graphql 2.2.5 → 2.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49aca16aba9ee96f9aa4229e07e5493b1e8c676a892a1fa1e9828323d44dc073
-  data.tar.gz: 95eec1c3808a12b28bcc2732bb13baf9d52ddf3f34c4971abf92f6cff3333e93
+  metadata.gz: d1511256e7812b5c2de2a01ffa44f8a77f2e8959837344eaf1c8780d0b1bf700
+  data.tar.gz: 87a0734b541d8f2cbbd3fb293a63663cbc57c61e6ab39242449596c6ca759442
 SHA512:
-  metadata.gz: 287acc2969a3b181d2d53dc94562335fac43de4cb8873844f063b63b604948e3edb7df318e53ec42906f678f7329efc5aa8d28bdbbfd4bc7f9d504a96f745df9
-  data.tar.gz: 3ef6c000a5eeaddd295786e9baf147663556cc19c1bc46facf57b67233bf40780e42b4781f39ebd3966ca29bc6bab6b682e9bd475b4c2474f471841454cb3d3c
+  metadata.gz: fff5ef36d8e8dff310cac664178ebf0e902cd067a893fedd164902625751fe457a070f1daf2a2251d0dd2ec57fb16daccc81b54267048bbb71c027caf7905100
+  data.tar.gz: 5fc4e6c4a44398e9f77d99c5224d22128a9c80e64a17a156500337b4d658270da9aa7af71f8d06cc065939cc42b41de3e07d66cb7622704ad179424c312dd7a0

data/lib/generators/graphql/templates/schema.erb

@@ -26,6 +26,9 @@ class <%= schema_name %> < GraphQL::Schema
     raise(GraphQL::RequiredImplementationMissingError)
   end
 
+  # Limit the size of incoming queries:
+  max_query_string_tokens(5000)
+
   # Stop validating when it encounters this many errors:
   validate_max_errors(100)
 end

data/lib/graphql/analysis/ast/field_usage.rb

@@ -8,6 +8,7 @@ module GraphQL
           @used_fields = Set.new
           @used_deprecated_fields = Set.new
           @used_deprecated_arguments = Set.new
+          @used_deprecated_enum_values = Set.new
         end
 
         def on_leave_field(node, parent, visitor)
@@ -15,7 +16,7 @@ module GraphQL
           field = "#{visitor.parent_type_definition.graphql_name}.#{field_defn.graphql_name}"
           @used_fields << field
           @used_deprecated_fields << field if field_defn.deprecation_reason
-          arguments = visitor.query.arguments_for(node, visitor.field_definition)
+          arguments = visitor.query.arguments_for(node, field_defn)
           # If there was an error when preparing this argument object,
           # then this might be an error or something:
           if arguments.respond_to?(:argument_values)
@@ -28,6 +29,7 @@ module GraphQL
             used_fields: @used_fields.to_a,
             used_deprecated_fields: @used_deprecated_fields.to_a,
             used_deprecated_arguments: @used_deprecated_arguments.to_a,
+            used_deprecated_enum_values: @used_deprecated_enum_values.to_a,
           }
         end
 
@@ -39,18 +41,43 @@ module GraphQL
               @used_deprecated_arguments << argument.definition.path
             end
 
-            next if argument.value.nil?
+            arg_val = argument.value
 
-            if argument.definition.type.kind.input_object?
-              extract_deprecated_arguments(argument.value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
-            elsif argument.definition.type.list?
-              argument
-                .value
-                .select { |value| value.respond_to?(:arguments) }
-                .each { |value| extract_deprecated_arguments(value.arguments.argument_values) } # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
+            next if arg_val.nil?
+
+            argument_type = argument.definition.type
+            if argument_type.non_null?
+              argument_type = argument_type.of_type
+            end
+
+            if argument_type.kind.input_object?
+              extract_deprecated_arguments(argument.original_value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
+            elsif argument_type.kind.enum?
+              extract_deprecated_enum_value(argument_type, arg_val)
+            elsif argument_type.list?
+              inner_type = argument_type.unwrap
+              case inner_type.kind
+              when TypeKinds::INPUT_OBJECT
+                argument.original_value.each do |value|
+                  extract_deprecated_arguments(value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
+                end
+              when TypeKinds::ENUM
+                arg_val.each do |value|
+                  extract_deprecated_enum_value(inner_type, value)
+                end
+              else
+                # Not a kind of input that we track
+              end
             end
           end
         end
+
+        def extract_deprecated_enum_value(enum_type, value)
+          enum_value = @query.warden.enum_values(enum_type).find { |ev| ev.value == value }
+          if enum_value&.deprecation_reason
+            @used_deprecated_enum_values << enum_value.path
+          end
+        end
       end
     end
   end

data/lib/graphql/analysis/ast/query_complexity.rb

@@ -8,6 +8,7 @@ module GraphQL
         # - `complexities_on_type` holds complexity scores for each type
         def initialize(query)
           super
+          @skip_introspection_fields = !query.schema.max_complexity_count_introspection_fields
           @complexities_on_type_by_query = {}
         end
 
@@ -51,6 +52,7 @@ module GraphQL
           # we'll visit them when we hit the spreads instead
           return if visitor.visiting_fragment_definition?
           return if visitor.skipping?
+          return if @skip_introspection_fields && visitor.field_definition.introspection?
           parent_type = visitor.parent_type_definition
           field_key = node.alias || node.name
 
@@ -68,6 +70,7 @@ module GraphQL
           # we'll visit them when we hit the spreads instead
           return if visitor.visiting_fragment_definition?
           return if visitor.skipping?
+          return if @skip_introspection_fields && visitor.field_definition.introspection?
           scopes_stack = @complexities_on_type_by_query[visitor.query]
           scopes_stack.pop
         end

data/lib/graphql/analysis/ast/visitor.rb

@@ -118,8 +118,12 @@ module GraphQL
         def on_inline_fragment(node, parent)
           on_fragment_with_type(node) do
             @path.push("...#{node.type ? " on #{node.type.name}" : ""}")
+            @skipping = @skip_stack.last || skip?(node)
+            @skip_stack << @skipping
+
             call_on_enter_inline_fragment(node, parent)
             super
+            @skipping = @skip_stack.pop
             call_on_leave_inline_fragment(node, parent)
           end
         end
@@ -187,9 +191,13 @@ module GraphQL
 
         def on_fragment_spread(node, parent)
           @path.push("... #{node.name}")
+          @skipping = @skip_stack.last || skip?(node)
+          @skip_stack << @skipping
+
           call_on_enter_fragment_spread(node, parent)
           enter_fragment_spread_inline(node)
           super
+          @skipping = @skip_stack.pop
           leave_fragment_spread_inline(node)
           call_on_leave_fragment_spread(node, parent)
           @path.pop

data/lib/graphql/analysis/ast.rb

@@ -6,6 +6,7 @@ require "graphql/analysis/ast/query_complexity"
 require "graphql/analysis/ast/max_query_complexity"
 require "graphql/analysis/ast/query_depth"
 require "graphql/analysis/ast/max_query_depth"
+require "timeout"
 
 module GraphQL
   module Analysis
@@ -63,7 +64,10 @@ module GraphQL
                 analyzers: analyzers_to_run
               )
 
-              visitor.visit
+              # `nil` or `0` causes no timeout
+              Timeout::timeout(query.validate_timeout_remaining) do
+                visitor.visit
+              end
 
               if visitor.rescued_errors.any?
                 return visitor.rescued_errors
@@ -75,6 +79,11 @@ module GraphQL
             []
           end
         end
+      rescue Timeout::Error
+        [GraphQL::AnalysisError.new("Timeout on validation of query")]
+      rescue GraphQL::UnauthorizedError
+        # This error was raised during analysis and will be returned the client before execution
+        []
       end
 
       def analysis_errors(results)

data/lib/graphql/backtrace/inspect_result.rb

@@ -16,12 +16,6 @@ module GraphQL
           "[" +
             obj.map { |v| inspect_truncated(v) }.join(", ") +
             "]"
-        when Query::Context::SharedMethods
-          if obj.invalid_null?
-            "nil"
-          else
-            inspect_truncated(obj.value)
-          end
         else
           inspect_truncated(obj)
         end
@@ -33,12 +27,6 @@ module GraphQL
           "{...}"
         when Array
           "[...]"
-        when Query::Context::SharedMethods
-          if obj.invalid_null?
-            "nil"
-          else
-            inspect_truncated(obj.value)
-          end
         when GraphQL::Execution::Lazy
           "(unresolved)"
         else

data/lib/graphql/coercion_error.rb

@@ -1,13 +1,5 @@
 # frozen_string_literal: true
 module GraphQL
-  class CoercionError < GraphQL::Error
-    # @return [Hash] Optional custom data for error objects which will be added
-    # under the `extensions` key.
-    attr_accessor :extensions
-
-    def initialize(message, extensions: nil)
-      @extensions = extensions
-      super(message)
-    end
+  class CoercionError < GraphQL::ExecutionError
   end
 end

data/lib/graphql/dataloader/request.rb

@@ -14,6 +14,11 @@ module GraphQL
       def load
         @source.load(@key)
       end
+
+      def load_with_deprecation_warning
+        warn("Returning `.request(...)` from GraphQL::Dataloader is deprecated, use `.load(...)` instead. (See usage of #{@source} with #{@key.inspect}).")
+        load
+      end
     end
   end
 end

data/lib/graphql/execution/interpreter/argument_value.rb

@@ -6,15 +6,19 @@ module GraphQL
       # A container for metadata regarding arguments present in a GraphQL query.
       # @see Interpreter::Arguments#argument_values for a hash of these objects.
       class ArgumentValue
-        def initialize(definition:, value:, default_used:)
+        def initialize(definition:, value:, original_value:, default_used:)
           @definition = definition
           @value = value
+          @original_value = original_value
           @default_used = default_used
         end
 
         # @return [Object] The Ruby-ready value for this Argument
         attr_reader :value
 
+        # @return [Object] The value of this argument _before_ `prepare` is applied.
+        attr_reader :original_value
+
         # @return [GraphQL::Schema::Argument] The definition instance for this argument
         attr_reader :definition
 

data/lib/graphql/execution/interpreter/runtime/graphql_result.rb

@@ -5,8 +5,10 @@ module GraphQL
     class Interpreter
       class Runtime
         module GraphQLResult
-          def initialize(result_name, parent_result, is_non_null_in_parent)
+          def initialize(result_name, result_type, application_value, parent_result, is_non_null_in_parent)
             @graphql_parent = parent_result
+            @graphql_application_value = application_value
+            @graphql_result_type = result_type
             if parent_result && parent_result.graphql_dead
               @graphql_dead = true
             end
@@ -26,14 +28,14 @@ module GraphQL
           end
 
           attr_accessor :graphql_dead
-          attr_reader :graphql_parent, :graphql_result_name, :graphql_is_non_null_in_parent
+          attr_reader :graphql_parent, :graphql_result_name, :graphql_is_non_null_in_parent, :graphql_application_value, :graphql_result_type
 
           # @return [Hash] Plain-Ruby result data (`@graphql_metadata` contains Result wrapper objects)
           attr_accessor :graphql_result_data
         end
 
         class GraphQLResultHash
-          def initialize(_result_name, _parent_result, _is_non_null_in_parent)
+          def initialize(_result_name, _result_type, _application_value, _parent_result, _is_non_null_in_parent)
             super
             @graphql_result_data = {}
           end
@@ -121,7 +123,7 @@ module GraphQL
         class GraphQLResultArray
           include GraphQLResult
 
-          def initialize(_result_name, _parent_result, _is_non_null_in_parent)
+          def initialize(_result_name, _result_type, _application_value, _parent_result, _is_non_null_in_parent)
             super
             @graphql_result_data = []
           end