graphql 1.11.5 → 1.11.9

data/lib/graphql/schema/member/has_arguments.rb

@@ -85,70 +85,69 @@ module GraphQL
         # @param context [GraphQL::Query::Context]
         # @return [Hash<Symbol, Object>, Execution::Lazy<Hash>]
         def coerce_arguments(parent_object, values, context)
-          argument_values = {}
-          kwarg_arguments = {}
           # Cache this hash to avoid re-merging it
           arg_defns = self.arguments
 
-          maybe_lazies = []
-          arg_lazies = arg_defns.map do |arg_name, arg_defn|
-            arg_key = arg_defn.keyword
-            has_value = false
-            default_used = false
-            if values.key?(arg_name)
-              has_value = true
-              value = values[arg_name]
-            elsif values.key?(arg_key)
-              has_value = true
-              value = values[arg_key]
-            elsif arg_defn.default_value?
-              has_value = true
-              value = arg_defn.default_value
-              default_used = true
-            end
-
-            if has_value
-              loads = arg_defn.loads
-              loaded_value = nil
-              if loads && !arg_defn.from_resolver?
-                loaded_value = if arg_defn.type.list?
-                  loaded_values = value.map { |val| load_application_object(arg_defn, loads, val, context) }
-                  context.schema.after_any_lazies(loaded_values) { |result| result }
-                else
-                  load_application_object(arg_defn, loads, value, context)
-                end
+          if arg_defns.empty?
+            GraphQL::Execution::Interpreter::Arguments.new(argument_values: nil)
+          else
+            argument_values = {}
+            arg_lazies = arg_defns.map do |arg_name, arg_defn|
+              arg_key = arg_defn.keyword
+              has_value = false
+              default_used = false
+              if values.key?(arg_name)
+                has_value = true
+                value = values[arg_name]
+              elsif values.key?(arg_key)
+                has_value = true
+                value = values[arg_key]
+              elsif arg_defn.default_value?
+                has_value = true
+                value = arg_defn.default_value
+                default_used = true
               end
 
-              coerced_value = if loaded_value
-                loaded_value
-              else
-                context.schema.error_handler.with_error_handling(context) do
-                  arg_defn.type.coerce_input(value, context)
+              if has_value
+                loads = arg_defn.loads
+                loaded_value = nil
+                if loads && !arg_defn.from_resolver?
+                  loaded_value = if arg_defn.type.list?
+                    loaded_values = value.map { |val| load_application_object(arg_defn, loads, val, context) }
+                    context.schema.after_any_lazies(loaded_values) { |result| result }
+                  else
+                    load_application_object(arg_defn, loads, value, context)
+                  end
                 end
-              end
 
-              context.schema.after_lazy(coerced_value) do |coerced_value|
-                prepared_value = context.schema.error_handler.with_error_handling(context) do
-                  arg_defn.prepare_value(parent_object, coerced_value, context: context)
+                coerced_value = if loaded_value
+                  loaded_value
+                else
+                  context.schema.error_handler.with_error_handling(context) do
+                    arg_defn.type.coerce_input(value, context)
+                  end
                 end
 
-                kwarg_arguments[arg_key] = prepared_value
-                # TODO code smell to access such a deeply-nested constant in a distant module
-                argument_values[arg_key] = GraphQL::Execution::Interpreter::ArgumentValue.new(
-                  value: prepared_value,
-                  definition: arg_defn,
-                  default_used: default_used,
-                )
+                context.schema.after_lazy(coerced_value) do |coerced_value|
+                  prepared_value = context.schema.error_handler.with_error_handling(context) do
+                    arg_defn.prepare_value(parent_object, coerced_value, context: context)
+                  end
+
+                  # TODO code smell to access such a deeply-nested constant in a distant module
+                  argument_values[arg_key] = GraphQL::Execution::Interpreter::ArgumentValue.new(
+                    value: prepared_value,
+                    definition: arg_defn,
+                    default_used: default_used,
+                  )
+                end
               end
             end
-          end
 
-          maybe_lazies.concat(arg_lazies)
-          context.schema.after_any_lazies(maybe_lazies) do
-            GraphQL::Execution::Interpreter::Arguments.new(
-              keyword_arguments: kwarg_arguments,
-              argument_values: argument_values,
-            )
+            context.schema.after_any_lazies(arg_lazies) do
+              GraphQL::Execution::Interpreter::Arguments.new(
+                argument_values: argument_values,
+              )
+            end
           end
         end
 

data/lib/graphql/schema/member/has_fields.rb

@@ -82,9 +82,9 @@ module GraphQL
           end
         end
 
-        def global_id_field(field_name)
+        def global_id_field(field_name, **kwargs)
           id_resolver = GraphQL::Relay::GlobalIdResolve.new(type: self)
-          field field_name, "ID", null: false
+          field field_name, "ID", **kwargs, null: false
           define_method(field_name) do
             id_resolver.call(object, {}, context)
           end

data/lib/graphql/schema/relay_classic_mutation.rb

@@ -105,7 +105,7 @@ module GraphQL
           sig = super
           # Arguments were added at the root, but they should be nested
           sig[:arguments].clear
-          sig[:arguments][:input] = { type: input_type, required: true }
+          sig[:arguments][:input] = { type: input_type, required: true, description: "Parameters for #{graphql_name}" }
           sig
         end
 

data/lib/graphql/schema/unique_within_type.rb

@@ -27,8 +27,7 @@ module GraphQL
       # @param node_id [String] A unique ID generated by {.encode}
       # @return [Array<(String, String)>] The type name & value passed to {.encode}
       def decode(node_id, separator: self.default_id_separator)
-        # urlsafe_decode64 is for forward compatibility
-        Base64Bp.urlsafe_decode64(node_id).split(separator, 2)
+        GraphQL::Schema::Base64Encoder.decode(node_id).split(separator, 2)
       end
     end
   end

data/lib/graphql/schema.rb

@@ -157,7 +157,7 @@ module GraphQL
 
     accepts_definitions \
       :query_execution_strategy, :mutation_execution_strategy, :subscription_execution_strategy,
-      :max_depth, :max_complexity, :default_max_page_size,
+      :validate_timeout, :validate_max_errors, :max_depth, :max_complexity, :default_max_page_size,
       :orphan_types, :resolve_type, :type_error, :parse_error,
       :error_bubbling,
       :raise_definition_error,
@@ -196,7 +196,7 @@ module GraphQL
     attr_accessor \
       :query, :mutation, :subscription,
       :query_execution_strategy, :mutation_execution_strategy, :subscription_execution_strategy,
-      :max_depth, :max_complexity, :default_max_page_size,
+      :validate_timeout, :validate_max_errors, :max_depth, :max_complexity, :default_max_page_size,
       :orphan_types, :directives,
       :query_analyzers, :multiplex_analyzers, :instrumenters, :lazy_methods,
       :cursor_encoder,
@@ -366,7 +366,7 @@ module GraphQL
       validator_opts = { schema: self }
       rules && (validator_opts[:rules] = rules)
       validator = GraphQL::StaticValidation::Validator.new(**validator_opts)
-      res = validator.validate(query)
+      res = validator.validate(query, timeout: validate_timeout, max_errors: validate_max_errors)
       res[:errors]
     end
 
@@ -950,6 +950,8 @@ module GraphQL
         schema_defn.query = query && query.graphql_definition
         schema_defn.mutation = mutation && mutation.graphql_definition
         schema_defn.subscription = subscription && subscription.graphql_definition
+        schema_defn.validate_timeout = validate_timeout
+        schema_defn.validate_max_errors = validate_max_errors
         schema_defn.max_complexity = max_complexity
         schema_defn.error_bubbling = error_bubbling
         schema_defn.max_depth = max_depth
@@ -1118,14 +1120,15 @@ module GraphQL
             type.possible_types(context: context)
           else
             stored_possible_types = own_possible_types[type.graphql_name]
-            visible_possible_types = stored_possible_types.select do |possible_type|
-              next true unless type.kind.interface?
-              next true unless possible_type.kind.object?
-
-              # Use `.graphql_name` comparison to match legacy vs class-based types.
-              # When we don't need to support legacy `.define` types, use `.include?(type)` instead.
-              possible_type.interfaces(context).any? { |interface| interface.graphql_name == type.graphql_name }
-            end if stored_possible_types
+            visible_possible_types = if stored_possible_types && type.kind.interface?
+              stored_possible_types.select do |possible_type|
+                # Use `.graphql_name` comparison to match legacy vs class-based types.
+                # When we don't need to support legacy `.define` types, use `.include?(type)` instead.
+                possible_type.interfaces(context).any? { |interface| interface.graphql_name == type.graphql_name }
+              end
+            else
+              stored_possible_types
+            end
             visible_possible_types ||
               introspection_system.possible_types[type.graphql_name] ||
               (
@@ -1272,6 +1275,31 @@ module GraphQL
         end
       end
 
+      attr_writer :validate_timeout
+
+      def validate_timeout(new_validate_timeout = nil)
+        if new_validate_timeout
+          @validate_timeout = new_validate_timeout
+        elsif defined?(@validate_timeout)
+          @validate_timeout
+        else
+          find_inherited_value(:validate_timeout)
+        end
+      end
+
+      attr_writer :validate_max_errors
+
+      def validate_max_errors(new_validate_max_errors = nil)
+        if new_validate_max_errors
+          @validate_max_errors = new_validate_max_errors
+        elsif defined?(@validate_max_errors)
+          @validate_max_errors
+        else
+          find_inherited_value(:validate_max_errors)
+        end
+      end
+
+
       attr_writer :max_complexity
 
       def max_complexity(max_complexity = nil)

data/lib/graphql/static_validation/all_rules.rb

@@ -34,6 +34,7 @@ module GraphQL
       GraphQL::StaticValidation::VariableUsagesAreAllowed,
       GraphQL::StaticValidation::MutationRootExists,
       GraphQL::StaticValidation::SubscriptionRootExists,
+      GraphQL::StaticValidation::InputObjectNamesAreUnique,
     ]
   end
 end

data/lib/graphql/static_validation/base_visitor.rb

@@ -205,6 +205,9 @@ module GraphQL
       private
 
       def add_error(error, path: nil)
+        if @context.too_many_errors?
+          throw :too_many_validation_errors
+        end
         error.path ||= (path || @path.dup)
         context.errors << error
       end

data/lib/graphql/static_validation/rules/fields_will_merge.rb

@@ -193,25 +193,26 @@ module GraphQL
           if node1.name != node2.name
             errored_nodes = [node1.name, node2.name].sort.join(" or ")
             msg = "Field '#{response_key}' has a field conflict: #{errored_nodes}?"
-            context.errors << GraphQL::StaticValidation::FieldsWillMergeError.new(
+            add_error(GraphQL::StaticValidation::FieldsWillMergeError.new(
               msg,
               nodes: [node1, node2],
               path: [],
               field_name: response_key,
               conflicts: errored_nodes
-            )
+            ))
           end
 
-          args = possible_arguments(node1, node2)
-          if args.size > 1
-            msg = "Field '#{response_key}' has an argument conflict: #{args.map { |arg| GraphQL::Language.serialize(arg) }.join(" or ")}?"
-            context.errors << GraphQL::StaticValidation::FieldsWillMergeError.new(
+          if !same_arguments?(node1, node2)
+            args = [serialize_field_args(node1), serialize_field_args(node2)]
+            conflicts = args.map { |arg| GraphQL::Language.serialize(arg) }.join(" or ")
+            msg = "Field '#{response_key}' has an argument conflict: #{conflicts}?"
+            add_error(GraphQL::StaticValidation::FieldsWillMergeError.new(
               msg,
               nodes: [node1, node2],
               path: [],
               field_name: response_key,
-              conflicts: args.map { |arg| GraphQL::Language.serialize(arg) }.join(" or ")
-            )
+              conflicts: conflicts
+            ))
           end
         end
 
@@ -326,20 +327,19 @@ module GraphQL
         [fields, fragment_spreads]
       end
 
-      def possible_arguments(field1, field2)
+      def same_arguments?(field1, field2)
         # Check for incompatible / non-identical arguments on this node:
-        [field1, field2].map do |n|
-          if n.arguments.any?
-            serialized_args = {}
-            n.arguments.each do |a|
-              arg_value = a.value
-              serialized_args[a.name] = serialize_arg(arg_value)
-            end
-            serialized_args
-          else
-            NO_ARGS
-          end
-        end.uniq
+        arguments1 = field1.arguments
+        arguments2 = field2.arguments
+
+        return false if arguments1.length != arguments2.length
+
+        arguments1.all? do |argument1|
+          argument2 = arguments2.find { |argument| argument.name == argument1.name }
+          return false if argument2.nil?
+
+          serialize_arg(argument1.value) == serialize_arg(argument2.value)
+        end
       end
 
       def serialize_arg(arg_value)
@@ -353,6 +353,14 @@ module GraphQL
         end
       end
 
+      def serialize_field_args(field)
+        serialized_args = {}
+        field.arguments.each do |argument|
+          serialized_args[argument.name] = serialize_arg(argument.value)
+        end
+        serialized_args
+      end
+
       def compared_fragments_key(frag1, frag2, exclusive)
         # Cache key to not compare two fragments more than once.
         # The key includes both fragment names sorted (this way we

data/lib/graphql/static_validation/rules/fragments_are_finite.rb

@@ -7,12 +7,12 @@ module GraphQL
         dependency_map = context.dependencies
         dependency_map.cyclical_definitions.each do |defn|
           if defn.node.is_a?(GraphQL::Language::Nodes::FragmentDefinition)
-            context.errors << GraphQL::StaticValidation::FragmentsAreFiniteError.new(
+            add_error(GraphQL::StaticValidation::FragmentsAreFiniteError.new(
               "Fragment #{defn.name} contains an infinite loop",
               nodes: defn.node,
               path: defn.path,
               name: defn.name
-            )
+            ))
           end
         end
       end

data/lib/graphql/static_validation/rules/input_object_names_are_unique.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module GraphQL
+  module StaticValidation
+    module InputObjectNamesAreUnique
+      def on_input_object(node, parent)
+        validate_input_fields(node)
+        super
+      end
+
+      private
+
+      def validate_input_fields(node)
+        input_field_defns = node.arguments
+        input_fields_by_name = Hash.new { |h, k| h[k] = [] }
+        input_field_defns.each { |a| input_fields_by_name[a.name] << a }
+
+        input_fields_by_name.each do |name, defns|
+          if defns.size > 1
+            error = GraphQL::StaticValidation::InputObjectNamesAreUniqueError.new(
+              "There can be only one input field named \"#{name}\"",
+              nodes: defns,
+              name: name
+            )
+            add_error(error)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/static_validation/rules/input_object_names_are_unique_error.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module GraphQL
+  module StaticValidation
+    class InputObjectNamesAreUniqueError < StaticValidation::Error
+      attr_reader :name
+
+      def initialize(message, path: nil, nodes: [], name:)
+        super(message, path: path, nodes: nodes)
+        @name = name
+      end
+
+      # A hash representation of this Message
+      def to_h
+        extensions = {
+          "code" => code,
+          "name" => name
+        }
+
+        super.merge({
+          "extensions" => extensions
+        })
+      end
+
+      def code
+        "inputFieldNotUnique"
+      end
+    end
+  end
+end
+

data/lib/graphql/static_validation/validation_context.rb

@@ -19,10 +19,11 @@ module GraphQL
 
       def_delegators :@query, :schema, :document, :fragments, :operations, :warden
 
-      def initialize(query, visitor_class)
+      def initialize(query, visitor_class, max_errors)
         @query = query
         @literal_validator = LiteralValidator.new(context: query.context)
         @errors = []
+        @max_errors = max_errors || Float::INFINITY
         @on_dependency_resolve_handlers = []
         @visitor = visitor_class.new(document, self)
       end
@@ -38,6 +39,10 @@ module GraphQL
       def validate_literal(ast_value, type)
         @literal_validator.validate(ast_value, type)
       end
+
+      def too_many_errors?
+        @errors.length >= @max_errors
+      end
     end
   end
 end

data/lib/graphql/static_validation/validation_timeout_error.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module GraphQL
+  module StaticValidation
+    class ValidationTimeoutError < StaticValidation::Error
+      def initialize(message, path: nil, nodes: [])
+        super(message, path: path, nodes: nodes)
+      end
+
+      # A hash representation of this Message
+      def to_h
+        extensions = {
+          "code" => code
+        }
+
+        super.merge({
+          "extensions" => extensions
+        })
+      end
+
+      def code
+        "validationTimeout"
+      end
+    end
+  end
+end

data/lib/graphql/static_validation/validator.rb

@@ -20,8 +20,11 @@ module GraphQL
 
       # Validate `query` against the schema. Returns an array of message hashes.
       # @param query [GraphQL::Query]
+      # @param validate [Boolean]
+      # @param timeout [Float] Number of seconds to wait before aborting validation. Any positive number may be used, including Floats to specify fractional seconds.
+      # @param max_errors [Integer] Maximum number of errors before aborting validation. Any positive number will limit the number of errors. Defaults to nil for no limit.
       # @return [Array<Hash>]
-      def validate(query, validate: true)
+      def validate(query, validate: true, timeout: nil, max_errors: nil)
         query.trace("validate", { validate: validate, query: query }) do
           can_skip_rewrite = query.context.interpreter? && query.schema.using_ast_analysis? && query.schema.is_a?(Class)
           errors = if validate == false && can_skip_rewrite
@@ -30,23 +33,34 @@ module GraphQL
             rules_to_use = validate ? @rules : []
             visitor_class = BaseVisitor.including_rules(rules_to_use, rewrite: !can_skip_rewrite)
 
-            context = GraphQL::StaticValidation::ValidationContext.new(query, visitor_class)
+            context = GraphQL::StaticValidation::ValidationContext.new(query, visitor_class, max_errors)
 
-            # Attach legacy-style rules.
-            # Only loop through rules if it has legacy-style rules
-            unless (legacy_rules = rules_to_use - GraphQL::StaticValidation::ALL_RULES).empty?
-              legacy_rules.each do |rule_class_or_module|
-                if rule_class_or_module.method_defined?(:validate)
-                  rule_class_or_module.new.validate(context)
+            begin
+              # CAUTION: Usage of the timeout module makes the assumption that validation rules are stateless Ruby code that requires no cleanup if process was interrupted. This means no blocking IO calls, native gems, locks, or `rescue` clauses that must be reached.
+              # A timeout value of 0 or nil will execute the block without any timeout.
+              Timeout::timeout(timeout) do
+
+                catch(:too_many_validation_errors) do
+                  # Attach legacy-style rules.
+                  # Only loop through rules if it has legacy-style rules
+                  unless (legacy_rules = rules_to_use - GraphQL::StaticValidation::ALL_RULES).empty?
+                    legacy_rules.each do |rule_class_or_module|
+                      if rule_class_or_module.method_defined?(:validate)
+                        rule_class_or_module.new.validate(context)
+                      end
+                    end
+                  end
+
+                  context.visitor.visit
                 end
               end
+            rescue Timeout::Error
+              handle_timeout(query, context)
             end
 
-            context.visitor.visit
             context.errors
           end
 
-
           irep = if errors.empty? && context
             # Only return this if there are no errors and validation was actually run
             context.visitor.rewrite_document
@@ -60,6 +74,15 @@ module GraphQL
           }
         end
       end
+
+      # Invoked when static validation times out.
+      # @param query [GraphQL::Query]
+      # @param context [GraphQL::StaticValidation::ValidationContext]
+      def handle_timeout(query, context)
+        context.errors << GraphQL::StaticValidation::ValidationTimeoutError.new(
+          "Timeout on validation of query"
+        )
+      end
     end
   end
 end

data/lib/graphql/static_validation.rb

@@ -4,6 +4,7 @@ require "graphql/static_validation/definition_dependencies"
 require "graphql/static_validation/type_stack"
 require "graphql/static_validation/validator"
 require "graphql/static_validation/validation_context"
+require "graphql/static_validation/validation_timeout_error"
 require "graphql/static_validation/literal_validator"
 require "graphql/static_validation/base_visitor"
 require "graphql/static_validation/no_validate_visitor"

data/lib/graphql/tracing/platform_tracing.rb

@@ -95,7 +95,7 @@ module GraphQL
       end
 
       def self.use(schema_defn, options = {})
-        tracer = self.new(options)
+        tracer = self.new(**options)
         schema_defn.instrument(:field, tracer)
         schema_defn.tracer(tracer)
       end

data/lib/graphql/tracing/prometheus_tracing/graphql_collector.rb

@@ -16,7 +16,10 @@ module GraphQL
         end
 
         def collect(object)
-          labels = { key: object['key'], platform_key: object['platform_key'] }
+          default_labels = { key: object['key'], platform_key: object['platform_key'] }
+          custom = object['custom_labels']
+          labels = custom.nil? ? default_labels : default_labels.merge(custom)
+
           @graphql_gauge.observe object['duration'], labels
         end
 

data/lib/graphql/types/int.rb

@@ -9,8 +9,15 @@ module GraphQL
       MIN = -(2**31)
       MAX = (2**31) - 1
 
-      def self.coerce_input(value, _ctx)
-        value.is_a?(Integer) ? value : nil
+      def self.coerce_input(value, ctx)
+        return if !value.is_a?(Integer)
+
+        if value >= MIN && value <= MAX
+          value
+        else
+          err = GraphQL::IntegerDecodingError.new(value)
+          ctx.schema.type_error(err, ctx)
+        end
       end
 
       def self.coerce_result(value, ctx)

data/lib/graphql/types/relay/base_connection.rb

@@ -94,7 +94,8 @@ module GraphQL
             type = nullable ? [@node_type, null: true] : [@node_type]
             field :nodes, type,
               null: nullable,
-              description: "A list of nodes."
+              description: "A list of nodes.",
+              connection: false
           end
         end
 

data/lib/graphql/types/relay/base_edge.rb

@@ -33,7 +33,8 @@ module GraphQL
             if node_type
               @node_type = node_type
               # Add a default `node` field
-              field :node, node_type, null: null, description: "The item at the end of the edge."
+              field :node, node_type, null: null, description: "The item at the end of the edge.",
+                connection: false
             end
             @node_type
           end

data/lib/graphql/types/string.rb

@@ -7,7 +7,13 @@ module GraphQL
 
       def self.coerce_result(value, ctx)
         str = value.to_s
-        str.encoding == Encoding::UTF_8 ? str : str.encode(Encoding::UTF_8)
+        if str.encoding == Encoding::UTF_8
+          str
+        elsif str.frozen?
+          str.encode(Encoding::UTF_8)
+        else
+          str.encode!(Encoding::UTF_8)
+        end
       rescue EncodingError
         err = GraphQL::StringEncodingError.new(str)
         ctx.schema.type_error(err, ctx)

data/lib/graphql/unauthorized_error.rb

@@ -22,7 +22,7 @@ module GraphQL
       @object = object
       @type = type
       @context = context
-      message ||= "An instance of #{object.class} failed #{type.name}'s authorization check"
+      message ||= "An instance of #{object.class} failed #{type.graphql_name}'s authorization check"
       super(message)
     end
   end

data/lib/graphql/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module GraphQL
-  VERSION = "1.11.5"
+  VERSION = "1.11.9"
 end