I would like to figure out what is the most effective way of whitelisting graphql queries. In current implementation, I have a defined set of .graphql files that are fed to the gateway during start of the service. They are then stripped of whitespaces, commas and __typename slugs, and put into map of the following structure: (hash, stripped_string).
The incoming queries are then also stripped the same way and using hash function compared 1 to 1 against the cached ones. While the following approach functions, I am not sure if the order of fields and defined fragments should matter as well.
I have considered using graphql-tag library for more consistent query parsing, but got some problems when stripping queries + spending computational resources for json parsing + hash function.
What other approaches other than comparing direct strings would you consider?
I have tried using the tool called persistgraphql for generating the query map for aggregating my .graphql files. Nevertheless, this tool has shown to be deprecated.
The current approach with strings looks fine, nevertheless the question of query equality is still important for me.