Merge pull request #6 from felipe-gdr/performance-checks

Add performance checks example

Author: bbakerman

performance-checks/.gitignore

@@ -0,0 +1,26 @@
+.gradle
+/build/
+!gradle/wrapper/gradle-wrapper.jar
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+/out/
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/

performance-checks/README.md

@@ -0,0 +1,122 @@
+# Performance checks 
+
+This example has a few mechanisms to prevent your GraphQL server from dealing with expensive queries sent by abusive clients 
+(or maybe legitimate clients that running expensive queries unaware of the negative impacts they might cause).
+Also, it has a couple of timeout strategies that, although won't help ease the burden on the server (since the expensive
+operations are already under way), will provide a better experience to the consumer that won't have to wait forever for
+their requests to return.
+
+Here we introduce 4 mechanisms to help with that task. 3 of them are based on GraphQL Java instrumentation capabilities,
+and the forth one is a bit out GraphQL Java jurisdiction and more related to web servers.
+
+1. MaxQueryDepthInstrumentation: limit the depth of queries to 5
+2. MaxQueryComplexityInstrumentation: set complexity values to fields and limit query complexity to 5 
+3. A custom Instrumentation that sets a timeout period of 3 seconds for DataFetchers 
+4. A hard request timeout of 10 seconds, specified in the web server level (Spring) 
+
+The first 2 items will actually prevent server overload, since they act before the request reach the DataFetchers, which
+perform the expensive operations. Number 3 and 4 are timeouts that force long running executions to return early to customers.
+
+# The schema
+The schema we're using is quite simple:
+
+```graphql
+type Query {
+    instrumentedField(sleep: Int): String
+    characters: [Character]
+}
+
+type Character {
+    name: String!
+    friends: [Character]
+    energy: Float
+}
+```
+
+There are a few interesting facts related to this example.
+
+* instrumentedField: returns a fixed string ("value"). It receives a parameter "sleep" that forces the DataFetcher to
+  take that amount of seconds to return. Set that value to anything above 3 seconds and a timeout error will be thrown.
+  This simulates a long running DataFetcher that would be forcefully stopped.
+  
+```graphql
+{
+  instrumentedField(sleep: 4) # will result in an error
+}
+``` 
+  
+* friends: will return a list of characters, that can themselves have friends, and so on... It's quite clear that queries
+  might overuse this field and end up having a large number of nested friends and characters. Add 5 or more levels of 
+  friends and an error will be thrown.
+
+```graphql
+{
+  characters {
+    name
+    friends {
+      name
+      friends {
+        name
+        friends {
+          name
+          friends {
+            name     # an error will be thrown, since the depth is higher than the limit
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+* energy: getting this field involves some expensive calculations, so we've established that it has a complexity value
+  of 3 (all the other fields have complexity 0). We've also defined that a query can have a maximum complexity of 5. So,
+  if "energy" is present 2 times or more in a given query, an error will be thrown.
+ 
+```graphql
+{
+  characters {
+    name
+    energy
+    friends {
+      name
+      energy   # an error will be thrown, since we've asked for "energy" 2 times
+    }
+  }
+}
+``` 
+
+# Request timeout
+Although this is not really GraphQL Java business, it might be useful to set a hard request timeout on the web server
+level.
+To achieve this using Spring, the following property can be used:
+
+```
+spring.mvc.async.request-timeout=10000
+```
+
+
+# Running the code
+ 
+ To build the example code in this repository type:
+ 
+``` 
+./gradlew build
+ ```
+    
+To run the example code type:
+    
+``` 
+./gradlew bootRun
+``` 
+    
+To access the example application, point your browser at:
+     http://localhost:8080/  
+     
+## Note about introspection and max query depth
+A bad side effect of specifying a maximum depth for queries is that this will prevent introspection queries to properly
+execute. This affects GraphiQL's documentation and autocomplete features, that will simply not work. 
+This is a tricky problem to fix and [has been discussed in the past](https://github.com/graphql-java/graphql-java/issues/1055). 
+
+You can still use GraphiQL to execute queries and inspect results. If you want documentation and autocomplete back in 
+GraphiQL, just temporarily disable the max depth instrumentation. 

performance-checks/build.gradle

@@ -0,0 +1,33 @@
+buildscript {
+	ext {
+		springBootVersion = '2.0.5.RELEASE'
+	}
+	repositories {
+		mavenCentral()
+	}
+	dependencies {
+		classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
+	}
+}
+
+apply plugin: 'java'
+apply plugin: 'eclipse'
+apply plugin: 'org.springframework.boot'
+apply plugin: 'io.spring.dependency-management'
+
+group = 'com.graphql-java.examples'
+version = '0.0.1-SNAPSHOT'
+sourceCompatibility = 1.8
+
+repositories {
+	mavenCentral()
+}
+
+
+dependencies {
+	compile "io.reactivex.rxjava2:rxjava:2.1.5"
+	implementation('org.springframework.boot:spring-boot-starter-web')
+	implementation('com.graphql-java:graphql-java:10.0')
+    implementation('com.google.guava:guava:26.0-jre')
+	testImplementation('org.springframework.boot:spring-boot-starter-test')
+}

performance-checks/gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,6 @@
+#Sun Oct 07 10:24:43 AEDT 2018
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.8.1-all.zip