feat(router): Query Complexity: Max Depth

[ardatan]

New Query Complexity Configuration w/ Max Depth Rule

This PR adds a new configurable validation rule to calculate the depth of the operation, and compare it the limits, then throws if it exceeds

query_complexity:
  max_depth:
    n: 10  # Set the maximum allowed depth for queries

Inspired from https://escape.tech/graphql-armor/docs/plugins/max-depth/

Documentation is WIP
E2E tests maybe?

[github-actions]

✅ k6-benchmark results

     ✓ response code was 200
     ✓ no graphql errors
     ✓ valid response structure

     █ setup

     checks.........................: 100.00% ✓ 206181      ✗ 0    
     data_received..................: 6.0 GB  200 MB/s
     data_sent......................: 81 MB   2.7 MB/s
     http_req_blocked...............: avg=4.41µs   min=711ns   med=1.78µs  max=17.78ms  p(90)=2.51µs  p(95)=2.91µs  
     http_req_connecting............: avg=1.25µs   min=0s      med=0s      max=3.38ms   p(90)=0s      p(95)=0s      
     http_req_duration..............: avg=21.36ms  min=2.27ms  med=20.42ms max=201.48ms p(90)=28.9ms  p(95)=32.27ms 
       { expected_response:true }...: avg=21.36ms  min=2.27ms  med=20.42ms max=201.48ms p(90)=28.9ms  p(95)=32.27ms 
     http_req_failed................: 0.00%   ✓ 0           ✗ 68747
     http_req_receiving.............: avg=173.21µs min=25.04µs med=40.17µs max=158.58ms p(90)=91.49µs p(95)=400.48µs
     http_req_sending...............: avg=24.98µs  min=5.62µs  med=10.84µs max=25.08ms  p(90)=15.74µs p(95)=27.01µs 
     http_req_tls_handshaking.......: avg=0s       min=0s      med=0s      max=0s       p(90)=0s      p(95)=0s      
     http_req_waiting...............: avg=21.17ms  min=2.21ms  med=20.28ms max=74.84ms  p(90)=28.62ms p(95)=31.9ms  
     http_reqs......................: 68747   2286.344635/s
     iteration_duration.............: avg=21.81ms  min=6.13ms  med=20.76ms max=268.64ms p(90)=29.34ms p(95)=32.77ms 
     iterations.....................: 68727   2285.679488/s
     vus............................: 50      min=50        max=50 
     vus_max........................: 50      min=50        max=50 

[github-actions]

🐋 This PR was built and pushed to the following Docker images:

Image Names: ghcr.io/graphql-hive/router

Platforms: linux/amd64,linux/arm64

Image Tags: ghcr.io/graphql-hive/router:pr-623 ghcr.io/graphql-hive/router:sha-d0631fb

Docker metadata

{
"buildx.build.ref": "builder-6d78455e-66a0-4f6a-97fe-0f12982da1d9/builder-6d78455e-66a0-4f6a-97fe-0f12982da1d90/kx9d527gi3whm7zfsquz68nxv",
"containerimage.descriptor": {
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "digest": "sha256:961805c6781fa4362f5e461a405af7f4fcf20e11fddf86abd6f3691bf6d26882",
  "size": 1609
},
"containerimage.digest": "sha256:961805c6781fa4362f5e461a405af7f4fcf20e11fddf86abd6f3691bf6d26882",
"image.name": "ghcr.io/graphql-hive/router:pr-623,ghcr.io/graphql-hive/router:sha-d0631fb"
}