graph_attack 2.1.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de17498105231eb4dd5b5135cf8e7683680cafc409a66acf6fddbaa6f6735b36
-  data.tar.gz: 60308e8ccff6fb80b4b5013975f9ea4903cb037b16997030635ace4557211f17
+  metadata.gz: e5c8d6555e219c82d4a4120f699037145c83a8c6ab5d890aa0f7a75f9560db2c
+  data.tar.gz: da27f205db905e6a6b3c05dd34b50d4057908372c86bae9b53b8f7cb8ef86e09
 SHA512:
-  metadata.gz: 41706b8ea7768bf2d3220c6803f91c29a20640b177c8c443cf64a3462310dd939d4dfa92ffd2fd9f874bd6f256e50031ffbf893f5f4a58846fd7299191e12169
-  data.tar.gz: 873abb6b86cb16f3575cff878cd2be3d0c47723b472b2949a6f4c0f9c6164996fa3b72142ce3e74a71952c5da89eac400a346a43607f174fa2e28862c5dd8d57
+  metadata.gz: 81506f5a365831038e0fff051d7ef707e4903c561bc8cbbe7148a2ff79daef43ec98e26699331163a42e07328dcd2b08797682155d91b78b54f145809d080dd6
+  data.tar.gz: 964047fc9a4e4516bdb1d6c0ae899e7fdc484c44c83268e9e7dd6fc13ffb563bdba43a4ba6b3a1cecf8ed538c61ec1804eac64fac7418d1094280280d87aeff1

data/.rubocop.yml

@@ -69,7 +69,7 @@ RSpec/NestedGroups:
 
 # Allow longer examples (default 5)
 RSpec/ExampleLength:
-  Max: 8
+  Max: 15
 
 Layout/EmptyLinesAroundAttributeAccessor:
   Enabled: true

data/CHANGELOG.md

@@ -1,6 +1,27 @@
 unreleased
 ----------
 
+v2.3.0
+------
+
+Feature:
+- Add configuration for setting defaults. E.g.:
+
+    ```rb
+    GraphAttack.configure do |config|
+      # config.threshold = 15
+      # config.interval = 60
+      # config.on = :ip
+      # config.redis_client = Redis.new
+    end
+    ```
+
+v2.2.0
+------
+
+Feature:
+- Skip throttling when rate limited field is nil (#19)
+
 v2.1.0
 ------
 

data/README.md

@@ -58,6 +58,8 @@ class GraphqlController < ApplicationController
 end
 ```
 
+If that key is `nil`, throttling will be disabled.
+
 ## Configuration
 
 ### Custom context key
@@ -83,6 +85,20 @@ extension GraphAttack::RateLimit,
           redis_client: Redis.new(url: "…")
 ```
 
+### Common configuration
+
+To have a default configuration for all rate-limited fields, you can create an
+initializer:
+
+```rb
+GraphAttack.configure do |config|
+  # config.threshold = 15
+  # config.interval = 60
+  # config.on = :ip
+  # config.redis_client = Redis.new
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -102,7 +118,7 @@ tests and linting are pristine by calling `bundle && bin/rake`, then create a
 commit for this version, for example with:
 
 ```sh
-git add .
+git add --patch
 git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
 ```
 

data/graph_attack.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'graphql', '>= 1.7.9'
 
   # A Redis-backed rate limiter.
-  spec.add_dependency 'ratelimit', '>= 1.0.3'
+  spec.add_dependency 'ratelimit', '>= 1.0.4'
 
   # Loads local dependencies.
   spec.add_development_dependency 'bundler', '~> 2.0'

data/lib/graph_attack/configuration.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  # Store the config
+  class Configuration
+    # Number of calls allowed.
+    attr_accessor :threshold
+
+    # Time interval in seconds.
+    attr_accessor :interval
+
+    # Key on the context on which to differentiate users.
+    attr_accessor :on
+
+    # Use a custom Redis client.
+    attr_accessor :redis_client
+
+    def initialize
+      @threshold = nil
+      @interval = nil
+      @on = :ip
+      @redis_client = Redis.new
+    end
+  end
+
+  class << self
+    attr_writer :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+  end
+end

data/lib/graph_attack/rate_limit.rb

@@ -3,13 +3,13 @@
 module GraphAttack
   class RateLimit < GraphQL::Schema::FieldExtension
     def resolve(object:, arguments:, **_rest)
-      rate_limited_field = object.context[rate_limited_key]
-      unless rate_limited_field
-        raise GraphAttack::Error,
-              "Missing :#{rate_limited_key} value on the GraphQL context"
+      rate_limited_field = object.context[on]
+
+      unless object.context.key?(on)
+        raise GraphAttack::Error, "Missing :#{on} key on the GraphQL context"
       end
 
-      if calls_exceeded_on_query?(rate_limited_field)
+      if rate_limited_field && calls_exceeded_on_query?(rate_limited_field)
         return RateLimited.new('Query rate limit exceeded')
       end
 
@@ -19,22 +19,21 @@ module GraphAttack
     private
 
     def key
-      on = "-#{options[:on]}" if options[:on]
-      "graphql-query-#{field.name}#{on}"
+      suffix = "-#{on}" if on != :ip
+
+      "graphql-query-#{field.name}#{suffix}"
     end
 
     def calls_exceeded_on_query?(rate_limited_field)
       rate_limit = Ratelimit.new(rate_limited_field, redis: redis_client)
       rate_limit.add(key)
-      rate_limit.exceeded?(
-        key,
-        threshold: threshold,
-        interval: interval,
-      )
+
+      rate_limit.exceeded?(key, threshold: threshold, interval: interval)
     end
 
     def threshold
       options[:threshold] ||
+        GraphAttack.configuration.threshold ||
         raise(
           GraphAttack::Error,
           'Missing "threshold:" option on the GraphAttack::RateLimit extension',
@@ -43,6 +42,7 @@ module GraphAttack
 
     def interval
       options[:interval] ||
+        GraphAttack.configuration.interval ||
         raise(
           GraphAttack::Error,
           'Missing "interval:" option on the GraphAttack::RateLimit extension',
@@ -50,11 +50,11 @@ module GraphAttack
     end
 
     def redis_client
-      options[:redis_client] || Redis.current
+      options[:redis_client] || GraphAttack.configuration.redis_client
     end
 
-    def rate_limited_key
-      options[:on] || :ip
+    def on
+      options[:on] || GraphAttack.configuration.on
     end
   end
 end

data/lib/graph_attack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphAttack
-  VERSION = '2.1.0'
+  VERSION = '2.3.0'
 end

data/lib/graph_attack.rb

@@ -6,7 +6,7 @@ require 'graphql/tracing'
 
 require 'graph_attack/version'
 
-# Class-based schema
+require 'graph_attack/configuration'
 require 'graph_attack/error'
 require 'graph_attack/rate_limit'
 require 'graph_attack/rate_limited'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-08-07 00:00:00.000000000 Z
+date: 2023-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.0.4
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +164,7 @@ files:
 - bin/setup
 - graph_attack.gemspec
 - lib/graph_attack.rb
+- lib/graph_attack/configuration.rb
 - lib/graph_attack/error.rb
 - lib/graph_attack/rate_limit.rb
 - lib/graph_attack/rate_limited.rb