graph_attack 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +7 -61
- data/CHANGELOG.md +6 -0
- data/README.md +36 -16
- data/graph_attack.gemspec +3 -3
- data/lib/graph_attack/rate_limit.rb +16 -6
- data/lib/graph_attack/version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de17498105231eb4dd5b5135cf8e7683680cafc409a66acf6fddbaa6f6735b36
|
4
|
+
data.tar.gz: 60308e8ccff6fb80b4b5013975f9ea4903cb037b16997030635ace4557211f17
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 41706b8ea7768bf2d3220c6803f91c29a20640b177c8c443cf64a3462310dd939d4dfa92ffd2fd9f874bd6f256e50031ffbf893f5f4a58846fd7299191e12169
|
7
|
+
data.tar.gz: 873abb6b86cb16f3575cff878cd2be3d0c47723b472b2949a6f4c0f9c6164996fa3b72142ce3e74a71952c5da89eac400a346a43607f174fa2e28862c5dd8d57
|
data/.rubocop.yml
CHANGED
@@ -34,6 +34,13 @@ Gemspec/RequiredRubyVersion:
|
|
34
34
|
Metrics/MethodLength:
|
35
35
|
Max: 15
|
36
36
|
|
37
|
+
# Limit line length.
|
38
|
+
Layout/LineLength:
|
39
|
+
Max: 80
|
40
|
+
Exclude:
|
41
|
+
- bin/rake
|
42
|
+
- bin/rubocop
|
43
|
+
|
37
44
|
# Allow ASCII comments (e.g "…").
|
38
45
|
Style/AsciiComments:
|
39
46
|
Enabled: false
|
@@ -102,64 +109,3 @@ Style/RedundantRegexpEscape:
|
|
102
109
|
|
103
110
|
Style/SlicingWithRange:
|
104
111
|
Enabled: true
|
105
|
-
|
106
|
-
Gemspec/DateAssignment: # (new in 1.10)
|
107
|
-
Enabled: true
|
108
|
-
Layout/SpaceBeforeBrackets: # (new in 1.7)
|
109
|
-
Enabled: true
|
110
|
-
Lint/AmbiguousAssignment: # (new in 1.7)
|
111
|
-
Enabled: true
|
112
|
-
Lint/DeprecatedConstants: # (new in 1.8)
|
113
|
-
Enabled: true
|
114
|
-
Lint/DuplicateBranch: # (new in 1.3)
|
115
|
-
Enabled: true
|
116
|
-
Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1)
|
117
|
-
Enabled: true
|
118
|
-
Lint/EmptyBlock: # (new in 1.1)
|
119
|
-
Enabled: true
|
120
|
-
Lint/EmptyClass: # (new in 1.3)
|
121
|
-
Enabled: true
|
122
|
-
Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
|
123
|
-
Enabled: true
|
124
|
-
Lint/NoReturnInBeginEndBlocks: # (new in 1.2)
|
125
|
-
Enabled: true
|
126
|
-
Lint/NumberedParameterAssignment: # (new in 1.9)
|
127
|
-
Enabled: true
|
128
|
-
Lint/OrAssignmentToConstant: # (new in 1.9)
|
129
|
-
Enabled: true
|
130
|
-
Lint/RedundantDirGlobSort: # (new in 1.8)
|
131
|
-
Enabled: true
|
132
|
-
Lint/SymbolConversion: # (new in 1.9)
|
133
|
-
Enabled: true
|
134
|
-
Lint/ToEnumArguments: # (new in 1.1)
|
135
|
-
Enabled: true
|
136
|
-
Lint/TripleQuotes: # (new in 1.9)
|
137
|
-
Enabled: true
|
138
|
-
Lint/UnexpectedBlockArity: # (new in 1.5)
|
139
|
-
Enabled: true
|
140
|
-
Lint/UnmodifiedReduceAccumulator: # (new in 1.1)
|
141
|
-
Enabled: true
|
142
|
-
Style/ArgumentsForwarding: # (new in 1.1)
|
143
|
-
Enabled: true
|
144
|
-
Style/CollectionCompact: # (new in 1.2)
|
145
|
-
Enabled: true
|
146
|
-
Style/DocumentDynamicEvalDefinition: # (new in 1.1)
|
147
|
-
Enabled: true
|
148
|
-
Style/EndlessMethod: # (new in 1.8)
|
149
|
-
Enabled: true
|
150
|
-
Style/HashConversion: # (new in 1.10)
|
151
|
-
Enabled: true
|
152
|
-
Style/HashExcept: # (new in 1.7)
|
153
|
-
Enabled: true
|
154
|
-
Style/IfWithBooleanLiteralBranches: # (new in 1.9)
|
155
|
-
Enabled: true
|
156
|
-
Style/NegatedIfElseCondition: # (new in 1.2)
|
157
|
-
Enabled: true
|
158
|
-
Style/NilLambda: # (new in 1.3)
|
159
|
-
Enabled: true
|
160
|
-
Style/RedundantArgument: # (new in 1.4)
|
161
|
-
Enabled: true
|
162
|
-
Style/StringChars: # (new in 1.12)
|
163
|
-
Enabled: true
|
164
|
-
Style/SwapValues: # (new in 1.1)
|
165
|
-
Enabled: true
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# GraphAttack
|
2
2
|
|
3
|
-
[![
|
3
|
+
[![Build Status](https://app.travis-ci.com/sunny/graph_attack.svg?branch=main)](https://app.travis-ci.com/sunny/graph_attack)
|
4
4
|
|
5
5
|
GraphQL analyser for blocking & throttling.
|
6
6
|
|
@@ -60,22 +60,34 @@ end
|
|
60
60
|
|
61
61
|
## Configuration
|
62
62
|
|
63
|
-
|
63
|
+
### Custom context key
|
64
|
+
|
65
|
+
If you want to throttle using a different value than the IP address, you can
|
66
|
+
choose which context key you want to use with the `on` option. E.g.:
|
64
67
|
|
65
68
|
```rb
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
69
|
+
extension GraphAttack::RateLimit,
|
70
|
+
threshold: 15,
|
71
|
+
interval: 60,
|
72
|
+
on: :client_id
|
73
|
+
```
|
74
|
+
|
75
|
+
### Custom Redis client
|
76
|
+
|
77
|
+
Use a custom Redis client instead of the default with the `redis_client` option:
|
78
|
+
|
79
|
+
```rb
|
80
|
+
extension GraphAttack::RateLimit,
|
81
|
+
threshold: 15,
|
82
|
+
interval: 60,
|
83
|
+
redis_client: Redis.new(url: "…")
|
72
84
|
```
|
73
85
|
|
74
86
|
## Development
|
75
87
|
|
76
88
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
77
|
-
`rake` to run the tests and the linter. You can also run `bin/console` for
|
78
|
-
interactive prompt that will allow you to experiment.
|
89
|
+
`bin/rake` to run the tests and the linter. You can also run `bin/console` for
|
90
|
+
an interactive prompt that will allow you to experiment.
|
79
91
|
|
80
92
|
## Versionning
|
81
93
|
|
@@ -84,10 +96,18 @@ see the tags on this repository.
|
|
84
96
|
|
85
97
|
## Releasing
|
86
98
|
|
87
|
-
To release a new version, update the version number in `version.rb
|
88
|
-
|
89
|
-
|
90
|
-
|
99
|
+
To release a new version, update the version number in `version.rb` and in the
|
100
|
+
`CHANGELOG.md`. Update the `README.md` if there are missing segments, make sure
|
101
|
+
tests and linting are pristine by calling `bundle && bin/rake`, then create a
|
102
|
+
commit for this version, for example with:
|
103
|
+
|
104
|
+
```sh
|
105
|
+
git add .
|
106
|
+
git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
|
107
|
+
```
|
108
|
+
|
109
|
+
You can then run `bin/rake release`, which will assign a git tag, push using
|
110
|
+
git, and push the gem to [rubygems.org](https://rubygems.org).
|
91
111
|
|
92
112
|
## Contributing
|
93
113
|
|
@@ -110,8 +130,8 @@ file for details.
|
|
110
130
|
|
111
131
|
## Authors
|
112
132
|
|
113
|
-
-
|
114
|
-
-
|
133
|
+
- [Fanny Cheung](https://github.com/Ynote) — [ynote.hk](https://ynote.hk)
|
134
|
+
- [Sunny Ripert](https://github.com/sunny) — [sunfox.org](https://sunfox.org)
|
115
135
|
|
116
136
|
## Acknowledgments
|
117
137
|
|
data/graph_attack.gemspec
CHANGED
@@ -44,11 +44,11 @@ Gem::Specification.new do |spec|
|
|
44
44
|
spec.add_development_dependency 'rspec_junit_formatter', '~> 0.3'
|
45
45
|
|
46
46
|
# Ruby code linter.
|
47
|
-
spec.add_development_dependency 'rubocop', '~> 1.
|
47
|
+
spec.add_development_dependency 'rubocop', '~> 1.33.0'
|
48
48
|
|
49
49
|
# RSpec extension for RuboCop.
|
50
|
-
spec.add_development_dependency 'rubocop-rspec', '~> 2.
|
50
|
+
spec.add_development_dependency 'rubocop-rspec', '~> 2.12.1'
|
51
51
|
|
52
52
|
# Rake extension for RuboCop
|
53
|
-
spec.add_development_dependency 'rubocop-rake'
|
53
|
+
spec.add_development_dependency 'rubocop-rake', '~> 0.6.0'
|
54
54
|
end
|
@@ -3,10 +3,15 @@
|
|
3
3
|
module GraphAttack
|
4
4
|
class RateLimit < GraphQL::Schema::FieldExtension
|
5
5
|
def resolve(object:, arguments:, **_rest)
|
6
|
-
|
7
|
-
|
6
|
+
rate_limited_field = object.context[rate_limited_key]
|
7
|
+
unless rate_limited_field
|
8
|
+
raise GraphAttack::Error,
|
9
|
+
"Missing :#{rate_limited_key} value on the GraphQL context"
|
10
|
+
end
|
8
11
|
|
9
|
-
|
12
|
+
if calls_exceeded_on_query?(rate_limited_field)
|
13
|
+
return RateLimited.new('Query rate limit exceeded')
|
14
|
+
end
|
10
15
|
|
11
16
|
yield(object, arguments)
|
12
17
|
end
|
@@ -14,11 +19,12 @@ module GraphAttack
|
|
14
19
|
private
|
15
20
|
|
16
21
|
def key
|
17
|
-
"
|
22
|
+
on = "-#{options[:on]}" if options[:on]
|
23
|
+
"graphql-query-#{field.name}#{on}"
|
18
24
|
end
|
19
25
|
|
20
|
-
def calls_exceeded_on_query?(
|
21
|
-
rate_limit = Ratelimit.new(
|
26
|
+
def calls_exceeded_on_query?(rate_limited_field)
|
27
|
+
rate_limit = Ratelimit.new(rate_limited_field, redis: redis_client)
|
22
28
|
rate_limit.add(key)
|
23
29
|
rate_limit.exceeded?(
|
24
30
|
key,
|
@@ -46,5 +52,9 @@ module GraphAttack
|
|
46
52
|
def redis_client
|
47
53
|
options[:redis_client] || Redis.current
|
48
54
|
end
|
55
|
+
|
56
|
+
def rate_limited_key
|
57
|
+
options[:on] || :ip
|
58
|
+
end
|
49
59
|
end
|
50
60
|
end
|
data/lib/graph_attack/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: graph_attack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Fanny Cheung
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-08-07 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: graphql
|
@@ -101,42 +101,42 @@ dependencies:
|
|
101
101
|
requirements:
|
102
102
|
- - "~>"
|
103
103
|
- !ruby/object:Gem::Version
|
104
|
-
version:
|
104
|
+
version: 1.33.0
|
105
105
|
type: :development
|
106
106
|
prerelease: false
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
108
108
|
requirements:
|
109
109
|
- - "~>"
|
110
110
|
- !ruby/object:Gem::Version
|
111
|
-
version:
|
111
|
+
version: 1.33.0
|
112
112
|
- !ruby/object:Gem::Dependency
|
113
113
|
name: rubocop-rspec
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
115
115
|
requirements:
|
116
116
|
- - "~>"
|
117
117
|
- !ruby/object:Gem::Version
|
118
|
-
version:
|
118
|
+
version: 2.12.1
|
119
119
|
type: :development
|
120
120
|
prerelease: false
|
121
121
|
version_requirements: !ruby/object:Gem::Requirement
|
122
122
|
requirements:
|
123
123
|
- - "~>"
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version:
|
125
|
+
version: 2.12.1
|
126
126
|
- !ruby/object:Gem::Dependency
|
127
127
|
name: rubocop-rake
|
128
128
|
requirement: !ruby/object:Gem::Requirement
|
129
129
|
requirements:
|
130
|
-
- - "
|
130
|
+
- - "~>"
|
131
131
|
- !ruby/object:Gem::Version
|
132
|
-
version:
|
132
|
+
version: 0.6.0
|
133
133
|
type: :development
|
134
134
|
prerelease: false
|
135
135
|
version_requirements: !ruby/object:Gem::Requirement
|
136
136
|
requirements:
|
137
|
-
- - "
|
137
|
+
- - "~>"
|
138
138
|
- !ruby/object:Gem::Version
|
139
|
-
version:
|
139
|
+
version: 0.6.0
|
140
140
|
description: GraphQL analyser for blocking & throttling
|
141
141
|
email:
|
142
142
|
- fanny@ynote.hk
|