graph_attack 2.2.0 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8e7c2758ed10d1304e998ecdfb980897aec795513e69eaef79cfcc7b0d42b76f
4
- data.tar.gz: 286c11e9c2dea795607c3c35d4b662254609ae71b89f3e6d6a17729578900132
3
+ metadata.gz: e5c8d6555e219c82d4a4120f699037145c83a8c6ab5d890aa0f7a75f9560db2c
4
+ data.tar.gz: da27f205db905e6a6b3c05dd34b50d4057908372c86bae9b53b8f7cb8ef86e09
5
5
  SHA512:
6
- metadata.gz: 0ffe6fd28792ec03d9592ac3caf36268dba9c4710cefbe1ab9f4f3913eaf45f610beebaa6a7a183e4593b1e447ae69fd93df4094815231d15dae1b72c6fa1e59
7
- data.tar.gz: 4e38c3c995f9efe86991d237d27c1b1c0ccc984d4b7870acb3fbd24f204e80881edd337211f47d705919556a3467db08836581982a68b5345f7edd4a2fc2e5d4
6
+ metadata.gz: 81506f5a365831038e0fff051d7ef707e4903c561bc8cbbe7148a2ff79daef43ec98e26699331163a42e07328dcd2b08797682155d91b78b54f145809d080dd6
7
+ data.tar.gz: 964047fc9a4e4516bdb1d6c0ae899e7fdc484c44c83268e9e7dd6fc13ffb563bdba43a4ba6b3a1cecf8ed538c61ec1804eac64fac7418d1094280280d87aeff1
data/.rubocop.yml CHANGED
@@ -69,7 +69,7 @@ RSpec/NestedGroups:
69
69
 
70
70
  # Allow longer examples (default 5)
71
71
  RSpec/ExampleLength:
72
- Max: 8
72
+ Max: 15
73
73
 
74
74
  Layout/EmptyLinesAroundAttributeAccessor:
75
75
  Enabled: true
data/CHANGELOG.md CHANGED
@@ -1,6 +1,21 @@
1
1
  unreleased
2
2
  ----------
3
3
 
4
+ v2.3.0
5
+ ------
6
+
7
+ Feature:
8
+ - Add configuration for setting defaults. E.g.:
9
+
10
+ ```rb
11
+ GraphAttack.configure do |config|
12
+ # config.threshold = 15
13
+ # config.interval = 60
14
+ # config.on = :ip
15
+ # config.redis_client = Redis.new
16
+ end
17
+ ```
18
+
4
19
  v2.2.0
5
20
  ------
6
21
 
data/README.md CHANGED
@@ -85,6 +85,20 @@ extension GraphAttack::RateLimit,
85
85
  redis_client: Redis.new(url: "…")
86
86
  ```
87
87
 
88
+ ### Common configuration
89
+
90
+ To have a default configuration for all rate-limited fields, you can create an
91
+ initializer:
92
+
93
+ ```rb
94
+ GraphAttack.configure do |config|
95
+ # config.threshold = 15
96
+ # config.interval = 60
97
+ # config.on = :ip
98
+ # config.redis_client = Redis.new
99
+ end
100
+ ```
101
+
88
102
  ## Development
89
103
 
90
104
  After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -104,7 +118,7 @@ tests and linting are pristine by calling `bundle && bin/rake`, then create a
104
118
  commit for this version, for example with:
105
119
 
106
120
  ```sh
107
- git add .
121
+ git add --patch
108
122
  git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
109
123
  ```
110
124
 
data/graph_attack.gemspec CHANGED
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
29
29
  spec.add_dependency 'graphql', '>= 1.7.9'
30
30
 
31
31
  # A Redis-backed rate limiter.
32
- spec.add_dependency 'ratelimit', '>= 1.0.3'
32
+ spec.add_dependency 'ratelimit', '>= 1.0.4'
33
33
 
34
34
  # Loads local dependencies.
35
35
  spec.add_development_dependency 'bundler', '~> 2.0'
@@ -0,0 +1,37 @@
1
+ # frozen_string_literal: true
2
+
3
+ module GraphAttack
4
+ # Store the config
5
+ class Configuration
6
+ # Number of calls allowed.
7
+ attr_accessor :threshold
8
+
9
+ # Time interval in seconds.
10
+ attr_accessor :interval
11
+
12
+ # Key on the context on which to differentiate users.
13
+ attr_accessor :on
14
+
15
+ # Use a custom Redis client.
16
+ attr_accessor :redis_client
17
+
18
+ def initialize
19
+ @threshold = nil
20
+ @interval = nil
21
+ @on = :ip
22
+ @redis_client = Redis.new
23
+ end
24
+ end
25
+
26
+ class << self
27
+ attr_writer :configuration
28
+
29
+ def configuration
30
+ @configuration ||= Configuration.new
31
+ end
32
+
33
+ def configure
34
+ yield(configuration)
35
+ end
36
+ end
37
+ end
@@ -3,11 +3,10 @@
3
3
  module GraphAttack
4
4
  class RateLimit < GraphQL::Schema::FieldExtension
5
5
  def resolve(object:, arguments:, **_rest)
6
- rate_limited_field = object.context[rate_limited_key]
6
+ rate_limited_field = object.context[on]
7
7
 
8
- unless object.context.key?(rate_limited_key)
9
- raise GraphAttack::Error,
10
- "Missing :#{rate_limited_key} key on the GraphQL context"
8
+ unless object.context.key?(on)
9
+ raise GraphAttack::Error, "Missing :#{on} key on the GraphQL context"
11
10
  end
12
11
 
13
12
  if rate_limited_field && calls_exceeded_on_query?(rate_limited_field)
@@ -20,9 +19,9 @@ module GraphAttack
20
19
  private
21
20
 
22
21
  def key
23
- on = "-#{options[:on]}" if options[:on]
22
+ suffix = "-#{on}" if on != :ip
24
23
 
25
- "graphql-query-#{field.name}#{on}"
24
+ "graphql-query-#{field.name}#{suffix}"
26
25
  end
27
26
 
28
27
  def calls_exceeded_on_query?(rate_limited_field)
@@ -34,6 +33,7 @@ module GraphAttack
34
33
 
35
34
  def threshold
36
35
  options[:threshold] ||
36
+ GraphAttack.configuration.threshold ||
37
37
  raise(
38
38
  GraphAttack::Error,
39
39
  'Missing "threshold:" option on the GraphAttack::RateLimit extension',
@@ -42,6 +42,7 @@ module GraphAttack
42
42
 
43
43
  def interval
44
44
  options[:interval] ||
45
+ GraphAttack.configuration.interval ||
45
46
  raise(
46
47
  GraphAttack::Error,
47
48
  'Missing "interval:" option on the GraphAttack::RateLimit extension',
@@ -49,11 +50,11 @@ module GraphAttack
49
50
  end
50
51
 
51
52
  def redis_client
52
- options[:redis_client] || Redis.new
53
+ options[:redis_client] || GraphAttack.configuration.redis_client
53
54
  end
54
55
 
55
- def rate_limited_key
56
- options[:on] || :ip
56
+ def on
57
+ options[:on] || GraphAttack.configuration.on
57
58
  end
58
59
  end
59
60
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module GraphAttack
4
- VERSION = '2.2.0'
4
+ VERSION = '2.3.0'
5
5
  end
data/lib/graph_attack.rb CHANGED
@@ -6,7 +6,7 @@ require 'graphql/tracing'
6
6
 
7
7
  require 'graph_attack/version'
8
8
 
9
- # Class-based schema
9
+ require 'graph_attack/configuration'
10
10
  require 'graph_attack/error'
11
11
  require 'graph_attack/rate_limit'
12
12
  require 'graph_attack/rate_limited'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: graph_attack
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2022-12-09 00:00:00.000000000 Z
12
+ date: 2023-02-03 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: graphql
@@ -31,14 +31,14 @@ dependencies:
31
31
  requirements:
32
32
  - - ">="
33
33
  - !ruby/object:Gem::Version
34
- version: 1.0.3
34
+ version: 1.0.4
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
39
  - - ">="
40
40
  - !ruby/object:Gem::Version
41
- version: 1.0.3
41
+ version: 1.0.4
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: bundler
44
44
  requirement: !ruby/object:Gem::Requirement
@@ -164,6 +164,7 @@ files:
164
164
  - bin/setup
165
165
  - graph_attack.gemspec
166
166
  - lib/graph_attack.rb
167
+ - lib/graph_attack/configuration.rb
167
168
  - lib/graph_attack/error.rb
168
169
  - lib/graph_attack/rate_limit.rb
169
170
  - lib/graph_attack/rate_limited.rb