apollo_upload_server 2.0.1 → 2.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7a070d39aa97744c62abedbf75bbec06bd61e58c7d521d12a552dd4630340a2f
-  data.tar.gz: b2f5ef879f42482fc0a812987f1ce75177785882f035b63a9c6c724b5b2456ea
+  metadata.gz: a93165fa220c06467d5073d0db5fc83e2e6f5a6350c959fbb4fc7cdb0efb24f2
+  data.tar.gz: 571fbe6aa0ee74c4352bfdb6332440c07c5c26a3a7c489d9c6de09b84a407477
 SHA512:
-  metadata.gz: 72535eb388bb89611bf5cfabc7861535142f7a4beec38ca90721f382fb01f1e89cec67d880ddf443c7ac1413cdf924895cac575d64ac823df8c2ba45d2e17ff7
-  data.tar.gz: 923a3379ffa900845fa8a1c21ad63894dc106cedf3df7f79ff3c50a4ae956993ac7591eccaa70392dbdddf95ef5445a974ec2112062080a273fb582e6c37417b
+  metadata.gz: 72274e29023925309d0e700a3a91bcd51d5ffe1e383d304809c0d4e3ada385a8942ec6670a137e1c4790a99176e6bd4d14dbf05faedcae1aec221cb63a41963e
+  data.tar.gz: 8582d1c6b9c5f69a5f79cc65585531a3ce31ec919b0e8652418a5d499119fd6742db14b1ac1a9033850ef8e8a8789019ba6aa3f0e1937ce35befc6aa549bae5d

data/Gemfile.lock

@@ -1,135 +1,72 @@
 PATH
   remote: .
   specs:
-    apollo_upload_server (2.0.0.beta.3)
+    apollo_upload_server (2.1.4)
+      actionpack (>= 6.1.6)
       graphql (>= 1.8)
-      rails (>= 4.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.2)
-      actionpack (= 5.2.2)
-      nio4r (~> 2.0)
-      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.2)
-      actionpack (= 5.2.2)
-      actionview (= 5.2.2)
-      activejob (= 5.2.2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.2.2)
-      actionview (= 5.2.2)
-      activesupport (= 5.2.2)
-      rack (~> 2.0)
+    actionpack (7.0.3.1)
+      actionview (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.2)
-      activesupport (= 5.2.2)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (7.0.3.1)
+      activesupport (= 7.0.3.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.2)
-      activesupport (= 5.2.2)
-      globalid (>= 0.3.6)
-    activemodel (5.2.2)
-      activesupport (= 5.2.2)
-    activerecord (5.2.2)
-      activemodel (= 5.2.2)
-      activesupport (= 5.2.2)
-      arel (>= 9.0)
-    activestorage (5.2.2)
-      actionpack (= 5.2.2)
-      activerecord (= 5.2.2)
-      marcel (~> 0.3.1)
-    activesupport (5.2.2)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activesupport (7.0.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    arel (9.0.0)
-    builder (3.2.3)
-    concurrent-ruby (1.1.4)
-    crass (1.0.5)
-    diff-lcs (1.3)
-    erubi (1.8.0)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    graphql (1.8.13)
-    i18n (1.5.3)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    builder (3.2.4)
+    concurrent-ruby (1.1.10)
+    crass (1.0.6)
+    diff-lcs (1.5.0)
+    erubi (1.11.0)
+    graphql (2.0.13)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    loofah (2.3.1)
+    loofah (2.18.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    method_source (0.9.2)
-    mimemagic (0.3.3)
-    mini_mime (1.0.1)
-    mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    nio4r (2.3.1)
-    nokogiri (1.10.5)
-      mini_portile2 (~> 2.4.0)
-    rack (2.0.8)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (5.2.2)
-      actioncable (= 5.2.2)
-      actionmailer (= 5.2.2)
-      actionpack (= 5.2.2)
-      actionview (= 5.2.2)
-      activejob (= 5.2.2)
-      activemodel (= 5.2.2)
-      activerecord (= 5.2.2)
-      activestorage (= 5.2.2)
-      activesupport (= 5.2.2)
-      bundler (>= 1.3.0)
-      railties (= 5.2.2)
-      sprockets-rails (>= 2.0.0)
+    mini_portile2 (2.8.0)
+    minitest (5.16.3)
+    nokogiri (1.13.8)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    racc (1.6.0)
+    rack (2.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.2)
-      actionpack (= 5.2.2)
-      activesupport (= 5.2.2)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rake (10.5.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    rails-html-sanitizer (1.4.3)
+      loofah (~> 2.3)
+    rake (13.0.6)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    sprockets (3.7.2)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    websocket-driver (0.7.0)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
 
 PLATFORMS
   ruby
@@ -137,8 +74,8 @@ PLATFORMS
 DEPENDENCIES
   apollo_upload_server!
   bundler (~> 2.1)
-  rake (~> 10.0)
+  rake (~> 13.0)
   rspec (~> 3.5)
 
 BUNDLED WITH
-   2.1.4
+   2.3.17

data/README.md

@@ -4,12 +4,13 @@ Middleware which allows you to upload files using [graphql-ruby](https://github.
 
 Note: this implementation uses [v2 of the GraphQL multipart request spec](https://github.com/jaydenseric/graphql-multipart-request-spec/tree/v2.0.0-alpha.2), so you should use apollo-upload-client library >= v7.0.0-alpha.3. If you need support for [v1 of the GraphQL multipart request spec](https://github.com/jaydenseric/graphql-multipart-request-spec/tree/v1.0.0), you must
 use [version 1.0.0](https://github.com/jetruby/apollo_upload_server-ruby/tree/1.0.0) of this gem.
+
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'apollo_upload_server', '2.0.0.beta.3'
+gem 'apollo_upload_server', '2.1'
 ```
 
 And then execute:
@@ -24,12 +25,45 @@ Middleware will be used automatically.
 
 Gem adds custom `Upload` type to your GraphQL types.
 Use `ApolloUploadServer::Upload` type for your file as input field:
+
 ```ruby
   input_field :file, ApolloUploadServer::Upload
 ```
 
 That's all folks!
 
+## Configuration
+
+The following configuration options are supported:
+
+### Strict Mode
+
+This can be set on `ApolloUploadServer::Middleware`:
+
+```ruby
+ApolloUploadServer::Middleware.strict_mode = true
+```
+
+Doing so ensures that all mapped array values are present in the input. If this
+is set to `true`, then for following request:
+
+```json
+{
+  "operations": {
+    "query": "mutation { ... }",
+    "operationName": "SomeOperation",
+    "variables": {
+      "input": { "id": "123", "avatars": [null, null] }
+    }
+  }
+}
+```
+
+A mapping for `variables.input.avatars.0` or `variables.input.avatars.1`, will work, but one for
+`variables.input.avatars.100` will not, and will raise an error.
+
+In strict mode, passing empty destination arrays will always fail.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/jetruby/apollo_upload_server-ruby. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
@@ -43,6 +77,7 @@ The gem is available as open source under the terms of the [MIT License](https:/
 Everyone interacting in the ApolloUploadServer project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/jetruby/apollo_upload_server-ruby/blob/master/CODE_OF_CONDUCT.md).
 
 ## About JetRuby
+
 ApolloUploadServer is maintained and founded by JetRuby Agency.
 
 We love open source software!

data/apollo_upload_server.gemspec

@@ -16,14 +16,12 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
-  spec.bindir        = 'bin'
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'rails', '>= 4.2'
+  spec.add_dependency 'actionpack', '>= 6.1.6'
   spec.add_dependency 'graphql', '>= 1.8'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.5'
 end

data/lib/apollo_upload_server/graphql_data_builder.rb

@@ -5,6 +5,12 @@ require 'apollo_upload_server/wrappers/uploaded_file'
 
 module ApolloUploadServer
   class GraphQLDataBuilder
+    OutOfBounds = Class.new(ArgumentError)
+
+    def initialize(strict_mode: false)
+      @strict_mode = strict_mode
+    end
+
     def call(params)
       operations = safe_json_parse(params['operations'])
       file_mapper = safe_json_parse(params['map'])
@@ -36,17 +42,26 @@ module ApolloUploadServer
 
     def multiple_transformation(file_mapper, operations, params)
       operations = operations.dup
+
       file_mapper.each do |file_index, paths|
         paths.each do |path|
           splited_path = path.split('.')
           # dig from second to penultimate key, and merge last key with value as file to operation with first key index
           field = operations[splited_path.first.to_i].dig(*splited_path[1..-2])
+
           assign_file(field, splited_path, params[file_index])
         end
       end
       operations
     end
 
+    def verify_array_index!(path, index, size)
+      return unless @strict_mode
+      return if 0 <= index && index < size
+
+      raise OutOfBounds, "Path #{path.join('.')} maps to out-of-bounds index: #{index}"
+    end
+
     def safe_json_parse(data)
       JSON.parse(data)
     rescue JSON::ParserError
@@ -73,8 +88,18 @@ module ApolloUploadServer
       if field.is_a? Hash
         field.merge!(splited_path.last => wrapped_file)
       elsif field.is_a? Array
-        field[splited_path.last.to_i] = wrapped_file
+        index = parse_array_index(splited_path)
+        verify_array_index!(splited_path, index, field.size)
+        field[index] = wrapped_file
       end
     end
+
+    def parse_array_index(path)
+      return path.last.to_i unless @strict_mode
+
+      Integer(path.last)
+    rescue ArgumentError
+      raise OutOfBounds, "Not a valid path to an array value: #{path.join('.')}"
+    end
   end
 end

data/lib/apollo_upload_server/middleware.rb

@@ -1,17 +1,29 @@
 require 'apollo_upload_server/graphql_data_builder'
+require "active_support/configurable"
 
 module ApolloUploadServer
   class Middleware
+    include ActiveSupport::Configurable
+
+    # Strict mode requires that all mapped files are present in the mapping arrays.
+    config_accessor :strict_mode do
+      false
+    end
+
     def initialize(app)
       @app = app
     end
 
     def call(env)
+      unless env['CONTENT_TYPE'].to_s.include?('multipart/form-data')
+        return @app.call(env)
+      end
+
       request = ActionDispatch::Request.new(env)
       params = request.params
 
-      if env['CONTENT_TYPE'].to_s.include?('multipart/form-data') && params['operations'].present? && params['map'].present?
-        result = GraphQLDataBuilder.new.call(request.params)
+      if params['operations'].present? && params['map'].present?
+        result = GraphQLDataBuilder.new(strict_mode: self.class.strict_mode).call(request.params)
         result&.each do |key, value|
           request.update_param(key, value)
         end

data/lib/apollo_upload_server/upload.rb

@@ -7,11 +7,9 @@ module ApolloUploadServer
     graphql_name "Upload"
 
     def self.coerce_input(value, _ctx)
-      value
-    end
+      return super if value.nil? || value.is_a?(::ApolloUploadServer::Wrappers::UploadedFile)
 
-    def self.coerce_result(value, _ctx)
-      value
+      raise GraphQL::CoercionError, "#{value.inspect} is not a valid upload"
     end
   end
 end

data/lib/apollo_upload_server/version.rb

@@ -1,3 +1,3 @@
 module ApolloUploadServer
-  VERSION = '2.0.1'.freeze
+  VERSION = '2.1.5'.freeze
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: apollo_upload_server
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.5
 platform: ruby
 authors:
 - JetRuby
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-21 00:00:00.000000000 Z
+date: 2022-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: 6.1.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: 6.1.6
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -83,9 +83,7 @@ dependencies:
 description: apollo-upload-server implementation for Ruby on Rails as middleware.
 email:
 - engineering@jetruby.com
-executables:
-- console
-- setup
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
@@ -112,7 +110,7 @@ homepage: https://github.com/jetruby/apollo_upload_server-ruby
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -127,9 +125,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
-signing_key: 
+rubygems_version: 3.3.23
+signing_key:
 specification_version: 4
 summary: Middleware which allows you to upload files using graphql and multipart/form-data.
 test_files: []