graph_attack 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 71a5e6c0ce41ca59713a49108f5ebcc3a579aefcd1e95273c495a5ae1e4fd6f6
-  data.tar.gz: 5430e07ebf58ac5b9addbe8b397f6fd832fa56091112136f8ce972cd2e1fe0aa
+  metadata.gz: de17498105231eb4dd5b5135cf8e7683680cafc409a66acf6fddbaa6f6735b36
+  data.tar.gz: 60308e8ccff6fb80b4b5013975f9ea4903cb037b16997030635ace4557211f17
 SHA512:
-  metadata.gz: cef61dfd8f249877fcdbd6ae1962b6678efd280ef415989d6abe22ebb7e8db68dd164ce47ecce610548ac13352471044741c0bf6918ca050dc2193a5178ab5af
-  data.tar.gz: fdf832b9e228ccbf8aa66777f2f9334a7c32a25a5435e6017e0ac8073c7c636cd21dc06f0416a8abbf9f063ff30f64f209d55d9979e2eeea27fd7dff4f1ffe84
+  metadata.gz: 41706b8ea7768bf2d3220c6803f91c29a20640b177c8c443cf64a3462310dd939d4dfa92ffd2fd9f874bd6f256e50031ffbf893f5f4a58846fd7299191e12169
+  data.tar.gz: 873abb6b86cb16f3575cff878cd2be3d0c47723b472b2949a6f4c0f9c6164996fa3b72142ce3e74a71952c5da89eac400a346a43607f174fa2e28862c5dd8d57

data/.rubocop.yml

@@ -34,6 +34,13 @@ Gemspec/RequiredRubyVersion:
 Metrics/MethodLength:
   Max: 15
 
+# Limit line length.
+Layout/LineLength:
+  Max: 80
+  Exclude:
+    - bin/rake
+    - bin/rubocop
+
 # Allow ASCII comments (e.g "…").
 Style/AsciiComments:
   Enabled: false
@@ -102,64 +109,3 @@ Style/RedundantRegexpEscape:
 
 Style/SlicingWithRange:
   Enabled: true
-
-Gemspec/DateAssignment: # (new in 1.10)
-  Enabled: true
-Layout/SpaceBeforeBrackets: # (new in 1.7)
-  Enabled: true
-Lint/AmbiguousAssignment: # (new in 1.7)
-  Enabled: true
-Lint/DeprecatedConstants: # (new in 1.8)
-  Enabled: true
-Lint/DuplicateBranch: # (new in 1.3)
-  Enabled: true
-Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1)
-  Enabled: true
-Lint/EmptyBlock: # (new in 1.1)
-  Enabled: true
-Lint/EmptyClass: # (new in 1.3)
-  Enabled: true
-Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
-  Enabled: true
-Lint/NoReturnInBeginEndBlocks: # (new in 1.2)
-  Enabled: true
-Lint/NumberedParameterAssignment: # (new in 1.9)
-  Enabled: true
-Lint/OrAssignmentToConstant: # (new in 1.9)
-  Enabled: true
-Lint/RedundantDirGlobSort: # (new in 1.8)
-  Enabled: true
-Lint/SymbolConversion: # (new in 1.9)
-  Enabled: true
-Lint/ToEnumArguments: # (new in 1.1)
-  Enabled: true
-Lint/TripleQuotes: # (new in 1.9)
-  Enabled: true
-Lint/UnexpectedBlockArity: # (new in 1.5)
-  Enabled: true
-Lint/UnmodifiedReduceAccumulator: # (new in 1.1)
-  Enabled: true
-Style/ArgumentsForwarding: # (new in 1.1)
-  Enabled: true
-Style/CollectionCompact: # (new in 1.2)
-  Enabled: true
-Style/DocumentDynamicEvalDefinition: # (new in 1.1)
-  Enabled: true
-Style/EndlessMethod: # (new in 1.8)
-  Enabled: true
-Style/HashConversion: # (new in 1.10)
-  Enabled: true
-Style/HashExcept: # (new in 1.7)
-  Enabled: true
-Style/IfWithBooleanLiteralBranches: # (new in 1.9)
-  Enabled: true
-Style/NegatedIfElseCondition: # (new in 1.2)
-  Enabled: true
-Style/NilLambda: # (new in 1.3)
-  Enabled: true
-Style/RedundantArgument: # (new in 1.4)
-  Enabled: true
-Style/StringChars: # (new in 1.12)
-  Enabled: true
-Style/SwapValues: # (new in 1.1)
-  Enabled: true

data/CHANGELOG.md

@@ -1,6 +1,12 @@
 unreleased
 ----------
 
+v2.1.0
+------
+
+Feature:
+- Add support to custom rate limited context key with the `on:` option.
+
 v2.0.0
 ------
 

data/README.md

@@ -1,6 +1,6 @@
 # GraphAttack
 
-[![CircleCI](https://circleci.com/gh/sunny/graph_attack.svg?style=svg)](https://circleci.com/gh/sunny/graph_attack)
+[![Build Status](https://app.travis-ci.com/sunny/graph_attack.svg?branch=main)](https://app.travis-ci.com/sunny/graph_attack)
 
 GraphQL analyser for blocking & throttling.
 
@@ -60,22 +60,34 @@ end
 
 ## Configuration
 
-Use a custom Redis client instead of the default:
+### Custom context key
+
+If you want to throttle using a different value than the IP address, you can
+choose which context key you want to use with the `on` option. E.g.:
 
 ```rb
-  field :some_expensive_field, String, null: false do
-    extension GraphAttack::RateLimit,
-              threshold: 15,
-              interval: 60,
-              redis_client: Redis.new(url: "…")
-  end
+extension GraphAttack::RateLimit,
+          threshold: 15,
+          interval: 60,
+          on: :client_id
+```
+
+### Custom Redis client
+
+Use a custom Redis client instead of the default with the `redis_client` option:
+
+```rb
+extension GraphAttack::RateLimit,
+          threshold: 15,
+          interval: 60,
+          redis_client: Redis.new(url: "…")
 ```
 
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake` to run the tests and the linter. You can also run `bin/console` for an
-interactive prompt that will allow you to experiment.
+`bin/rake` to run the tests and the linter. You can also run `bin/console` for
+an interactive prompt that will allow you to experiment.
 
 ## Versionning
 
@@ -84,10 +96,18 @@ see the tags on this repository.
 
 ## Releasing
 
-To release a new version, update the version number in `version.rb`, commit,
-and then run `bin/rake release`, which will create a git tag for the version,
-push git commits and tags, and push the gem to
-[rubygems.org](https://rubygems.org).
+To release a new version, update the version number in `version.rb` and in the
+`CHANGELOG.md`. Update the `README.md` if there are missing segments, make sure
+tests and linting are pristine by calling `bundle && bin/rake`, then create a
+commit for this version, for example with:
+
+```sh
+git add .
+git commit -m v`ruby -rbundler/setup -rgraph_attack/version -e "puts GraphAttack::VERSION"`
+```
+
+You can then run `bin/rake release`, which will assign a git tag, push using
+git, and push the gem to [rubygems.org](https://rubygems.org).
 
 ## Contributing
 
@@ -110,8 +130,8 @@ file for details.
 
 ## Authors
 
-- **Fanny Cheung** - [KissKissBankBank](https://github.com/KissKissBankBank)
-- **Sunny Ripert** - [KissKissBankBank](https://github.com/KissKissBankBank)
+- [Fanny Cheung](https://github.com/Ynote) — [ynote.hk](https://ynote.hk)
+- [Sunny Ripert](https://github.com/sunny) — [sunfox.org](https://sunfox.org)
 
 ## Acknowledgments
 

data/graph_attack.gemspec

@@ -44,11 +44,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec_junit_formatter', '~> 0.3'
 
   # Ruby code linter.
-  spec.add_development_dependency 'rubocop', '~> 1.1'
+  spec.add_development_dependency 'rubocop', '~> 1.33.0'
 
   # RSpec extension for RuboCop.
-  spec.add_development_dependency 'rubocop-rspec', '~> 2.2'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.12.1'
 
   # Rake extension for RuboCop
-  spec.add_development_dependency 'rubocop-rake'
+  spec.add_development_dependency 'rubocop-rake', '~> 0.6.0'
 end

data/lib/graph_attack/rate_limit.rb

@@ -3,10 +3,15 @@
 module GraphAttack
   class RateLimit < GraphQL::Schema::FieldExtension
     def resolve(object:, arguments:, **_rest)
-      ip = object.context[:ip]
-      raise GraphAttack::Error, 'Missing :ip value on the GraphQL context' unless ip
+      rate_limited_field = object.context[rate_limited_key]
+      unless rate_limited_field
+        raise GraphAttack::Error,
+              "Missing :#{rate_limited_key} value on the GraphQL context"
+      end
 
-      return RateLimited.new('Query rate limit exceeded') if calls_exceeded_on_query?(ip)
+      if calls_exceeded_on_query?(rate_limited_field)
+        return RateLimited.new('Query rate limit exceeded')
+      end
 
       yield(object, arguments)
     end
@@ -14,11 +19,12 @@ module GraphAttack
     private
 
     def key
-      "graphql-query-#{field.name}"
+      on = "-#{options[:on]}" if options[:on]
+      "graphql-query-#{field.name}#{on}"
     end
 
-    def calls_exceeded_on_query?(ip)
-      rate_limit = Ratelimit.new(ip, redis: redis_client)
+    def calls_exceeded_on_query?(rate_limited_field)
+      rate_limit = Ratelimit.new(rate_limited_field, redis: redis_client)
       rate_limit.add(key)
       rate_limit.exceeded?(
         key,
@@ -46,5 +52,9 @@ module GraphAttack
     def redis_client
       options[:redis_client] || Redis.current
     end
+
+    def rate_limited_key
+      options[:on] || :ip
+    end
   end
 end

data/lib/graph_attack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphAttack
-  VERSION = '2.0.0'
+  VERSION = '2.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graph_attack
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Fanny Cheung
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-05-05 00:00:00.000000000 Z
+date: 2022-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -101,42 +101,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: 1.33.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: 1.33.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: 2.12.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: 2.12.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.0
 description: GraphQL analyser for blocking & throttling
 email:
 - fanny@ynote.hk