graph_attack 2.2.0 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e7c2758ed10d1304e998ecdfb980897aec795513e69eaef79cfcc7b0d42b76f
-  data.tar.gz: 286c11e9c2dea795607c3c35d4b662254609ae71b89f3e6d6a17729578900132
+  metadata.gz: bba106f336288a7576af88787f681758899e77b5a35297fa66b855d58bff3678
+  data.tar.gz: c67dd2128bb5779c694de180c8518fc67c91cdd1e048448c420d00c910a2cc97
 SHA512:
-  metadata.gz: 0ffe6fd28792ec03d9592ac3caf36268dba9c4710cefbe1ab9f4f3913eaf45f610beebaa6a7a183e4593b1e447ae69fd93df4094815231d15dae1b72c6fa1e59
-  data.tar.gz: 4e38c3c995f9efe86991d237d27c1b1c0ccc984d4b7870acb3fbd24f204e80881edd337211f47d705919556a3467db08836581982a68b5345f7edd4a2fc2e5d4
+  metadata.gz: 73f2a6a48f8196c0c46a71aefb5d28c89a1a3aa3a024d9e65913388771dfd4cadcadcddcdce79d3022e82607cacd60f0f0533086cff2b69bd53bc212e2a26779
+  data.tar.gz: 170bec4bf21761a476598de2166dbbfcb11cad9b403cc556a3e4d43f9411b0e2b694385f54ce3d9ac022c270d6c517b6b3ce0d7248c3ccb9c307e3986f1dfbf1

data/.github/workflows/test.yml

@@ -0,0 +1,39 @@
+name: Test
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    name: on ruby ${{matrix.ruby}}
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ['2.7', '3.0', '3.1', '3.2', head]
+
+    services:
+      redis:
+        image: redis
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6379:6379
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{matrix.ruby}}
+
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+
+      - name: RSpec
+        run: bin/rspec

data/.rubocop.yml

@@ -6,6 +6,10 @@ AllCops:
   TargetRubyVersion: 2.7
   DisplayCopNames: true
   NewCops: enable
+  Exclude:
+    - bin/rake
+    - bin/rspec
+    - bin/rubocop
 
 # Do not sort gems in Gemfile, since we are grouping them by functionality.
 Bundler/OrderedGems:
@@ -37,9 +41,6 @@ Metrics/MethodLength:
 # Limit line length.
 Layout/LineLength:
   Max: 80
-  Exclude:
-    - bin/rake
-    - bin/rubocop
 
 # Allow ASCII comments (e.g "…").
 Style/AsciiComments:
@@ -69,7 +70,7 @@ RSpec/NestedGroups:
 
 # Allow longer examples (default 5)
 RSpec/ExampleLength:
-  Max: 8
+  Max: 15
 
 Layout/EmptyLinesAroundAttributeAccessor:
   Enabled: true

data/.ruby-version

@@ -1 +1 @@
-2.7.5
+3.1.3

data/CHANGELOG.md

@@ -1,6 +1,27 @@
 unreleased
 ----------
 
+v2.3.1
+------
+
+Fix:
+- Relax Ruby version constraint to allow Ruby 3.2.
+
+v2.3.0
+------
+
+Feature:
+- Add configuration for setting defaults. E.g.:
+
+    ```rb
+    GraphAttack.configure do |config|
+      # config.threshold = 15
+      # config.interval = 60
+      # config.on = :ip
+      # config.redis_client = Redis.new
+    end
+    ```
+
 v2.2.0
 ------
 

data/README.md

@@ -85,6 +85,20 @@ extension GraphAttack::RateLimit,
           redis_client: Redis.new(url: "…")
 ```
 
+### Common configuration
+
+To have a default configuration for all rate-limited fields, you can create an
+initializer:
+
+```rb
+GraphAttack.configure do |config|
+  # config.threshold = 15
+  # config.interval = 60
+  # config.on = :ip
+  # config.redis_client = Redis.new
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -104,7 +118,7 @@ tests and linting are pristine by calling `bundle && bin/rake`, then create a
 commit for this version, for example with:
 
 ```sh
-git add .
+git add --patch
 git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
 ```
 

data/bin/rspec

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")

data/graph_attack.gemspec

@@ -23,13 +23,13 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.required_ruby_version = ['>= 2.5.7', '< 3.2']
+  spec.required_ruby_version = '>= 2.5.7'
 
   # This gem is an analyser for the GraphQL ruby gem.
   spec.add_dependency 'graphql', '>= 1.7.9'
 
   # A Redis-backed rate limiter.
-  spec.add_dependency 'ratelimit', '>= 1.0.3'
+  spec.add_dependency 'ratelimit', '>= 1.0.4'
 
   # Loads local dependencies.
   spec.add_development_dependency 'bundler', '~> 2.0'

data/lib/graph_attack/configuration.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  # Store the config
+  class Configuration
+    # Number of calls allowed.
+    attr_accessor :threshold
+
+    # Time interval in seconds.
+    attr_accessor :interval
+
+    # Key on the context on which to differentiate users.
+    attr_accessor :on
+
+    # Use a custom Redis client.
+    attr_accessor :redis_client
+
+    def initialize
+      @threshold = nil
+      @interval = nil
+      @on = :ip
+      @redis_client = Redis.new
+    end
+  end
+
+  class << self
+    attr_writer :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+  end
+end

data/lib/graph_attack/rate_limit.rb

@@ -3,11 +3,10 @@
 module GraphAttack
   class RateLimit < GraphQL::Schema::FieldExtension
     def resolve(object:, arguments:, **_rest)
-      rate_limited_field = object.context[rate_limited_key]
+      rate_limited_field = object.context[on]
 
-      unless object.context.key?(rate_limited_key)
-        raise GraphAttack::Error,
-              "Missing :#{rate_limited_key} key on the GraphQL context"
+      unless object.context.key?(on)
+        raise GraphAttack::Error, "Missing :#{on} key on the GraphQL context"
       end
 
       if rate_limited_field && calls_exceeded_on_query?(rate_limited_field)
@@ -20,9 +19,9 @@ module GraphAttack
     private
 
     def key
-      on = "-#{options[:on]}" if options[:on]
+      suffix = "-#{on}" if on != :ip
 
-      "graphql-query-#{field.name}#{on}"
+      "graphql-query-#{field.name}#{suffix}"
     end
 
     def calls_exceeded_on_query?(rate_limited_field)
@@ -34,6 +33,7 @@ module GraphAttack
 
     def threshold
       options[:threshold] ||
+        GraphAttack.configuration.threshold ||
         raise(
           GraphAttack::Error,
           'Missing "threshold:" option on the GraphAttack::RateLimit extension',
@@ -42,6 +42,7 @@ module GraphAttack
 
     def interval
       options[:interval] ||
+        GraphAttack.configuration.interval ||
         raise(
           GraphAttack::Error,
           'Missing "interval:" option on the GraphAttack::RateLimit extension',
@@ -49,11 +50,11 @@ module GraphAttack
     end
 
     def redis_client
-      options[:redis_client] || Redis.new
+      options[:redis_client] || GraphAttack.configuration.redis_client
     end
 
-    def rate_limited_key
-      options[:on] || :ip
+    def on
+      options[:on] || GraphAttack.configuration.on
     end
   end
 end

data/lib/graph_attack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphAttack
-  VERSION = '2.2.0'
+  VERSION = '2.3.1'
 end

data/lib/graph_attack.rb

@@ -6,7 +6,7 @@ require 'graphql/tracing'
 
 require 'graph_attack/version'
 
-# Class-based schema
+require 'graph_attack/configuration'
 require 'graph_attack/error'
 require 'graph_attack/rate_limit'
 require 'graph_attack/rate_limited'

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Fanny Cheung
 - Sunny Ripert
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-09 00:00:00.000000000 Z
+date: 2023-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.0.4
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -147,6 +147,7 @@ extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
 - ".github/dependabot.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -160,10 +161,12 @@ files:
 - Rakefile
 - bin/console
 - bin/rake
+- bin/rspec
 - bin/rubocop
 - bin/setup
 - graph_attack.gemspec
 - lib/graph_attack.rb
+- lib/graph_attack/configuration.rb
 - lib/graph_attack/error.rb
 - lib/graph_attack/rate_limit.rb
 - lib/graph_attack/rate_limited.rb
@@ -172,7 +175,7 @@ homepage: https://github.com/sunny/graph_attack
 licenses: []
 metadata:
   rubygems_mfa_required: 'true'
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -181,17 +184,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ">="
     - !ruby/object:Gem::Version
       version: 2.5.7
-  - - "<"
-    - !ruby/object:Gem::Version
-      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.3.26
+signing_key:
 specification_version: 4
 summary: GraphQL analyser for blocking & throttling
 test_files: []