply the cost analysis on the
                     // Admin API, since any expensive operations would require
                     // an authenticated session.
                     return;
                 }
+                if (await this.options.skip?.(context)) {
+                    // Given skip function tells use we should not check this request for complexity
+                    return;
+                }
                 const query = request.operationName
                     ? separateOperations(document)[request.operationName]
                     : document;
@@ -41,7 +45,7 @@ export class QueryComplexityPlugin implements ApolloServerPlugin {
                     );
                 }
                 const complexity = getComplexity({
-                    schema,
+                    schema: context.schema,
                     query,
                     variables: request.variables,
                     estimators: this.options.queryComplexityEstimators ?? [

diff --git a/packages/harden-plugin/src/types.ts b/packages/harden-plugin/src/types.ts
@@ -1,3 +1,4 @@
+import { GraphQLRequestContext } from '@apollo/server';
 import { ComplexityEstimator } from 'graphql-query-complexity';
 
 /**
@@ -79,4 +80,16 @@ export interface HardenPluginOptions {
      * @default 'prod'
      */
     apiMode?: 'dev' | 'prod';
+    /**
+     * @description
+     * Allows you to skip the complexity check for certain requests.
+     *
+     * @example
+     * ```ts
+     * HardenPlugin.init({
+     *   skip: (context) => context.request.http.headers['x-storefront-ssr-auth'] === 'some-secret-token'
+     * }),
+     * ```
+     */
+    skip?: (context: GraphQLRequestContext<any>) => Promise<boolean> | boolean;
 }