π Fixes
Authorization: Filtered fragments remove corresponding fragment spreads (Issue #4060)
When fragments have been removed because they do not meet the authorization requirements to be queried, or in the case that their conditions cannot be fulfilled, any related fragment spreads which remain will be now be removed from the operation before execution. Additionally, fragment error paths are now applied at the point that the fragment use.
Authorization: Maintain a special case for __typename (PR #3821)
When evaluating authorization directives on fields returning interfaces, the special GraphQL __typename field will be maintained as an exception since it must work for all implementors
Enforce JWT expiration for subscriptions (Issue #3947)
If a JWT expires whilst a subscription is executing, the subscription should be terminated. This also applies to deferred responses.
Improved channel bounding via conversion of futures channels into tokio channels (Issue #4103, Issue #4109, Issue #4110, Issue #4117)
The use of futures channels have been converted to tokio channels which should ensure that channel bounds are observed correctly. We hope this brings some additional stability and predictability to the memory footprint.
By @garypen in #4111, #4118, #4138
Reduce recursion in GraphQL parsing via apollo-parser improvements (Issue #4142)
Improvements to apollo-parser are brought in which remove unnecessary recursion when parsing repeated syntax elements, such as enum values and union members, in type definitions. Some documents that used to hit the parserβs recursion limit will now successfully parse.
Maintain query ordering within a batch (Issue #4143)
A bug in batch manipulation meant that the last element in a batch was treated as the first element. Ordering should be maintained and there is now an updated unit test to ensure this.
Port to apollo-compiler usage to 1.0-beta (PR #4038)
Version 1.0 of apollo-compiler is a near-complete rewrite and introducing it in the Router unblocks a lot of upcoming work, including our Rust-ification of the query planner.
As an immediate benefit, some serialization-related bugs β including Issue #3541 β are fixed. Additionally, the representation of GraphQL documents within apollo-compiler is now mutable. This means that when modifying a query (such as to remove @authenticated fields from an unauthenticated request) the Router no longer needs to construct a new data structure (with apollo-encoder), serialize it, and reparse it.
By @SimonSapin in #4038
Propagate multi-value headers to subgraphs (Issue #4153)
Use HeaderMap.append instead of insert to avoid erasing previous values when using multiple headers with the same name.
By @nmoutschen in #4154
π Configuration
Authentication: Allow customizing a poll_interval for the JWKS endpoint configuration (Issue #4185)
In order to compensate for variances in rate-limiting requirements for JWKS endpoints, a new poll_interval configuration option exists to adjust the polling interval for each JWKS URL. When not specified for a URL, the polling interval will remain as the default of 60 seconds.
The configuration option accepts a human-readable duration (e.g., 60s or 1minute 30s). For example, the following configuration snippet sets the polling interval for a single JWKS URL to be every 30 seconds:
authentication:
router:
jwt:
jwks:
- url: https://dev-zzp5enui.us.auth0.com/.well-known/jwks.json
poll_interval: 30sAllow customization of the health check endpoint path (Issue #2938)
Adds a configuration option for custom health check endpoints, health_check.path, with /health as the default value.
By @aaronArinder in #4145
π Documentation
Coprocessors: Clarify capabilities of RouterRequest and RouterResponse's control responses (PR #4189)
The coprocessor RouterRequest and RouterResponse stages already fully support control: { break: 500 }, but the response body must be a string. The documentation has been improved to provides examples in the Terminating a client request section.
By @lennyburdette in #4189
π§ͺ Experimental
Support time-to-live (TTL) expiration for distributed cache entries (Issue #4163)
It is now possible to use configuration to set an expiration (time-to-live or TTL) for distributed caching (i.e., Redis) entries, both for APQ and query planning caches (using either apq or query_planning, respectively). By default, entries have no expiration.
For example, to define the TTL for cached query plans stored in Redis to be 24 hours, the following configuration snippet could be used which specifies ttl: 24h.
supergraph:
query_planning:
experimental_cache:
redis:
urls: ["redis://..."]
timeout: 5ms # Optional, by default: 2ms
ttl: 24h # Optional, by default no expirationSimilarly, it is possible to set the cache for APQ entries. For details, see the Distributed APQ caching documentation.