graph_attack 2.0.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 71a5e6c0ce41ca59713a49108f5ebcc3a579aefcd1e95273c495a5ae1e4fd6f6
-  data.tar.gz: 5430e07ebf58ac5b9addbe8b397f6fd832fa56091112136f8ce972cd2e1fe0aa
+  metadata.gz: 8e7c2758ed10d1304e998ecdfb980897aec795513e69eaef79cfcc7b0d42b76f
+  data.tar.gz: 286c11e9c2dea795607c3c35d4b662254609ae71b89f3e6d6a17729578900132
 SHA512:
-  metadata.gz: cef61dfd8f249877fcdbd6ae1962b6678efd280ef415989d6abe22ebb7e8db68dd164ce47ecce610548ac13352471044741c0bf6918ca050dc2193a5178ab5af
-  data.tar.gz: fdf832b9e228ccbf8aa66777f2f9334a7c32a25a5435e6017e0ac8073c7c636cd21dc06f0416a8abbf9f063ff30f64f209d55d9979e2eeea27fd7dff4f1ffe84
+  metadata.gz: 0ffe6fd28792ec03d9592ac3caf36268dba9c4710cefbe1ab9f4f3913eaf45f610beebaa6a7a183e4593b1e447ae69fd93df4094815231d15dae1b72c6fa1e59
+  data.tar.gz: 4e38c3c995f9efe86991d237d27c1b1c0ccc984d4b7870acb3fbd24f204e80881edd337211f47d705919556a3467db08836581982a68b5345f7edd4a2fc2e5d4

data/.rubocop.yml

@@ -34,6 +34,13 @@ Gemspec/RequiredRubyVersion:
 Metrics/MethodLength:
   Max: 15
 
+# Limit line length.
+Layout/LineLength:
+  Max: 80
+  Exclude:
+    - bin/rake
+    - bin/rubocop
+
 # Allow ASCII comments (e.g "…").
 Style/AsciiComments:
   Enabled: false
@@ -102,64 +109,3 @@ Style/RedundantRegexpEscape:
 
 Style/SlicingWithRange:
   Enabled: true
-
-Gemspec/DateAssignment: # (new in 1.10)
-  Enabled: true
-Layout/SpaceBeforeBrackets: # (new in 1.7)
-  Enabled: true
-Lint/AmbiguousAssignment: # (new in 1.7)
-  Enabled: true
-Lint/DeprecatedConstants: # (new in 1.8)
-  Enabled: true
-Lint/DuplicateBranch: # (new in 1.3)
-  Enabled: true
-Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1)
-  Enabled: true
-Lint/EmptyBlock: # (new in 1.1)
-  Enabled: true
-Lint/EmptyClass: # (new in 1.3)
-  Enabled: true
-Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
-  Enabled: true
-Lint/NoReturnInBeginEndBlocks: # (new in 1.2)
-  Enabled: true
-Lint/NumberedParameterAssignment: # (new in 1.9)
-  Enabled: true
-Lint/OrAssignmentToConstant: # (new in 1.9)
-  Enabled: true
-Lint/RedundantDirGlobSort: # (new in 1.8)
-  Enabled: true
-Lint/SymbolConversion: # (new in 1.9)
-  Enabled: true
-Lint/ToEnumArguments: # (new in 1.1)
-  Enabled: true
-Lint/TripleQuotes: # (new in 1.9)
-  Enabled: true
-Lint/UnexpectedBlockArity: # (new in 1.5)
-  Enabled: true
-Lint/UnmodifiedReduceAccumulator: # (new in 1.1)
-  Enabled: true
-Style/ArgumentsForwarding: # (new in 1.1)
-  Enabled: true
-Style/CollectionCompact: # (new in 1.2)
-  Enabled: true
-Style/DocumentDynamicEvalDefinition: # (new in 1.1)
-  Enabled: true
-Style/EndlessMethod: # (new in 1.8)
-  Enabled: true
-Style/HashConversion: # (new in 1.10)
-  Enabled: true
-Style/HashExcept: # (new in 1.7)
-  Enabled: true
-Style/IfWithBooleanLiteralBranches: # (new in 1.9)
-  Enabled: true
-Style/NegatedIfElseCondition: # (new in 1.2)
-  Enabled: true
-Style/NilLambda: # (new in 1.3)
-  Enabled: true
-Style/RedundantArgument: # (new in 1.4)
-  Enabled: true
-Style/StringChars: # (new in 1.12)
-  Enabled: true
-Style/SwapValues: # (new in 1.1)
-  Enabled: true

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 unreleased
 ----------
 
+v2.2.0
+------
+
+Feature:
+- Skip throttling when rate limited field is nil (#19)
+
+v2.1.0
+------
+
+Feature:
+- Add support to custom rate limited context key with the `on:` option.
+
 v2.0.0
 ------
 

data/README.md

@@ -1,6 +1,6 @@
 # GraphAttack
 
-[![CircleCI](https://circleci.com/gh/sunny/graph_attack.svg?style=svg)](https://circleci.com/gh/sunny/graph_attack)
+[![Build Status](https://app.travis-ci.com/sunny/graph_attack.svg?branch=main)](https://app.travis-ci.com/sunny/graph_attack)
 
 GraphQL analyser for blocking & throttling.
 
@@ -58,24 +58,38 @@ class GraphqlController < ApplicationController
 end
 ```
 
+If that key is `nil`, throttling will be disabled.
+
 ## Configuration
 
-Use a custom Redis client instead of the default:
+### Custom context key
+
+If you want to throttle using a different value than the IP address, you can
+choose which context key you want to use with the `on` option. E.g.:
 
 ```rb
-  field :some_expensive_field, String, null: false do
-    extension GraphAttack::RateLimit,
-              threshold: 15,
-              interval: 60,
-              redis_client: Redis.new(url: "…")
-  end
+extension GraphAttack::RateLimit,
+          threshold: 15,
+          interval: 60,
+          on: :client_id
+```
+
+### Custom Redis client
+
+Use a custom Redis client instead of the default with the `redis_client` option:
+
+```rb
+extension GraphAttack::RateLimit,
+          threshold: 15,
+          interval: 60,
+          redis_client: Redis.new(url: "…")
 ```
 
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake` to run the tests and the linter. You can also run `bin/console` for an
-interactive prompt that will allow you to experiment.
+`bin/rake` to run the tests and the linter. You can also run `bin/console` for
+an interactive prompt that will allow you to experiment.
 
 ## Versionning
 
@@ -84,10 +98,18 @@ see the tags on this repository.
 
 ## Releasing
 
-To release a new version, update the version number in `version.rb`, commit,
-and then run `bin/rake release`, which will create a git tag for the version,
-push git commits and tags, and push the gem to
-[rubygems.org](https://rubygems.org).
+To release a new version, update the version number in `version.rb` and in the
+`CHANGELOG.md`. Update the `README.md` if there are missing segments, make sure
+tests and linting are pristine by calling `bundle && bin/rake`, then create a
+commit for this version, for example with:
+
+```sh
+git add .
+git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
+```
+
+You can then run `bin/rake release`, which will assign a git tag, push using
+git, and push the gem to [rubygems.org](https://rubygems.org).
 
 ## Contributing
 
@@ -110,8 +132,8 @@ file for details.
 
 ## Authors
 
-- **Fanny Cheung** - [KissKissBankBank](https://github.com/KissKissBankBank)
-- **Sunny Ripert** - [KissKissBankBank](https://github.com/KissKissBankBank)
+- [Fanny Cheung](https://github.com/Ynote) — [ynote.hk](https://ynote.hk)
+- [Sunny Ripert](https://github.com/sunny) — [sunfox.org](https://sunfox.org)
 
 ## Acknowledgments
 

data/graph_attack.gemspec

@@ -44,11 +44,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec_junit_formatter', '~> 0.3'
 
   # Ruby code linter.
-  spec.add_development_dependency 'rubocop', '~> 1.1'
+  spec.add_development_dependency 'rubocop', '~> 1.33.0'
 
   # RSpec extension for RuboCop.
-  spec.add_development_dependency 'rubocop-rspec', '~> 2.2'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.12.1'
 
   # Rake extension for RuboCop
-  spec.add_development_dependency 'rubocop-rake'
+  spec.add_development_dependency 'rubocop-rake', '~> 0.6.0'
 end

data/lib/graph_attack/rate_limit.rb

@@ -3,10 +3,16 @@
 module GraphAttack
   class RateLimit < GraphQL::Schema::FieldExtension
     def resolve(object:, arguments:, **_rest)
-      ip = object.context[:ip]
-      raise GraphAttack::Error, 'Missing :ip value on the GraphQL context' unless ip
+      rate_limited_field = object.context[rate_limited_key]
 
-      return RateLimited.new('Query rate limit exceeded') if calls_exceeded_on_query?(ip)
+      unless object.context.key?(rate_limited_key)
+        raise GraphAttack::Error,
+              "Missing :#{rate_limited_key} key on the GraphQL context"
+      end
+
+      if rate_limited_field && calls_exceeded_on_query?(rate_limited_field)
+        return RateLimited.new('Query rate limit exceeded')
+      end
 
       yield(object, arguments)
     end
@@ -14,17 +20,16 @@ module GraphAttack
     private
 
     def key
-      "graphql-query-#{field.name}"
+      on = "-#{options[:on]}" if options[:on]
+
+      "graphql-query-#{field.name}#{on}"
     end
 
-    def calls_exceeded_on_query?(ip)
-      rate_limit = Ratelimit.new(ip, redis: redis_client)
+    def calls_exceeded_on_query?(rate_limited_field)
+      rate_limit = Ratelimit.new(rate_limited_field, redis: redis_client)
       rate_limit.add(key)
-      rate_limit.exceeded?(
-        key,
-        threshold: threshold,
-        interval: interval,
-      )
+
+      rate_limit.exceeded?(key, threshold: threshold, interval: interval)
     end
 
     def threshold
@@ -44,7 +49,11 @@ module GraphAttack
     end
 
     def redis_client
-      options[:redis_client] || Redis.current
+      options[:redis_client] || Redis.new
+    end
+
+    def rate_limited_key
+      options[:on] || :ip
     end
   end
 end

data/lib/graph_attack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphAttack
-  VERSION = '2.0.0'
+  VERSION = '2.2.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-05-05 00:00:00.000000000 Z
+date: 2022-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -101,42 +101,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: 1.33.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: 1.33.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: 2.12.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: 2.12.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.0
 description: GraphQL analyser for blocking & throttling
 email:
 - fanny@ynote.hk