npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

knightowl

v1.0.6

Published

KnightOwl is a middleware library to protect your APIs built on `express-graphql` servers, combined with a web app monitor to give observability to its activity. <br /> <br /> Sign in at [knightowl.app](https://knightowl.app/) to utilize our web app monit

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

onarbonarbsimongrigenassimongrigenascaitlinme24caitlinme24jacksonkalmbachjacksonkalmbach

Keywords

expressgraphQLrate limitingcost limitingdepth limitingsecurityAPIgraphqlgraph-qlcost limiterrate limiterdepth limiter

Readme

KnightOwl Middleware Library

KnightOwl is a middleware library to protect your APIs built on express-graphql servers, combined with a web app monitor to give observability to its activity. Sign in at knightowl.app to utilize our web app monitor in conjunction with the library protecting your GraphQL endpoints. (Please make a note of the email and password you use to signup!)

Getting Started

Run the command npm i knightowl to install the Knight Owl Rate Limiter, Cost Limiter, and Depth Limiter middleware functions into your express GraphQL codebase.

Redis

In order to use this product, you'll need to have a redis server running.

If you haven't already, run the command install redis on your machine (See https://redis.io)

The Knight Owl rate limiter uses redis to track queries by IP address. In addtion redis will cache query history as requests are made. Our middleware will periodically clear that cache and store metrics based on query history in our own database. These metrics are visualized when you sign in at knightowl.app

Once you've installed redis, run the command redis-server in your terminal to spin up an instance of a redis server that you will need in order to use this library.

                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis [Version]
  .-`` .-```.  ```\/    _.,_ ''-._                                  
 (    '      ,       .-`  | `,    )     
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           https://redis.io       
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'

You should see a message similar to above once your redis server is successfully running. You should expect the port to default to 6379.

Utilizing the Library

Config.js

In node_modules/knightowl go to the config.js file to configure your KnightOwl Query Limiting settings. It should be setup in the following format:

const config = {
  rateConfig: {
    requestLimit: 1000,
    timeLimit: 60,
  },
  costs: {
    max: 50000,
    operationCosts: {
      query: 1 ,
      mutation: 10,
      subscription: 10
    },
    fieldCosts: {
      default: 1,
    }
  },
  forbiddenOperations: {
    introspectionQueries: false,
  }
}

module.exports = config;

You can tailor requestLimit (number of requests made) and timeLimit (seconds) to reflect what kind of traffic you're expecting to recieve to get the most out of the rateLimiter in your project.

You can also assign cost values to handle the size of the query. You can adjust the maximum complexity cost by changing the max value on the costs property. You can adjust the number values that correspond to the keys in the operationCosts property to account for the kind of queries you expect to recieve. You can change how much complexity to assign for any given field in a request by changing the default value on the fieldCosts property.

By configuring your operationCosts you get more dynamic protection and this way the rate limiter isn't working under the assumtion that every query will tax your endpoints equally.

You can also customize how much to charge in complexity cost for requests for any given field defined in your schema by adding the [Field Name] and [Desired Cost] to the costs.fieldCosts object (underneath default)

You can prohibit all introspection queries (queries that request information about the entire schema itself) by adjusting the introspectionQueries property within forbiddenOperations. Set the value of introspectionQueries property to true to prohibit introspection queries.

Note: You Won't handle depth limiting in this config file!

You can set the maximum depth allowed for a query by passing it as an argument to the depth_limitfunction when the function is invoked as a validation rule. (See the Utilizing Knight Owl in Your Application Below )

.env

KO_PASS='[theEmailYouSignedUpWith]'
KO_PASS='[thePasswordYouSignedUpWith]'

Utilizing Knight Owl in Your Application

  • Require in the knightowl module with const { knightOwl } = require('knightowl')
  • Add the knightowl.costLimiter and knightowl.rateLimiter functions to your middleware chain before an invocation of graphqlHTTP()
  • Invoke of graphqlHTTP(). Make sure the object passed in as an argument contains the property validationRules: [knightOwl.depthLimit(<Num>)] with your desired depth limit in place of <Num>.

It should look as follows:

app.use('/graphql', knightOwl.costLimiter, knightOwl.rateLimiter, graphqlHTTP({
  schema,
  validationRules: [knightOwl.depthLimit(20)]
}));

The Knight Owl Team