feat(settings): add setting to limit query depth

This should avoid overly comples GraphQL queries which might overload
the backend. Note: We do not yet have experience with the exact useful
value of this settings, so the default is zero (which implies the limit
is disabled)

caluma/caluma_user/views.py

@@ -8,7 +8,7 @@
 from django.http.response import HttpResponse
 from django.utils.encoding import force_bytes, smart_str
 from django.utils.module_loading import import_string
-from graphene.validation import DisableIntrospection
+from graphene.validation import DisableIntrospection, depth_limit_validator
 from graphene_django.views import GraphQLView, HttpError
 from rest_framework.authentication import get_authorization_header
 
@@ -19,9 +19,19 @@ class HttpResponseUnauthorized(HttpResponse):
     status_code = 401
 
 
+custom_validation_rules = []
+if settings.DISABLE_INTROSPECTION:  # pragma: no cover
+    custom_validation_rules.append(DisableIntrospection)
+
+if settings.QUERY_DEPTH_LIMIT:  # pragma: no cover
+    custom_validation_rules.append(
+        depth_limit_validator(max_depth=settings.QUERY_DEPTH_LIMIT)
+    )
+
+
 class AuthenticationGraphQLView(GraphQLView):
-    if settings.DISABLE_INTROSPECTION:  # pragma: no cover
-        validation_rules = (DisableIntrospection,)
+    if custom_validation_rules:  # pragma: no cover
+        validation_rules = tuple(custom_validation_rules)
 
     def get_bearer_token(self, request):
         auth = get_authorization_header(request).split()

caluma/settings/caluma.py

@@ -59,6 +59,10 @@ def default(default_dev=env.NOTSET, default_prod=env.NOTSET):
 # the source).
 DISABLE_INTROSPECTION = env.bool("DISABLE_INTROSPECTION", default=default(False, True))
 
+# DOS protection: Limit query depth to a given level. Default is 0, which means
+# it is disabled
+QUERY_DEPTH_LIMIT = env.int("QUERY_DEPTH_LIMIT", default=0)
+
 # OpenID connect
 
 OIDC_USERINFO_ENDPOINT = env.str("OIDC_USERINFO_ENDPOINT", default=None)