Hasura Cloud supports a slew of advanced security and performance features. One of the recent additions is the ability to time limit/timeout an operation if it takes more than n seconds.
GraphQL Operation Time Limit
Why do you need an operation time limit or timeout?
Operation timeouts are not new. They have been used in REST APIs to prevent large POST requests from being sent and abused. GraphQL is pretty flexible in that, it allows clients to query arbitrarily for large amount of data. Though this power is useful, it can be used with malicious intent. By making a large query, which hits the database, it can cause the underlying database to slow down, despite your frontend application not needing data from such a complex query and thus slowing down the experience of all users.
An operation time limit basically ensures that each operation only gets a certain configured time to process the request successfully.
Imagine a single GraphQL query hitting the database with many operations and statements internally being executed in a transaction. Multiply that with number of GraphQL requests being sent. The database will become the bottleneck due to this intent.
Global Time Limit
Hasura Cloud supports adding a time limit for operation globally. This will be a base to which the server falls back in case the specific role doesn't have a time limit configured.
Any upstream database queries are also cancelled for supported sources. Note that it currently supports only Postgres.
API Limits Global Timeout
Time Limit per role
You can also configure a timeout per role. Lets say your project has a role called user, you can configure timeout for that particular role.
The metadata spec for enabling time limit look like this:
api_limits:time_limit:per_role:user:10global:5
Long running Database Queries
Long running queries may interfere on the overall database performance. You can find the ones which are long running by executing the following SQL statement on the Data->SQL tab of the Console.
SELECT
pid,
now() - pg_stat_activity.query_start AS duration,
query,
state
FROM pg_stat_activity
WHERE (now() - pg_stat_activity.query_start) > interval '1 minute';
The above statement shows the list of queries running for more than a minute. If the time limit was configured on Cloud, you can see that these queries will not go through Hasura Cloud and will error out with a time limit error.
What happens on an error?
The server responds with the following error object:
{
"errors": [
{
"extensions": {
"path": "$",
"code": "not-supported"
},
"message": "The operation exceeded the time limit allowed for this project"
}
]
}
The underlying query execution to postgres will also be cancelled.
Things to note
The operation timeout applies to websocket protocol as well, if you are making queries and mutations through that.
The timeout also works with remote schemas and action requests.
The operation time limit feature is quite useful in cases where the underlying database (postgres) is affected with a long running query, bringing down the experience for all users of the application.
