gitlab-org--gitlab-foss/app/graphql/gitlab_schema.rb

# frozen_string_literal: true

class GitlabSchema < GraphQL::Schema
  # Currently an IntrospectionQuery has a complexity of 179.
  # These values will evolve over time.
  DEFAULT_MAX_COMPLEXITY   = 200
  AUTHENTICATED_COMPLEXITY = 250
  ADMIN_COMPLEXITY         = 300

  DEFAULT_MAX_DEPTH = 10
  AUTHENTICATED_MAX_DEPTH = 15

  use BatchLoader::GraphQL
  use Gitlab::Graphql::Authorize
  use Gitlab::Graphql::Present
  use Gitlab::Graphql::Connections
  use Gitlab::Graphql::GenericTracing

  query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new

  query(Types::QueryType)

  default_max_page_size 100

  max_complexity DEFAULT_MAX_COMPLEXITY
  max_depth DEFAULT_MAX_DEPTH

  mutation(Types::MutationType)

  class << self
    def multiplex(queries, **kwargs)
      kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context])

      queries.each do |query|
        query[:max_depth] = max_query_depth(kwargs[:context])
      end

      super(queries, **kwargs)
    end

    def execute(query_str = nil, **kwargs)
      kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context])
      kwargs[:max_depth] ||= max_query_depth(kwargs[:context])

      super(query_str, **kwargs)
    end

    private

    def max_query_complexity(ctx)
      current_user = ctx&.fetch(:current_user, nil)

      if current_user&.admin
        ADMIN_COMPLEXITY
      elsif current_user
        AUTHENTICATED_COMPLEXITY
      else
        DEFAULT_MAX_COMPLEXITY
      end
    end

    def max_query_depth(ctx)
      current_user = ctx&.fetch(:current_user, nil)

      if current_user
        AUTHENTICATED_MAX_DEPTH
      else
        DEFAULT_MAX_DEPTH
      end
    end
  end
end
Enable frozen string in app/graphql + app/finders Partially addresses #47424. 2018-09-11 19:08:34 +00:00			`# frozen_string_literal: true`

Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601 2018-05-23 07:55:14 +00:00			`class GitlabSchema < GraphQL::Schema`
Increase GraphQL complexity An IntrospectionQuery required more complexity points. 2019-04-05 17:30:10 +00:00			`# Currently an IntrospectionQuery has a complexity of 179.`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00			`# These values will evolve over time.`
Increase GraphQL complexity An IntrospectionQuery required more complexity points. 2019-04-05 17:30:10 +00:00			`DEFAULT_MAX_COMPLEXITY = 200`
			`AUTHENTICATED_COMPLEXITY = 250`
			`ADMIN_COMPLEXITY = 300`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`DEFAULT_MAX_DEPTH = 10`
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`AUTHENTICATED_MAX_DEPTH = 15`

Convert from GraphQL::Batch to BatchLoader 2018-02-23 15:36:40 +00:00			`use BatchLoader::GraphQL`
Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601 2018-05-23 07:55:14 +00:00			`use Gitlab::Graphql::Authorize`
			`use Gitlab::Graphql::Present`
Add pipeline lists to GraphQL This adds Keyset pagination to GraphQL lists. PoC for that is pipelines on merge requests and projects. When paginating a list, the base-64 encoded id of the ordering field (in most cases the primary key) can be passed in the `before` or `after` GraphQL argument. 2018-06-26 16:31:05 +00:00			`use Gitlab::Graphql::Connections`
Add opentracing integration for graphql Extends existing graphql's tracer with opentracing measurements. Because it also adds Tracing::Graphql class (for opentracing), it also renames Graphql::Tracing class to Graphql::GenericTracing to minimize confusion with similar class names. 2019-05-02 07:01:14 +00:00			`use Gitlab::Graphql::GenericTracing`
Add a minimal GraphQL API 2017-08-16 13:04:41 +00:00
Implement logger analyzer - Modify GraphqlLogger to subclass JsonLogger - Replace the single-line analyser with one that can log all the GraphQL query related information in one place. - Implement analyzer behavior with spec 2019-05-02 00:16:49 +00:00			`query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
Add a minimal GraphQL API 2017-08-16 13:04:41 +00:00			`query(Types::QueryType)`
Add pipeline lists to GraphQL This adds Keyset pagination to GraphQL lists. PoC for that is pipelines on merge requests and projects. When paginating a list, the base-64 encoded id of the ordering field (in most cases the primary key) can be passed in the `before` or `after` GraphQL argument. 2018-06-26 16:31:05 +00:00
			`default_max_page_size 100`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
			`max_complexity DEFAULT_MAX_COMPLEXITY`
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`max_depth DEFAULT_MAX_DEPTH`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
Add mutation toggling WIP state of merge requests This is mainly the setup of mutations for GraphQL. Including authorization and basic return type-structure. 2018-07-10 14:19:45 +00:00			`mutation(Types::MutationType)`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`class << self`
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`def multiplex(queries, **kwargs)`
			`kwargs[:max_complexity] \|\|= max_query_complexity(kwargs[:context])`

			`queries.each do \|query\|`
			`query[:max_depth] = max_query_depth(kwargs[:context])`
			`end`

			`super(queries, **kwargs)`
			`end`

58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`def execute(query_str = nil, **kwargs)`
			`kwargs[:max_complexity] \|\|= max_query_complexity(kwargs[:context])`
			`kwargs[:max_depth] \|\|= max_query_depth(kwargs[:context])`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`super(query_str, **kwargs)`
			`end`

			`private`

			`def max_query_complexity(ctx)`
			`current_user = ctx&.fetch(:current_user, nil)`

			`if current_user&.admin`
			`ADMIN_COMPLEXITY`
			`elsif current_user`
			`AUTHENTICATED_COMPLEXITY`
			`else`
			`DEFAULT_MAX_COMPLEXITY`
			`end`
			`end`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`def max_query_depth(ctx)`
			`current_user = ctx&.fetch(:current_user, nil)`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`if current_user`
			`AUTHENTICATED_MAX_DEPTH`
			`else`
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`DEFAULT_MAX_DEPTH`
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`end`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00			`end`
			`end`
Add a minimal GraphQL API 2017-08-16 13:04:41 +00:00			`end`