graphql 1.12.17 → 1.12.21

data/lib/graphql/static_validation/base_visitor.rb

@@ -205,6 +205,9 @@ module GraphQL
       private
 
       def add_error(error, path: nil)
+        if @context.too_many_errors?
+          throw :too_many_validation_errors
+        end
         error.path ||= (path || @path.dup)
         context.errors << error
       end

data/lib/graphql/static_validation/error.rb

@@ -32,8 +32,10 @@ module GraphQL
 
       private
 
+      attr_reader :nodes
+
       def locations
-        @nodes.map do |node|
+        nodes.map do |node|
           h = {"line" => node.line, "column" => node.col}
           h["filename"] = node.filename if node.filename
           h

data/lib/graphql/static_validation/rules/fields_will_merge.rb

@@ -10,6 +10,7 @@ module GraphQL
       #
       # Original Algorithm: https://github.com/graphql/graphql-js/blob/master/src/validation/rules/OverlappingFieldsCanBeMerged.js
       NO_ARGS = {}.freeze
+
       Field = Struct.new(:node, :definition, :owner_type, :parents)
       FragmentSpread = Struct.new(:name, :parents)
 
@@ -17,20 +18,43 @@ module GraphQL
         super
         @visited_fragments = {}
         @compared_fragments = {}
+        @conflict_count = 0
       end
 
       def on_operation_definition(node, _parent)
-        conflicts_within_selection_set(node, type_definition)
+        setting_errors { conflicts_within_selection_set(node, type_definition) }
         super
       end
 
       def on_field(node, _parent)
-        conflicts_within_selection_set(node, type_definition)
+        setting_errors { conflicts_within_selection_set(node, type_definition) }
         super
       end
 
       private
 
+      def field_conflicts
+        @field_conflicts ||= Hash.new do |errors, field|
+          errors[field] = GraphQL::StaticValidation::FieldsWillMergeError.new(kind: :field, field_name: field)
+        end
+      end
+
+      def arg_conflicts
+        @arg_conflicts ||= Hash.new do |errors, field|
+          errors[field] = GraphQL::StaticValidation::FieldsWillMergeError.new(kind: :argument, field_name: field)
+        end
+      end
+
+      def setting_errors
+        @field_conflicts = nil
+        @arg_conflicts = nil
+
+        yield
+
+        field_conflicts.each_value { |error| add_error(error) }
+        arg_conflicts.each_value { |error| add_error(error) }
+      end
+
       def conflicts_within_selection_set(node, parent_type)
         return if parent_type.nil?
 
@@ -183,6 +207,8 @@ module GraphQL
       end
 
       def find_conflict(response_key, field1, field2, mutually_exclusive: false)
+        return if @conflict_count >= context.max_errors
+
         node1 = field1.node
         node2 = field2.node
 
@@ -191,28 +217,21 @@ module GraphQL
 
         if !are_mutually_exclusive
           if node1.name != node2.name
-            errored_nodes = [node1.name, node2.name].sort.join(" or ")
-            msg = "Field '#{response_key}' has a field conflict: #{errored_nodes}?"
-            context.errors << GraphQL::StaticValidation::FieldsWillMergeError.new(
-              msg,
-              nodes: [node1, node2],
-              path: [],
-              field_name: response_key,
-              conflicts: errored_nodes
-            )
+            conflict = field_conflicts[response_key]
+
+            conflict.add_conflict(node1, node1.name)
+            conflict.add_conflict(node2, node2.name)
+
+            @conflict_count += 1
           end
 
           if !same_arguments?(node1, node2)
-            args = [serialize_field_args(node1), serialize_field_args(node2)]
-            conflicts = args.map { |arg| GraphQL::Language.serialize(arg) }.join(" or ")
-            msg = "Field '#{response_key}' has an argument conflict: #{conflicts}?"
-            context.errors << GraphQL::StaticValidation::FieldsWillMergeError.new(
-              msg,
-              nodes: [node1, node2],
-              path: [],
-              field_name: response_key,
-              conflicts: conflicts
-            )
+            conflict = arg_conflicts[response_key]
+
+            conflict.add_conflict(node1, GraphQL::Language.serialize(serialize_field_args(node1)))
+            conflict.add_conflict(node2, GraphQL::Language.serialize(serialize_field_args(node2)))
+
+            @conflict_count += 1
           end
         end
 

data/lib/graphql/static_validation/rules/fields_will_merge_error.rb

@@ -3,12 +3,33 @@ module GraphQL
   module StaticValidation
     class FieldsWillMergeError < StaticValidation::Error
       attr_reader :field_name
-      attr_reader :conflicts
+      attr_reader :kind
+
+      def initialize(kind:, field_name:)
+        super(nil)
 
-      def initialize(message, path: nil, nodes: [], field_name:, conflicts:)
-        super(message, path: path, nodes: nodes)
         @field_name = field_name
-        @conflicts = conflicts
+        @kind = kind
+        @conflicts = []
+      end
+
+      def message
+        "Field '#{field_name}' has #{kind == :argument ? 'an' : 'a'} #{kind} conflict: #{conflicts}?"
+      end
+
+      def path
+        []
+      end
+
+      def conflicts
+        @conflicts.join(' or ')
+      end
+
+      def add_conflict(node, conflict_str)
+        return if nodes.include?(node)
+
+        @nodes << node
+        @conflicts << conflict_str
       end
 
       # A hash representation of this Message

data/lib/graphql/static_validation/rules/fragments_are_finite.rb

@@ -7,12 +7,12 @@ module GraphQL
         dependency_map = context.dependencies
         dependency_map.cyclical_definitions.each do |defn|
           if defn.node.is_a?(GraphQL::Language::Nodes::FragmentDefinition)
-            context.errors << GraphQL::StaticValidation::FragmentsAreFiniteError.new(
+            add_error(GraphQL::StaticValidation::FragmentsAreFiniteError.new(
               "Fragment #{defn.name} contains an infinite loop",
               nodes: defn.node,
               path: defn.path,
               name: defn.name
-            )
+            ))
           end
         end
       end

data/lib/graphql/static_validation/validation_context.rb

@@ -15,14 +15,16 @@ module GraphQL
       extend Forwardable
 
       attr_reader :query, :errors, :visitor,
-        :on_dependency_resolve_handlers
+        :on_dependency_resolve_handlers,
+        :max_errors
 
       def_delegators :@query, :schema, :document, :fragments, :operations, :warden
 
-      def initialize(query, visitor_class)
+      def initialize(query, visitor_class, max_errors)
         @query = query
         @literal_validator = LiteralValidator.new(context: query.context)
         @errors = []
+        @max_errors = max_errors || Float::INFINITY
         @on_dependency_resolve_handlers = []
         @visitor = visitor_class.new(document, self)
       end
@@ -38,6 +40,10 @@ module GraphQL
       def validate_literal(ast_value, type)
         @literal_validator.validate(ast_value, type)
       end
+
+      def too_many_errors?
+        @errors.length >= @max_errors
+      end
     end
   end
 end

data/lib/graphql/static_validation/validator.rb

@@ -24,8 +24,9 @@ module GraphQL
       # @param query [GraphQL::Query]
       # @param validate [Boolean]
       # @param timeout [Float] Number of seconds to wait before aborting validation. Any positive number may be used, including Floats to specify fractional seconds.
+      # @param max_errors [Integer] Maximum number of errors before aborting validation. Any positive number will limit the number of errors. Defaults to nil for no limit.
       # @return [Array<Hash>]
-      def validate(query, validate: true, timeout: nil)
+      def validate(query, validate: true, timeout: nil, max_errors: nil)
         query.trace("validate", { validate: validate, query: query }) do
           can_skip_rewrite = query.context.interpreter? && query.schema.using_ast_analysis? && query.schema.is_a?(Class)
           errors = if validate == false && can_skip_rewrite
@@ -34,25 +35,27 @@ module GraphQL
             rules_to_use = validate ? @rules : []
             visitor_class = BaseVisitor.including_rules(rules_to_use, rewrite: !can_skip_rewrite)
 
-            context = GraphQL::StaticValidation::ValidationContext.new(query, visitor_class)
+            context = GraphQL::StaticValidation::ValidationContext.new(query, visitor_class, max_errors)
 
             begin
               # CAUTION: Usage of the timeout module makes the assumption that validation rules are stateless Ruby code that requires no cleanup if process was interrupted. This means no blocking IO calls, native gems, locks, or `rescue` clauses that must be reached.
               # A timeout value of 0 or nil will execute the block without any timeout.
               Timeout::timeout(timeout) do
-                # Attach legacy-style rules.
-                # Only loop through rules if it has legacy-style rules
-                unless (legacy_rules = rules_to_use - GraphQL::StaticValidation::ALL_RULES).empty?
-                  legacy_rules.each do |rule_class_or_module|
-                    if rule_class_or_module.method_defined?(:validate)
-                      GraphQL::Deprecation.warn "Legacy validator rules will be removed from GraphQL-Ruby 2.0, use a module instead (see the built-in rules: https://github.com/rmosolgo/graphql-ruby/tree/master/lib/graphql/static_validation/rules)"
-                      GraphQL::Deprecation.warn "  -> Legacy validator: #{rule_class_or_module}"
-                      rule_class_or_module.new.validate(context)
+                catch(:too_many_validation_errors) do
+                  # Attach legacy-style rules.
+                  # Only loop through rules if it has legacy-style rules
+                  unless (legacy_rules = rules_to_use - GraphQL::StaticValidation::ALL_RULES).empty?
+                    legacy_rules.each do |rule_class_or_module|
+                      if rule_class_or_module.method_defined?(:validate)
+                        GraphQL::Deprecation.warn "Legacy validator rules will be removed from GraphQL-Ruby 2.0, use a module instead (see the built-in rules: https://github.com/rmosolgo/graphql-ruby/tree/master/lib/graphql/static_validation/rules)"
+                        GraphQL::Deprecation.warn "  -> Legacy validator: #{rule_class_or_module}"
+                        rule_class_or_module.new.validate(context)
+                      end
                     end
                   end
-                end
 
-                context.visitor.visit
+                  context.visitor.visit
+                end
               end
             rescue Timeout::Error
               handle_timeout(query, context)

data/lib/graphql/string_encoding_error.rb

@@ -1,10 +1,20 @@
 # frozen_string_literal: true
 module GraphQL
   class StringEncodingError < GraphQL::RuntimeTypeError
-    attr_reader :string
-    def initialize(str)
+    attr_reader :string, :field, :path
+    def initialize(str, context:)
       @string = str
-      super("String \"#{str}\" was encoded as #{str.encoding}! GraphQL requires an encoding compatible with UTF-8.")
+      @field = context[:current_field]
+      @path = context[:current_path]
+      message = "String #{str.inspect} was encoded as #{str.encoding}".dup
+      if @path
+        message << " @ #{@path.join(".")}"
+      end
+      if @field
+        message << " (#{@field.path})"
+      end
+      message << ". GraphQL requires an encoding compatible with UTF-8."
+      super(message)
     end
   end
 end

data/lib/graphql/subscriptions/action_cable_subscriptions.rb

@@ -127,7 +127,13 @@ module GraphQL
       # It will receive notifications when events come in
       # and re-evaluate the query locally.
       def write_subscription(query, events)
-        channel = query.context.fetch(:channel)
+        unless (channel = query.context[:channel])
+          raise GraphQL::Error, "This GraphQL Subscription client does not support the transport protocol expected"\
+            "by the backend Subscription Server implementation (graphql-ruby ActionCableSubscriptions in this case)."\
+            "Some official client implementation including Apollo (https://graphql-ruby.org/javascript_client/apollo_subscriptions.html), "\
+            "Relay Modern (https://graphql-ruby.org/javascript_client/relay_subscriptions.html#actioncable)."\
+            "GraphiQL via `graphiql-rails` may not work out of box (#1051)."
+        end
         subscription_id = query.context[:subscription_id] ||= build_id
         stream = stream_subscription_name(subscription_id)
         channel.stream_from(stream)

data/lib/graphql/subscriptions/event.rb

@@ -53,7 +53,38 @@ module GraphQL
 
       class << self
         private
+
+        # This method does not support cyclic references in the Hash,
+        # nor does it support Hashes whose keys are not sortable
+        # with respect to their peers ( cases where a <=> b might throw an error )
+        def deep_sort_hash_keys(hash_to_sort)
+          raise ArgumentError.new("Argument must be a Hash") unless hash_to_sort.is_a?(Hash)
+          hash_to_sort.keys.sort.map do |k|
+            if hash_to_sort[k].is_a?(Hash)
+              [k, deep_sort_hash_keys(hash_to_sort[k])]
+            elsif hash_to_sort[k].is_a?(Array)
+              [k, deep_sort_array_hashes(hash_to_sort[k])]
+            else
+              [k, hash_to_sort[k]]
+            end
+          end.to_h
+        end
+
+        def deep_sort_array_hashes(array_to_inspect)
+          raise ArgumentError.new("Argument must be an Array") unless array_to_inspect.is_a?(Array)
+          array_to_inspect.map do |v|
+            if v.is_a?(Hash)
+              deep_sort_hash_keys(v)
+            elsif v.is_a?(Array)
+              deep_sort_array_hashes(v)
+            else
+              v
+            end
+          end
+        end
+
         def stringify_args(arg_owner, args)
+          arg_owner = arg_owner.respond_to?(:unwrap) ? arg_owner.unwrap : arg_owner # remove list and non-null wrappers
           case args
           when Hash
             next_args = {}
@@ -68,8 +99,22 @@ module GraphQL
                 normalized_arg_name = arg_name
                 arg_defn = get_arg_definition(arg_owner, normalized_arg_name)
               end
-
-              next_args[normalized_arg_name] = stringify_args(arg_defn.type, v)
+              arg_base_type = arg_defn.type.unwrap
+              # In the case where the value being emitted is seen as a "JSON"
+              # type, treat the value as one atomic unit of serialization
+              is_json_definition = arg_base_type && arg_base_type <= GraphQL::Types::JSON
+              if is_json_definition
+                sorted_value = if v.is_a?(Hash)
+                  deep_sort_hash_keys(v)
+                elsif v.is_a?(Array)
+                  deep_sort_array_hashes(v)
+                else
+                  v
+                end
+                next_args[normalized_arg_name] = sorted_value.respond_to?(:to_json) ? sorted_value.to_json : sorted_value
+              else
+                next_args[normalized_arg_name] = stringify_args(arg_base_type, v)
+              end
             end
             # Make sure they're deeply sorted
             next_args.sort.to_h

data/lib/graphql/subscriptions/serialize.rb

@@ -9,7 +9,7 @@ module GraphQL
       SYMBOL_KEY = "__sym__"
       SYMBOL_KEYS_KEY = "__sym_keys__"
       TIMESTAMP_KEY = "__timestamp__"
-      TIMESTAMP_FORMAT = "%Y-%m-%d %H:%M:%S.%N%Z" # eg '2020-01-01 23:59:59.123456789+05:00'
+      TIMESTAMP_FORMAT = "%Y-%m-%d %H:%M:%S.%N%z" # eg '2020-01-01 23:59:59.123456789+05:00'
       OPEN_STRUCT_KEY = "__ostruct__"
 
       module_function

data/lib/graphql/tracing/appsignal_tracing.rb

@@ -14,7 +14,22 @@ module GraphQL
         "execute_query_lazy" => "execute.graphql",
       }
 
+      # @param set_action_name [Boolean] If true, the GraphQL operation name will be used as the transaction name.
+      #   This is not advised if you run more than one query per HTTP request, for example, with `graphql-client` or multiplexing.
+      #   It can also be specified per-query with `context[:set_appsignal_action_name]`.
+      def initialize(options = {})
+        @set_action_name = options.fetch(:set_action_name, false)
+        super
+      end
+
       def platform_trace(platform_key, key, data)
+        if key == "execute_query"
+          set_this_txn_name =  data[:query].context[:set_appsignal_action_name]
+          if set_this_txn_name == true || (set_this_txn_name.nil? && @set_action_name)
+            Appsignal::Transaction.current.set_action(transaction_name(data[:query]))
+          end
+        end
+
         Appsignal.instrument(platform_key) do
           yield
         end

data/lib/graphql/types/int.rb

@@ -25,7 +25,7 @@ module GraphQL
         if value >= MIN && value <= MAX
           value
         else
-          err = GraphQL::IntegerEncodingError.new(value)
+          err = GraphQL::IntegerEncodingError.new(value, context: ctx)
           ctx.schema.type_error(err, ctx)
         end
       end

data/lib/graphql/types/string.rb

@@ -15,7 +15,7 @@ module GraphQL
           str.encode!(Encoding::UTF_8)
         end
       rescue EncodingError
-        err = GraphQL::StringEncodingError.new(str)
+        err = GraphQL::StringEncodingError.new(str, context: ctx)
         ctx.schema.type_error(err, ctx)
       end
 

data/lib/graphql/unauthorized_error.rb

@@ -12,7 +12,7 @@ module GraphQL
     attr_reader :type
 
     # @return [GraphQL::Query::Context] the context for the current query
-    attr_reader :context
+    attr_accessor :context
 
     def initialize(message = nil, object: nil, type: nil, context: nil)
       if message.nil? && object.nil? && type.nil?

data/lib/graphql/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module GraphQL
-  VERSION = "1.12.17"
+  VERSION = "1.12.21"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: graphql
 version: !ruby/object:Gem::Version
-  version: 1.12.17
+  version: 1.12.21
 platform: ruby
 authors:
 - Robert Mosolgo
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-15 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: benchmark-ips
@@ -544,6 +544,8 @@ files:
 - lib/graphql/schema/unique_within_type.rb
 - lib/graphql/schema/validation.rb
 - lib/graphql/schema/validator.rb
+- lib/graphql/schema/validator/allow_blank_validator.rb
+- lib/graphql/schema/validator/allow_null_validator.rb
 - lib/graphql/schema/validator/exclusion_validator.rb
 - lib/graphql/schema/validator/format_validator.rb
 - lib/graphql/schema/validator/inclusion_validator.rb
@@ -700,7 +702,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: A GraphQL language and runtime for Ruby