graphql 2.0.13 → 2.3.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8f389d3b7c8052a74ccd4bd9e8412a1fa9d93415e6caeec883b8f179a167395
-  data.tar.gz: f2e6ab7ba5c1e76b0c44557855ab3af55fb2b718b8de1ff6483917de603734b3
+  metadata.gz: df4f4d50869f6ef14685ae04e9020a6b1c151d9fd287af7d86d139aadfc2f105
+  data.tar.gz: 0415f6e0012b4a9517e84d5de66ebccbff41ce01b384b49c480cda7b5353d16d
 SHA512:
-  metadata.gz: 10a24271a65c65a402d3243d2e43b3b257f74eb7bbc0ec13c254304bdce3122c444a41fbccf943bd3d626d301aec4b973485f742b831e8658ea252a0c95cfcfa
-  data.tar.gz: 9762008c699f2a53b14913e057dc31ec6c97b4203b1dd28a7a2a4fc18153d5bc200d0a95e3d2a04da80d0486131f5b1ce8d597e1ad6a7085b0766e35e0982959
+  metadata.gz: 7921e2420473405956845345b75ba8c4768e9d90cf6d96b0249844524e7c53ff00ec11ed940635a3f12c264cb52095310be4e6a642c4806362ce2e9f5fe7d15f
+  data.tar.gz: 3e33cd66559ec943b8b5e74124343918037176d1727d4ed425ccee384c3505708c848b5dac0dc04d2c68858ae9bc8717b204fe66dfee48adc981bf4a41fa284c

data/lib/generators/graphql/install/mutation_root_generator.rb

@@ -9,7 +9,7 @@ module Graphql
       class MutationRootGenerator < Rails::Generators::Base
         include Core
 
-        desc "Create mutation base type, mutation root tipe, and adds the latter to the schema"
+        desc "Create mutation base type, mutation root type, and adds the latter to the schema"
         source_root File.expand_path('../templates', __FILE__)
 
         class_option :schema,
@@ -31,4 +31,4 @@ module Graphql
       end
     end
   end
-end 
+end 

data/lib/generators/graphql/install/templates/base_mutation.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Mutations
   class BaseMutation < GraphQL::Schema::RelayClassicMutation

data/lib/generators/graphql/install/templates/mutation_type.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class MutationType < Types::BaseObject

data/lib/generators/graphql/install_generator.rb

@@ -105,6 +105,9 @@ module Graphql
           template("#{base_type}.erb", "#{options[:directory]}/types/#{base_type}.rb")
         end
 
+        # All resolvers are defined as living in their own module, including this class.
+        template("base_resolver.erb", "#{options[:directory]}/resolvers/base_resolver.rb")
+
         # Note: You can't have a schema without the query type, otherwise introspection breaks
         template("query_type.erb", "#{options[:directory]}/types/query_type.rb")
         insert_root_type('query', 'QueryType')

data/lib/generators/graphql/mutation_delete_generator.rb

@@ -6,7 +6,7 @@ module Graphql
     # TODO: What other options should be supported?
     #
     # @example Generate a `GraphQL::Schema::RelayClassicMutation` by name
-    #     rails g graphql:mutation CreatePostMutation
+    #     rails g graphql:mutation DeletePostMutation
     class MutationDeleteGenerator < OrmMutationsBase
 
       desc "Scaffold a Relay Classic ORM delete mutation for the given model class"

data/lib/generators/graphql/mutation_update_generator.rb

@@ -6,7 +6,7 @@ module Graphql
     # TODO: What other options should be supported?
     #
     # @example Generate a `GraphQL::Schema::RelayClassicMutation` by name
-    #     rails g graphql:mutation CreatePostMutation
+    #     rails g graphql:mutation UpdatePostMutation
     class MutationUpdateGenerator < OrmMutationsBase
 
       desc "Scaffold a Relay Classic ORM update mutation for the given model class"

data/lib/generators/graphql/relay.rb

@@ -6,7 +6,24 @@ module Graphql
         # Add Node, `node(id:)`, and `nodes(ids:)`
         template("node_type.erb", "#{options[:directory]}/types/node_type.rb")
         in_root do
-          fields = "    # Add `node(id: ID!) and `nodes(ids: [ID!]!)`\n    include GraphQL::Types::Relay::HasNodeField\n    include GraphQL::Types::Relay::HasNodesField\n\n"
+          fields = <<-RUBY
+    field :node, Types::NodeType, null: true, description: "Fetches an object given its ID." do
+      argument :id, ID, required: true, description: "ID of the object."
+    end
+
+    def node(id:)
+      context.schema.object_from_id(id, context)
+    end
+
+    field :nodes, [Types::NodeType, null: true], null: true, description: "Fetches a list of objects given a list of IDs." do
+      argument :ids, [ID], required: true, description: "IDs of the objects."
+    end
+
+    def nodes(ids:)
+      ids.map { |id| context.schema.object_from_id(id, context) }
+    end
+
+    RUBY
           inject_into_file "#{options[:directory]}/types/query_type.rb", fields, after: /class .*QueryType\s*<\s*[^\s]+?\n/m, force: false
         end
 

data/lib/generators/graphql/templates/base_argument.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseArgument < GraphQL::Schema::Argument

data/lib/generators/graphql/templates/base_connection.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseConnection < Types::BaseObject

data/lib/generators/graphql/templates/base_edge.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseEdge < Types::BaseObject

data/lib/generators/graphql/templates/base_enum.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseEnum < GraphQL::Schema::Enum

data/lib/generators/graphql/templates/base_field.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseField < GraphQL::Schema::Field

data/lib/generators/graphql/templates/base_input_object.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseInputObject < GraphQL::Schema::InputObject

data/lib/generators/graphql/templates/base_interface.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   module BaseInterface

data/lib/generators/graphql/templates/base_object.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseObject < GraphQL::Schema::Object

data/lib/generators/graphql/templates/base_resolver.erb

@@ -0,0 +1,6 @@
+<% module_namespacing_when_supported do -%>
+module Resolvers
+  class BaseResolver < GraphQL::Schema::Resolver
+  end
+end
+<% end -%>

data/lib/generators/graphql/templates/base_scalar.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseScalar < GraphQL::Schema::Scalar

data/lib/generators/graphql/templates/base_union.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class BaseUnion < GraphQL::Schema::Union

data/lib/generators/graphql/templates/graphql_controller.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 class GraphqlController < ApplicationController
   # If accessing from outside this domain, nullify the session

data/lib/generators/graphql/templates/loader.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Loaders
   class <%= class_name %> < GraphQL::Batch::Loader

data/lib/generators/graphql/templates/mutation.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Mutations
   class <%= class_name %> < BaseMutation

data/lib/generators/graphql/templates/node_type.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   module NodeType

data/lib/generators/graphql/templates/query_type.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 module Types
   class QueryType < Types::BaseObject

data/lib/generators/graphql/templates/schema.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 <% module_namespacing_when_supported do -%>
 class <%= schema_name %> < GraphQL::Schema
   query(Types::QueryType)
@@ -23,5 +25,11 @@ class <%= schema_name %> < GraphQL::Schema
     # to return the correct GraphQL object type for `obj`
     raise(GraphQL::RequiredImplementationMissingError)
   end
+
+  # Limit the size of incoming queries:
+  max_query_string_tokens(5000)
+
+  # Stop validating when it encounters this many errors:
+  validate_max_errors(100)
 end
 <% end -%>

data/lib/graphql/analysis/analyzer.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+module GraphQL
+  module Analysis
+    # Query analyzer for query ASTs. Query analyzers respond to visitor style methods
+    # but are prefixed by `enter` and `leave`.
+    #
+    # When an analyzer is initialized with a Multiplex, you can always get the current query from
+    # `visitor.query` in the visit methods.
+    #
+    # @param [GraphQL::Query, GraphQL::Execution::Multiplex] The query or multiplex to analyze
+    class Analyzer
+      def initialize(subject)
+        @subject = subject
+
+        if subject.is_a?(GraphQL::Query)
+          @query = subject
+          @multiplex = nil
+        else
+          @multiplex = subject
+          @query = nil
+        end
+      end
+
+      # Analyzer hook to decide at analysis time whether a query should
+      # be analyzed or not.
+      # @return [Boolean] If the query should be analyzed or not
+      def analyze?
+        true
+      end
+
+      # Analyzer hook to decide at analysis time whether analysis
+      # requires a visitor pass; can be disabled for precomputed results.
+      # @return [Boolean] If analysis requires visitation or not
+      def visit?
+        true
+      end
+
+      # The result for this analyzer. Returning {GraphQL::AnalysisError} results
+      # in a query error.
+      # @return [Any] The analyzer result
+      def result
+        raise GraphQL::RequiredImplementationMissingError
+      end
+
+      class << self
+        private
+
+        def build_visitor_hooks(member_name)
+          class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+            def on_enter_#{member_name}(node, parent, visitor)
+            end
+
+            def on_leave_#{member_name}(node, parent, visitor)
+            end
+          EOS
+        end
+      end
+
+      build_visitor_hooks :argument
+      build_visitor_hooks :directive
+      build_visitor_hooks :document
+      build_visitor_hooks :enum
+      build_visitor_hooks :field
+      build_visitor_hooks :fragment_spread
+      build_visitor_hooks :inline_fragment
+      build_visitor_hooks :input_object
+      build_visitor_hooks :list_type
+      build_visitor_hooks :non_null_type
+      build_visitor_hooks :null_value
+      build_visitor_hooks :operation_definition
+      build_visitor_hooks :type_name
+      build_visitor_hooks :variable_definition
+      build_visitor_hooks :variable_identifier
+      build_visitor_hooks :abstract_node
+
+      protected
+
+      # @return [GraphQL::Query, GraphQL::Execution::Multiplex] Whatever this analyzer is analyzing
+      attr_reader :subject
+
+      # @return [GraphQL::Query, nil] `nil` if this analyzer is visiting a multiplex
+      #  (When this is `nil`, use `visitor.query` inside visit methods to get the current query)
+      attr_reader :query
+
+      # @return [GraphQL::Execution::Multiplex, nil] `nil` if this analyzer is visiting a query
+      attr_reader :multiplex
+    end
+  end
+end

data/lib/graphql/analysis/field_usage.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+module GraphQL
+  module Analysis
+    class FieldUsage < Analyzer
+      def initialize(query)
+        super
+        @used_fields = Set.new
+        @used_deprecated_fields = Set.new
+        @used_deprecated_arguments = Set.new
+        @used_deprecated_enum_values = Set.new
+      end
+
+      def on_leave_field(node, parent, visitor)
+        field_defn = visitor.field_definition
+        field = "#{visitor.parent_type_definition.graphql_name}.#{field_defn.graphql_name}"
+        @used_fields << field
+        @used_deprecated_fields << field if field_defn.deprecation_reason
+        arguments = visitor.query.arguments_for(node, field_defn)
+        # If there was an error when preparing this argument object,
+        # then this might be an error or something:
+        if arguments.respond_to?(:argument_values)
+          extract_deprecated_arguments(arguments.argument_values)
+        end
+      end
+
+      def result
+        {
+          used_fields: @used_fields.to_a,
+          used_deprecated_fields: @used_deprecated_fields.to_a,
+          used_deprecated_arguments: @used_deprecated_arguments.to_a,
+          used_deprecated_enum_values: @used_deprecated_enum_values.to_a,
+        }
+      end
+
+      private
+
+      def extract_deprecated_arguments(argument_values)
+        argument_values.each_pair do |_argument_name, argument|
+          if argument.definition.deprecation_reason
+            @used_deprecated_arguments << argument.definition.path
+          end
+
+          arg_val = argument.value
+
+          next if arg_val.nil?
+
+          argument_type = argument.definition.type
+          if argument_type.non_null?
+            argument_type = argument_type.of_type
+          end
+
+          if argument_type.kind.input_object?
+            extract_deprecated_arguments(argument.original_value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
+          elsif argument_type.kind.enum?
+            extract_deprecated_enum_value(argument_type, arg_val)
+          elsif argument_type.list?
+            inner_type = argument_type.unwrap
+            case inner_type.kind
+            when TypeKinds::INPUT_OBJECT
+              argument.original_value.each do |value|
+                extract_deprecated_arguments(value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
+              end
+            when TypeKinds::ENUM
+              arg_val.each do |value|
+                extract_deprecated_enum_value(inner_type, value)
+              end
+            else
+              # Not a kind of input that we track
+            end
+          end
+        end
+      end
+
+      def extract_deprecated_enum_value(enum_type, value)
+        enum_value = @query.types.enum_values(enum_type).find { |ev| ev.value == value }
+        if enum_value&.deprecation_reason
+          @used_deprecated_enum_values << enum_value.path
+        end
+      end
+    end
+  end
+end

data/lib/graphql/analysis/max_query_complexity.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+module GraphQL
+  module Analysis
+    # Used under the hood to implement complexity validation,
+    # see {Schema#max_complexity} and {Query#max_complexity}
+    class MaxQueryComplexity < QueryComplexity
+      def result
+        return if subject.max_complexity.nil?
+
+        total_complexity = max_possible_complexity
+
+        if total_complexity > subject.max_complexity
+          GraphQL::AnalysisError.new("Query has complexity of #{total_complexity}, which exceeds max complexity of #{subject.max_complexity}")
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/graphql/analysis/max_query_depth.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+module GraphQL
+  module Analysis
+    class MaxQueryDepth < QueryDepth
+      def result
+        configured_max_depth = if query
+          query.max_depth
+        else
+          multiplex.schema.max_depth
+        end
+
+        if configured_max_depth && @max_depth > configured_max_depth
+          GraphQL::AnalysisError.new("Query has depth of #{@max_depth}, which exceeds max depth of #{configured_max_depth}")
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/graphql/analysis/query_complexity.rb

@@ -0,0 +1,183 @@
+# frozen_string_literal: true
+module GraphQL
+  module Analysis
+    # Calculate the complexity of a query, using {Field#complexity} values.
+    class QueryComplexity < Analyzer
+      # State for the query complexity calculation:
+      # - `complexities_on_type` holds complexity scores for each type
+      def initialize(query)
+        super
+        @skip_introspection_fields = !query.schema.max_complexity_count_introspection_fields
+        @complexities_on_type_by_query = {}
+      end
+
+      # Override this method to use the complexity result
+      def result
+        max_possible_complexity
+      end
+
+      # ScopedTypeComplexity models a tree of GraphQL types mapped to inner selections, ie:
+      # Hash<GraphQL::BaseType, Hash<String, ScopedTypeComplexity>>
+      class ScopedTypeComplexity < Hash
+        # A proc for defaulting empty namespace requests as a new scope hash.
+        DEFAULT_PROC = ->(h, k) { h[k] = {} }
+
+        attr_reader :field_definition, :response_path, :query
+
+        # @param parent_type [Class] The owner of `field_definition`
+        # @param field_definition [GraphQL::Field, GraphQL::Schema::Field] Used for getting the `.complexity` configuration
+        # @param query [GraphQL::Query] Used for `query.possible_types`
+        # @param response_path [Array<String>] The path to the response key for the field
+        # @return [Hash<GraphQL::BaseType, Hash<String, ScopedTypeComplexity>>]
+        def initialize(parent_type, field_definition, query, response_path)
+          super(&DEFAULT_PROC)
+          @parent_type = parent_type
+          @field_definition = field_definition
+          @query = query
+          @response_path = response_path
+          @nodes = []
+        end
+
+        # @return [Array<GraphQL::Language::Nodes::Field>]
+        attr_reader :nodes
+
+        def own_complexity(child_complexity)
+          @field_definition.calculate_complexity(query: @query, nodes: @nodes, child_complexity: child_complexity)
+        end
+      end
+
+      def on_enter_field(node, parent, visitor)
+        # We don't want to visit fragment definitions,
+        # we'll visit them when we hit the spreads instead
+        return if visitor.visiting_fragment_definition?
+        return if visitor.skipping?
+        return if @skip_introspection_fields && visitor.field_definition.introspection?
+        parent_type = visitor.parent_type_definition
+        field_key = node.alias || node.name
+
+        # Find or create a complexity scope stack for this query.
+        scopes_stack = @complexities_on_type_by_query[visitor.query] ||= [ScopedTypeComplexity.new(nil, nil, query, visitor.response_path)]
+
+        # Find or create the complexity costing node for this field.
+        scope = scopes_stack.last[parent_type][field_key] ||= ScopedTypeComplexity.new(parent_type, visitor.field_definition, visitor.query, visitor.response_path)
+        scope.nodes.push(node)
+        scopes_stack.push(scope)
+      end
+
+      def on_leave_field(node, parent, visitor)
+        # We don't want to visit fragment definitions,
+        # we'll visit them when we hit the spreads instead
+        return if visitor.visiting_fragment_definition?
+        return if visitor.skipping?
+        return if @skip_introspection_fields && visitor.field_definition.introspection?
+        scopes_stack = @complexities_on_type_by_query[visitor.query]
+        scopes_stack.pop
+      end
+
+      private
+
+      # @return [Integer]
+      def max_possible_complexity
+        @complexities_on_type_by_query.reduce(0) do |total, (query, scopes_stack)|
+          total + merged_max_complexity_for_scopes(query, [scopes_stack.first])
+        end
+      end
+
+      # @param query [GraphQL::Query] Used for `query.possible_types`
+      # @param scopes [Array<ScopedTypeComplexity>] Array of scoped type complexities
+      # @return [Integer]
+      def merged_max_complexity_for_scopes(query, scopes)
+        # Aggregate a set of all possible scope types encountered (scope keys).
+        # Use a hash, but ignore the values; it's just a fast way to work with the keys.
+        possible_scope_types = scopes.each_with_object({}) do |scope, memo|
+          memo.merge!(scope)
+        end
+
+        # Expand abstract scope types into their concrete implementations;
+        # overlapping abstracts coalesce through their intersecting types.
+        possible_scope_types.keys.each do |possible_scope_type|
+          next unless possible_scope_type.kind.abstract?
+
+          query.types.possible_types(possible_scope_type).each do |impl_type|
+            possible_scope_types[impl_type] ||= true
+          end
+          possible_scope_types.delete(possible_scope_type)
+        end
+
+        # Aggregate the lexical selections that may apply to each possible type,
+        # and then return the maximum cost among possible typed selections.
+        possible_scope_types.each_key.reduce(0) do |max, possible_scope_type|
+          # Collect inner selections from all scopes that intersect with this possible type.
+          all_inner_selections = scopes.each_with_object([]) do |scope, memo|
+            scope.each do |scope_type, inner_selections|
+              memo << inner_selections if types_intersect?(query, scope_type, possible_scope_type)
+            end
+          end
+
+          # Find the maximum complexity for the scope type among possible lexical branches.
+          complexity = merged_max_complexity(query, all_inner_selections)
+          complexity > max ? complexity : max
+        end
+      end
+
+      def types_intersect?(query, a, b)
+        return true if a == b
+
+        a_types = query.types.possible_types(a)
+        query.types.possible_types(b).any? { |t| a_types.include?(t) }
+      end
+
+      # A hook which is called whenever a field's max complexity is calculated.
+      # Override this method to capture individual field complexity details.
+      #
+      # @param scoped_type_complexity [ScopedTypeComplexity]
+      # @param max_complexity [Numeric] Field's maximum complexity including child complexity
+      # @param child_complexity [Numeric, nil] Field's child complexity
+      def field_complexity(scoped_type_complexity, max_complexity:, child_complexity: nil)
+      end
+
+      # @param inner_selections [Array<Hash<String, ScopedTypeComplexity>>] Field selections for a scope
+      # @return [Integer] Total complexity value for all these selections in the parent scope
+      def merged_max_complexity(query, inner_selections)
+        # Aggregate a set of all unique field selection keys across all scopes.
+        # Use a hash, but ignore the values; it's just a fast way to work with the keys.
+        unique_field_keys = inner_selections.each_with_object({}) do |inner_selection, memo|
+          memo.merge!(inner_selection)
+        end
+
+        # Add up the total cost for each unique field name's coalesced selections
+        unique_field_keys.each_key.reduce(0) do |total, field_key|
+          composite_scopes = nil
+          field_cost = 0
+
+          # Collect composite selection scopes for further aggregation,
+          # leaf selections report their costs directly.
+          inner_selections.each do |inner_selection|
+            child_scope = inner_selection[field_key]
+            next unless child_scope
+
+            # Empty child scopes are leaf nodes with zero child complexity.
+            if child_scope.empty?
+              field_cost = child_scope.own_complexity(0)
+              field_complexity(child_scope, max_complexity: field_cost, child_complexity: nil)
+            else
+              composite_scopes ||= []
+              composite_scopes << child_scope
+            end
+          end
+
+          if composite_scopes
+            child_complexity = merged_max_complexity_for_scopes(query, composite_scopes)
+
+            # This is the last composite scope visited; assume it's representative (for backwards compatibility).
+            # Note: it would be more correct to score each composite scope and use the maximum possibility.
+            field_cost = composite_scopes.last.own_complexity(child_complexity)
+            field_complexity(composite_scopes.last, max_complexity: field_cost, child_complexity: child_complexity)
+          end
+
+          total + field_cost
+        end
+      end
+    end
+  end
+end