parse-stack-next 5.0.0 → 5.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95fffb5091fe5273dd4a82cd2083362845f0622113b86db727d754d4d1c55f66
-  data.tar.gz: 46f16ac282f1d9ba487b0638af7dfc9de82e5ae7f9e710e66280dfc52db56e10
+  metadata.gz: fa424fed1ae3d44678d301ca6fca95d383deda63edfcc645f1bfaafd030a24f3
+  data.tar.gz: b96f56fea9dbbeb76650736bee52be70546c02180be8ead3ef0ef392c041884f
 SHA512:
-  metadata.gz: 68edaa682a0f92a59c66ce0500e08c99520443d41e28b5ff5486aed6a0e594ac6fb38c1a5939f5cada7f5ade2d489fd0ffe64d0a14e04a7738cdbde8a66c2e55
-  data.tar.gz: 236e03357d93f02ca40692ed54ee074b6bff194f21e145e785305004c6e0767a1ec1b9e6e8d43d8f83d886fa41d469aac14b65096b1b8e29cced13ba60b4f865
+  metadata.gz: 1c176aa65bd1694c281f2566e69a554ee2d80d090e69969ee5f26e093d11558bbbcbb6da052b9c56e3b9fe95e9c488657b570bb500bf0e5ed3b3cbd72e9f3da8
+  data.tar.gz: 9895c24fdb645b06a1cb799da8ded92dc2a1cb5647d34ea5b0f0fd5bef849ff6768ec16098cb70c7b33a5a53f1773ea5487055f8ad1766ffecfe83a9964548d3

data/.bundle/config

@@ -1,2 +1,4 @@
 ---
 BUNDLE_FORCE_RUBY_PLATFORM: "true"
+BUNDLE_PATH: "/home/runner/work/parse-stack-next/parse-stack-next/vendor/bundle"
+BUNDLE_DEPLOYMENT: "true"

data/.github/workflows/release.yml

@@ -0,0 +1,32 @@
+name: Release Gem
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  push:
+    name: Push to RubyGems
+    runs-on: ubuntu-latest
+    environment: rubygems
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      # bundler-cache (next step) writes --local path / --local
+      # deployment into the tracked `.bundle/config`, which would leave
+      # the working tree dirty and trip `rake release`'s
+      # `release:guard_clean` check. Tell git to ignore worktree
+      # mutations to this file so guard_clean passes while still
+      # letting Bundler resolve vendor/bundle in the next step.
+      - run: git update-index --skip-worktree .bundle/config
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - uses: rubygems/release-gem@v1

data/.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "makefile.configureOnOpen": false
+}

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 ## parse-stack-next Changelog
 
+### 5.0.1
+
+#### Redis cache wrapper compatibility with `Parse::CreateLock`
+
+- **FIXED**: `Parse::CreateLock.synchronize` (and therefore `first_or_create!` / `create_or_update!`) failed to acquire cross-process locks when the configured cache was a `Parse::Cache::Redis` wrapper. The lock implementation calls `store.create(key, owner, expires: ttl)` (Moneta's atomic SETNX), but the wrapper only forwarded `[]`, `key?`, `delete`, and `store` to the pooled Moneta backend. Every acquire raised `NoMethodError: undefined method 'create' for an instance of Parse::Cache::Redis`, which the lock caught, logged as `[Parse::CreateLock] acquire error (NoMethodError)`, and treated as contention — so the call spun on the polling loop until the wait budget elapsed and raised `Parse::CreateLockTimeoutError`. (`lib/parse/cache/redis.rb`, `lib/parse/cache/pool.rb`)
+- **FIXED**: `Parse::CreateLock.degraded_store?` classified the `Parse::Cache::Redis` wrapper as a healthy cross-process store (the wrapper has no Moneta `.adapter` chain to walk and its class name does not match the `Memory`/`Null` heuristic), so the lock never fell back to the in-process `Mutex` path when `#create` was unavailable. The detector now special-cases the `Parse::Cache::Redis` wrapper and additionally treats any store that does not respond to `#create` as degraded, so older custom store implementations that pre-date this requirement degrade gracefully instead of timing out. (`lib/parse/model/core/create_lock.rb`)
+- **NEW**: `Parse::Cache::Redis#create` and `Parse::Cache::Pool#create` forward atomic SETNX semantics to the pooled Moneta-Redis store. `#increment` is forwarded on both for Moneta surface parity so counter / rate-limit use cases work transparently through the pool. (`lib/parse/cache/redis.rb`, `lib/parse/cache/pool.rb`)
+- **CHANGED**: The one-time `[Parse::CreateLock:SECURITY]` warning emitted when no `PARSE_STACK_LOCK_SECRET` is configured against a Redis-backed store now also documents the lock-pinning risk that arises when the response cache and lock store share a Redis DB. Without an HMAC secret the lock keys are a plain SHA256 digest of `(app_id, parse_class, principal, query_attrs)` — guessable for any caller who knows the schema — so an adversary with write access to `Parse.cache` can plant `parse-stack:foc:v1:<sha>` to suppress `first_or_create!` / `create_or_update!` for a tuple until TTL expiry. The warning now tells operators to either set `PARSE_STACK_LOCK_SECRET` or point `Parse.synchronize_create_store` at a separate Redis DB. (`lib/parse/model/core/create_lock.rb`)
+- **NEW**: `Parse::Cache::Redis#clear(scope:)` accepts an explicit `scope:` namespace argument that SCAN-deletes `<scope>:*` regardless of how the wrapper was constructed. This is the targeted escape hatch for ops tooling and multi-tenant deployments where the wrapper was built without a configured `@namespace` but the caller still wants to evict a specific prefix without `FLUSHDB`-ing siblings (or wiping the `parse-stack:foc:v1:*` create-lock keys that live on the same DB). Trailing `:` in the input is stripped so `"tenant_x"` and `"tenant_x:"` are equivalent. The `scope:` argument is strictly validated and raises `ArgumentError` when it is not a `String`, is empty (or `":"` only), or contains Redis SCAN glob metacharacters (`*`, `?`, `[`, `]`, `\`) or a NUL byte — otherwise `scope: "*"` would expand the SCAN pattern and delete every key on the DB, defeating the whole point of keeping `flush_db!` as the explicit wide-blast-radius escape hatch. The no-argument form preserves the previous semantics — namespace-scoped SCAN-delete when `@namespace` is set, full `FLUSHDB` otherwise — so existing `Parse::Client#clear_cache!` callers are unaffected. (`lib/parse/cache/redis.rb`)
+
 ### 5.0.0
 
 #### Client-mode `Parse::Agent`

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    parse-stack-next (5.0.0)
+    parse-stack-next (5.0.1)
       activemodel (>= 6.1, < 9)
       activesupport (>= 6.1, < 9)
       connection_pool (>= 2.2, < 4)

data/README.md

@@ -175,7 +175,7 @@ result = Parse.call_function :myFunctionName, {param: value}
 
 ## Release History
 
-**Current version: 5.0.0** | **Ruby 3.2+ required**
+**Current version: 5.0.1** | **Ruby 3.2+ required**
 
 The 5.0 highlights (vector search / RAG, pooled Redis cache, AS::N instrumentation, MCP transport hardening, GraphQL type generation) are summarized in the [What's new in 5.0](#whats-new-in-50) section above. Earlier releases are recorded below.
 

data/lib/parse/cache/pool.rb

@@ -51,6 +51,21 @@ module Parse
         @pool.with { |store| store.store(key, value, options) }
       end
 
+      # Atomic SETNX-style write. Required by `Parse::CreateLock` to acquire
+      # cross-process locks against Redis-backed stores. Forwards to the
+      # underlying Moneta store's `#create`, which returns `true` only if
+      # the key was absent and is now set.
+      def create(key, value, options = {})
+        @pool.with { |store| store.create(key, value, options) }
+      end
+
+      # Atomic counter increment. Forwarded for parity with Moneta so
+      # callers expecting the full Moneta surface (counters, rate limits)
+      # work transparently through the pool.
+      def increment(key, amount = 1, options = {})
+        @pool.with { |store| store.increment(key, amount, options) }
+      end
+
       # Clear the underlying backend. Pooled Moneta stores all point at the
       # same Redis DB, so a single checkout suffices — issuing `clear` on
       # one connection flushes the DB for every connection.

data/lib/parse/cache/redis.rb

@@ -105,6 +105,19 @@ module Parse
         @pool.store(key, value, options)
       end
 
+      # Atomic SETNX. Required so `Parse::CreateLock` can acquire
+      # cross-process locks when this wrapper is the configured cache /
+      # `synchronize_create_store`. Returns `true` only when the key did
+      # not already exist.
+      def create(key, value, options = {})
+        @pool.create(key, value, options)
+      end
+
+      # Atomic counter increment. Forwarded for Moneta surface parity.
+      def increment(key, amount = 1, options = {})
+        @pool.increment(key, amount, options)
+      end
+
       # Clear cached entries belonging to this wrapper. Required for
       # `Parse::Client#clear_cache!` compatibility.
       #
@@ -115,8 +128,22 @@ module Parse
       # the backing DB — same blast radius as previous versions, but
       # only for unnamespaced deployments. To opt into the wide
       # FLUSHDB explicitly (e.g. ops tooling), call {#flush_db!}.
-      def clear
-        if @namespace
+      #
+      # @param scope [String, nil] explicit namespace prefix to scan-delete.
+      #   When provided, overrides the wrapper's configured `@namespace` and
+      #   SCAN-deletes `<scope>:*` regardless of how the wrapper was built.
+      #   This is the safe escape hatch for tenants that share a non-
+      #   namespaced wrapper but still want to evict only their own keys
+      #   without `FLUSHDB`-ing siblings (and without wiping
+      #   `parse-stack:foc:v1:*` create-lock keys that live on the same DB).
+      #   The scope must be a non-empty String; the trailing `:` is added
+      #   automatically and any trailing `:` in the input is stripped so
+      #   `"tenant_x"` and `"tenant_x:"` are equivalent.
+      def clear(scope: nil)
+        if scope
+          prefix = validate_scope!(scope)
+          delete_keys_matching!("#{prefix}:*")
+        elsif @namespace
           delete_keys_matching!("#{@namespace}:*")
         else
           @pool.clear
@@ -185,6 +212,38 @@ module Parse
         s = ns.to_s.chomp(":")
         s.empty? ? nil : s
       end
+
+      # Validate a caller-supplied `scope:` for `clear(scope:)`. Returns the
+      # normalized prefix or raises ArgumentError. We enforce:
+      #
+      # - must be a String (Symbol / Integer / nil would silently `.to_s`
+      #   under `normalize_namespace` and expand the deletion target —
+      #   `scope: 0` would clear `0:*`)
+      # - must be non-empty after trimming a trailing `:`
+      # - must not contain Redis SCAN glob metacharacters (`*`, `?`, `[`,
+      #   `]`, `\`) — otherwise `scope: "*"` would SCAN-delete the whole
+      #   DB, defeating the whole point of having `flush_db!` as the
+      #   explicit wide-blast-radius escape hatch
+      # - must not contain a null byte (defense-in-depth against keys
+      #   crafted to terminate early in some Redis client paths)
+      GLOB_METACHARS = /[\*\?\[\]\\\x00]/.freeze
+      private_constant :GLOB_METACHARS
+
+      def validate_scope!(scope)
+        unless scope.is_a?(String)
+          raise ArgumentError, "scope: must be a String (got #{scope.class})"
+        end
+        prefix = scope.chomp(":")
+        if prefix.empty?
+          raise ArgumentError, "scope: must be a non-empty namespace string"
+        end
+        if prefix.match?(GLOB_METACHARS)
+          raise ArgumentError,
+                "scope: must not contain Redis SCAN glob characters (*, ?, [, ], \\, or NUL); " \
+                "use flush_db! for a full-DB flush"
+        end
+        prefix
+      end
     end
   end
 end

data/lib/parse/model/core/create_lock.rb

@@ -255,6 +255,13 @@ module Parse
 
       def degraded_store?(store)
         return true if store.nil?
+        # The Parse::Cache::Redis wrapper (and its Pool) are known
+        # cross-process stores even though they don't expose a Moneta
+        # `.adapter` chain to walk. Anything that can't forward `#create`
+        # cannot serve as a lock store, so fall back to the process-local
+        # path rather than spinning until timeout on NoMethodError.
+        return false if defined?(Parse::Cache::Redis) && store.is_a?(Parse::Cache::Redis)
+        return true unless store.respond_to?(:create)
         bottom = walk_to_adapter(store)
         return true if bottom.nil?
         klass_name = bottom.class.name.to_s
@@ -366,8 +373,13 @@ module Parse
         @plain_sha_warned = true
         warn "[Parse::CreateLock:SECURITY] No PARSE_STACK_LOCK_SECRET configured and Redis-backed store detected. " \
              "Falling back to plain SHA256 for lock-key derivation so cross-process locking actually works. " \
-             "Lock keys are deterministic and may expose query_attrs content via Redis MONITOR/snapshots. " \
-             "Set PARSE_STACK_LOCK_SECRET (or Parse.synchronize_create_secret = '…') to enable HMAC keying."
+             "Risks of running without an HMAC secret: (1) lock keys are deterministic and may expose query_attrs " \
+             "content via Redis MONITOR/snapshots; (2) when the response cache and the lock store share a Redis DB, " \
+             "any caller with write access to Parse.cache can plant a `parse-stack:foc:v1:<sha>` key under a guessable " \
+             "digest of (app_id, class, principal, query_attrs) and suppress first_or_create!/create_or_update! for " \
+             "that tuple until TTL expiry — a targeted DoS / create-pinning primitive. " \
+             "Set PARSE_STACK_LOCK_SECRET (or Parse.synchronize_create_secret = '…') to enable HMAC keying, or " \
+             "point Parse.synchronize_create_store at a separate Redis DB from the response cache."
       end
 
       def instrument(event, key, payload = {})

data/lib/parse/stack/version.rb

@@ -6,6 +6,6 @@ module Parse
   # The Parse Server SDK for Ruby
   module Stack
     # The current version.
-    VERSION = "5.0.0"
+    VERSION = "5.0.1"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: parse-stack-next
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.1
 platform: ruby
 authors:
 - Anthony Persaud
@@ -212,10 +212,12 @@ files:
 - ".env.test"
 - ".github/workflows/codeql.yml"
 - ".github/workflows/docs.yml"
+- ".github/workflows/release.yml"
 - ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".ruby-version"
 - ".solargraph.yml"
+- ".vscode/settings.json"
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock