gitlab-org--gitlab-foss/app/graphql/gitlab_schema.rb

# frozen_string_literal: true

class GitlabSchema < GraphQL::Schema
  # Currently an IntrospectionQuery has a complexity of 179.
  # These values will evolve over time.
  DEFAULT_MAX_COMPLEXITY   = 200
  AUTHENTICATED_COMPLEXITY = 250
  ADMIN_COMPLEXITY         = 300

  DEFAULT_MAX_DEPTH = 15
  AUTHENTICATED_MAX_DEPTH = 20

  use BatchLoader::GraphQL
  use Gitlab::Graphql::Authorize
  use Gitlab::Graphql::Present
  use Gitlab::Graphql::CallsGitaly
  use Gitlab::Graphql::Connections
  use Gitlab::Graphql::GenericTracing

  query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new

  query(Types::QueryType)

  default_max_page_size 100

  max_complexity DEFAULT_MAX_COMPLEXITY
  max_depth DEFAULT_MAX_DEPTH

  mutation(Types::MutationType)

  class << self
    def multiplex(queries, **kwargs)
      kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context])

      queries.each do |query|
        query[:max_depth] = max_query_depth(kwargs[:context])
      end

      super(queries, **kwargs)
    end

    def execute(query_str = nil, **kwargs)
      kwargs[:max_complexity] ||= max_query_complexity(kwargs[:context])
      kwargs[:max_depth] ||= max_query_depth(kwargs[:context])

      super(query_str, **kwargs)
    end

    def id_from_object(object)
      unless object.respond_to?(:to_global_id)
        # This is an error in our schema and needs to be solved. So raise a
        # more meaningfull error message
        raise "#{object} does not implement `to_global_id`. "\
              "Include `GlobalID::Identification` into `#{object.class}"
      end

      object.to_global_id
    end

    def object_from_id(global_id)
      gid = GlobalID.parse(global_id)

      unless gid
        raise Gitlab::Graphql::Errors::ArgumentError, "#{global_id} is not a valid GitLab id."
      end

      if gid.model_class < ApplicationRecord
        Gitlab::Graphql::Loaders::BatchModelLoader.new(gid.model_class, gid.model_id).find
      elsif gid.model_class.respond_to?(:lazy_find)
        gid.model_class.lazy_find(gid.model_id)
      else
        gid.find
      end
    end

    private

    def max_query_complexity(ctx)
      current_user = ctx&.fetch(:current_user, nil)

      if current_user&.admin
        ADMIN_COMPLEXITY
      elsif current_user
        AUTHENTICATED_COMPLEXITY
      else
        DEFAULT_MAX_COMPLEXITY
      end
    end

    def max_query_depth(ctx)
      current_user = ctx&.fetch(:current_user, nil)

      if current_user
        AUTHENTICATED_MAX_DEPTH
      else
        DEFAULT_MAX_DEPTH
      end
    end
  end
end
Enable frozen string in app/graphql + app/finders Partially addresses #47424. 2018-09-11 19:08:34 +00:00			`# frozen_string_literal: true`

Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601 2018-05-23 07:55:14 +00:00			`class GitlabSchema < GraphQL::Schema`
Increase GraphQL complexity An IntrospectionQuery required more complexity points. 2019-04-05 17:30:10 +00:00			`# Currently an IntrospectionQuery has a complexity of 179.`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00			`# These values will evolve over time.`
Increase GraphQL complexity An IntrospectionQuery required more complexity points. 2019-04-05 17:30:10 +00:00			`DEFAULT_MAX_COMPLEXITY = 200`
			`AUTHENTICATED_COMPLEXITY = 250`
			`ADMIN_COMPLEXITY = 300`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
Expose comments on Noteables in GraphQL This exposes `Note`s on Issues & MergeRequests using a `Types::Notes::NoteableType` in GraphQL. Exposing notes on a new type can be done by implementing the `NoteableType` interface on the type. The presented object should be a `Noteable`. 2019-06-07 17:13:26 +00:00			`DEFAULT_MAX_DEPTH = 15`
			`AUTHENTICATED_MAX_DEPTH = 20`
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00
Convert from GraphQL::Batch to BatchLoader 2018-02-23 15:36:40 +00:00			`use BatchLoader::GraphQL`
Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601 2018-05-23 07:55:14 +00:00			`use Gitlab::Graphql::Authorize`
			`use Gitlab::Graphql::Present`
Alert if `calls_gitaly` declaration missing - Move `calls_gitaly_check` to public - Add instrumentation for flagging missing CallsGitaly declarations - Wrap resolver proc in before-and-after Gitaly counts to get the net Gitaly call count for the resolver. 2019-06-21 14:20:00 +00:00			`use Gitlab::Graphql::CallsGitaly`
Add pipeline lists to GraphQL This adds Keyset pagination to GraphQL lists. PoC for that is pipelines on merge requests and projects. When paginating a list, the base-64 encoded id of the ordering field (in most cases the primary key) can be passed in the `before` or `after` GraphQL argument. 2018-06-26 16:31:05 +00:00			`use Gitlab::Graphql::Connections`
Add opentracing integration for graphql Extends existing graphql's tracer with opentracing measurements. Because it also adds Tracing::Graphql class (for opentracing), it also renames Graphql::Tracing class to Graphql::GenericTracing to minimize confusion with similar class names. 2019-05-02 07:01:14 +00:00			`use Gitlab::Graphql::GenericTracing`
Add a minimal GraphQL API 2017-08-16 13:04:41 +00:00
Implement logger analyzer - Modify GraphqlLogger to subclass JsonLogger - Replace the single-line analyser with one that can log all the GraphQL query related information in one place. - Implement analyzer behavior with spec 2019-05-02 00:16:49 +00:00			`query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
Add a minimal GraphQL API 2017-08-16 13:04:41 +00:00			`query(Types::QueryType)`
Add pipeline lists to GraphQL This adds Keyset pagination to GraphQL lists. PoC for that is pipelines on merge requests and projects. When paginating a list, the base-64 encoded id of the ordering field (in most cases the primary key) can be passed in the `before` or `after` GraphQL argument. 2018-06-26 16:31:05 +00:00
			`default_max_page_size 100`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
			`max_complexity DEFAULT_MAX_COMPLEXITY`
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`max_depth DEFAULT_MAX_DEPTH`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
Add mutation toggling WIP state of merge requests This is mainly the setup of mutations for GraphQL. Including authorization and basic return type-structure. 2018-07-10 14:19:45 +00:00			`mutation(Types::MutationType)`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`class << self`
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`def multiplex(queries, **kwargs)`
			`kwargs[:max_complexity] \|\|= max_query_complexity(kwargs[:context])`

			`queries.each do \|query\|`
			`query[:max_depth] = max_query_depth(kwargs[:context])`
			`end`

			`super(queries, **kwargs)`
			`end`

58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`def execute(query_str = nil, **kwargs)`
			`kwargs[:max_complexity] \|\|= max_query_complexity(kwargs[:context])`
			`kwargs[:max_depth] \|\|= max_query_depth(kwargs[:context])`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`super(query_str, **kwargs)`
			`end`

Expose IDs in GraphQL as a GlobalID This exposes all fields named `id` as GlobalIDs so they can be used across our entire GraphQL implementation. When the objects loaded are `ApplicationRecord`s. We'll use our existing batchloading to find them. Otherwise, we'll fall back to the default implementation of `GlobalID`: Calling the `.find` method on the class. 2019-06-03 17:38:16 +00:00			`def id_from_object(object)`
			`unless object.respond_to?(:to_global_id)`
			`# This is an error in our schema and needs to be solved. So raise a`
			`# more meaningfull error message`
			raise "#{object} does not implement `to_global_id`. "\
			"Include `GlobalID::Identification` into `#{object.class}"
			`end`

			`object.to_global_id`
			`end`

			`def object_from_id(global_id)`
			`gid = GlobalID.parse(global_id)`

			`unless gid`
			`raise Gitlab::Graphql::Errors::ArgumentError, "#{global_id} is not a valid GitLab id."`
			`end`

			`if gid.model_class < ApplicationRecord`
			`Gitlab::Graphql::Loaders::BatchModelLoader.new(gid.model_class, gid.model_id).find`
GraphQL support for Notes created in discussions A new `discussion_id` argument on the `createNote` mutation allows people to create a note within that discussion. The ability to lazy-load Discussions has been added, so GraphQL.object_from_id can treat Discussions the same as AR objects and batch load them. https://gitlab.com/gitlab-org/gitlab-ce/issues/62826 https://gitlab.com/gitlab-org/gitlab-ee/issues/9489 2019-07-04 03:33:14 +00:00			`elsif gid.model_class.respond_to?(:lazy_find)`
			`gid.model_class.lazy_find(gid.model_id)`
Expose IDs in GraphQL as a GlobalID This exposes all fields named `id` as GlobalIDs so they can be used across our entire GraphQL implementation. When the objects loaded are `ApplicationRecord`s. We'll use our existing batchloading to find them. Otherwise, we'll fall back to the default implementation of `GlobalID`: Calling the `.find` method on the class. 2019-06-03 17:38:16 +00:00			`else`
			`gid.find`
			`end`
			`end`

58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`private`

			`def max_query_complexity(ctx)`
			`current_user = ctx&.fetch(:current_user, nil)`

			`if current_user&.admin`
			`ADMIN_COMPLEXITY`
			`elsif current_user`
			`AUTHENTICATED_COMPLEXITY`
			`else`
			`DEFAULT_MAX_COMPLEXITY`
			`end`
			`end`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`def max_query_depth(ctx)`
			`current_user = ctx&.fetch(:current_user, nil)`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`if current_user`
			`AUTHENTICATED_MAX_DEPTH`
			`else`
Enables GraphQL batch requests Enabling GraphQL batch requests allows for multiple queries to be sent in 1 request reducing the amount of requests we send to the server. Responses come come back in the same order as the queries were provided. 2019-05-09 09:27:07 +00:00			`DEFAULT_MAX_DEPTH`
58404 - setup max depth for graphql 58404 - add change log 58404 - add spec 58404 - add more spec to test depth 2 58404 - fix spec 58404 - fix rubocop 58404 - refactor the code by Bob's advice 58404 - revert changes of all_graphql_fields_for 58404 - change text only 58404 - fix rspec according to gitlab's standard 58404 - revert previous spec 58404 - fix rubocop 2019-05-06 14:00:03 +00:00			`end`
Initial field and query complexity limits It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user. 2019-03-27 20:02:25 +00:00			`end`
			`end`
Add a minimal GraphQL API 2017-08-16 13:04:41 +00:00			`end`