Skip to content

Commit

Permalink
fix: update the async property in the async-timeout example (#320)
Browse files Browse the repository at this point in the history
- Fixed async properties in the application.yml
- Added logs in the Query example to show that the execution is not
  interrupted but it continues after the `cancel(true)` invocation. This
  is due by the CompletableFuture object that cannot be really stopped
  by design:
  (https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/CompletableFuture.html#cancel-boolean-)
- Updated README

Refs: #317
  • Loading branch information
federicorispo authored Jan 13, 2024
1 parent 909a296 commit 17a24db
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 8 deletions.
11 changes: 4 additions & 7 deletions async-timeout/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Async timeout

The `graphql.servlet.async-timeout` property enables you to define a request level timeout to be enforced. This can help
The `graphql.servlet.async.timeout` property enables you to define a request level timeout to be enforced. This can help
in preventing DDoS attacks. This is only available when running the application in `servlet` mode. The value is the
timeout in milliseconds that should be enforced. If the GraphQL request has not finished within that timeout a GraphQL
error will be returned:
Expand Down Expand Up @@ -30,12 +30,9 @@ In this example the timeout has been configured at 500 milliseconds in
[application.yml](src/main/resources/application.yml).

```yaml
graphql.servlet.async-timeout: 500
graphql.servlet.async.timeout: 500
```
Note that the property `graphql.servlet.async-mode-enabled` has not been set to `true` here, because that's it's enabled
by default already.

## GraphQL execution cancellation
The [Query](src/main/java/com/graphql/sample/boot/Query.java) class shows two examples of queries that will take 3000
Expand All @@ -59,11 +56,11 @@ query {

Either one will stop processing after 500ms because of the configured timeout.

The main difference between the two methods in the `Query` class however is the ability to also cancel the execution of
~~The main difference between the two methods in the `Query` class however is the ability to also cancel the execution of
the GraphQL request. Ideally the GraphQL execution is cancelled as well, because otherwise that request is still taking
up resources and Thread(s) even though the HTTP request has stopped. An attacker could repeatedly call that particular
GraphQL query which now returns fast, and that would spawn a new Thread with long running execution within the
application itself. That could ultimately lead to an application that crashes because it runs out of memory for example.
application itself. That could ultimately lead to an application that crashes because it runs out of memory for example.~~

To make the GraphQL requests themselves cancellable you only have to remember to always return a `CompletableFuture`
instead of the value directly. The `Query.getHello()` method is a simple example of a cancellable GraphQL request.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,13 @@ CompletableFuture<String> getHello() {
return CompletableFuture.supplyAsync(
() -> {
try {
log.info("Start Hello query execution");
Thread.sleep(3000);
log.info("Execute Hello query after the sleep");
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
log.info("End Hello query execution");
return "world";
});
}
Expand All @@ -36,10 +39,13 @@ CompletableFuture<String> getHello() {
*/
String getWorld() {
try {
log.info("Start World query execution");
Thread.sleep(3000);
log.info("Execute World query after the sleep");
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
log.info("End World query execution");
return "hello";
}
}
4 changes: 3 additions & 1 deletion async-timeout/src/main/resources/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ server:
graphql:
servlet:
exception-handlers-enabled: true
async-timeout: 500
async:
timeout: 500
enabled: true
graphiql:
enabled: true

0 comments on commit 17a24db

Please sign in to comment.