graph_attack 1.1.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a15c0b11d8e25c73943da6bf70907df378deb42c
-  data.tar.gz: 25e5f9f166d1bb010eee56c7e595b126fe05b748
+SHA256:
+  metadata.gz: de17498105231eb4dd5b5135cf8e7683680cafc409a66acf6fddbaa6f6735b36
+  data.tar.gz: 60308e8ccff6fb80b4b5013975f9ea4903cb037b16997030635ace4557211f17
 SHA512:
-  metadata.gz: ef5a10ecbc9cbe51553bce3936cdbee0eb3ff67bfee7b8f423bd91f2d9a7a012d6b615d2c961f16f1e5366f537ec60ba13ad5264d4141bfaca7a5fc3b25db6c4
-  data.tar.gz: 542014545b679ea08d44c59ec07df312f31be870d02edb88d3d6bb559948ced10ea9d566b09a7aa1e5ccd028642b230b2ebf6097b337d40108a4fbec1cb9c364
+  metadata.gz: 41706b8ea7768bf2d3220c6803f91c29a20640b177c8c443cf64a3462310dd939d4dfa92ffd2fd9f874bd6f256e50031ffbf893f5f4a58846fd7299191e12169
+  data.tar.gz: 873abb6b86cb16f3575cff878cd2be3d0c47723b472b2949a6f4c0f9c6164996fa3b72142ce3e74a71952c5da89eac400a346a43607f174fa2e28862c5dd8d57

data/.circleci/config.yml

@@ -6,7 +6,7 @@ version: 2
 jobs:
   build:
     docker:
-       - image: circleci/ruby:2.4.1-node-browsers
+       - image: circleci/ruby:2.7.3
        - image: redis
 
     working_directory: ~/repo
@@ -17,19 +17,16 @@ jobs:
       # Download and cache dependencies
       - restore_cache:
           keys:
-          - v1-dependencies-{{ checksum "graph_attack.gemspec" }}
-          # fallback to using the latest cache if no exact match is found
-          - v1-dependencies-
+          - v2-dependencies-{{ checksum "graph_attack.gemspec" }}
+          - v2-dependencies-
 
-      - run:
-          name: install dependencies
-          command: |
-            bundle install --jobs=4 --retry=3 --path vendor/bundle
+      - run: gem install bundler:2.0.2
+      - run: bundle install --jobs=4 --retry=3 --path vendor/bundle
 
       - save_cache:
           paths:
             - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "graph_attack.gemspec" }}
+          key: v2-dependencies-{{ checksum "graph_attack.gemspec" }}
 
       # Run tests!
       - run:

data/.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 3
+  rebase-strategy: disabled

data/.rubocop.yml

@@ -1,6 +1,11 @@
+require:
+  - rubocop-rspec
+  - rubocop-rake
+
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
   DisplayCopNames: true
+  NewCops: enable
 
 # Do not sort gems in Gemfile, since we are grouping them by functionality.
 Bundler/OrderedGems:
@@ -22,20 +27,26 @@ Style/TrailingCommaInHashLiteral:
 Layout/MultilineMethodCallIndentation:
   EnforcedStyle: indented
 
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
 # Limit method length (default is 10).
 Metrics/MethodLength:
   Max: 15
 
-# Do not require `# frozen_string_literal: true` at the top of every file.
-FrozenStringLiteralComment:
-  Enabled: false
+# Limit line length.
+Layout/LineLength:
+  Max: 80
+  Exclude:
+    - bin/rake
+    - bin/rubocop
 
 # Allow ASCII comments (e.g "…").
 Style/AsciiComments:
   Enabled: false
 
 # Do not comment the class we create, since the name should be self explanatory.
-Documentation:
+Style/Documentation:
   Enabled: false
 
 # Do not verify the length of the blocks in specs.
@@ -43,15 +54,58 @@ Metrics/BlockLength:
   Exclude:
     - spec/**/*
 
-# Allow indenting multiline chained operations.
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-
 # Prefer `== 0`, `< 0`, `> 0` to `zero?`, `negative?` or `positive?`,
 # since they don't exist before Ruby 2.3 or Rails 5 and can be ambiguous.
 Style/NumericPredicate:
   EnforcedStyle: comparison
 
-# Allow shorter argument names like `ip`.
-Naming/UncommunicativeMethodParamName:
-  MinNameLength: 2
+# Allow more expectations per example (default 1).
+RSpec/MultipleExpectations:
+  Max: 5
+
+# Allow more group nesting (default 3)
+RSpec/NestedGroups:
+  Max: 5
+
+# Allow longer examples (default 5)
+RSpec/ExampleLength:
+  Max: 8
+
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
+Style/ExponentialNotation:
+  Enabled: true
+
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
+
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+
+Style/RedundantRegexpEscape:
+  Enabled: true
+
+Style/SlicingWithRange:
+  Enabled: true

data/.ruby-version

@@ -0,0 +1 @@
+2.7.5

data/.travis.yml

@@ -1,5 +1,7 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.4.1
-before_install: gem install bundler -v 1.16.1
+  - 2.7.5
+  - 3.1.2
+services:
+  - redis-server

data/CHANGELOG.md

@@ -1,6 +1,29 @@
 unreleased
 ----------
 
+v2.1.0
+------
+
+Feature:
+- Add support to custom rate limited context key with the `on:` option.
+
+v2.0.0
+------
+
+Breaking changes:
+- Drop support for GraphQL legacy schema, please use GraphQL::Ruby's class-based
+  syntax exclusively.
+
+Feature:
+- Support Ruby 3.
+
+v1.2.0
+------
+
+Feature:
+- New GraphAttack::RateLimit extension to be used in GraphQL::Ruby's class-based
+  syntax.
+
 v1.1.0
 ------
 

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }

data/README.md

@@ -1,26 +1,24 @@
 # GraphAttack
 
-[![CircleCI](https://circleci.com/gh/sunny/graph_attack.svg?style=svg)](https://circleci.com/gh/sunny/graph_attack)
+[![Build Status](https://app.travis-ci.com/sunny/graph_attack.svg?branch=main)](https://app.travis-ci.com/sunny/graph_attack)
 
 GraphQL analyser for blocking & throttling.
 
 ## Usage
 
-This gem adds a method to limit access to your GraphQL fields by IP:
+This gem adds a method to limit access to your GraphQL fields by IP address:
 
 ```rb
-QueryType = GraphQL::ObjectType.define do
-  name 'Query'
-
-  field :someExpensiveField do
-    rate_limit threshold: 15, interval: 60
-
-    # …
+class QueryType < GraphQL::Schema::Object
+  field :some_expensive_field, String, null: false do
+    extension GraphAttack::RateLimit, threshold: 15, interval: 60
   end
+
+  # …
 end
 ```
 
-This would allow only 15 calls per minute by the same IP.
+This would allow only 15 calls per minute by the same IP address.
 
 ## Requirements
 
@@ -29,11 +27,11 @@ of [Redis](https://redis.io/).
 
 ## Installation
 
-Add these lines to your application's `Gemfile`:
+Add these lines to your application’s `Gemfile`:
 
 ```ruby
 # GraphQL analyser for blocking & throttling by IP.
-gem 'graph_attack'
+gem "graph_attack"
 ```
 
 And then execute:
@@ -42,18 +40,8 @@ And then execute:
 $ bundle
 ```
 
-Add the query analyser to your schema:
-
-```rb
-ApplicationSchema = GraphQL::Schema.define do
-  query_analyzer GraphAttack::RateLimiter.new
-
-  # …
-end
-```
-
-Finally, make sure you add the current user's IP address as `ip:` to the
-GraphQL context:
+Finally, make sure you add the current user’s IP address as `ip:` to the
+GraphQL context. E.g.:
 
 ```rb
 class GraphqlController < ApplicationController
@@ -72,19 +60,34 @@ end
 
 ## Configuration
 
-Use a custom Redis client instead of the default:
+### Custom context key
+
+If you want to throttle using a different value than the IP address, you can
+choose which context key you want to use with the `on` option. E.g.:
+
+```rb
+extension GraphAttack::RateLimit,
+          threshold: 15,
+          interval: 60,
+          on: :client_id
+```
+
+### Custom Redis client
+
+Use a custom Redis client instead of the default with the `redis_client` option:
 
 ```rb
-query_analyzer GraphAttack::RateLimiter.new(
-  redis_client: Redis.new(url: "…")
-)
+extension GraphAttack::RateLimit,
+          threshold: 15,
+          interval: 60,
+          redis_client: Redis.new(url: "…")
 ```
 
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake` to run the tests and the linter. You can also run `bin/console` for an
-interactive prompt that will allow you to experiment.
+`bin/rake` to run the tests and the linter. You can also run `bin/console` for
+an interactive prompt that will allow you to experiment.
 
 ## Versionning
 
@@ -93,10 +96,18 @@ see the tags on this repository.
 
 ## Releasing
 
-To release a new version, update the version number in `version.rb`, commit,
-and then run `bundle exec rake release`, which will create a git tag for the
-version, push git commits and tags, and push the `.gem` file to
-[rubygems.org](https://rubygems.org).
+To release a new version, update the version number in `version.rb` and in the
+`CHANGELOG.md`. Update the `README.md` if there are missing segments, make sure
+tests and linting are pristine by calling `bundle && bin/rake`, then create a
+commit for this version, for example with:
+
+```sh
+git add .
+git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
+```
+
+You can then run `bin/rake release`, which will assign a git tag, push using
+git, and push the gem to [rubygems.org](https://rubygems.org).
 
 ## Contributing
 
@@ -109,18 +120,18 @@ the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 Everyone interacting in the GraphAttack project’s codebases, issue trackers,
 chat rooms and mailing lists is expected to follow the
-[code of conduct](https://github.com/sunny/graph_attack/blob/master/CODE_OF_CONDUCT.md).
+[code of conduct](https://github.com/sunny/graph_attack/blob/main/CODE_OF_CONDUCT.md).
 
 ## License
 
 This project is licensed under the MIT License - see the
-[LICENSE.md](https://github.com/sunny/graph_attack/blob/master/LICENSE.md)
+[LICENSE.md](https://github.com/sunny/graph_attack/blob/main/LICENSE.md)
 file for details.
 
 ## Authors
 
-- **Fanny Cheung** - [KissKissBankBank](https://github.com/KissKissBankBank)
-- **Sunny Ripert** - [KissKissBankBank](https://github.com/KissKissBankBank)
+- [Fanny Cheung](https://github.com/Ynote) — [ynote.hk](https://ynote.hk)
+- [Sunny Ripert](https://github.com/sunny) — [sunfox.org](https://sunfox.org)
 
 ## Acknowledgments
 

data/Rakefile

@@ -1,12 +1,12 @@
+# frozen_string_literal: true
+
 # Bundler
 require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
 
-# Rspec
+# RSpec
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 
-task default: :spec
 # Rubocop
 require 'rubocop/rake_task'
 RuboCop::RakeTask.new(:rubocop)

data/bin/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'bundler/setup'
 require 'graph_attack'

data/bin/rake

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+                                           Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path('bundle', __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rake', 'rake')

data/bin/rubocop

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rubocop' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+                                           Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path('bundle', __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rubocop', 'rubocop')

data/graph_attack.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'graph_attack/version'
@@ -12,6 +14,8 @@ Gem::Specification.new do |spec|
   spec.description = 'GraphQL analyser for blocking & throttling'
   spec.homepage = 'https://github.com/sunny/graph_attack'
 
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
   spec.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
@@ -19,6 +23,8 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
+  spec.required_ruby_version = ['>= 2.5.7', '< 3.2']
+
   # This gem is an analyser for the GraphQL ruby gem.
   spec.add_dependency 'graphql', '>= 1.7.9'
 
@@ -26,10 +32,10 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'ratelimit', '>= 1.0.3'
 
   # Loads local dependencies.
-  spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'bundler', '~> 2.0'
 
   # Development tasks runner.
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
 
   # Testing framework.
   spec.add_development_dependency 'rspec', '~> 3.0'
@@ -38,5 +44,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec_junit_formatter', '~> 0.3'
 
   # Ruby code linter.
-  spec.add_development_dependency 'rubocop', '~> 0.55'
+  spec.add_development_dependency 'rubocop', '~> 1.33.0'
+
+  # RSpec extension for RuboCop.
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.12.1'
+
+  # Rake extension for RuboCop
+  spec.add_development_dependency 'rubocop-rake', '~> 0.6.0'
 end

data/lib/graph_attack/error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  class Error < StandardError; end
+end

data/lib/graph_attack/rate_limit.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  class RateLimit < GraphQL::Schema::FieldExtension
+    def resolve(object:, arguments:, **_rest)
+      rate_limited_field = object.context[rate_limited_key]
+      unless rate_limited_field
+        raise GraphAttack::Error,
+              "Missing :#{rate_limited_key} value on the GraphQL context"
+      end
+
+      if calls_exceeded_on_query?(rate_limited_field)
+        return RateLimited.new('Query rate limit exceeded')
+      end
+
+      yield(object, arguments)
+    end
+
+    private
+
+    def key
+      on = "-#{options[:on]}" if options[:on]
+      "graphql-query-#{field.name}#{on}"
+    end
+
+    def calls_exceeded_on_query?(rate_limited_field)
+      rate_limit = Ratelimit.new(rate_limited_field, redis: redis_client)
+      rate_limit.add(key)
+      rate_limit.exceeded?(
+        key,
+        threshold: threshold,
+        interval: interval,
+      )
+    end
+
+    def threshold
+      options[:threshold] ||
+        raise(
+          GraphAttack::Error,
+          'Missing "threshold:" option on the GraphAttack::RateLimit extension',
+        )
+    end
+
+    def interval
+      options[:interval] ||
+        raise(
+          GraphAttack::Error,
+          'Missing "interval:" option on the GraphAttack::RateLimit extension',
+        )
+    end
+
+    def redis_client
+      options[:redis_client] || Redis.current
+    end
+
+    def rate_limited_key
+      options[:on] || :ip
+    end
+  end
+end

data/lib/graph_attack/rate_limited.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  class RateLimited < GraphQL::AnalysisError; end
+end

data/lib/graph_attack/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module GraphAttack
-  VERSION = '1.1.0'.freeze
+  VERSION = '2.1.0'
 end

data/lib/graph_attack.rb

@@ -1,7 +1,12 @@
-require 'graphql'
+# frozen_string_literal: true
+
 require 'ratelimit'
+require 'graphql'
 require 'graphql/tracing'
 
 require 'graph_attack/version'
-require 'graph_attack/rate_limiter'
-require 'graph_attack/metadata'
+
+# Class-based schema
+require 'graph_attack/error'
+require 'graph_attack/rate_limit'
+require 'graph_attack/rate_limited'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-18 00:00:00.000000000 Z
+date: 2022-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -45,28 +45,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -101,14 +101,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.55'
+        version: 1.33.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.55'
+        version: 1.33.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
 description: GraphQL analyser for blocking & throttling
 email:
 - fanny@ynote.hk
@@ -118,9 +146,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
@@ -129,15 +159,19 @@ files:
 - README.md
 - Rakefile
 - bin/console
+- bin/rake
+- bin/rubocop
 - bin/setup
 - graph_attack.gemspec
 - lib/graph_attack.rb
-- lib/graph_attack/metadata.rb
-- lib/graph_attack/rate_limiter.rb
+- lib/graph_attack/error.rb
+- lib/graph_attack/rate_limit.rb
+- lib/graph_attack/rate_limited.rb
 - lib/graph_attack/version.rb
 homepage: https://github.com/sunny/graph_attack
 licenses: []
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -146,15 +180,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.7
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: GraphQL analyser for blocking & throttling

data/lib/graph_attack/metadata.rb

@@ -1,4 +0,0 @@
-# Add custom field metadata
-GraphQL::Field.accepts_definitions(
-  rate_limit: GraphQL::Define.assign_metadata_key(:rate_limit),
-)

data/lib/graph_attack/rate_limiter.rb

@@ -1,95 +0,0 @@
-module GraphAttack
-  # Query analyser you can add to your GraphQL schema to limit calls by IP.
-  #
-  #     ApplicationSchema = GraphQL::Schema.define do
-  #       query_analyzer GraphAttack::RateLimiter.new
-  #     end
-  #
-  class RateLimiter
-    class Error < StandardError; end
-    class RateLimited < GraphQL::AnalysisError; end
-
-    def initialize(redis_client: Redis.new)
-      @redis_client = redis_client
-    end
-
-    def initial_value(query)
-      {
-        ip: query.context[:ip],
-        query_rate_limits: [],
-      }
-    end
-
-    def call(memo, visit_type, irep_node)
-      if rate_limited_node?(visit_type, irep_node)
-        data = rate_limit_data(irep_node)
-
-        memo[:query_rate_limits].push(data)
-
-        increment_rate_limit(memo[:ip], data[:key])
-      end
-
-      memo
-    end
-
-    def final_value(memo)
-      handle_exceeded_calls_on_queries(memo)
-    end
-
-    private
-
-    attr_reader :redis_client
-
-    def increment_rate_limit(ip, key)
-      raise Error, 'Missing :ip value on the GraphQL context' unless ip
-
-      rate_limit(ip).add(key)
-    end
-
-    def rate_limit_data(node)
-      data = node.definition.metadata[:rate_limit]
-
-      data.merge(
-        key: "graphql-query-#{node.name}",
-        query_name: node.name,
-      )
-    end
-
-    def handle_exceeded_calls_on_queries(memo)
-      rate_limited_queries = memo[:query_rate_limits].map do |limit_data|
-        next unless calls_exceeded_on_query?(memo[:ip], limit_data)
-
-        limit_data[:query_name]
-      end.compact
-
-      return unless rate_limited_queries.any?
-
-      queries = rate_limited_queries.join(', ')
-      RateLimited.new("Query rate limit exceeded on #{queries}")
-    end
-
-    def calls_exceeded_on_query?(ip, query_limit_data)
-      rate_limit(ip).exceeded?(
-        query_limit_data[:key],
-        threshold: query_limit_data[:threshold],
-        interval: query_limit_data[:interval],
-      )
-    end
-
-    def rate_limit(ip)
-      @rate_limit ||= {}
-      @rate_limit[ip] ||= Ratelimit.new(ip, redis: redis_client)
-    end
-
-    def rate_limited_node?(visit_type, node)
-      query_field_node?(node) &&
-        visit_type == :enter &&
-        node.definition.metadata[:rate_limit]
-    end
-
-    def query_field_node?(node)
-      node.owner_type.name == 'Query' &&
-        node.ast_node.is_a?(GraphQL::Language::Nodes::Field)
-    end
-  end
-end