rubocop-graphql 0.19.0 → 1.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80b3609f1de18b1e5db7198fdf29f7deed28cfe0e505c9485203dd38172ff4f9
-  data.tar.gz: 0d894dad1bc37192b76372d235d10fab4181e171574f471091e9bad0033212d2
+  metadata.gz: 54137ed6106e3d8c0d2c675ea02e41989aef1d4480edf875071c9c7918a96fba
+  data.tar.gz: a1a0b7d307854a39d4b4761d77cc829569dd9e97453a329d027886331407aae0
 SHA512:
-  metadata.gz: 3c2b2d1bcbae2e53e28567c0f13397f77427cc0b9d87a96171cd27fec5d33649568366a623c6ea7c6960f452709d02081c04e3dae1368b465da4fad304ae9ce5
-  data.tar.gz: b6b5588432b38eaa545bff20b2f52d966859ba1fac6fcad5004f22405fd4d1dab56c04238124f99f3ff1df860b385773e539981221b94d0e8c4c27266d4a7c9e
+  metadata.gz: 9e1fc8711b226bd656ca33d8409949a40667e9eabf31ca55a3536ae5f4f54f3af4e7254cbaa589e406172c724afdeb6772ffe5dd689909ebeb09608c7c94b848
+  data.tar.gz: 392b99c409b0e2b8247fff232d35fab529c1abf5eb3f7b648f40eb9020b07a5c56f074d88538626e564872a4a13f1cb59ee20a5ddc0c982099a2aa3edc596289

data/config/default.yml

@@ -8,123 +8,168 @@ GraphQL:
 
 GraphQL/ArgumentDescription:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.2.0'
   Description: 'Ensures all arguments have a description'
 
 GraphQL/ArgumentName:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.2.0'
   Description: 'This cop checks whether argument names are snake_case'
 
 GraphQL/ArgumentUniqueness:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.11.0'
   Description: 'This cop enforces arguments to be defined once per block'
 
-GraphQL/ResolverMethodLength:
+GraphQL/ExtractInputType:
   Enabled: true
-  VersionAdded: '0.80'
-  Description: 'Checks resolver methods are not too long'
-  Max: 10
-  CountComments: false
-  ExcludedMethods: []
+  VersionAdded: '0.2.0'
+  Description: 'Suggests using input type instead of many arguments'
+  MaxArguments: 2
+  Include:
+    - '**/graphql/mutations/**/*.rb'
+
+GraphQL/ExtractType:
+  Enabled: true
+  VersionAdded: '0.2.0'
+  Description: 'Suggests extracting fields with common prefixes to the separate type'
+  MaxFields: 2
+  Prefixes:
+    - is
+    - has
+    - with
+    - avg
+    - min
+    - max
 
 GraphQL/FieldDefinitions:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.1.0'
   Description: 'Checks consistency of field definitions'
   EnforcedStyle: group_definitions
   SupportedStyles:
     - group_definitions
     - define_resolver_after_definition
 
-GraphQL/MultipleFieldDefinitions:
-  Enabled: true
-  Description: 'Ensures that fields with multiple definitions are grouped together'
-
 GraphQL/FieldDescription:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.1.0'
   Description: 'Ensures all fields have a description'
 
 GraphQL/FieldHashKey:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.4.0'
   Description: 'Checks :hash_key option is used for appropriate fields'
 
 GraphQL/FieldMethod:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.2.0'
   Description: 'Checks :method option is used for appropriate fields'
 
 GraphQL/FieldName:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.2.0'
   Description: 'This cop checks whether field names are snake_case'
   SafeAutoCorrect: false
 
 GraphQL/FieldUniqueness:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.11.0'
   Description: 'This cop enforces fields to be defined once'
 
-GraphQL/ExtractInputType:
+GraphQL/GraphqlName:
   Enabled: true
-  VersionAdded: '0.80'
-  Description: 'Suggests using input type instead of many arguments'
-  MaxArguments: 2
+  VersionAdded: '1.0.0'
+  Description: 'This cop check proper configuration of graphql_name'
   Include:
-    - '**/graphql/mutations/**/*.rb'
-
-GraphQL/ExtractType:
-  Enabled: true
-  VersionAdded: '0.80'
-  Description: 'Suggests extracting fields with common prefixes to the separate type'
-  MaxFields: 2
-  Prefixes:
-    - is
-    - has
-    - with
-    - avg
-    - min
-    - max
+    - "**/graphql/types/**/*"
+    - "**/graphql/mutations/**/*"
+  EnforcedStyle: only_override
+  SupportedStyles:
+    - required
+    - only_override
 
 GraphQL/LegacyDsl:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.9.0'
   Description: 'Checks that types are defined with class-based API'
 
+GraphQL/MaxComplexitySchema:
+  Enabled: true
+  VersionAdded: '1.0.0'
+  Description: 'Enforces max_complexity configuration in schema'
+  Include:
+    - '**/graphql/**/*_schema.rb'
+
+GraphQL/MaxDepthSchema:
+  Enabled: true
+  VersionAdded: '1.0.0'
+  Description: 'Enforces max_depth configuration in schema'
+  Include:
+    - '**/graphql/**/*_schema.rb'
+
+GraphQL/MultipleFieldDefinitions:
+  Enabled: true
+  VersionAdded: '0.15.0'
+  Description: 'Ensures that fields with multiple definitions are grouped together'
+
+GraphQL/NotAuthorizedNodeType:
+  Enabled: true
+  VersionAdded: '1.0.0'
+  Description: 'Detects types that implement Node interface and not have `.authorized?` check'
+  Include:
+    - '**/graphql/types/**/*'
+  SafeBaseClasses: []
+
+GraphQL/ResolverMethodLength:
+  Enabled: true
+  VersionAdded: '0.1.0'
+  Description: 'Checks resolver methods are not too long'
+  Max: 10
+  CountComments: false
+  ExcludedMethods: []
+  CountAsOne: []
+
 GraphQL/ObjectDescription:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.3.0'
   Description: 'Ensures all types have a description'
   Exclude:
+    - "spec/**/*"
+    - "test/**/*"
     - '**/*_schema.rb'
     - '**/base_*.rb'
     - '**/graphql/query_context.rb'
 
 GraphQL/OrderedArguments:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.7.0'
   Description: 'Arguments should be alphabetically sorted within groups'
+  Order: null
 
 GraphQL/OrderedFields:
   Enabled: true
-  VersionAdded: '0.80'
+  VersionAdded: '0.5.0'
   Description: 'Fields should be alphabetically sorted within groups'
+  Groups: true
+  Order: null
 
 GraphQL/UnusedArgument:
   Enabled: true
+  VersionAdded: '0.12.0'
   Description: 'Arguments should either be listed explicitly or **rest should be in the resolve signature'
 
 GraphQL/UnnecessaryFieldAlias:
   Enabled: true
+  VersionAdded: '0.18.0'
   Description: 'Field aliases should be different than their field names'
 
 GraphQL/UnnecessaryArgumentCamelize:
   Enabled: true
+  VersionAdded: '0.18.0'
   Description: "Camelize isn't necessary if the argument name doesn't contain underscores"
 
 GraphQL/UnnecessaryFieldCamelize:
   Enabled: true
+  VersionAdded: '0.18.0'
   Description: "Camelize isn't necessary if the field name doesn't contain underscores"

data/lib/rubocop/cop/graphql/argument_description.rb

@@ -22,6 +22,7 @@ module RuboCop
         include RuboCop::GraphQL::NodePattern
 
         MSG = "Missing argument description"
+        RESTRICT_ON_SEND = %i[argument].freeze
 
         def on_send(node)
           return unless argument?(node)

data/lib/rubocop/cop/graphql/argument_name.rb

@@ -20,6 +20,7 @@ module RuboCop
       #
       class ArgumentName < Base
         include RuboCop::GraphQL::NodePattern
+        RESTRICT_ON_SEND = %i[argument].freeze
 
         using RuboCop::GraphQL::Ext::SnakeCase
 

data/lib/rubocop/cop/graphql/field_definitions.rb

@@ -52,6 +52,8 @@ module RuboCop
         include RuboCop::GraphQL::Sorbet
         include RuboCop::GraphQL::Heredoc
 
+        RESTRICT_ON_SEND = %i[field].freeze
+
         # @!method field_kwargs(node)
         def_node_matcher :field_kwargs, <<~PATTERN
           (send nil? :field
@@ -80,6 +82,16 @@ module RuboCop
           end
         end
 
+        def on_module(node)
+          return if style != :group_definitions
+
+          schema_member = RuboCop::GraphQL::SchemaMember.new(node)
+
+          if (body = schema_member.body)
+            check_grouped_field_declarations(body)
+          end
+        end
+
         private
 
         GROUP_DEFS_MSG = "Group all field definitions together."
@@ -100,7 +112,6 @@ module RuboCop
 
         def group_field_declarations(corrector, node)
           field = RuboCop::GraphQL::Field.new(node)
-
           first_field = field.schema_member.body.find do |node|
             field_definition?(node) || field_definition_with_body?(node)
           end
@@ -211,7 +222,7 @@ module RuboCop
 
         def remove_old_resolver(corrector, resolver_definition)
           range_to_remove = range_with_surrounding_space(
-            range: resolver_definition.loc.expression, side: :left
+            range: resolver_definition.source_range, side: :left
           )
           corrector.remove(range_to_remove)
 
@@ -220,7 +231,7 @@ module RuboCop
           return unless resolver_signature
 
           range_to_remove = range_with_surrounding_space(
-            range: resolver_signature.loc.expression, side: :left
+            range: resolver_signature.source_range, side: :left
           )
           corrector.remove(range_to_remove)
         end

data/lib/rubocop/cop/graphql/field_description.rb

@@ -22,6 +22,7 @@ module RuboCop
         include RuboCop::GraphQL::NodePattern
 
         MSG = "Missing field description"
+        RESTRICT_ON_SEND = %i[field].freeze
 
         def on_send(node)
           return unless field_definition?(node)

data/lib/rubocop/cop/graphql/field_hash_key.rb

@@ -41,6 +41,7 @@ module RuboCop
         PATTERN
 
         MSG = "Use hash_key: %<hash_key>p"
+        RESTRICT_ON_SEND = %i[field].freeze
 
         def on_send(node)
           return unless field_definition?(node)
@@ -74,11 +75,11 @@ module RuboCop
           suggested_hash_key_name = hash_key_to_use(method_definition)
 
           corrector.insert_after(
-            node.loc.expression, ", hash_key: #{suggested_hash_key_name.inspect}"
+            node, ", hash_key: #{suggested_hash_key_name.inspect}"
           )
 
           range = range_with_surrounding_space(
-            range: method_definition.loc.expression, side: :left
+            range: method_definition.source_range, side: :left
           )
 
           corrector.remove(range)

data/lib/rubocop/cop/graphql/field_method.rb

@@ -40,6 +40,7 @@ module RuboCop
         PATTERN
 
         MSG = "Use method: :%<method_name>s"
+        RESTRICT_ON_SEND = %i[field].freeze
 
         def on_send(node)
           return unless field_definition?(node)
@@ -51,6 +52,7 @@ module RuboCop
 
           return if suggested_method_name.nil?
           return if RuboCop::GraphQL::Field::CONFLICT_FIELD_NAMES.include?(suggested_method_name)
+          return if method_kwarg_set?(field)
 
           add_offense(node, message: message(suggested_method_name)) do |corrector|
             autocorrect(corrector, node)
@@ -68,10 +70,10 @@ module RuboCop
           method_definition = suggest_method_name_for(field)
           suggested_method_name = method_to_use(method_definition)
 
-          corrector.insert_after(node.loc.expression, ", method: :#{suggested_method_name}")
+          corrector.insert_after(node, ", method: :#{suggested_method_name}")
 
           range = range_with_surrounding_space(
-            range: method_definition.loc.expression, side: :left
+            range: method_definition.source_range, side: :left
           )
           corrector.remove(range)
         end
@@ -80,6 +82,10 @@ module RuboCop
           method_name = field.resolver_method_name
           field.schema_member.find_method_definition(method_name)
         end
+
+        def method_kwarg_set?(field)
+          field.kwargs.method != nil
+        end
       end
     end
   end

data/lib/rubocop/cop/graphql/field_name.rb

@@ -29,6 +29,7 @@ module RuboCop
         using RuboCop::GraphQL::Ext::SnakeCase
 
         MSG = "Use snake_case for field names"
+        RESTRICT_ON_SEND = %i[field].freeze
 
         def on_send(node)
           return unless field_definition?(node)

data/lib/rubocop/cop/graphql/field_uniqueness.rb

@@ -63,9 +63,16 @@ module RuboCop
         end
 
         def field_name(node)
-          node.first_argument.value.to_s
+          field = RuboCop::GraphQL::Field.new(node)
+
+          "#{field.name}#{':non-camelized' if false_value?(field.kwargs.camelize)}"
         end
 
+        # @!method false_value?(node)
+        def_node_matcher :false_value?, <<~PATTERN
+          (pair ... false)
+        PATTERN
+
         # @!method field_declarations(node)
         def_node_search :field_declarations, <<~PATTERN
           {

data/lib/rubocop/cop/graphql/graphql_name.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module GraphQL
+      # Checks consistency of graphql_name usage
+      #
+      # EnforcedStyle supports two modes:
+      #
+      # `only_override` : types and mutations should have graphql_name configured only if it's
+      #  different from the default name
+      #
+      # `required` : all types and mutations should have graphql_name configured
+      #
+      # @example EnforcedStyle: only_override (default)
+      #   # good
+      #
+      #   class UserType < BaseType
+      #     graphql_name 'Viewer'
+      #   end
+      #
+      #   # bad
+      #
+      #   class UserType < BaseType
+      #     graphql_name 'User'
+      #   end
+      #
+      # @example EnforcedStyle: required
+      #   # good
+      #
+      #   class UserType < BaseType
+      #     graphql_name 'User'
+      #   end
+      #
+      #   # bad
+      #
+      #   class UserType < BaseType
+      #   end
+      #
+      class GraphqlName < Base
+        include ConfigurableEnforcedStyle
+
+        # @!method graphql_name(node)
+        def_node_matcher :graphql_name, <<~PATTERN
+          `(send nil? :graphql_name (str $_))
+        PATTERN
+
+        # @!method class_name(node)
+        def_node_matcher :class_name, <<~PATTERN
+          (class (const _ $_) ...)
+        PATTERN
+
+        MISSING_NAME = "graphql_name should be configured."
+        UNNEEDED_OVERRIDE = "graphql_name should be specified only for overrides."
+
+        def on_class(node)
+          specified_name = graphql_name(node)
+
+          case style
+          when :required
+            add_offense(node, message: MISSING_NAME) if specified_name.nil?
+          when :only_override
+            default_graphql_name = class_name(node).to_s.sub(/Type\Z/, "")
+            add_offense(node, message: UNNEEDED_OVERRIDE) if specified_name == default_graphql_name
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/graphql/legacy_dsl.rb

@@ -32,6 +32,7 @@ module RuboCop
 
         MSG = "Avoid using legacy based type-based definitions. " \
               "Use class-based definitions instead."
+        RESTRICT_ON_SEND = %i[define].freeze
 
         def on_send(node)
           return unless node.parent.block_type?

data/lib/rubocop/cop/graphql/max_complexity_schema.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module GraphQL
+      # Detects missing max_complexity configuration in schema files
+      #
+      # @example
+      #   # good
+      #
+      #   class AppSchema < BaseSchema
+      #     max_complexity 42
+      #   end
+      #
+      class MaxComplexitySchema < Base
+        # @!method max_complexity(node)
+        def_node_matcher :max_complexity, <<~PATTERN
+          `(send nil? :max_complexity ...)
+        PATTERN
+
+        MSG = "max_complexity should be configured for schema."
+
+        def on_class(node)
+          return if ::RuboCop::GraphQL::Class.new(node).nested? || max_complexity(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/graphql/max_depth_schema.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module GraphQL
+      # Detects missing max_depth configuration in schema files
+      #
+      # @example
+      #   # good
+      #
+      #   class AppSchema < BaseSchema
+      #     max_depth 42
+      #   end
+      #
+      class MaxDepthSchema < Base
+        # @!method max_depth(node)
+        def_node_matcher :max_depth, <<~PATTERN
+          `(send nil? :max_depth ...)
+        PATTERN
+
+        MSG = "max_depth should be configured for schema."
+
+        def on_class(node)
+          return if ::RuboCop::GraphQL::Class.new(node).nested? || max_depth(node)
+
+          add_offense(node)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/graphql/multiple_field_definitions.rb

@@ -32,6 +32,8 @@ module RuboCop
         include RuboCop::Cop::RangeHelp
         include RuboCop::GraphQL::Heredoc
 
+        RESTRICT_ON_SEND = %i[field].freeze
+
         def on_send(node)
           return unless field?(node)
 

data/lib/rubocop/cop/graphql/not_authorized_node_type.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module GraphQL
+      # Detects types that implement Node interface and not have `.authorized?` check.
+      # Such types can be fetched by ID and therefore should have type level check to
+      # avoid accidental information exposure.
+      #
+      # If `.authorized?` is defined in a parent class, you can add parent to the "SafeBaseClasses"
+      # to avoid offenses in children.
+      #
+      # This cop also checks the `can_can_action` or `pundit_role` methods that
+      # can be used as part of the Ruby GraphQL Pro.
+      #
+      # @example
+      #   # good
+      #
+      #   class UserType < BaseType
+      #     implements GraphQL::Types::Relay::Node
+      #
+      #     field :uuid, ID, null: false
+      #
+      #     def self.authorized?(object, context)
+      #       super && object.owner == context[:viewer]
+      #     end
+      #   end
+      #
+      #   # good
+      #
+      #   class UserType < BaseType
+      #     implements GraphQL::Types::Relay::Node
+      #
+      #     field :uuid, ID, null: false
+      #
+      #     class << self
+      #       def authorized?(object, context)
+      #         super && object.owner == context[:viewer]
+      #       end
+      #     end
+      #   end
+      #
+      #   # good
+      #
+      #   class UserType < BaseType
+      #     implements GraphQL::Types::Relay::Node
+      #
+      #     pundit_role :staff
+      #
+      #     field :uuid, ID, null: false
+      #   end
+      #
+      #   # good
+      #
+      #   class UserType < BaseType
+      #     implements GraphQL::Types::Relay::Node
+      #
+      #     can_can_action :staff
+      #
+      #     field :uuid, ID, null: false
+      #   end
+      #
+      #   # bad
+      #
+      #   class UserType < BaseType
+      #     implements GraphQL::Types::Relay::Node
+      #
+      #     field :uuid, ID, null: false
+      #   end
+      #
+      class NotAuthorizedNodeType < Base
+        MSG = ".authorized? should be defined for types implementing Node interface."
+
+        # @!method implements_node_type?(node)
+        def_node_matcher :implements_node_type?, <<~PATTERN
+          `(send nil? :implements
+            (const
+              (const
+                (const
+                  (const nil? :GraphQL) :Types) :Relay) :Node))
+        PATTERN
+
+        # @!method has_can_can_action?(node)
+        def_node_matcher :has_can_can_action?, <<~PATTERN
+          `(send nil? :can_can_action {nil_type? sym_type?})
+        PATTERN
+
+        # @!method has_pundit_role?(node)
+        def_node_matcher :has_pundit_role?, <<~PATTERN
+          `(send nil? :pundit_role {nil_type? sym_type?})
+        PATTERN
+
+        # @!method has_authorized_method?(node)
+        def_node_matcher :has_authorized_method?, <<~PATTERN
+          {`(:defs (:self) :authorized? ...) | `(:sclass (:self) `(:def :authorized? ...))}
+        PATTERN
+
+        def on_module(node)
+          @parent_modules ||= []
+          @parent_modules << node.child_nodes[0].const_name
+        end
+
+        def on_class(node)
+          @parent_modules ||= []
+          return if possible_parent_classes(node).any? { |klass| ignored_class?(klass) }
+
+          @parent_modules << node.child_nodes[0].const_name
+
+          add_offense(node) if implements_node_type?(node) && !implements_authorization?(node)
+        end
+
+        private
+
+        def implements_authorization?(node)
+          has_authorized_method?(node) || has_can_can_action?(node) || has_pundit_role?(node)
+        end
+
+        def possible_parent_classes(node)
+          klass = node.child_nodes[1].const_name
+
+          return [] if klass.nil?
+          return [klass] if node.child_nodes[1].absolute?
+
+          parent_module = "#{@parent_modules.join('::')}::"
+          [klass, parent_module + klass]
+        end
+
+        def ignored_class?(klass)
+          cop_config["SafeBaseClasses"].include?(klass)
+        end
+      end
+    end
+  end
+end