graph_attack 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a15c0b11d8e25c73943da6bf70907df378deb42c
-  data.tar.gz: 25e5f9f166d1bb010eee56c7e595b126fe05b748
+SHA256:
+  metadata.gz: dd5c8edf29d269a309957b279c0690cb46f897ca4e02c8909cd80816b9ce76fb
+  data.tar.gz: ccf872288c199a97d55a36565998e04ca94edc982f1318bd66a67b70140aac9a
 SHA512:
-  metadata.gz: ef5a10ecbc9cbe51553bce3936cdbee0eb3ff67bfee7b8f423bd91f2d9a7a012d6b615d2c961f16f1e5366f537ec60ba13ad5264d4141bfaca7a5fc3b25db6c4
-  data.tar.gz: 542014545b679ea08d44c59ec07df312f31be870d02edb88d3d6bb559948ced10ea9d566b09a7aa1e5ccd028642b230b2ebf6097b337d40108a4fbec1cb9c364
+  metadata.gz: 5d7f367fa3125069280b021f6404a19e6a5bcba197ea3c3408b066eadb593e295f2cabcb7d3d4cda5ef0b2a806ac2055dc3943559257aea208dd077a62ff468c
+  data.tar.gz: 52adf301f34c476a6b6f97013175bc0036c588788d158d971ad553d62c86c54ac27ad1be83be6c99a120a0b90bf7b2e4da58455bd2988e9fd523ffa92956c203

data/.circleci/config.yml

@@ -6,7 +6,7 @@ version: 2
 jobs:
   build:
     docker:
-       - image: circleci/ruby:2.4.1-node-browsers
+       - image: circleci/ruby:2.7.3
        - image: redis
 
     working_directory: ~/repo
@@ -17,19 +17,16 @@ jobs:
       # Download and cache dependencies
       - restore_cache:
           keys:
-          - v1-dependencies-{{ checksum "graph_attack.gemspec" }}
-          # fallback to using the latest cache if no exact match is found
-          - v1-dependencies-
+          - v2-dependencies-{{ checksum "graph_attack.gemspec" }}
+          - v2-dependencies-
 
-      - run:
-          name: install dependencies
-          command: |
-            bundle install --jobs=4 --retry=3 --path vendor/bundle
+      - run: gem install bundler:2.0.2
+      - run: bundle install --jobs=4 --retry=3 --path vendor/bundle
 
       - save_cache:
           paths:
             - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "graph_attack.gemspec" }}
+          key: v2-dependencies-{{ checksum "graph_attack.gemspec" }}
 
       # Run tests!
       - run:

data/.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 3
+  rebase-strategy: disabled

data/.rubocop.yml

@@ -1,5 +1,9 @@
+require:
+  - rubocop-rspec
+  - rubocop-rake
+
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
   DisplayCopNames: true
 
 # Do not sort gems in Gemfile, since we are grouping them by functionality.
@@ -22,20 +26,19 @@ Style/TrailingCommaInHashLiteral:
 Layout/MultilineMethodCallIndentation:
   EnforcedStyle: indented
 
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
 # Limit method length (default is 10).
 Metrics/MethodLength:
   Max: 15
 
-# Do not require `# frozen_string_literal: true` at the top of every file.
-FrozenStringLiteralComment:
-  Enabled: false
-
 # Allow ASCII comments (e.g "…").
 Style/AsciiComments:
   Enabled: false
 
 # Do not comment the class we create, since the name should be self explanatory.
-Documentation:
+Style/Documentation:
   Enabled: false
 
 # Do not verify the length of the blocks in specs.
@@ -43,15 +46,119 @@ Metrics/BlockLength:
   Exclude:
     - spec/**/*
 
-# Allow indenting multiline chained operations.
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-
 # Prefer `== 0`, `< 0`, `> 0` to `zero?`, `negative?` or `positive?`,
 # since they don't exist before Ruby 2.3 or Rails 5 and can be ambiguous.
 Style/NumericPredicate:
   EnforcedStyle: comparison
 
-# Allow shorter argument names like `ip`.
-Naming/UncommunicativeMethodParamName:
-  MinNameLength: 2
+# Allow more expectations per example (default 1).
+RSpec/MultipleExpectations:
+  Max: 5
+
+# Allow more group nesting (default 3)
+RSpec/NestedGroups:
+  Max: 5
+
+# Allow longer examples (default 5)
+RSpec/ExampleLength:
+  Max: 8
+
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
+Style/ExponentialNotation:
+  Enabled: true
+
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
+
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+
+Style/RedundantRegexpEscape:
+  Enabled: true
+
+Style/SlicingWithRange:
+  Enabled: true
+
+Gemspec/DateAssignment: # (new in 1.10)
+  Enabled: true
+Layout/SpaceBeforeBrackets: # (new in 1.7)
+  Enabled: true
+Lint/AmbiguousAssignment: # (new in 1.7)
+  Enabled: true
+Lint/DeprecatedConstants: # (new in 1.8)
+  Enabled: true
+Lint/DuplicateBranch: # (new in 1.3)
+  Enabled: true
+Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1)
+  Enabled: true
+Lint/EmptyBlock: # (new in 1.1)
+  Enabled: true
+Lint/EmptyClass: # (new in 1.3)
+  Enabled: true
+Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
+  Enabled: true
+Lint/NoReturnInBeginEndBlocks: # (new in 1.2)
+  Enabled: true
+Lint/NumberedParameterAssignment: # (new in 1.9)
+  Enabled: true
+Lint/OrAssignmentToConstant: # (new in 1.9)
+  Enabled: true
+Lint/RedundantDirGlobSort: # (new in 1.8)
+  Enabled: true
+Lint/SymbolConversion: # (new in 1.9)
+  Enabled: true
+Lint/ToEnumArguments: # (new in 1.1)
+  Enabled: true
+Lint/TripleQuotes: # (new in 1.9)
+  Enabled: true
+Lint/UnexpectedBlockArity: # (new in 1.5)
+  Enabled: true
+Lint/UnmodifiedReduceAccumulator: # (new in 1.1)
+  Enabled: true
+Style/ArgumentsForwarding: # (new in 1.1)
+  Enabled: true
+Style/CollectionCompact: # (new in 1.2)
+  Enabled: true
+Style/DocumentDynamicEvalDefinition: # (new in 1.1)
+  Enabled: true
+Style/EndlessMethod: # (new in 1.8)
+  Enabled: true
+Style/HashConversion: # (new in 1.10)
+  Enabled: true
+Style/HashExcept: # (new in 1.7)
+  Enabled: true
+Style/IfWithBooleanLiteralBranches: # (new in 1.9)
+  Enabled: true
+Style/NegatedIfElseCondition: # (new in 1.2)
+  Enabled: true
+Style/NilLambda: # (new in 1.3)
+  Enabled: true
+Style/RedundantArgument: # (new in 1.4)
+  Enabled: true
+Style/StringChars: # (new in 1.12)
+  Enabled: true
+Style/SwapValues: # (new in 1.1)
+  Enabled: true

data/.ruby-version

@@ -0,0 +1 @@
+2.7.3

data/.travis.yml

@@ -1,5 +1,6 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.4.1
-before_install: gem install bundler -v 1.16.1
+  - 2.7.3
+services:
+  - redis-server

data/CHANGELOG.md

@@ -1,6 +1,13 @@
 unreleased
 ----------
 
+v1.2.0
+------
+
+Feature:
+- New GraphAttack::RateLimit extension to be used in GraphQL::Ruby's class-based
+  syntax.
+
 v1.1.0
 ------
 

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }

data/README.md

@@ -8,6 +8,19 @@ GraphQL analyser for blocking & throttling.
 
 This gem adds a method to limit access to your GraphQL fields by IP:
 
+```rb
+class QueryType < GraphQL::Schema::Object
+  field :some_expensive_field, String, null: false do
+    extension(GraphAttack::RateLimit, threshold: 15, interval: 60)
+  end
+
+  # …
+end
+```
+
+<details>
+<summary>If using GraphQL::Ruby's legacy schema definition</summary>
+
 ```rb
 QueryType = GraphQL::ObjectType.define do
   name 'Query'
@@ -20,6 +33,8 @@ QueryType = GraphQL::ObjectType.define do
 end
 ```
 
+</details>
+
 This would allow only 15 calls per minute by the same IP.
 
 ## Requirements
@@ -42,6 +57,9 @@ And then execute:
 $ bundle
 ```
 
+<details>
+<summary>If using GraphQL::Ruby's legacy schema definition</summary>
+
 Add the query analyser to your schema:
 
 ```rb
@@ -52,8 +70,10 @@ ApplicationSchema = GraphQL::Schema.define do
 end
 ```
 
+</details>
+
 Finally, make sure you add the current user's IP address as `ip:` to the
-GraphQL context:
+GraphQL context. E.g.:
 
 ```rb
 class GraphqlController < ApplicationController
@@ -74,12 +94,28 @@ end
 
 Use a custom Redis client instead of the default:
 
+```rb
+  field :some_expensive_field, String, null: false do
+    extension(
+      GraphAttack::RateLimit,
+      threshold: 15,
+      interval: 60,
+      redis_client: Redis.new(url: "…"),
+    )
+  end
+```
+
+<details>
+<summary>If using GraphQL::Ruby's legacy schema definition</summary>
+
 ```rb
 query_analyzer GraphAttack::RateLimiter.new(
   redis_client: Redis.new(url: "…")
 )
 ```
 
+</details>
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -109,12 +145,12 @@ the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 Everyone interacting in the GraphAttack project’s codebases, issue trackers,
 chat rooms and mailing lists is expected to follow the
-[code of conduct](https://github.com/sunny/graph_attack/blob/master/CODE_OF_CONDUCT.md).
+[code of conduct](https://github.com/sunny/graph_attack/blob/main/CODE_OF_CONDUCT.md).
 
 ## License
 
 This project is licensed under the MIT License - see the
-[LICENSE.md](https://github.com/sunny/graph_attack/blob/master/LICENSE.md)
+[LICENSE.md](https://github.com/sunny/graph_attack/blob/main/LICENSE.md)
 file for details.
 
 ## Authors

data/Rakefile

@@ -1,12 +1,12 @@
+# frozen_string_literal: true
+
 # Bundler
 require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
 
-# Rspec
+# RSpec
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 
-task default: :spec
 # Rubocop
 require 'rubocop/rake_task'
 RuboCop::RakeTask.new(:rubocop)

data/bin/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'bundler/setup'
 require 'graph_attack'

data/bin/rake

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+                                           Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path('bundle', __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rake', 'rake')

data/bin/rubocop

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rubocop' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+                                           Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path('bundle', __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rubocop', 'rubocop')

data/graph_attack.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'graph_attack/version'
@@ -18,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.bindir = 'exe'
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.required_ruby_version = ['>= 2.5.7', '< 2.8']
 
   # This gem is an analyser for the GraphQL ruby gem.
   spec.add_dependency 'graphql', '>= 1.7.9'
@@ -26,10 +29,10 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'ratelimit', '>= 1.0.3'
 
   # Loads local dependencies.
-  spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'bundler', '~> 2.0'
 
   # Development tasks runner.
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
 
   # Testing framework.
   spec.add_development_dependency 'rspec', '~> 3.0'
@@ -38,5 +41,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec_junit_formatter', '~> 0.3'
 
   # Ruby code linter.
-  spec.add_development_dependency 'rubocop', '~> 0.55'
+  spec.add_development_dependency 'rubocop', '~> 1.1'
+
+  # RSpec extension for RuboCop.
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.2'
+
+  # Rake extension for RuboCop
+  spec.add_development_dependency 'rubocop-rake'
 end

data/lib/graph_attack.rb

@@ -1,7 +1,17 @@
+# frozen_string_literal: true
+
 require 'graphql'
 require 'ratelimit'
+
 require 'graphql/tracing'
 
 require 'graph_attack/version'
+
+# Class-based schema
+require 'graph_attack/rate_limit'
+require 'graph_attack/error'
+require 'graph_attack/rate_limited'
+
+# Legacy schema
 require 'graph_attack/rate_limiter'
 require 'graph_attack/metadata'

data/lib/graph_attack/error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  class Error < StandardError; end
+end

data/lib/graph_attack/metadata.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Add custom field metadata
 GraphQL::Field.accepts_definitions(
   rate_limit: GraphQL::Define.assign_metadata_key(:rate_limit),

data/lib/graph_attack/rate_limit.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  class RateLimit < GraphQL::Schema::FieldExtension
+    def resolve(object:, arguments:, **_rest)
+      ip = object.context[:ip]
+      raise GraphAttack::Error, 'Missing :ip value on the GraphQL context' unless ip
+
+      return RateLimited.new('Query rate limit exceeded') if calls_exceeded_on_query?(ip)
+
+      yield(object, arguments)
+    end
+
+    private
+
+    def key
+      "graphql-query-#{field.name}"
+    end
+
+    def calls_exceeded_on_query?(ip)
+      rate_limit = Ratelimit.new(ip, redis: redis_client)
+      rate_limit.add(key)
+      rate_limit.exceeded?(
+        key,
+        threshold: threshold,
+        interval: interval,
+      )
+    end
+
+    def threshold
+      options[:threshold] ||
+        raise(
+          GraphAttack::Error,
+          'Missing "threshold:" option on the GraphAttack::RateLimit extension',
+        )
+    end
+
+    def interval
+      options[:interval] ||
+        raise(
+          GraphAttack::Error,
+          'Missing "interval:" option on the GraphAttack::RateLimit extension',
+        )
+    end
+
+    def redis_client
+      options[:redis_client] || Redis.current
+    end
+  end
+end

data/lib/graph_attack/rate_limited.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GraphAttack
+  class RateLimited < GraphQL::AnalysisError; end
+end

data/lib/graph_attack/rate_limiter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module GraphAttack
   # Query analyser you can add to your GraphQL schema to limit calls by IP.
   #
@@ -7,6 +9,7 @@ module GraphAttack
   #
   class RateLimiter
     class Error < StandardError; end
+
     class RateLimited < GraphQL::AnalysisError; end
 
     def initialize(redis_client: Redis.new)

data/lib/graph_attack/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module GraphAttack
-  VERSION = '1.1.0'.freeze
+  VERSION = '1.2.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-18 00:00:00.000000000 Z
+date: 2021-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -45,28 +45,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -101,14 +101,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.55'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.55'
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: GraphQL analyser for blocking & throttling
 email:
 - fanny@ynote.hk
@@ -118,9 +146,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
@@ -129,10 +159,15 @@ files:
 - README.md
 - Rakefile
 - bin/console
+- bin/rake
+- bin/rubocop
 - bin/setup
 - graph_attack.gemspec
 - lib/graph_attack.rb
+- lib/graph_attack/error.rb
 - lib/graph_attack/metadata.rb
+- lib/graph_attack/rate_limit.rb
+- lib/graph_attack/rate_limited.rb
 - lib/graph_attack/rate_limiter.rb
 - lib/graph_attack/version.rb
 homepage: https://github.com/sunny/graph_attack
@@ -146,15 +181,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.7
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '2.8'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: GraphQL analyser for blocking & throttling