π Fixes
Authorization: Filtered fragments remove corresponding fragment spreads (Issue #4060)
When fragments have been removed because they do not meet the authorization requirements to be queried, or in the case that their conditions cannot be fulfilled, any related fragment spreads which remain will be now be removed from the operation before execution. Additionally, fragment error paths are now applied at the point that the fragment use.
Authorization: Maintain a special case for __typename
(PR #3821)
When evaluating authorization directives on fields returning interfaces, the special GraphQL __typename
field will be maintained as an exception since it must work for all implementors
Enforce JWT expiration for subscriptions (Issue #3947)
If a JWT expires whilst a subscription is executing, the subscription should be terminated. This also applies to deferred responses.
Improved channel bounding via conversion of futures
channels into tokio
channels (Issue #4103, Issue #4109, Issue #4110, Issue #4117)
The use of futures
channels have been converted to tokio
channels which should ensure that channel bounds are observed correctly. We hope this brings some additional stability and predictability to the memory footprint.
By @garypen in #4111, #4118, #4138
Reduce recursion in GraphQL parsing via apollo-parser
improvements (Issue #4142)
Improvements to apollo-parser
are brought in which remove unnecessary recursion when parsing repeated syntax elements, such as enum values and union members, in type definitions. Some documents that used to hit the parserβs recursion limit will now successfully parse.
Maintain query ordering within a batch (Issue #4143)
A bug in batch manipulation meant that the last element in a batch was treated as the first element. Ordering should be maintained and there is now an updated unit test to ensure this.
Port to apollo-compiler
usage to 1.0-beta
(PR #4038)
Version 1.0 of apollo-compiler
is a near-complete rewrite and introducing it in the Router unblocks a lot of upcoming work, including our Rust-ification of the query planner.
As an immediate benefit, some serialization-related bugs β including Issue #3541 β are fixed. Additionally, the representation of GraphQL documents within apollo-compiler
is now mutable. This means that when modifying a query (such as to remove @authenticated
fields from an unauthenticated request) the Router no longer needs to construct a new data structure (with apollo-encoder
), serialize it, and reparse it.
By @SimonSapin in #4038
Propagate multi-value headers to subgraphs (Issue #4153)
Use HeaderMap.append
instead of insert
to avoid erasing previous values when using multiple headers with the same name.
By @nmoutschen in #4154
π Configuration
Authentication: Allow customizing a poll_interval
for the JWKS endpoint configuration (Issue #4185)
In order to compensate for variances in rate-limiting requirements for JWKS endpoints, a new poll_interval
configuration option exists to adjust the polling interval for each JWKS URL. When not specified for a URL, the polling interval will remain as the default of 60 seconds.
The configuration option accepts a human-readable duration (e.g., 60s
or 1minute 30s
). For example, the following configuration snippet sets the polling interval for a single JWKS URL to be every 30 seconds:
authentication:
router:
jwt:
jwks:
- url: https://dev-zzp5enui.us.auth0.com/.well-known/jwks.json
poll_interval: 30s
Allow customization of the health check endpoint path (Issue #2938)
Adds a configuration option for custom health check endpoints, health_check.path
, with /health
as the default value.
By @aaronArinder in #4145
π Documentation
Coprocessors: Clarify capabilities of RouterRequest
and RouterResponse
's control
responses (PR #4189)
The coprocessor RouterRequest
and RouterResponse
stages already fully support control: { break: 500 }
, but the response body must be a string. The documentation has been improved to provides examples in the Terminating a client request section.
By @lennyburdette in #4189
π§ͺ Experimental
Support time-to-live (TTL) expiration for distributed cache entries (Issue #4163)
It is now possible to use configuration to set an expiration (time-to-live or TTL) for distributed caching (i.e., Redis) entries, both for APQ and query planning caches (using either apq
or query_planning
, respectively). By default, entries have no expiration.
For example, to define the TTL for cached query plans stored in Redis to be 24 hours, the following configuration snippet could be used which specifies ttl: 24h
.
supergraph:
query_planning:
experimental_cache:
redis:
urls: ["redis://..."]
timeout: 5ms # Optional, by default: 2ms
ttl: 24h # Optional, by default no expiration
Similarly, it is possible to set the cache for APQ entries. For details, see the Distributed APQ caching documentation.