Skip to main content

Extending generated code

When we are done generating the code we can then modify the Rust code based on our needs.

Introduction

In order to extend the existing code first you need to be comfortable with the libraries the generated code depends on.

Studying the generated code structure provides valuable information on where to find important features, for more info here.

When you are comfortable enough with all the terms, you can jump into the folders and add new features or logic based on your objectives.

Major features

Bellow there are some important features you might need:

Field guards

With field guards you can protect specific queries or fields accessors from being accessed using custom guard function.

You can read more here https://async-graphql.github.io/async-graphql/en/field_guard.html

Query complexity and depth

The current generators doesn't prevent cyclic dependencies. A bad actor can use cyclic dependencies to perform unlimited nested queries and crash the server.

We have the following entities:


pub struct Category {
pub id: i32,
pub name: String,
pub products: Vec<Product>
}

pub struct Product {
pub id: i32,
pub name: String,
pub categories: Vec<Category>
}

You can perform the following query

{
category {
data {
id,
name,
product {
id,
name,
category {
id,
name,
product {
id,
name,
category {
[....]
}
}
}
}
}
}
}

To prevent this behavior we can enable with few lines of code query complexity calculator and depth limiter.

Query depth limit

On .env change the line from this:

# DEPTH_LIMIT=

to this:

DEPTH_LIMIT=2 # depth limit number

Query depth limit

On .env change the line from this:

# COMPLEXITY_LIMIT=

to this:

COMPLEXITY_LIMIT=32 # complexity limit number

More documentation

https://async-graphql.github.io/async-graphql/en/depth_and_complexity.html