graph_attack 1.2.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd5c8edf29d269a309957b279c0690cb46f897ca4e02c8909cd80816b9ce76fb
-  data.tar.gz: ccf872288c199a97d55a36565998e04ca94edc982f1318bd66a67b70140aac9a
+  metadata.gz: 71a5e6c0ce41ca59713a49108f5ebcc3a579aefcd1e95273c495a5ae1e4fd6f6
+  data.tar.gz: 5430e07ebf58ac5b9addbe8b397f6fd832fa56091112136f8ce972cd2e1fe0aa
 SHA512:
-  metadata.gz: 5d7f367fa3125069280b021f6404a19e6a5bcba197ea3c3408b066eadb593e295f2cabcb7d3d4cda5ef0b2a806ac2055dc3943559257aea208dd077a62ff468c
-  data.tar.gz: 52adf301f34c476a6b6f97013175bc0036c588788d158d971ad553d62c86c54ac27ad1be83be6c99a120a0b90bf7b2e4da58455bd2988e9fd523ffa92956c203
+  metadata.gz: cef61dfd8f249877fcdbd6ae1962b6678efd280ef415989d6abe22ebb7e8db68dd164ce47ecce610548ac13352471044741c0bf6918ca050dc2193a5178ab5af
+  data.tar.gz: fdf832b9e228ccbf8aa66777f2f9334a7c32a25a5435e6017e0ac8073c7c636cd21dc06f0416a8abbf9f063ff30f64f209d55d9979e2eeea27fd7dff4f1ffe84

data/.rubocop.yml

@@ -5,6 +5,7 @@ require:
 AllCops:
   TargetRubyVersion: 2.7
   DisplayCopNames: true
+  NewCops: enable
 
 # Do not sort gems in Gemfile, since we are grouping them by functionality.
 Bundler/OrderedGems:

data/.ruby-version

@@ -1 +1 @@
-2.7.3
+2.7.5

data/.travis.yml

@@ -1,6 +1,7 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.7.3
+  - 2.7.5
+  - 3.1.2
 services:
   - redis-server

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 unreleased
 ----------
 
+v2.0.0
+------
+
+Breaking changes:
+- Drop support for GraphQL legacy schema, please use GraphQL::Ruby's class-based
+  syntax exclusively.
+
+Feature:
+- Support Ruby 3.
+
 v1.2.0
 ------
 

data/README.md

@@ -6,36 +6,19 @@ GraphQL analyser for blocking & throttling.
 
 ## Usage
 
-This gem adds a method to limit access to your GraphQL fields by IP:
+This gem adds a method to limit access to your GraphQL fields by IP address:
 
 ```rb
 class QueryType < GraphQL::Schema::Object
   field :some_expensive_field, String, null: false do
-    extension(GraphAttack::RateLimit, threshold: 15, interval: 60)
+    extension GraphAttack::RateLimit, threshold: 15, interval: 60
   end
 
   # …
 end
 ```
 
-<details>
-<summary>If using GraphQL::Ruby's legacy schema definition</summary>
-
-```rb
-QueryType = GraphQL::ObjectType.define do
-  name 'Query'
-
-  field :someExpensiveField do
-    rate_limit threshold: 15, interval: 60
-
-    # …
-  end
-end
-```
-
-</details>
-
-This would allow only 15 calls per minute by the same IP.
+This would allow only 15 calls per minute by the same IP address.
 
 ## Requirements
 
@@ -44,11 +27,11 @@ of [Redis](https://redis.io/).
 
 ## Installation
 
-Add these lines to your application's `Gemfile`:
+Add these lines to your application’s `Gemfile`:
 
 ```ruby
 # GraphQL analyser for blocking & throttling by IP.
-gem 'graph_attack'
+gem "graph_attack"
 ```
 
 And then execute:
@@ -57,22 +40,7 @@ And then execute:
 $ bundle
 ```
 
-<details>
-<summary>If using GraphQL::Ruby's legacy schema definition</summary>
-
-Add the query analyser to your schema:
-
-```rb
-ApplicationSchema = GraphQL::Schema.define do
-  query_analyzer GraphAttack::RateLimiter.new
-
-  # …
-end
-```
-
-</details>
-
-Finally, make sure you add the current user's IP address as `ip:` to the
+Finally, make sure you add the current user’s IP address as `ip:` to the
 GraphQL context. E.g.:
 
 ```rb
@@ -96,26 +64,13 @@ Use a custom Redis client instead of the default:
 
 ```rb
   field :some_expensive_field, String, null: false do
-    extension(
-      GraphAttack::RateLimit,
-      threshold: 15,
-      interval: 60,
-      redis_client: Redis.new(url: "…"),
-    )
+    extension GraphAttack::RateLimit,
+              threshold: 15,
+              interval: 60,
+              redis_client: Redis.new(url: "…")
   end
 ```
 
-<details>
-<summary>If using GraphQL::Ruby's legacy schema definition</summary>
-
-```rb
-query_analyzer GraphAttack::RateLimiter.new(
-  redis_client: Redis.new(url: "…")
-)
-```
-
-</details>
-
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -130,8 +85,8 @@ see the tags on this repository.
 ## Releasing
 
 To release a new version, update the version number in `version.rb`, commit,
-and then run `bundle exec rake release`, which will create a git tag for the
-version, push git commits and tags, and push the `.gem` file to
+and then run `bin/rake release`, which will create a git tag for the version,
+push git commits and tags, and push the gem to
 [rubygems.org](https://rubygems.org).
 
 ## Contributing

data/graph_attack.gemspec

@@ -14,13 +14,16 @@ Gem::Specification.new do |spec|
   spec.description = 'GraphQL analyser for blocking & throttling'
   spec.homepage = 'https://github.com/sunny/graph_attack'
 
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
   spec.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
   spec.bindir = 'exe'
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.required_ruby_version = ['>= 2.5.7', '< 2.8']
+
+  spec.required_ruby_version = ['>= 2.5.7', '< 3.2']
 
   # This gem is an analyser for the GraphQL ruby gem.
   spec.add_dependency 'graphql', '>= 1.7.9'

data/lib/graph_attack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphAttack
-  VERSION = '1.2.0'
+  VERSION = '2.0.0'
 end

data/lib/graph_attack.rb

@@ -1,17 +1,12 @@
 # frozen_string_literal: true
 
-require 'graphql'
 require 'ratelimit'
-
+require 'graphql'
 require 'graphql/tracing'
 
 require 'graph_attack/version'
 
 # Class-based schema
-require 'graph_attack/rate_limit'
 require 'graph_attack/error'
+require 'graph_attack/rate_limit'
 require 'graph_attack/rate_limited'
-
-# Legacy schema
-require 'graph_attack/rate_limiter'
-require 'graph_attack/metadata'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-07-27 00:00:00.000000000 Z
+date: 2022-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -165,14 +165,13 @@ files:
 - graph_attack.gemspec
 - lib/graph_attack.rb
 - lib/graph_attack/error.rb
-- lib/graph_attack/metadata.rb
 - lib/graph_attack/rate_limit.rb
 - lib/graph_attack/rate_limited.rb
-- lib/graph_attack/rate_limiter.rb
 - lib/graph_attack/version.rb
 homepage: https://github.com/sunny/graph_attack
 licenses: []
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -184,7 +183,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.5.7
   - - "<"
     - !ruby/object:Gem::Version
-      version: '2.8'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/lib/graph_attack/metadata.rb

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-# Add custom field metadata
-GraphQL::Field.accepts_definitions(
-  rate_limit: GraphQL::Define.assign_metadata_key(:rate_limit),
-)

data/lib/graph_attack/rate_limiter.rb

@@ -1,98 +0,0 @@
-# frozen_string_literal: true
-
-module GraphAttack
-  # Query analyser you can add to your GraphQL schema to limit calls by IP.
-  #
-  #     ApplicationSchema = GraphQL::Schema.define do
-  #       query_analyzer GraphAttack::RateLimiter.new
-  #     end
-  #
-  class RateLimiter
-    class Error < StandardError; end
-
-    class RateLimited < GraphQL::AnalysisError; end
-
-    def initialize(redis_client: Redis.new)
-      @redis_client = redis_client
-    end
-
-    def initial_value(query)
-      {
-        ip: query.context[:ip],
-        query_rate_limits: [],
-      }
-    end
-
-    def call(memo, visit_type, irep_node)
-      if rate_limited_node?(visit_type, irep_node)
-        data = rate_limit_data(irep_node)
-
-        memo[:query_rate_limits].push(data)
-
-        increment_rate_limit(memo[:ip], data[:key])
-      end
-
-      memo
-    end
-
-    def final_value(memo)
-      handle_exceeded_calls_on_queries(memo)
-    end
-
-    private
-
-    attr_reader :redis_client
-
-    def increment_rate_limit(ip, key)
-      raise Error, 'Missing :ip value on the GraphQL context' unless ip
-
-      rate_limit(ip).add(key)
-    end
-
-    def rate_limit_data(node)
-      data = node.definition.metadata[:rate_limit]
-
-      data.merge(
-        key: "graphql-query-#{node.name}",
-        query_name: node.name,
-      )
-    end
-
-    def handle_exceeded_calls_on_queries(memo)
-      rate_limited_queries = memo[:query_rate_limits].map do |limit_data|
-        next unless calls_exceeded_on_query?(memo[:ip], limit_data)
-
-        limit_data[:query_name]
-      end.compact
-
-      return unless rate_limited_queries.any?
-
-      queries = rate_limited_queries.join(', ')
-      RateLimited.new("Query rate limit exceeded on #{queries}")
-    end
-
-    def calls_exceeded_on_query?(ip, query_limit_data)
-      rate_limit(ip).exceeded?(
-        query_limit_data[:key],
-        threshold: query_limit_data[:threshold],
-        interval: query_limit_data[:interval],
-      )
-    end
-
-    def rate_limit(ip)
-      @rate_limit ||= {}
-      @rate_limit[ip] ||= Ratelimit.new(ip, redis: redis_client)
-    end
-
-    def rate_limited_node?(visit_type, node)
-      query_field_node?(node) &&
-        visit_type == :enter &&
-        node.definition.metadata[:rate_limit]
-    end
-
-    def query_field_node?(node)
-      node.owner_type.name == 'Query' &&
-        node.ast_node.is_a?(GraphQL::Language::Nodes::Field)
-    end
-  end
-end