graphql 2.4.3 → 2.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0dcc846071132cf2d084ff65347dab7c97d0b25b60c1cdb6dfcbe37c55f278e9
-  data.tar.gz: afc95cb5ba89e33974b8b38616bc36c14dcbfd3c9f121b8e65437e7cfc390770
+  metadata.gz: d2e4ec1acc9810683bb2628dc5403c74d729742612655f1be275267a89b107b3
+  data.tar.gz: fb092108f803095aea29b325859fc810feaa8e5fdb6c873c431f9824428fbc15
 SHA512:
-  metadata.gz: d1b6ad8fba792ca671246b2d6531f981a2c184adde3e4efc7522a7f38ea659c563dadd50ee208ab406f0ce4c37fc6625c2d59e020b0334cdefd8ea7f5d5eed8a
-  data.tar.gz: 74c1156b7b407b2d687cc74886198d9f2705d7d82e3672e5d5b9b61f2811fa53dfe7b2bdb61ac0dae8e5e83242415ff7d7d1f6e2721f77b90dcda61dff88c815
+  metadata.gz: 603e3da13be680884399546074dae65f44635382e13311758e237f7973bbdd96f4a1a46f6b17476af77d88177f5e82f3c76b227633e2e15a9c909365a818f97e
+  data.tar.gz: d631c5a9e1c91fb815d98e1981641405c344b589c6e823ae5609b25fd819a2d5dc9032f366c94a3da69c56a48aa7d8e9ee082cbfa217807e6cbf313d16cbd598

data/lib/graphql/analysis/analyzer.rb

@@ -42,6 +42,7 @@ module GraphQL
         raise GraphQL::RequiredImplementationMissingError
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
       class << self
         private
 
@@ -72,7 +73,7 @@ module GraphQL
       build_visitor_hooks :variable_definition
       build_visitor_hooks :variable_identifier
       build_visitor_hooks :abstract_node
-
+      # rubocop:enable Development/NoEvalCop
       protected
 
       # @return [GraphQL::Query, GraphQL::Execution::Multiplex] Whatever this analyzer is analyzing

data/lib/graphql/analysis/query_complexity.rb

@@ -13,7 +13,32 @@ module GraphQL
 
       # Override this method to use the complexity result
       def result
-        max_possible_complexity
+        case subject.schema.complexity_cost_calculation_mode_for(subject.context)
+        when :future
+          max_possible_complexity
+        when :legacy
+          max_possible_complexity(mode: :legacy)
+        when :compare
+          future_complexity = max_possible_complexity
+          legacy_complexity = max_possible_complexity(mode: :legacy)
+          if future_complexity != legacy_complexity
+            subject.schema.legacy_complexity_cost_calculation_mismatch(subject, future_complexity, legacy_complexity)
+          else
+            future_complexity
+          end
+        when nil
+          subject.logger.warn <<~GRAPHQL
+            GraphQL-Ruby's complexity cost system is getting some "breaking fixes" in a future version. See the migration notes at https://graphql-ruby.org/api-docs/#{GraphQL::VERSION}/Schema.html#complexity_cost_cacluation_mode-class_method
+
+            To opt into the future behavior, configure your schema (#{subject.schema.name ? subject.schema.name : subject.schema.ancestors}) with:
+
+              complexity_cost_calculation_mode(:future) # or `:legacy`, `:compare`
+
+          GRAPHQL
+          max_possible_complexity
+        else
+          raise ArgumentError, "Expected `:future`, `:legacy`, `:compare`, or `nil` from `#{query.schema}.complexity_cost_calculation_mode_for` but got: #{query.schema.complexity_cost_calculation_mode.inspect}"
+        end
       end
 
       # ScopedTypeComplexity models a tree of GraphQL types mapped to inner selections, ie:
@@ -44,6 +69,10 @@ module GraphQL
         def own_complexity(child_complexity)
           @field_definition.calculate_complexity(query: @query, nodes: @nodes, child_complexity: child_complexity)
         end
+
+        def composite?
+          !empty?
+        end
       end
 
       def on_enter_field(node, parent, visitor)
@@ -77,16 +106,17 @@ module GraphQL
       private
 
       # @return [Integer]
-      def max_possible_complexity
+      def max_possible_complexity(mode: :future)
         @complexities_on_type_by_query.reduce(0) do |total, (query, scopes_stack)|
-          total + merged_max_complexity_for_scopes(query, [scopes_stack.first])
+          total + merged_max_complexity_for_scopes(query, [scopes_stack.first], mode)
         end
       end
 
       # @param query [GraphQL::Query] Used for `query.possible_types`
       # @param scopes [Array<ScopedTypeComplexity>] Array of scoped type complexities
+      # @param mode [:future, :legacy]
       # @return [Integer]
-      def merged_max_complexity_for_scopes(query, scopes)
+      def merged_max_complexity_for_scopes(query, scopes, mode)
         # Aggregate a set of all possible scope types encountered (scope keys).
         # Use a hash, but ignore the values; it's just a fast way to work with the keys.
         possible_scope_types = scopes.each_with_object({}) do |scope, memo|
@@ -115,14 +145,20 @@ module GraphQL
           end
 
           # Find the maximum complexity for the scope type among possible lexical branches.
-          complexity = merged_max_complexity(query, all_inner_selections)
+          complexity = case mode
+          when :legacy
+            legacy_merged_max_complexity(query, all_inner_selections)
+          when :future
+            merged_max_complexity(query, all_inner_selections)
+          else
+            raise ArgumentError, "Expected :legacy or :future, not: #{mode.inspect}"
+          end
           complexity > max ? complexity : max
         end
       end
 
       def types_intersect?(query, a, b)
         return true if a == b
-
         a_types = query.types.possible_types(a)
         query.types.possible_types(b).any? { |t| a_types.include?(t) }
       end
@@ -145,6 +181,50 @@ module GraphQL
           memo.merge!(inner_selection)
         end
 
+        # Add up the total cost for each unique field name's coalesced selections
+        unique_field_keys.each_key.reduce(0) do |total, field_key|
+          # Collect all child scopes for this field key;
+          # all keys come with at least one scope.
+          child_scopes = inner_selections.filter_map { _1[field_key] }
+
+          # Compute maximum possible cost of child selections;
+          # composites merge their maximums, while leaf scopes are always zero.
+          # FieldsWillMerge validation assures all scopes are uniformly composite or leaf.
+          maximum_children_cost = if child_scopes.any?(&:composite?)
+            merged_max_complexity_for_scopes(query, child_scopes, :future)
+          else
+            0
+          end
+
+          # Identify the maximum cost and scope among possibilities
+          maximum_cost = 0
+          maximum_scope = child_scopes.reduce(child_scopes.last) do |max_scope, possible_scope|
+            scope_cost = possible_scope.own_complexity(maximum_children_cost)
+            if scope_cost > maximum_cost
+              maximum_cost = scope_cost
+              possible_scope
+            else
+              max_scope
+            end
+          end
+
+          field_complexity(
+            maximum_scope,
+            max_complexity: maximum_cost,
+            child_complexity: maximum_children_cost,
+          )
+
+          total + maximum_cost
+        end
+      end
+
+      def legacy_merged_max_complexity(query, inner_selections)
+        # Aggregate a set of all unique field selection keys across all scopes.
+        # Use a hash, but ignore the values; it's just a fast way to work with the keys.
+        unique_field_keys = inner_selections.each_with_object({}) do |inner_selection, memo|
+          memo.merge!(inner_selection)
+        end
+
         # Add up the total cost for each unique field name's coalesced selections
         unique_field_keys.each_key.reduce(0) do |total, field_key|
           composite_scopes = nil
@@ -167,7 +247,7 @@ module GraphQL
           end
 
           if composite_scopes
-            child_complexity = merged_max_complexity_for_scopes(query, composite_scopes)
+            child_complexity = merged_max_complexity_for_scopes(query, composite_scopes, :legacy)
 
             # This is the last composite scope visited; assume it's representative (for backwards compatibility).
             # Note: it would be more correct to score each composite scope and use the maximum possibility.

data/lib/graphql/analysis/visitor.rb

@@ -10,7 +10,7 @@ module GraphQL
     #
     # @see {GraphQL::Analysis::Analyzer} AST Analyzers for queries
     class Visitor < GraphQL::Language::StaticVisitor
-      def initialize(query:, analyzers:)
+      def initialize(query:, analyzers:, timeout:)
         @analyzers = analyzers
         @path = []
         @object_types = []
@@ -24,6 +24,11 @@ module GraphQL
         @types = query.types
         @response_path = []
         @skip_stack = [false]
+        @timeout_time = if timeout
+          Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) + timeout
+        else
+          Float::INFINITY
+        end
         super(query.selected_operation)
       end
 
@@ -64,6 +69,7 @@ module GraphQL
         @response_path.dup
       end
 
+      # rubocop:disable Development/NoEvalCop This eval takes static inputs at load-time
       # Visitor Hooks
       [
         :operation_definition, :fragment_definition,
@@ -72,28 +78,26 @@ module GraphQL
         module_eval <<-RUBY, __FILE__, __LINE__
         def call_on_enter_#{node_type}(node, parent)
           @analyzers.each do |a|
-            begin
-              a.on_enter_#{node_type}(node, parent, self)
-            rescue AnalysisError => err
-              @rescued_errors << err
-            end
+            a.on_enter_#{node_type}(node, parent, self)
+          rescue AnalysisError => err
+            @rescued_errors << err
           end
         end
 
         def call_on_leave_#{node_type}(node, parent)
           @analyzers.each do |a|
-            begin
-              a.on_leave_#{node_type}(node, parent, self)
-            rescue AnalysisError => err
-              @rescued_errors << err
-            end
+            a.on_leave_#{node_type}(node, parent, self)
+          rescue AnalysisError => err
+            @rescued_errors << err
           end
         end
 
         RUBY
       end
+      # rubocop:enable Development/NoEvalCop
 
       def on_operation_definition(node, parent)
+        check_timeout
         object_type = @schema.root_type_for_operation(node.operation_type)
         @object_types.push(object_type)
         @path.push("#{node.operation_type}#{node.name ? " #{node.name}" : ""}")
@@ -104,31 +108,27 @@ module GraphQL
         @path.pop
       end
 
-      def on_fragment_definition(node, parent)
-        on_fragment_with_type(node) do
-          @path.push("fragment #{node.name}")
-          @in_fragment_def = false
-          call_on_enter_fragment_definition(node, parent)
-          super
-          @in_fragment_def = false
-          call_on_leave_fragment_definition(node, parent)
-        end
-      end
-
       def on_inline_fragment(node, parent)
-        on_fragment_with_type(node) do
-          @path.push("...#{node.type ? " on #{node.type.name}" : ""}")
-          @skipping = @skip_stack.last || skip?(node)
-          @skip_stack << @skipping
-
-          call_on_enter_inline_fragment(node, parent)
-          super
-          @skipping = @skip_stack.pop
-          call_on_leave_inline_fragment(node, parent)
+        check_timeout
+        object_type = if node.type
+          @types.type(node.type.name)
+        else
+          @object_types.last
         end
+        @object_types.push(object_type)
+        @path.push("...#{node.type ? " on #{node.type.name}" : ""}")
+        @skipping = @skip_stack.last || skip?(node)
+        @skip_stack << @skipping
+        call_on_enter_inline_fragment(node, parent)
+        super
+        @skipping = @skip_stack.pop
+        call_on_leave_inline_fragment(node, parent)
+        @object_types.pop
+        @path.pop
       end
 
       def on_field(node, parent)
+        check_timeout
         @response_path.push(node.alias || node.name)
         parent_type = @object_types.last
         # This could be nil if the previous field wasn't found:
@@ -156,6 +156,7 @@ module GraphQL
       end
 
       def on_directive(node, parent)
+        check_timeout
         directive_defn = @schema.directives[node.name]
         @directive_definitions.push(directive_defn)
         call_on_enter_directive(node, parent)
@@ -165,6 +166,7 @@ module GraphQL
       end
 
       def on_argument(node, parent)
+        check_timeout
         argument_defn = if (arg = @argument_definitions.last)
           arg_type = arg.type.unwrap
           if arg_type.kind.input_object?
@@ -190,6 +192,7 @@ module GraphQL
       end
 
       def on_fragment_spread(node, parent)
+        check_timeout
         @path.push("... #{node.name}")
         @skipping = @skip_stack.last || skip?(node)
         @skip_stack << @skipping
@@ -264,19 +267,13 @@ module GraphQL
 
       def skip?(ast_node)
         dir = ast_node.directives
-        dir.any? && !GraphQL::Execution::DirectiveChecks.include?(dir, query)
+        !dir.empty? && !GraphQL::Execution::DirectiveChecks.include?(dir, query)
       end
 
-      def on_fragment_with_type(node)
-        object_type = if node.type
-          @types.type(node.type.name)
-        else
-          @object_types.last
+      def check_timeout
+        if Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) > @timeout_time
+          raise GraphQL::Analysis::TimeoutError
         end
-        @object_types.push(object_type)
-        yield(node)
-        @object_types.pop
-        @path.pop
       end
     end
   end

data/lib/graphql/analysis.rb

@@ -6,11 +6,16 @@ require "graphql/analysis/query_complexity"
 require "graphql/analysis/max_query_complexity"
 require "graphql/analysis/query_depth"
 require "graphql/analysis/max_query_depth"
-require "timeout"
-
 module GraphQL
   module Analysis
     AST = self
+
+    class TimeoutError < AnalysisError
+      def initialize(...)
+        super("Timeout on validation of query")
+      end
+    end
+
     module_function
     # Analyze a multiplex, and all queries within.
     # Multiplex analyzers are ran for all queries, keeping state.
@@ -55,21 +60,19 @@ module GraphQL
           .tap { _1.select!(&:analyze?) }
 
         analyzers_to_run = query_analyzers + multiplex_analyzers
-        if analyzers_to_run.any?
+        if !analyzers_to_run.empty?
 
           analyzers_to_run.select!(&:visit?)
-          if analyzers_to_run.any?
+          if !analyzers_to_run.empty?
             visitor = GraphQL::Analysis::Visitor.new(
               query: query,
-              analyzers: analyzers_to_run
+              analyzers: analyzers_to_run,
+              timeout: query.validate_timeout_remaining,
             )
 
-            # `nil` or `0` causes no timeout
-            Timeout::timeout(query.validate_timeout_remaining) do
-              visitor.visit
-            end
+            visitor.visit
 
-            if visitor.rescued_errors.any?
+            if !visitor.rescued_errors.empty?
               return visitor.rescued_errors
             end
           end
@@ -79,8 +82,8 @@ module GraphQL
           []
         end
       end
-    rescue Timeout::Error
-      [GraphQL::AnalysisError.new("Timeout on validation of query")]
+    rescue TimeoutError => err
+      [err]
     rescue GraphQL::UnauthorizedError, GraphQL::ExecutionError
       # This error was raised during analysis and will be returned the client before execution
       []

data/lib/graphql/autoload.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module GraphQL
+  # @see GraphQL::Railtie for automatic Rails integration
+  module Autoload
+    # Register a constant named `const_name` to be loaded from `path`.
+    # This is like `Kernel#autoload` but it tracks the constants so they can be eager-loaded with {#eager_load!}
+    # @param const_name [Symbol]
+    # @param path [String]
+    # @return [void]
+    def autoload(const_name, path)
+      @_eagerloaded_constants ||= []
+      @_eagerloaded_constants << const_name
+
+      super const_name, path
+    end
+
+    # Call this to load this constant's `autoload` dependents and continue calling recursively
+    # @return [void]
+    def eager_load!
+      @_eager_loading = true
+      if @_eagerloaded_constants
+        @_eagerloaded_constants.each { |const_name| const_get(const_name) }
+        @_eagerloaded_constants = nil
+      end
+      nil
+    ensure
+      @_eager_loading = false
+    end
+
+    private
+
+    # @return [Boolean] `true` if GraphQL-Ruby is currently eager-loading its constants
+    def eager_loading?
+      @_eager_loading ||= false
+    end
+  end
+end

data/lib/graphql/backtrace/table.rb

@@ -36,7 +36,93 @@ module GraphQL
       private
 
       def rows
-        @rows ||= build_rows(@context, rows: [HEADERS], top: true)
+        @rows ||= begin
+          query = @context.query
+          query_ctx = @context
+          runtime_inst = query_ctx.namespace(:interpreter_runtime)[:runtime]
+          result = runtime_inst.instance_variable_get(:@response)
+          rows = []
+          result_path = []
+          last_part = nil
+          path = @context.current_path
+          path.each do |path_part|
+            value = value_at(runtime_inst, result_path)
+
+            if result_path.empty?
+              name = query.selected_operation.operation_type || "query"
+              if (n = query.selected_operation_name)
+                name += " #{n}"
+              end
+              args = query.variables
+            else
+              name = result.graphql_field.path
+              args = result.graphql_arguments
+            end
+
+            object = result.graphql_parent ? result.graphql_parent.graphql_application_value : result.graphql_application_value
+            object = object.object.inspect
+
+            rows << [
+              result.ast_node.position.join(":"),
+              name,
+              "#{object}",
+              args.to_h.inspect,
+              inspect_result(value),
+            ]
+
+            result_path << path_part
+            if path_part == path.last
+              last_part = path_part
+            else
+              result = result[path_part]
+            end
+          end
+
+          object = result.graphql_application_value.object.inspect
+          ast_node = nil
+          result.graphql_selections.each do |s|
+            found_ast_node = find_ast_node(s, last_part)
+            if found_ast_node
+              ast_node = found_ast_node
+              break
+            end
+          end
+
+          if ast_node
+            field_defn = query.get_field(result.graphql_result_type, ast_node.name)
+            args = query.arguments_for(ast_node, field_defn).to_h
+            field_path = field_defn.path
+            if ast_node.alias
+              field_path += " as #{ast_node.alias}"
+            end
+
+            rows << [
+              ast_node.position.join(":"),
+              field_path,
+              "#{object}",
+              args.inspect,
+              inspect_result(@override_value)
+            ]
+          end
+
+          rows << HEADERS
+          rows.reverse!
+          rows
+        end
+      end
+
+      def find_ast_node(node, last_part)
+        return nil unless node
+        return node if node.respond_to?(:alias) && node.respond_to?(:name) && (node.alias == last_part || node.name == last_part)
+        return nil unless node.respond_to?(:selections)
+        return nil if node.selections.nil? || node.selections.empty?
+
+        node.selections.each do |child|
+          child_ast_node = find_ast_node(child, last_part)
+          return child_ast_node if child_ast_node
+        end
+
+        nil
       end
 
       # @return [String]
@@ -75,67 +161,44 @@ module GraphQL
         table
       end
 
-      # @return [Array] 5 items for a backtrace table (not `key`)
-      def build_rows(context_entry, rows:, top: false)
-        case context_entry
-        when Backtrace::Frame
-          field_alias = context_entry.ast_node.respond_to?(:alias) && context_entry.ast_node.alias
-          value = if top && @override_value
-            @override_value
-          else
-            value_at(@context.query.context.namespace(:interpreter_runtime)[:runtime], context_entry.path)
-          end
-          rows << [
-            "#{context_entry.ast_node ? context_entry.ast_node.position.join(":") : ""}",
-            "#{context_entry.field.path}#{field_alias ? " as #{field_alias}" : ""}",
-            "#{context_entry.object.object.inspect}",
-            context_entry.arguments.to_h.inspect, # rubocop:disable Development/ContextIsPassedCop -- unrelated method
-            Backtrace::InspectResult.inspect_result(value),
-          ]
-          if (parent = context_entry.parent_frame)
-            build_rows(parent, rows: rows)
-          else
-            rows
-          end
-        when GraphQL::Query::Context
-          query = context_entry.query
-          op = query.selected_operation
-          if op
-            op_type = op.operation_type
-            position = "#{op.line}:#{op.col}"
-          else
-            op_type = "query"
-            position = "?:?"
-          end
-          op_name = query.selected_operation_name
-          object = query.root_value
-          if object.is_a?(GraphQL::Schema::Object)
-            object = object.object
-          end
-          value = value_at(context_entry.namespace(:interpreter_runtime)[:runtime], [])
-          rows << [
-            "#{position}",
-            "#{op_type}#{op_name ? " #{op_name}" : ""}",
-            "#{object.inspect}",
-            query.variables.to_h.inspect,
-            Backtrace::InspectResult.inspect_result(value),
-          ]
-        else
-          raise "Unexpected get_rows subject #{context_entry.class} (#{context_entry.inspect})"
-        end
-      end
 
       def value_at(runtime, path)
         response = runtime.final_result
         path.each do |key|
-          if response && (response = response[key])
-            next
-          else
-            break
-          end
+          response && (response = response[key])
         end
         response
       end
+
+      def inspect_result(obj)
+        case obj
+        when Hash
+          "{" +
+            obj.map do |key, val|
+              "#{key}: #{inspect_truncated(val)}"
+            end.join(", ") +
+            "}"
+        when Array
+          "[" +
+            obj.map { |v| inspect_truncated(v) }.join(", ") +
+            "]"
+        else
+          inspect_truncated(obj)
+        end
+      end
+
+      def inspect_truncated(obj)
+        case obj
+        when Hash
+          "{...}"
+        when Array
+          "[...]"
+        when GraphQL::Execution::Lazy
+          "(unresolved)"
+        else
+          "#{obj.inspect}"
+        end
+      end
     end
   end
 end

data/lib/graphql/backtrace.rb

@@ -1,9 +1,6 @@
 # frozen_string_literal: true
-require "graphql/backtrace/inspect_result"
 require "graphql/backtrace/table"
 require "graphql/backtrace/traced_error"
-require "graphql/backtrace/tracer"
-require "graphql/backtrace/trace"
 module GraphQL
   # Wrap unhandled errors with {TracedError}.
   #
@@ -24,7 +21,7 @@ module GraphQL
     def_delegators :to_a, :each, :[]
 
     def self.use(schema_defn)
-      schema_defn.trace_with(self::Trace)
+      schema_defn.using_backtrace = true
     end
 
     def initialize(context, value: nil)
@@ -40,20 +37,5 @@ module GraphQL
     def to_a
       @table.to_backtrace
     end
-
-    # Used for internal bookkeeping
-    # @api private
-    class Frame
-      attr_reader :path, :query, :ast_node, :object, :field, :arguments, :parent_frame
-      def initialize(path:, query:, ast_node:, object:, field:, arguments:, parent_frame:)
-        @path = path
-        @query = query
-        @ast_node = ast_node
-        @field = field
-        @object = object
-        @arguments = arguments
-        @parent_frame = parent_frame
-      end
-    end
   end
 end