Skip to Content

Max Tokens

Limit the number of tokens in a GraphQL document.

It is used to prevent DOS attack, heap overflow or server overloading.

The token limit is often limited by the graphql parser, but this is not always the case and would lead to a fatal heap overflow.

Provided by GraphQL Armor

How to use?

Install the plugin:

npm install @escape.tech/graphql-armor-max-tokens

Then, add it to your plugins:

gateway.config.ts
import { maxTokensPlugin } from '@escape.tech/graphql-armor-max-tokens' import { defineConfig } from '@graphql-hive/gateway' export const gatewayConfig = defineConfig({ plugins: () => [ maxTokensPlugin({ // Toggle the plugin | Default: true enabled: true, // Number of tokens allowed | Default: 5000 n: 5000, // Do you want to propagate the rejection to the client? | default: true propagateOnRejection: true, // List of queries that are allowed to bypass the plugin allowList: [], /* Advanced options (use here on your own risk) */ // Callbacks that are ran whenever a Query is accepted onAccept: [], // Callbacks that are ran whenever a Query is rejected onReject: [] }) ] })

References

Last updated on