Zaɓi Harshe

Hanyar Ka'ida don Binciken Kudin Tambayoyin GraphQL

Bincike na tsari, na lokaci-layin, don kimanta kudin tambayar GraphQL daidai don hana hare-haren DoS da sarrafa albarkatun API, an tabbatar da shi akan APIs na kasuwanci.
apismarket.org | PDF Size: 1.0 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Hanyar Ka'ida don Binciken Kudin Tambayoyin GraphQL
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Hanyar Ka'ida don Binciken Kudin Tambayoyin GraphQL

1. Gabatarwa

GraphQL ya kawo juyin juya hali ga ƙirar API na yanar gizo ta barin abokan ciniki su ƙayyade ainihin bayanan da suke buƙata. Duk da haka, wannan bayyanawa tana haifar da haɗari mai mahimmanci ga masu samar da sabis. Tambaya ɗaya, mara kyau, na iya neman adadin bayanai mai yawa, wanda ke haifar da nauyin uwar garken da ya wuce kima, ƙarin kuɗi, da yuwuwar raunin Rashin Sabis (DoS). Nazarin gwaji ya nuna yawancin aiwatar da GraphQL suna cikin haɗari. Wannan takarda tana magance babban gibi: rashin hanyar ka'ida, daidai, da inganci don kimanta kudin tambaya kafin aiwatarwa.

Babbar Matsala: Hanyoyin kimanta kuɗi na yanzu ko dai suna da tsada sosai (mai motsi) ko kuma ba su da daidaito (tsaye maras hankali).

2. Bayan Fage & Ayyukan Da Suka Danganta

Hanyoyin yanzu na binciken kudin GraphQL sun gaza:

  • Bincike Mai Motsi: Yana aiwatar da tambayoyi ko bincika bayan gida. Daidai amma mai tsada sosai don tace buƙatun ainihin lokaci (misali, Hartig & Pérez, 2018).
  • Binciken Tsaye Na Yanzu: Sau da yawa mai sauƙi (misali, ƙidaya kumburin tambaya). Sun kasa yin la'akari da ka'idojin gama gari na GraphQL kamar girman jerin, hujjojin tambaya, da nau'ikan mahadar/ƙungiya, wanda ke haifar da kimantawa da ya wuce kima da kuma ƙasa da kima (misali, Kundin Sarƙaƙiyar GraphQL).

Wannan aikin ya sanya kansa a matsayin na farko da ke ba da binciken tsaye da aka tabbatar da daidaitonsa wanda duka layi ne a cikin sarƙaƙiya kuma ana iya daidaita shi zuwa ka'idojin tsari na ainihin duniya.

3. Tsarin Ma'anar GraphQL

Tushen binciken shine sabon tsari, ƙaƙƙarfan tsari na ma'anar aiwatar da GraphQL. Wannan tsarin tsari ya ƙayyade daidai:

  • Tsarin tambayoyi da tsare-tsare.
  • Warware filayen, gami da abubuwa masu zurfi da jerin abubuwa.
  • Tasirin hujjojin tambaya (misali, `first`, `limit`) akan girman sakamako.

Wannan tsarin ya wuce bayanin GraphQL na zahiri, yana ba da damar yin tunani na lissafi game da hanyoyin aiwatar da tambaya da kudaden da suka danganci su. Yana ɗaukar tsarin GraphQL a matsayin jadawali mai jagora na nau'ikan, inda filayen suke gefuna.

4. Ma'aunin Sarƙaƙiyar Tambayar GraphQL

Takardar ta ayyana ma'auni biyu na farko na kuɗi, suna nuna damuwar masu ruwa da tsaki daban-daban:

  1. Kudin Uwar garken ($C_s$): Yana ƙirar aikin da ayyukan warwarewa suka yi. Aiki ne na zurfin tambaya, faɗi, da kimanta girman jerin. A zahiri, ana iya bayyana shi azaman jimla akan hanyoyin tambaya: $C_s(Q) = \sum_{p \in Paths(Q)} \prod_{f \in p} weight(f)$, inda $weight(f)$ ke kimanta ƙididdigar filin $f$.
  2. Girman Amsa ($C_r$): Yana ƙirar ƙarar bayanai a cikin amsar JSON, yana shafar canja wurin cibiyar sadarwa kai tsaye. Yana da alaƙa da adadin kumburi a cikin bishiyar amsa.

Ana sanya waɗannan ma'auni sigogi ta hanyar saitawa mai sauƙi da mai haɓaka API ya bayar (misali, girman jerin na asali = 10, zurfi mafi girma = 7).

5. Binciken Kudin Tsaye na Lokaci-Layin

Babbar gudummawar fasaha ita ce algorithm da ke lissafin iyakar sama don $C_s$ da $C_r$ a cikin lokaci da sarari na O(n), inda n shine girman daftarin aiki na tambaya (kumburin AST).

Zanen Algorithm:

  1. Fashe & Tabbatar: Ana fashe tambayar zuwa AST kuma a tabbatar da ita bisa tsari.
  2. Bayyana AST: Kowane kumburi a cikin AST ana sanya masa bayanin kula tare da masu canjin kuɗi bisa nau'insa (abu, jerin abubuwa, scalar) da ma'auni da aka saita.
  3. Yada Kudade: Ziyara ɗaya daga ƙasa zuwa sama tana yada kimantawar kuɗi daga ganyayen zuwa tushen, yana amfani da ninkawa don jerin abubuwa masu zurfi da jimlawa don filayen 'yan'uwa.
  4. Cire Iyaka: Bayanin kumburin tushen ya ƙunshi iyakar kuɗi ta ƙarshe.

Binciken yana magance fasalin GraphQL daidai kamar gutsure, masu canji, da hujjoji na cikin layi, yana haɗa su cikin lissafin kuɗi.

6. Kimantawa & Sakamako

An kimanta binciken akan sabon tarin tare 10,000 na ainihin tambayoyi-amsoshi daga APIs na kasuwanci na GraphQL guda biyu (GitHub da API na kamfani mai zaman kansa).

Taƙaitaccen Sakamako Mai Muhimmanci

  • Daidaito: Iyakokin sama da aka samo sun kasance masu matsi akai-akai idan aka kwatanta da ainihin girman amsa. Ga fiye da kashi 95% na tambayoyi, iyakar ta kasance cikin factor 2x na ainihin kuɗin, yana mai da shi mai yiwuwa don iyakance ƙimar.
  • Aiki: Lokacin bincike ba shi da mahimmanci (<1ms kowace tambaya), yana tabbatar da yuwuwar sarrafa buƙatu a cikin layi.
  • Fa'idar Kwatankwacin: Akasin haka, binciken tsaye maras hankali ya nuna rashin daidaito mai tsanani—kimantawa da ya wuce kima ta hanyar oda-oda don sauƙaƙan tambayoyi da rashin kimantawa mai haɗari don tambayoyin jerin abubuwa masu zurfi.

Fassarar Jadawali (Ra'ayi): Zanen zane-zane zai nuna ƙaƙƙarfan alaƙa mai kyau, layi mai kyau tsakanin Iyakar Sama da aka Lissafa (x-axis) da Ainihin Girman Amsa/Lokaci (y-axis) don hanyar da aka tsara, tare da maki da suka taru kusa da layin y=x. Maki don hanyar maras hankali za su kasance masu watsewa sosai, nesa da wannan layin.

7. Misalin Tsarin Bincike

Yanayi: API na blog tare da tambaya don samun posts da sharhinsu.

Saitin Tsari:

type Query {
  posts(limit: Int = 10): [Post!]!  # weight = 'limit' argument
}
type Post {
  title: String!
  comments(limit: Int = 5): [Comment!]! # weight = 'limit' argument
}
type Comment { text: String! }

Tambaya:

query {
  posts(limit: 2) {
    title
    comments(limit: 3) {
      text
    }
  }
}

Lissafin Kuɗi (Da Hannu):

  • Girman jerin tushen `posts`: 2 (daga hujjar `limit`).
  • Ga kowane `Post`, girman jerin `comments` mai zurfi: 3.
  • Iyakar Sama na Kudin Uwar garken ($C_s$): $2 \times (1_{title} + 3 \times 1_{text}) = 2 \times 4 = 8$ kiran warwarewa.
  • Iyakar Sama na Girman Amsa ($C_r$): $2_{posts} \times (1_{title} + 3_{comments}) = 8$ abubuwan JSON.

Binciken yana ziyartar tambayar sau ɗaya, yana amfani da waɗannan ƙa'idodin ninkawa, yana isa ga iyakar 8.

8. Aikace-aikace na Gaba & Hanyoyi

Binciken kuɗi na ka'ida ya buɗe hanyoyi da yawa:

  • Iyakance Ƙimar Daidaitawa & Farashi: Matsa daga ƙirar farashi na tushen kuɗi (kamar AWS CloudWatch Logs Insights), inda abokan ciniki suka biya don sarƙaƙiyar lissafi, ba kawai kiran API ba.
  • Ingantawa & Tsara Tambaya: Haɗa tare da masu tsara tambayar bayanai (misali, PostgreSQL, MongoDB) don GraphQL, kamar yadda masu inganta SQL ke amfani da kimanta kuɗi, kamar yadda aka bincika a cikin ayyuka kamar Hasura.
  • Ƙirar Tsari Mai Ƙarfafawa: Kayan aiki don duba tsare-tsaren GraphQL yayin haɓakawa don raunin DoS, yana ba da shawarar iyakokin shafin ko iyakance zurfi, kama da ƙa'idodin ESLint don tsaro.
  • Binciken Kudin GraphQL Tarayya: Faɗaɗa ƙirar don kimanta kuɗi a cikin tsarin tarayya (Apollo Federation), inda tambayoyi suka mamaye ƙananan jadawali da yawa, babban ƙalubale da ƙungiyar injiniyan Apollo ta lura.
  • Haɗaɗɗiyar Koyon Injin: Yi amfani da bayanan tambaya/amsa na tarihi don koyo da ingantawa sigogin `nauyi` don filayen ta atomatik, matsawa daga saitawa na tsaye zuwa ƙirar kuɗi mai motsi, mai tuƙi da bayanai.

9. Nassoshi

  1. Hartig, O., & Pérez, J. (2018). Ma'ana da Sarƙaƙiyar GraphQL. Proceedings of the World Wide Web Conference (WWW).
  2. Facebook. (2021). Ƙayyadaddun GraphQL. https://spec.graphql.org/
  3. Wittern, E., Cha, A., Davis, J. C., et al. (2019). Nazarin Gwaji na Tsare-tsaren GraphQL da Tasirin Tsaronsu. ICSE SEIP.
  4. Gidauniyar GraphQL. (2022). Kayan Aikin Binciken Sarƙaƙiyar GraphQL.
  5. GitHub. (2023). Takaddun API na GraphQL na GitHub. https://docs.github.com/en/graphql
  6. Isola, P., Zhu, J., Zhou, T., & Efros, A. A. (2017). Fassarar Hotuna-zuwa-Hoto tare da Cibiyoyin Adawa na Sharadi (CycleGAN). CVPR.

10. Bincike na Kwararru & Zargi

Babban Haske

Wannan takarda ba wani kayan aiki ne kawai na GraphQL ba; shine gyaran ginshiƙi ga babban gazawar kasuwa. Masana'antu sun kasance suna karɓar GraphQL a makance don fa'idodin ƙwarewar mai haɓakawa yayin da suke ƙin yin watsi da bayanin haɗarinsa na tsarin. Marubutan sun gano daidai cewa ainihin ƙimar bayar da GraphQL—siffofin bayanai da abokan ciniki suka ƙayyade—shi ma ita ce rauninsa ga masu aiki. Ayyukansu sun ba da "mai karya kewayawa" na farko na lissafi don abin da in ba haka ba shine ƙirar cin amfanin albarkatun lissafi mara iyaka.

Kwararar Hankali

Hujjar ta ci gaba da daidaitaccen tiyata: (1) Kafa barazanar wanzuwa (kudin tambaya mai yawa). (2) Rushe mafita na yanzu a matsayin ko dai maras amfani (mai motsi) ko kuma maras hankali mai haɗari (ƙidaya mai sauƙi). (3) Kafa sabon tushe tare da ma'ana na yau da kullun—wannan yana da mahimmanci, saboda ƙayyadaddun GraphQL na yau da kullun ya kasance tushen karkatar da aiwatarwa da rauni. (4) Gina algorithm na lokaci-layin akan wannan ginshiƙi. (5) Tabbatar da ba akan misalan wasan yara ba, amma akan tambayoyi na gaske 10,000 daga APIs na kasuwanci. Wannan ci gaban yayi kama da mafi kyawun ayyuka a cikin binciken tsarin, mai kama da ƙaƙƙarfan tsari a bayan kayan aiki masu nasara kamar Z3 SMT solver ko LLVM compiler infrastructure.

Ƙarfi & Kurakurai

Ƙarfi: Tabbacin gaskiya na yau da kullun shine kambin rawanin. A cikin fagen da ke cike da mafita na dabara, wannan yana ba da amincin da ba za a iya musantawa ba. Sarƙaƙiyar lokaci-layin yana sa a iya turawa a cikin ƙofofin ainihin lokaci—wani buƙatu marar sasantawa. Kimantawa akan bayanan ainihin duniya daga GitHub yana da gamsarwa kuma yana magance "yana aiki a cikin dakin gwaje-gwaje" kai tsaye.

Kurakurai Masu Muhimmanci & Gibi: Daidaiton binciken ya dogara gaba ɗaya akan ingancin ma'auni na ma'auni (misali, girman jerin na asali). Takardar ta yi watsi da yadda ake samun waɗannan daidai. Ma'auni mara kyau yana sa "iyakar da aka tabbatar da ita" ta zama mara amfani a aikace. Na biyu, tana ɗauka cewa kudaden warwarewa masu ƙari ne kuma masu zaman kansu. Wannan yana rushewa don bayan gida masu sarƙaƙi inda ake iya inganta ɗaukar bayanan da ke da alaƙa (misali, posts na mai amfani da abokai) ta hanyar haɗuwa—batu da aka fahimta sosai a cikin wallafe-wallafen bayanai. Ƙirar tana haɗarin kimanta kuɗi da ya wuce kima don bayan gida da aka inganta, mai yuwuwar takaita tambayoyin halatta. A ƙarshe, ba ta magance canje-canje masu yanayi ba, inda kuɗi ba kawai game da girman bayanai ba ne amma tasirin gefe (misali, aika imel, cajin katunan bashi).

Hasashe Masu Aiki

Ga Masu Samar da API (Yau): Aiwatar da wannan binciken nan da nan azaman tacewa kafin aiwatarwa. Fara da iyakoki masu ra'ayin mazan jiya da saitin sauki da aka zayyana. Daidaiton 2x da aka nuna ya wadatar don iyakance ƙimar farko don dakile hare-haren DoS.

Ga Tsarin GraphQL: Ya kamata Gidauniyar GraphQL ta daidaita sintax ɗin bayanin kula na tsari don alamun kuɗi (misali, `@cost(weight: 5, multiplier: "argName")`), kama da umarnin `@deprecated`. Wannan zai motsa saiti daga fayiloli na waje zuwa cikin tsarin kanta, yana inganta kula.

Ga Masu Bincike: Gaba gaba shine kimanta kuɗi na tushen koyo Yi amfani da ƙirar na yau da kullun a matsayin na baya, amma inganta ma'auni ta amfani da telemetry daga samarwa, kamar yadda masu inganta bayanai (kamar na PostgreSQL) ke amfani da ƙididdiga da aka tattara. Ƙari ga haka, haɗa tare da gano bayan gida (OpenTelemetry) don danganta ainihin jinkirin warwarewa ga siffofin tambaya, rufe madauki tsakanin hasashen tsaye da gaskiyar motsi. Manufa ta ƙarshe ita ce ƙirar kuɗi mai daidaitawa da daidaito kamar waɗanda ake amfani da su a cikin masu tarawa na baya-bayan nan kamar Injin V8 na Google don JavaScript.

A ƙarshe, wannan takarda tana ba da ginshiƙi mai mahimmanci, da ya ɓace don balagaggen aikin GraphQL. Yana canza tsarin daga mayar da martani mai ƙonewa zuwa sarrafa haɗari mai ƙarfafawa. Duk da yake ba maganin duka ba ne, shine mafi mahimmancin mataki har yanzu don sanya ikon GraphQL ya zama lafiya don cin abinci na girman kamfani.