graphql 2.3.5 → 2.3.6

data/lib/graphql/analysis/ast/field_usage.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-module GraphQL
-  module Analysis
-    module AST
-      class FieldUsage < Analyzer
-        def initialize(query)
-          super
-          @used_fields = Set.new
-          @used_deprecated_fields = Set.new
-          @used_deprecated_arguments = Set.new
-          @used_deprecated_enum_values = Set.new
-        end
-
-        def on_leave_field(node, parent, visitor)
-          field_defn = visitor.field_definition
-          field = "#{visitor.parent_type_definition.graphql_name}.#{field_defn.graphql_name}"
-          @used_fields << field
-          @used_deprecated_fields << field if field_defn.deprecation_reason
-          arguments = visitor.query.arguments_for(node, field_defn)
-          # If there was an error when preparing this argument object,
-          # then this might be an error or something:
-          if arguments.respond_to?(:argument_values)
-            extract_deprecated_arguments(arguments.argument_values)
-          end
-        end
-
-        def result
-          {
-            used_fields: @used_fields.to_a,
-            used_deprecated_fields: @used_deprecated_fields.to_a,
-            used_deprecated_arguments: @used_deprecated_arguments.to_a,
-            used_deprecated_enum_values: @used_deprecated_enum_values.to_a,
-          }
-        end
-
-        private
-
-        def extract_deprecated_arguments(argument_values)
-          argument_values.each_pair do |_argument_name, argument|
-            if argument.definition.deprecation_reason
-              @used_deprecated_arguments << argument.definition.path
-            end
-
-            arg_val = argument.value
-
-            next if arg_val.nil?
-
-            argument_type = argument.definition.type
-            if argument_type.non_null?
-              argument_type = argument_type.of_type
-            end
-
-            if argument_type.kind.input_object?
-              extract_deprecated_arguments(argument.original_value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
-            elsif argument_type.kind.enum?
-              extract_deprecated_enum_value(argument_type, arg_val)
-            elsif argument_type.list?
-              inner_type = argument_type.unwrap
-              case inner_type.kind
-              when TypeKinds::INPUT_OBJECT
-                argument.original_value.each do |value|
-                  extract_deprecated_arguments(value.arguments.argument_values) # rubocop:disable Development/ContextIsPassedCop -- runtime args instance
-                end
-              when TypeKinds::ENUM
-                arg_val.each do |value|
-                  extract_deprecated_enum_value(inner_type, value)
-                end
-              else
-                # Not a kind of input that we track
-              end
-            end
-          end
-        end
-
-        def extract_deprecated_enum_value(enum_type, value)
-          enum_value = @query.warden.enum_values(enum_type).find { |ev| ev.value == value }
-          if enum_value&.deprecation_reason
-            @used_deprecated_enum_values << enum_value.path
-          end
-        end
-      end
-    end
-  end
-end

data/lib/graphql/analysis/ast/max_query_complexity.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-module GraphQL
-  module Analysis
-    module AST
-      # Used under the hood to implement complexity validation,
-      # see {Schema#max_complexity} and {Query#max_complexity}
-      class MaxQueryComplexity < QueryComplexity
-        def result
-          return if subject.max_complexity.nil?
-
-          total_complexity = max_possible_complexity
-
-          if total_complexity > subject.max_complexity
-            GraphQL::AnalysisError.new("Query has complexity of #{total_complexity}, which exceeds max complexity of #{subject.max_complexity}")
-          else
-            nil
-          end
-        end
-      end
-    end
-  end
-end

data/lib/graphql/analysis/ast/max_query_depth.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-module GraphQL
-  module Analysis
-    module AST
-      class MaxQueryDepth < QueryDepth
-        def result
-          configured_max_depth = if query
-            query.max_depth
-          else
-            multiplex.schema.max_depth
-          end
-
-          if configured_max_depth && @max_depth > configured_max_depth
-            GraphQL::AnalysisError.new("Query has depth of #{@max_depth}, which exceeds max depth of #{configured_max_depth}")
-          else
-            nil
-          end
-        end
-      end
-    end
-  end
-end

data/lib/graphql/analysis/ast/query_complexity.rb

@@ -1,185 +0,0 @@
-# frozen_string_literal: true
-module GraphQL
-  module Analysis
-    # Calculate the complexity of a query, using {Field#complexity} values.
-    module AST
-      class QueryComplexity < Analyzer
-        # State for the query complexity calculation:
-        # - `complexities_on_type` holds complexity scores for each type
-        def initialize(query)
-          super
-          @skip_introspection_fields = !query.schema.max_complexity_count_introspection_fields
-          @complexities_on_type_by_query = {}
-        end
-
-        # Override this method to use the complexity result
-        def result
-          max_possible_complexity
-        end
-
-        # ScopedTypeComplexity models a tree of GraphQL types mapped to inner selections, ie:
-        # Hash<GraphQL::BaseType, Hash<String, ScopedTypeComplexity>>
-        class ScopedTypeComplexity < Hash
-          # A proc for defaulting empty namespace requests as a new scope hash.
-          DEFAULT_PROC = ->(h, k) { h[k] = {} }
-
-          attr_reader :field_definition, :response_path, :query
-
-          # @param parent_type [Class] The owner of `field_definition`
-          # @param field_definition [GraphQL::Field, GraphQL::Schema::Field] Used for getting the `.complexity` configuration
-          # @param query [GraphQL::Query] Used for `query.possible_types`
-          # @param response_path [Array<String>] The path to the response key for the field
-          # @return [Hash<GraphQL::BaseType, Hash<String, ScopedTypeComplexity>>]
-          def initialize(parent_type, field_definition, query, response_path)
-            super(&DEFAULT_PROC)
-            @parent_type = parent_type
-            @field_definition = field_definition
-            @query = query
-            @response_path = response_path
-            @nodes = []
-          end
-
-          # @return [Array<GraphQL::Language::Nodes::Field>]
-          attr_reader :nodes
-
-          def own_complexity(child_complexity)
-            @field_definition.calculate_complexity(query: @query, nodes: @nodes, child_complexity: child_complexity)
-          end
-        end
-
-        def on_enter_field(node, parent, visitor)
-          # We don't want to visit fragment definitions,
-          # we'll visit them when we hit the spreads instead
-          return if visitor.visiting_fragment_definition?
-          return if visitor.skipping?
-          return if @skip_introspection_fields && visitor.field_definition.introspection?
-          parent_type = visitor.parent_type_definition
-          field_key = node.alias || node.name
-
-          # Find or create a complexity scope stack for this query.
-          scopes_stack = @complexities_on_type_by_query[visitor.query] ||= [ScopedTypeComplexity.new(nil, nil, query, visitor.response_path)]
-
-          # Find or create the complexity costing node for this field.
-          scope = scopes_stack.last[parent_type][field_key] ||= ScopedTypeComplexity.new(parent_type, visitor.field_definition, visitor.query, visitor.response_path)
-          scope.nodes.push(node)
-          scopes_stack.push(scope)
-        end
-
-        def on_leave_field(node, parent, visitor)
-          # We don't want to visit fragment definitions,
-          # we'll visit them when we hit the spreads instead
-          return if visitor.visiting_fragment_definition?
-          return if visitor.skipping?
-          return if @skip_introspection_fields && visitor.field_definition.introspection?
-          scopes_stack = @complexities_on_type_by_query[visitor.query]
-          scopes_stack.pop
-        end
-
-        private
-
-        # @return [Integer]
-        def max_possible_complexity
-          @complexities_on_type_by_query.reduce(0) do |total, (query, scopes_stack)|
-            total + merged_max_complexity_for_scopes(query, [scopes_stack.first])
-          end
-        end
-
-        # @param query [GraphQL::Query] Used for `query.possible_types`
-        # @param scopes [Array<ScopedTypeComplexity>] Array of scoped type complexities
-        # @return [Integer]
-        def merged_max_complexity_for_scopes(query, scopes)
-          # Aggregate a set of all possible scope types encountered (scope keys).
-          # Use a hash, but ignore the values; it's just a fast way to work with the keys.
-          possible_scope_types = scopes.each_with_object({}) do |scope, memo|
-            memo.merge!(scope)
-          end
-
-          # Expand abstract scope types into their concrete implementations;
-          # overlapping abstracts coalesce through their intersecting types.
-          possible_scope_types.keys.each do |possible_scope_type|
-            next unless possible_scope_type.kind.abstract?
-
-            query.possible_types(possible_scope_type).each do |impl_type|
-              possible_scope_types[impl_type] ||= true
-            end
-            possible_scope_types.delete(possible_scope_type)
-          end
-
-          # Aggregate the lexical selections that may apply to each possible type,
-          # and then return the maximum cost among possible typed selections.
-          possible_scope_types.each_key.reduce(0) do |max, possible_scope_type|
-            # Collect inner selections from all scopes that intersect with this possible type.
-            all_inner_selections = scopes.each_with_object([]) do |scope, memo|
-              scope.each do |scope_type, inner_selections|
-                memo << inner_selections if types_intersect?(query, scope_type, possible_scope_type)
-              end
-            end
-
-            # Find the maximum complexity for the scope type among possible lexical branches.
-            complexity = merged_max_complexity(query, all_inner_selections)
-            complexity > max ? complexity : max
-          end
-        end
-
-        def types_intersect?(query, a, b)
-          return true if a == b
-
-          a_types = query.possible_types(a)
-          query.possible_types(b).any? { |t| a_types.include?(t) }
-        end
-
-        # A hook which is called whenever a field's max complexity is calculated.
-        # Override this method to capture individual field complexity details.
-        #
-        # @param scoped_type_complexity [ScopedTypeComplexity]
-        # @param max_complexity [Numeric] Field's maximum complexity including child complexity
-        # @param child_complexity [Numeric, nil] Field's child complexity
-        def field_complexity(scoped_type_complexity, max_complexity:, child_complexity: nil)
-        end
-
-        # @param inner_selections [Array<Hash<String, ScopedTypeComplexity>>] Field selections for a scope
-        # @return [Integer] Total complexity value for all these selections in the parent scope
-        def merged_max_complexity(query, inner_selections)
-          # Aggregate a set of all unique field selection keys across all scopes.
-          # Use a hash, but ignore the values; it's just a fast way to work with the keys.
-          unique_field_keys = inner_selections.each_with_object({}) do |inner_selection, memo|
-            memo.merge!(inner_selection)
-          end
-
-          # Add up the total cost for each unique field name's coalesced selections
-          unique_field_keys.each_key.reduce(0) do |total, field_key|
-            composite_scopes = nil
-            field_cost = 0
-
-            # Collect composite selection scopes for further aggregation,
-            # leaf selections report their costs directly.
-            inner_selections.each do |inner_selection|
-              child_scope = inner_selection[field_key]
-              next unless child_scope
-
-              # Empty child scopes are leaf nodes with zero child complexity.
-              if child_scope.empty?
-                field_cost = child_scope.own_complexity(0)
-                field_complexity(child_scope, max_complexity: field_cost, child_complexity: nil)
-              else
-                composite_scopes ||= []
-                composite_scopes << child_scope
-              end
-            end
-
-            if composite_scopes
-              child_complexity = merged_max_complexity_for_scopes(query, composite_scopes)
-
-              # This is the last composite scope visited; assume it's representative (for backwards compatibility).
-              # Note: it would be more correct to score each composite scope and use the maximum possibility.
-              field_cost = composite_scopes.last.own_complexity(child_complexity)
-              field_complexity(composite_scopes.last, max_complexity: field_cost, child_complexity: child_complexity)
-            end
-
-            total + field_cost
-          end
-        end
-      end
-    end
-  end
-end

data/lib/graphql/analysis/ast/visitor.rb

@@ -1,284 +0,0 @@
-# frozen_string_literal: true
-module GraphQL
-  module Analysis
-    module AST
-      # Depth first traversal through a query AST, calling AST analyzers
-      # along the way.
-      #
-      # The visitor is a special case of GraphQL::Language::StaticVisitor, visiting
-      # only the selected operation, providing helpers for common use cases such
-      # as skipped fields and visiting fragment spreads.
-      #
-      # @see {GraphQL::Analysis::AST::Analyzer} AST Analyzers for queries
-      class Visitor < GraphQL::Language::StaticVisitor
-        def initialize(query:, analyzers:)
-          @analyzers = analyzers
-          @path = []
-          @object_types = []
-          @directives = []
-          @field_definitions = []
-          @argument_definitions = []
-          @directive_definitions = []
-          @rescued_errors = []
-          @query = query
-          @schema = query.schema
-          @response_path = []
-          @skip_stack = [false]
-          super(query.selected_operation)
-        end
-
-        # @return [GraphQL::Query] the query being visited
-        attr_reader :query
-
-        # @return [Array<GraphQL::ObjectType>] Types whose scope we've entered
-        attr_reader :object_types
-
-        # @return [Array<GraphQL::AnalysisError]
-        attr_reader :rescued_errors
-
-        def visit
-          return unless @document
-          super
-        end
-
-        # Visit Helpers
-
-        # @return [GraphQL::Execution::Interpreter::Arguments] Arguments for this node, merging default values, literal values and query variables
-        # @see {GraphQL::Query#arguments_for}
-        def arguments_for(ast_node, field_definition)
-          @query.arguments_for(ast_node, field_definition)
-        end
-
-        # @return [Boolean] If the visitor is currently inside a fragment definition
-        def visiting_fragment_definition?
-          @in_fragment_def
-        end
-
-        # @return [Boolean] If the current node should be skipped because of a skip or include directive
-        def skipping?
-          @skipping
-        end
-
-        # @return [Array<String>] The path to the response key for the current field
-        def response_path
-          @response_path.dup
-        end
-
-        # Visitor Hooks
-        [
-          :operation_definition, :fragment_definition,
-          :inline_fragment, :field, :directive, :argument, :fragment_spread
-        ].each do |node_type|
-          module_eval <<-RUBY, __FILE__, __LINE__
-          def call_on_enter_#{node_type}(node, parent)
-            @analyzers.each do |a|
-              begin
-                a.on_enter_#{node_type}(node, parent, self)
-              rescue AnalysisError => err
-                @rescued_errors << err
-              end
-            end
-          end
-
-          def call_on_leave_#{node_type}(node, parent)
-            @analyzers.each do |a|
-              begin
-                a.on_leave_#{node_type}(node, parent, self)
-              rescue AnalysisError => err
-                @rescued_errors << err
-              end
-            end
-          end
-
-          RUBY
-        end
-
-        def on_operation_definition(node, parent)
-          object_type = @schema.root_type_for_operation(node.operation_type)
-          @object_types.push(object_type)
-          @path.push("#{node.operation_type}#{node.name ? " #{node.name}" : ""}")
-          call_on_enter_operation_definition(node, parent)
-          super
-          call_on_leave_operation_definition(node, parent)
-          @object_types.pop
-          @path.pop
-        end
-
-        def on_fragment_definition(node, parent)
-          on_fragment_with_type(node) do
-            @path.push("fragment #{node.name}")
-            @in_fragment_def = false
-            call_on_enter_fragment_definition(node, parent)
-            super
-            @in_fragment_def = false
-            call_on_leave_fragment_definition(node, parent)
-          end
-        end
-
-        def on_inline_fragment(node, parent)
-          on_fragment_with_type(node) do
-            @path.push("...#{node.type ? " on #{node.type.name}" : ""}")
-            @skipping = @skip_stack.last || skip?(node)
-            @skip_stack << @skipping
-
-            call_on_enter_inline_fragment(node, parent)
-            super
-            @skipping = @skip_stack.pop
-            call_on_leave_inline_fragment(node, parent)
-          end
-        end
-
-        def on_field(node, parent)
-          @response_path.push(node.alias || node.name)
-          parent_type = @object_types.last
-          # This could be nil if the previous field wasn't found:
-          field_definition = parent_type && @schema.get_field(parent_type, node.name, @query.context)
-          @field_definitions.push(field_definition)
-          if !field_definition.nil?
-            next_object_type = field_definition.type.unwrap
-            @object_types.push(next_object_type)
-          else
-            @object_types.push(nil)
-          end
-          @path.push(node.alias || node.name)
-
-          @skipping = @skip_stack.last || skip?(node)
-          @skip_stack << @skipping
-
-          call_on_enter_field(node, parent)
-          super
-          @skipping = @skip_stack.pop
-          call_on_leave_field(node, parent)
-          @response_path.pop
-          @field_definitions.pop
-          @object_types.pop
-          @path.pop
-        end
-
-        def on_directive(node, parent)
-          directive_defn = @schema.directives[node.name]
-          @directive_definitions.push(directive_defn)
-          call_on_enter_directive(node, parent)
-          super
-          call_on_leave_directive(node, parent)
-          @directive_definitions.pop
-        end
-
-        def on_argument(node, parent)
-          argument_defn = if (arg = @argument_definitions.last)
-            arg_type = arg.type.unwrap
-            if arg_type.kind.input_object?
-              arg_type.get_argument(node.name, @query.context)
-            else
-              nil
-            end
-          elsif (directive_defn = @directive_definitions.last)
-            directive_defn.get_argument(node.name, @query.context)
-          elsif (field_defn = @field_definitions.last)
-            field_defn.get_argument(node.name, @query.context)
-          else
-            nil
-          end
-
-          @argument_definitions.push(argument_defn)
-          @path.push(node.name)
-          call_on_enter_argument(node, parent)
-          super
-          call_on_leave_argument(node, parent)
-          @argument_definitions.pop
-          @path.pop
-        end
-
-        def on_fragment_spread(node, parent)
-          @path.push("... #{node.name}")
-          @skipping = @skip_stack.last || skip?(node)
-          @skip_stack << @skipping
-
-          call_on_enter_fragment_spread(node, parent)
-          enter_fragment_spread_inline(node)
-          super
-          @skipping = @skip_stack.pop
-          leave_fragment_spread_inline(node)
-          call_on_leave_fragment_spread(node, parent)
-          @path.pop
-        end
-
-        # @return [GraphQL::BaseType] The current object type
-        def type_definition
-          @object_types.last
-        end
-
-        # @return [GraphQL::BaseType] The type which the current type came from
-        def parent_type_definition
-          @object_types[-2]
-        end
-
-        # @return [GraphQL::Field, nil] The most-recently-entered GraphQL::Field, if currently inside one
-        def field_definition
-          @field_definitions.last
-        end
-
-        # @return [GraphQL::Field, nil] The GraphQL field which returned the object that the current field belongs to
-        def previous_field_definition
-          @field_definitions[-2]
-        end
-
-        # @return [GraphQL::Directive, nil] The most-recently-entered GraphQL::Directive, if currently inside one
-        def directive_definition
-          @directive_definitions.last
-        end
-
-        # @return [GraphQL::Argument, nil] The most-recently-entered GraphQL::Argument, if currently inside one
-        def argument_definition
-          @argument_definitions.last
-        end
-
-        # @return [GraphQL::Argument, nil] The previous GraphQL argument
-        def previous_argument_definition
-          @argument_definitions[-2]
-        end
-
-        private
-
-        # Visit a fragment spread inline instead of visiting the definition
-        # by itself.
-        def enter_fragment_spread_inline(fragment_spread)
-          fragment_def = query.fragments[fragment_spread.name]
-
-          object_type = if fragment_def.type
-            @query.warden.get_type(fragment_def.type.name)
-          else
-            object_types.last
-          end
-
-          object_types << object_type
-
-          on_fragment_definition_children(fragment_def)
-        end
-
-        # Visit a fragment spread inline instead of visiting the definition
-        # by itself.
-        def leave_fragment_spread_inline(_fragment_spread)
-          object_types.pop
-        end
-
-        def skip?(ast_node)
-          dir = ast_node.directives
-          dir.any? && !GraphQL::Execution::DirectiveChecks.include?(dir, query)
-        end
-
-        def on_fragment_with_type(node)
-          object_type = if node.type
-            @query.warden.get_type(node.type.name)
-          else
-            @object_types.last
-          end
-          @object_types.push(object_type)
-          yield(node)
-          @object_types.pop
-          @path.pop
-        end
-      end
-    end
-  end
-end

data/lib/graphql/analysis/ast.rb

@@ -1,94 +0,0 @@
-# frozen_string_literal: true
-require "graphql/analysis/ast/visitor"
-require "graphql/analysis/ast/analyzer"
-require "graphql/analysis/ast/field_usage"
-require "graphql/analysis/ast/query_complexity"
-require "graphql/analysis/ast/max_query_complexity"
-require "graphql/analysis/ast/query_depth"
-require "graphql/analysis/ast/max_query_depth"
-require "timeout"
-
-module GraphQL
-  module Analysis
-    module AST
-      module_function
-      # Analyze a multiplex, and all queries within.
-      # Multiplex analyzers are ran for all queries, keeping state.
-      # Query analyzers are ran per query, without carrying state between queries.
-      #
-      # @param multiplex [GraphQL::Execution::Multiplex]
-      # @param analyzers [Array<GraphQL::Analysis::AST::Analyzer>]
-      # @return [Array<Any>] Results from multiplex analyzers
-      def analyze_multiplex(multiplex, analyzers)
-        multiplex_analyzers = analyzers.map { |analyzer| analyzer.new(multiplex) }
-
-        multiplex.current_trace.analyze_multiplex(multiplex: multiplex) do
-          query_results = multiplex.queries.map do |query|
-            if query.valid?
-              analyze_query(
-                query,
-                query.analyzers,
-                multiplex_analyzers: multiplex_analyzers
-              )
-            else
-              []
-            end
-          end
-
-          multiplex_results = multiplex_analyzers.map(&:result)
-          multiplex_errors = analysis_errors(multiplex_results)
-
-          multiplex.queries.each_with_index do |query, idx|
-            query.analysis_errors = multiplex_errors + analysis_errors(query_results[idx])
-          end
-          multiplex_results
-        end
-      end
-
-      # @param query [GraphQL::Query]
-      # @param analyzers [Array<GraphQL::Analysis::AST::Analyzer>]
-      # @return [Array<Any>] Results from those analyzers
-      def analyze_query(query, analyzers, multiplex_analyzers: [])
-        query.current_trace.analyze_query(query: query) do
-          query_analyzers = analyzers
-            .map { |analyzer| analyzer.new(query) }
-            .tap { _1.select!(&:analyze?) }
-
-          analyzers_to_run = query_analyzers + multiplex_analyzers
-          if analyzers_to_run.any?
-
-            analyzers_to_run.select!(&:visit?)
-            if analyzers_to_run.any?
-              visitor = GraphQL::Analysis::AST::Visitor.new(
-                query: query,
-                analyzers: analyzers_to_run
-              )
-
-              # `nil` or `0` causes no timeout
-              Timeout::timeout(query.validate_timeout_remaining) do
-                visitor.visit
-              end
-
-              if visitor.rescued_errors.any?
-                return visitor.rescued_errors
-              end
-            end
-
-            query_analyzers.map(&:result)
-          else
-            []
-          end
-        end
-      rescue Timeout::Error
-        [GraphQL::AnalysisError.new("Timeout on validation of query")]
-      rescue GraphQL::UnauthorizedError
-        # This error was raised during analysis and will be returned the client before execution
-        []
-      end
-
-      def analysis_errors(results)
-        results.flatten.tap { _1.select! { |r| r.is_a?(GraphQL::AnalysisError) } }
-      end
-    end
-  end
-end