hightop 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bfda8167d2141d8bd0be9678f1f285fe8417d0deecac5a04cee44f50efcf876
-  data.tar.gz: 0414c92e5702679fc169dbecb03d754e79461968e97a39cd2cca15d94ec4daa3
+  metadata.gz: ee918ba56e73e37d1c623e99f4bf2971f1f99a82a369582eaf78144951dab192
+  data.tar.gz: c626b6953aae5d3e43e00291b5fba24d8326d133f5aba945ab58f59f4defcb65
 SHA512:
-  metadata.gz: baad6fa1e6f4f404fd2f33448a971412ea9bf50257f5dd69531e341aa0a3afb69c816ac3191a9988ed8f30b19cce2c1d0837fb077e78fe589a7975b0283ec6d7
-  data.tar.gz: a66db10388aff6057d63f9ae977a700c0065d222a52dd04df0e7ea4bbd87f5ee51a145ff875aea5b9042dbbbaff2a10543f612519b3c65ec525852728aef5f82
+  metadata.gz: e82a5854442ce691bc664cf6bb32aa1db21ec5e527fbc4c2ff9ddca49c8b278b8edc454cb0178ddc147ab47db324b091a65840783c9912a3051c16185bf45be3
+  data.tar.gz: '0978f96d0c782e7e6cb9221c11ea01f1ec55ebc1e287fec595416b587f64d30dbe8dcda0859a18d81445ea5900b21c3acf1838cb9c29592bfa76a192f7bd76d2'

data/CHANGELOG.md

@@ -1,45 +1,66 @@
-## 0.2.1
+## 0.3.0 (2021-08-12)
+
+- Raise `ActiveRecord::UnknownAttributeReference` for non-attribute arguments
+- Raise `ArgumentError` for too many arguments with enumerable
+- Removed `uniq` option (use `distinct` instead)
+- Dropped support for Active Record < 5.2 and Ruby < 2.6
+
+## 0.2.4 (2020-09-07)
+
+- Added warning for non-attribute argument
+- Added deprecation warning for `uniq`
+
+## 0.2.3 (2020-06-18)
+
+- Dropped support for Active Record 4.2 and Ruby 2.3
+- Fixed deprecation warning in Ruby 2.7
+
+## 0.2.2 (2019-08-12)
+
+- Added support for Mongoid
+
+## 0.2.1 (2019-08-04)
 
 - Added support for arrays and hashes
 
-## 0.2.0
+## 0.2.0 (2017-03-19)
 
 - Use keyword arguments
 
-## 0.1.4
+## 0.1.4 (2016-02-04)
 
 - Added `distinct` option to replace `uniq`
 
-## 0.1.3
+## 0.1.3 (2015-06-18)
 
 - Fixed `min` option with `uniq`
 
-## 0.1.2
+## 0.1.2 (2014-11-05)
 
 - Added `min` option
 
-## 0.1.1
+## 0.1.1 (2014-07-02)
 
 - Added `uniq` option
 - Fixed `Model.limit(n).top`
 
-## 0.1.0
+## 0.1.0 (2014-06-11)
 
 - No changes, just bump
 
-## 0.0.4
+## 0.0.4 (2014-06-11)
 
 - Added support for multiple groups
 - Added `nil` option
 
-## 0.0.3
+## 0.0.3 (2014-06-11)
 
 - Fixed escaping
 
-## 0.0.2
+## 0.0.2 (2014-05-29)
 
 - Added `limit` parameter
 
-## 0.0.1
+## 0.0.1 (2014-05-11)
 
 - First release

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2019 Andrew Kane
+Copyright (c) 2014-2021 Andrew Kane
 
 MIT License
 

data/README.md

@@ -4,23 +4,16 @@ A nice shortcut for group count queries
 
 ```ruby
 Visit.top(:browser)
+# {
+#   "Chrome"  => 63,
+#   "Safari"  => 50,
+#   "Firefox" => 34
+# }
 ```
 
-instead of
+Works with Active Record, Mongoid, arrays and hashes
 
-```ruby
-Visit.group(:browser).where("browser IS NOT NULL").order("count_all DESC, browser").count
-```
-
-Be sure to [sanitize user input](https://rails-sqli.org/) like you must with `group`
-
-Also works with arrays and hashes
-
-```ruby
-["up", "up", "down"].top(1)
-```
-
-[![Build Status](https://travis-ci.org/ankane/hightop.svg)](https://travis-ci.org/ankane/hightop)
+[![Build Status](https://github.com/ankane/hightop/workflows/build/badge.svg?branch=master)](https://github.com/ankane/hightop/actions)
 
 ## Installation
 
@@ -100,6 +93,18 @@ Min count
 ["up", "up", "down"].top(min: 2)
 ```
 
+## Upgrading
+
+### 0.3.0
+
+Hightop 0.3.0 protects against unsafe input by default. For non-attribute arguments, use:
+
+```ruby
+Visit.top(Arel.sql(known_safe_value))
+```
+
+Also, the `uniq` option has been removed. Use `distinct` instead.
+
 ## History
 
 View the [changelog](https://github.com/ankane/hightop/blob/master/CHANGELOG.md)
@@ -112,3 +117,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/hightop/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+
+To get started with development:
+
+```sh
+git clone https://github.com/ankane/hightop.git
+cd hightop
+bundle install
+bundle exec rake test
+```

data/lib/hightop.rb

@@ -3,9 +3,15 @@ require "active_support"
 
 # modules
 require "hightop/enumerable"
-require "hightop/kicks"
 require "hightop/version"
 
 ActiveSupport.on_load(:active_record) do
+  require "hightop/utils"
+  require "hightop/kicks"
   extend Hightop::Kicks
 end
+
+ActiveSupport.on_load(:mongoid) do
+  require "hightop/mongoid"
+  Mongoid::Document::ClassMethods.include(Hightop::Mongoid)
+end

data/lib/hightop/enumerable.rb

@@ -1,12 +1,9 @@
 module Enumerable
-  def top(*args, &block)
-    if block || !respond_to?(:scoping)
-      limit, options, _ = args
-      if limit.is_a?(Hash) && args.size == 1
-        options = limit
-        limit = nil
-      end
-      options ||= {}
+  def top(*args, **options, &block)
+    if block || !(respond_to?(:scoping) || respond_to?(:with_scope))
+      raise ArgumentError, "wrong number of arguments (given 2, expected 0..1)" if args.size > 1
+
+      limit = args[0]
       min = options[:min]
 
       counts = Hash.new(0)
@@ -19,8 +16,10 @@ module Enumerable
       arr = counts.sort_by { |_, v| -v }
       arr = arr[0...limit] if limit
       Hash[arr]
+    elsif respond_to?(:scoping)
+      scoping { @klass.send(:top, *args, **options, &block) }
     else
-      scoping { @klass.send(:top, *args, &block) }
+      with_scope(self) { klass.send(:top, *args, **options, &block) }
     end
   end
 end

data/lib/hightop/kicks.rb

@@ -1,22 +1,31 @@
 module Hightop
   module Kicks
-    def top(column, limit = nil, distinct: nil, uniq: nil, min: nil, nil: nil)
-      distinct ||= uniq
-      order_str = column.is_a?(Array) ? column.map(&:to_s).join(", ") : column
-      relation = group(column).order(["count_#{distinct || 'all'} DESC", order_str])
+    def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
+      columns = column.is_a?(Array) ? column : [column]
+      columns = columns.map { |c| Utils.validate_column(c) }
+
+      distinct = Utils.validate_column(distinct) if distinct
+
+      relation = group(*columns).order("1 DESC", *columns)
       if limit
         relation = relation.limit(limit)
       end
 
       # terribly named option
       unless binding.local_variable_get(:nil)
-        (column.is_a?(Array) ? column : [column]).each do |c|
+        columns.each do |c|
+          c = Utils.resolve_column(self, c)
           relation = relation.where("#{c} IS NOT NULL")
         end
       end
 
       if min
-        relation = relation.having("COUNT(#{distinct ? "DISTINCT #{distinct}" : '*'}) >= #{min.to_i}")
+        if distinct
+          d = Utils.resolve_column(self, distinct)
+          relation = relation.having("COUNT(DISTINCT #{d}) >= #{min.to_i}")
+        else
+          relation = relation.having("COUNT(*) >= #{min.to_i}")
+        end
       end
 
       if distinct

data/lib/hightop/mongoid.rb

@@ -0,0 +1,52 @@
+module Hightop
+  module Mongoid
+    # super helpful article
+    # https://maximomussini.com/posts/mongoid-aggregation-dsl/
+    def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
+      columns = column.is_a?(Array) ? column : [column]
+
+      relation = all
+
+      # terribly named option
+      unless binding.local_variable_get(:nil)
+        columns.each do |c|
+          relation = relation.and(c.ne => nil)
+        end
+      end
+
+      ids = {}
+      columns.each_with_index do |c, i|
+        ids["c#{i}"] = "$#{c}"
+      end
+
+      if distinct
+        # group with distinct column first, then group without it
+        # https://stackoverflow.com/questions/24761266/select-group-by-count-and-distinct-count-in-same-mongodb-query/24770233#24770233
+        distinct_ids = ids.merge("c#{ids.size}" => "$#{distinct}")
+        relation = relation.group(_id: distinct_ids, count: {"$sum" => 1})
+        ids.each_key do |k|
+          ids[k] = "$_id.#{k}"
+        end
+      end
+
+      relation = relation.group(_id: ids, count: {"$sum" => 1})
+
+      if min
+        relation.pipeline.push("$match" => {"count" => {"$gte" => min}})
+      end
+
+      relation = relation.desc(:count)
+      if limit
+        relation = relation.limit(limit)
+      end
+
+      result = {}
+      collection.aggregate(relation.pipeline).each do |doc|
+        key = doc["_id"].values
+        key = key[0] if key.size == 1
+        result[key] = doc["count"]
+      end
+      result
+    end
+  end
+end

data/lib/hightop/utils.rb

@@ -0,0 +1,25 @@
+module Hightop
+  module Utils
+    class << self
+      # basic version of Active Record disallow_raw_sql!
+      # symbol = column (safe), Arel node = SQL (safe), other = untrusted
+      # matches table.column and column
+      def validate_column(column)
+        unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral)
+          column = column.to_s
+          unless /\A\w+(\.\w+)?\z/i.match(column)
+            raise ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): #{column.inspect}. Use Arel.sql() for known-safe values."
+          end
+        end
+        column
+      end
+
+      # resolves eagerly
+      def resolve_column(relation, column)
+        node = relation.send(:relation).send(:arel_columns, [column]).first
+        node = Arel::Nodes::SqlLiteral.new(node) if node.is_a?(String)
+        relation.connection.visitor.accept(node, Arel::Collectors::SQLString.new).value
+      end
+    end
+  end
+end

data/lib/hightop/version.rb

@@ -1,3 +1,3 @@
 module Hightop
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hightop
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Kane
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-05 00:00:00.000000000 Z
+date: 2021-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,72 +16,16 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description: 
-email: andrew@chartkick.com
+        version: '5.2'
+description:
+email: andrew@ankane.org
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -92,12 +36,14 @@ files:
 - lib/hightop.rb
 - lib/hightop/enumerable.rb
 - lib/hightop/kicks.rb
+- lib/hightop/mongoid.rb
+- lib/hightop/utils.rb
 - lib/hightop/version.rb
 homepage: https://github.com/ankane/hightop
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -105,15 +51,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: A nice shortcut for group count queries
 test_files: []