apollo_upload_server 2.0.5 → 2.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 28de01ef8ade8b660d60ba6f27c259e47d53d680ebd5271025f6943b0829ed6e
-  data.tar.gz: 98879e0bb8bfe463b6174337eca9fe83269b7364e46642de3c067a198f2e9c07
+  metadata.gz: 295058d02fd7c1a31a61dd8e74d194637dd451404007bdc434d4488a314d92f1
+  data.tar.gz: f2473ad8f37131eb293ac05b6e98770cf516b2472c09bdeb97fe8cc2dd0df756
 SHA512:
-  metadata.gz: 22ce039d4b7962fd6494476c22da5a9de0f97779798584d376e59564895efec81af01848abc190d68a08191980ed99df04490ef3f2949f95b9f15c82a7052f05
-  data.tar.gz: 6902346ec482512cea834ada0acaafe8f3faf2e14bf150aa5459cfa82ccfc7d1c11d688bfaa6ee45f6dac72004b942bb4af600f48c050aa5fe3fb0cbb6ee080a
+  metadata.gz: be95ceec730a81dbdc9bc3ce9b1e0e3c95342cfb7ce9cdd0902bc3bf538ce693c8100964792773dc594bcb36ba7486d08e55fad4e11bc3d2eec0bc7057642a62
+  data.tar.gz: 5683e72d706155e0a69723d2423dcb36f5894b8824dd71d42efa83c0dc93c5d479d7a2f91b80a0a63737e974de1974fe0079f3bd3911650c279a43d4450a8da6

data/Gemfile.lock

@@ -1,122 +1,26 @@
 PATH
   remote: .
   specs:
-    apollo_upload_server (2.0.0.beta.3)
+    apollo_upload_server (2.1.2)
+      activesupport (>= 7.0.3.1)
       graphql (>= 1.8)
-      rails (>= 4.2)
+      rack (>= 2.2.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      nio4r (~> 2.0)
-      websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      activejob (= 6.0.2.2)
-      activerecord (= 6.0.2.2)
-      activestorage (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
-      mail (>= 2.7.1)
-    actionmailer (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      actionview (= 6.0.2.2)
-      activejob (= 6.0.2.2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (6.0.2.2)
-      actionview (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
-      rack (~> 2.0, >= 2.0.8)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      activerecord (= 6.0.2.2)
-      activestorage (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
-      nokogiri (>= 1.8.5)
-    actionview (6.0.2.2)
-      activesupport (= 6.0.2.2)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.2.2)
-      activesupport (= 6.0.2.2)
-      globalid (>= 0.3.6)
-    activemodel (6.0.2.2)
-      activesupport (= 6.0.2.2)
-    activerecord (6.0.2.2)
-      activemodel (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
-    activestorage (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      activejob (= 6.0.2.2)
-      activerecord (= 6.0.2.2)
-      marcel (~> 0.3.1)
-    activesupport (6.0.2.2)
+    activesupport (7.0.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    crass (1.0.6)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    concurrent-ruby (1.1.10)
     diff-lcs (1.3)
-    erubi (1.9.0)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    graphql (1.8.13)
-    i18n (1.8.2)
+    graphql (2.0.12)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    loofah (2.4.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    method_source (1.0.0)
-    mimemagic (0.3.4)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.0)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
-      mini_portile2 (~> 2.4.0)
-    rack (2.2.2)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (6.0.2.2)
-      actioncable (= 6.0.2.2)
-      actionmailbox (= 6.0.2.2)
-      actionmailer (= 6.0.2.2)
-      actionpack (= 6.0.2.2)
-      actiontext (= 6.0.2.2)
-      actionview (= 6.0.2.2)
-      activejob (= 6.0.2.2)
-      activemodel (= 6.0.2.2)
-      activerecord (= 6.0.2.2)
-      activestorage (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
-      bundler (>= 1.3.0)
-      railties (= 6.0.2.2)
-      sprockets-rails (>= 2.0.0)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (6.0.2.2)
-      actionpack (= 6.0.2.2)
-      activesupport (= 6.0.2.2)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
+    minitest (5.16.2)
+    rack (2.2.4)
     rake (13.0.1)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
@@ -131,21 +35,8 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
     rspec-support (3.8.0)
-    sprockets (4.0.0)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    websocket-driver (0.7.1)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.4)
-    zeitwerk (2.3.0)
 
 PLATFORMS
   ruby
@@ -157,4 +48,4 @@ DEPENDENCIES
   rspec (~> 3.5)
 
 BUNDLED WITH
-   2.1.4
+   2.3.17

data/README.md

@@ -4,12 +4,13 @@ Middleware which allows you to upload files using [graphql-ruby](https://github.
 
 Note: this implementation uses [v2 of the GraphQL multipart request spec](https://github.com/jaydenseric/graphql-multipart-request-spec/tree/v2.0.0-alpha.2), so you should use apollo-upload-client library >= v7.0.0-alpha.3. If you need support for [v1 of the GraphQL multipart request spec](https://github.com/jaydenseric/graphql-multipart-request-spec/tree/v1.0.0), you must
 use [version 1.0.0](https://github.com/jetruby/apollo_upload_server-ruby/tree/1.0.0) of this gem.
+
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'apollo_upload_server', '2.0.5'
+gem 'apollo_upload_server', '2.1'
 ```
 
 And then execute:
@@ -24,12 +25,45 @@ Middleware will be used automatically.
 
 Gem adds custom `Upload` type to your GraphQL types.
 Use `ApolloUploadServer::Upload` type for your file as input field:
+
 ```ruby
   input_field :file, ApolloUploadServer::Upload
 ```
 
 That's all folks!
 
+## Configuration
+
+The following configuration options are supported:
+
+### Strict Mode
+
+This can be set on `ApolloUploadServer::Middleware`:
+
+```ruby
+ApolloUploadServer::Middleware.strict_mode = true
+```
+
+Doing so ensures that all mapped array values are present in the input. If this
+is set to `true`, then for following request:
+
+```json
+{
+  "operations": {
+    "query": "mutation { ... }",
+    "operationName": "SomeOperation",
+    "variables": {
+      "input": { "id": "123", "avatars": [null, null] }
+    }
+  }
+}
+```
+
+A mapping for `variables.input.avatars.0` or `variables.input.avatars.1`, will work, but one for
+`variables.input.avatars.100` will not, and will raise an error.
+
+In strict mode, passing empty destination arrays will always fail.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/jetruby/apollo_upload_server-ruby. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
@@ -43,6 +77,7 @@ The gem is available as open source under the terms of the [MIT License](https:/
 Everyone interacting in the ApolloUploadServer project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/jetruby/apollo_upload_server-ruby/blob/master/CODE_OF_CONDUCT.md).
 
 ## About JetRuby
+
 ApolloUploadServer is maintained and founded by JetRuby Agency.
 
 We love open source software!

data/apollo_upload_server.gemspec

@@ -18,8 +18,9 @@ Gem::Specification.new do |spec|
   end
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'actionpack', '>= 4.2'
+  spec.add_dependency 'rack', '>= 2.2.1'
   spec.add_dependency 'graphql', '>= 1.8'
+  spec.add_dependency 'activesupport', '>= 7.0.3.1'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
   spec.add_development_dependency 'rake', '~> 13.0'

data/lib/apollo_upload_server/graphql_data_builder.rb

@@ -5,6 +5,12 @@ require 'apollo_upload_server/wrappers/uploaded_file'
 
 module ApolloUploadServer
   class GraphQLDataBuilder
+    OutOfBounds = Class.new(ArgumentError)
+
+    def initialize(strict_mode: false)
+      @strict_mode = strict_mode
+    end
+
     def call(params)
       operations = safe_json_parse(params['operations'])
       file_mapper = safe_json_parse(params['map'])
@@ -36,17 +42,26 @@ module ApolloUploadServer
 
     def multiple_transformation(file_mapper, operations, params)
       operations = operations.dup
+
       file_mapper.each do |file_index, paths|
         paths.each do |path|
           splited_path = path.split('.')
           # dig from second to penultimate key, and merge last key with value as file to operation with first key index
           field = operations[splited_path.first.to_i].dig(*splited_path[1..-2])
+
           assign_file(field, splited_path, params[file_index])
         end
       end
       operations
     end
 
+    def verify_array_index!(path, index, size)
+      return unless @strict_mode
+      return if 0 <= index && index < size
+
+      raise OutOfBounds, "Path #{path.join('.')} maps to out-of-bounds index: #{index}"
+    end
+
     def safe_json_parse(data)
       JSON.parse(data)
     rescue JSON::ParserError
@@ -73,8 +88,18 @@ module ApolloUploadServer
       if field.is_a? Hash
         field.merge!(splited_path.last => wrapped_file)
       elsif field.is_a? Array
-        field[splited_path.last.to_i] = wrapped_file
+        index = parse_array_index(splited_path)
+        verify_array_index!(splited_path, index, field.size)
+        field[index] = wrapped_file
       end
     end
+
+    def parse_array_index(path)
+      return path.last.to_i unless @strict_mode
+
+      Integer(path.last)
+    rescue ArgumentError
+      raise OutOfBounds, "Not a valid path to an array value: #{path.join('.')}"
+    end
   end
 end

data/lib/apollo_upload_server/middleware.rb

@@ -1,7 +1,16 @@
 require 'apollo_upload_server/graphql_data_builder'
+require "active_support/configurable"
+require 'rack'
 
 module ApolloUploadServer
   class Middleware
+    include ActiveSupport::Configurable
+
+    # Strict mode requires that all mapped files are present in the mapping arrays.
+    config_accessor :strict_mode do
+      false
+    end
+
     def initialize(app)
       @app = app
     end
@@ -11,11 +20,11 @@ module ApolloUploadServer
         return @app.call(env)
       end
 
-      request = ActionDispatch::Request.new(env)
+      request = Rack::Request.new(env)
       params = request.params
 
       if params['operations'].present? && params['map'].present?
-        result = GraphQLDataBuilder.new.call(request.params)
+        result = GraphQLDataBuilder.new(strict_mode: self.class.strict_mode).call(request.params)
         result&.each do |key, value|
           request.update_param(key, value)
         end

data/lib/apollo_upload_server/version.rb

@@ -1,3 +1,3 @@
 module ApolloUploadServer
-  VERSION = '2.0.5'.freeze
+  VERSION = '2.1.2'.freeze
 end

data/lib/apollo_upload_server/wrappers/uploaded_file.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 require 'delegate'
-require 'action_dispatch/http/upload'
+require 'rack'
 
 module ApolloUploadServer
   module Wrappers
-    class UploadedFile < DelegateClass(::ActionDispatch::Http::UploadedFile)
+    class UploadedFile < DelegateClass(Rack::Multipart::UploadedFile)
       def initialize(wrapped_foo)
         super
       end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: apollo_upload_server
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.1.2
 platform: ruby
 authors:
 - JetRuby
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-02 00:00:00.000000000 Z
+date: 2022-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: actionpack
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: 2.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: 2.2.1
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.3.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -125,8 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 3.3.15
 signing_key:
 specification_version: 4
 summary: Middleware which allows you to upload files using graphql and multipart/form-data.