Merge pull request #5310 from rmosolgo/limiter-dashboard

Migrate limiter dashboard

Author: rmosolgo

gemfiles/rails_master.gemfile

@@ -27,4 +27,5 @@ gemspec path: "../"
 
 if Bundler.settings["GEMS__GRAPHQL__PRO"]
   gem "graphql-pro", source: "https://gems.graphql.pro"
+  gem "graphql-enterprise", source: "https://gems.graphql.pro"
 end

lib/graphql/dashboard.rb

@@ -37,8 +37,18 @@ class Dashboard < Rails::Engine
     routes.draw do
       root "landings#show"
       resources :statics, only: :show, constraints: { id: /[0-9A-Za-z\-.]+/ }
-      delete "/traces/delete_all", to: "traces#delete_all", as: :traces_delete_all
-      resources :traces, only: [:index, :show, :destroy]
+
+      namespace :detailed_traces do
+        resources :traces, only: [:index, :show, :destroy] do
+          collection do
+            delete :delete_all, to: "traces#delete_all", as: :delete_all
+          end
+        end
+      end
+
+      namespace :limiters do
+        resources :limiters, only: [:show, :update], param: :name
+      end
 
       namespace :operation_store do
         resources :clients, param: :name do
@@ -106,32 +116,6 @@ def show
       end
     end
 
-    class TracesController < ApplicationController
-      def index
-        @detailed_trace_installed = !!schema_class.detailed_trace
-        if @detailed_trace_installed
-          @last = params[:last]&.to_i || 50
-          @before = params[:before]&.to_i
-          @traces = schema_class.detailed_trace.traces(last: @last, before: @before)
-        end
-      end
-
-      def show
-        trace = schema_class.detailed_trace.find_trace(params[:id].to_i)
-        send_data(trace.trace_data)
-      end
-
-      def destroy
-        schema_class.detailed_trace.delete_trace(params[:id])
-        head :no_content
-      end
-
-      def delete_all
-        schema_class.detailed_trace.delete_all_traces
-        head :no_content
-      end
-    end
-
     class StaticsController < ApplicationController
       skip_after_action :verify_same_origin_request
       # Use an explicit list of files to avoid any chance of reading other files from disk
@@ -140,6 +124,7 @@ class StaticsController < ApplicationController
       [
         "icon.png",
         "header-icon.png",
+        "charts.min.css",
         "dashboard.css",
         "dashboard.js",
         "bootstrap-5.3.3.min.css",
@@ -160,6 +145,8 @@ def show
   end
 end
 
+require 'graphql/dashboard/detailed_traces'
+require 'graphql/dashboard/limiters'
 require 'graphql/dashboard/operation_store'
 require 'graphql/dashboard/subscriptions'
 

lib/graphql/dashboard/detailed_traces.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+require_relative "./installable"
+module Graphql
+  class Dashboard < Rails::Engine
+    module DetailedTraces
+      class TracesController < Graphql::Dashboard::ApplicationController
+        include Installable
+
+        def index
+          @last = params[:last]&.to_i || 50
+          @before = params[:before]&.to_i
+          @traces = schema_class.detailed_trace.traces(last: @last, before: @before)
+        end
+
+        def show
+          trace = schema_class.detailed_trace.find_trace(params[:id].to_i)
+          send_data(trace.trace_data)
+        end
+
+        def destroy
+          schema_class.detailed_trace.delete_trace(params[:id])
+          flash[:success] = "Trace deleted."
+          head :no_content
+        end
+
+        def delete_all
+          schema_class.detailed_trace.delete_all_traces
+          flash[:success] = "Deleted all traces."
+          head :no_content
+        end
+
+        private
+
+        def feature_installed?
+          !!schema_class.detailed_trace
+        end
+
+        INSTALLABLE_COMPONENT_HEADER_HTML = "Detailed traces aren't installed yet."
+        INSTALLABLE_COMPONENT_MESSAGE_HTML = <<~HTML.html_safe
+          GraphQL-Ruby can instrument production traffic and save tracing artifacts here for later review.
+          <br>
+          Read more in <a href="https://graphql-ruby.org/queries/tracing#detailed-traces">the detailed tracing docs</a>.
+        HTML
+      end
+    end
+  end
+end

lib/graphql/dashboard/installable.rb

@@ -12,8 +12,9 @@ def feature_installed?
 
       def check_installed
         if !feature_installed?
-          dashboard_module = self.class.name.split("::")[-2]
-          render "graphql/dashboard/#{dashboard_module.underscore}/not_installed"
+          @component_header_html = self.class::INSTALLABLE_COMPONENT_HEADER_HTML
+          @component_message_html = self.class::INSTALLABLE_COMPONENT_MESSAGE_HTML
+          render "graphql/dashboard/not_installed"
         end
       end
     end

lib/graphql/dashboard/limiters.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+require_relative "./installable"
+module Graphql
+  class Dashboard < Rails::Engine
+    module Limiters
+      class LimitersController < Dashboard::ApplicationController
+        include Installable
+        FALLBACK_CSP_NONCE_GENERATOR = ->(_req) { SecureRandom.hex(32) }
+
+        def show
+          name = params[:name]
+          @title = case name
+          when "runtime"
+            "Runtime Limiter"
+          when "active_operations"
+            "Active Operation Limiter"
+          when "mutations"
+            "Mutation Limiter"
+          else
+            raise ArgumentError, "Unknown limiter name: #{name}"
+          end
+
+          limiter = limiter_for(name)
+          if limiter.nil?
+            @install_path = "http://graphql-ruby.org/limiters/#{name}"
+          else
+            @chart_mode = params[:chart] || "day"
+            @current_soft = limiter.soft_limit_enabled?
+            @histogram = limiter.dashboard_histogram(@chart_mode)
+
+            # These configs may have already been defined by the application; provide overrides here if not.
+            request.content_security_policy_nonce_generator ||= FALLBACK_CSP_NONCE_GENERATOR
+            nonce_dirs = request.content_security_policy_nonce_directives || []
+            if !nonce_dirs.include?("style-src")
+              nonce_dirs += ["style-src"]
+              request.content_security_policy_nonce_directives = nonce_dirs
+            end
+            @csp_nonce = request.content_security_policy_nonce
+          end
+        end
+
+        def update
+          name = params[:name]
+          limiter = limiter_for(name)
+          if limiter
+            limiter.toggle_soft_limit
+            flash[:success] = if limiter.soft_limit_enabled?
+              "Enabled soft limiting -- over-limit traffic will be logged but not rejected."
+            else
+              "Disabled soft limiting -- over-limit traffic will be rejected."
+            end
+          else
+            flash[:warning] = "No limiter configured for #{name.inspect}"
+          end
+
+          redirect_to graphql_dashboard.limiters_limiter_path(name, chart: params[:chart])
+        end
+
+        private
+
+        def limiter_for(name)
+          case name
+          when "runtime"
+            schema_class.enterprise_runtime_limiter
+          when "active_operations"
+            schema_class.enterprise_active_operation_limiter
+          when "mutations"
+            schema_class.enterprise_mutation_limiter
+          else
+            raise ArgumentError, "Unknown limiter: #{name}"
+          end
+        end
+
+        def feature_installed?
+          defined?(GraphQL::Enterprise::Limiter) &&
+            (
+              schema_class.enterprise_active_operation_limiter ||
+              schema_class.enterprise_runtime_limiter ||
+              (schema_class.respond_to?(:enterprise_mutation_limiter) && schema_class.enterprise_mutation_limiter)
+            )
+        end
+
+
+        INSTALLABLE_COMPONENT_HEADER_HTML = "Rate limiters aren't installed on this schema yet."
+        INSTALLABLE_COMPONENT_MESSAGE_HTML = <<-HTML.html_safe
+          Check out the docs to get started with GraphQL-Enterprise's
+          <a href="https://graphql-ruby.org/limiters/runtime.html">runtime limiter</a> or
+          <a href="https://graphql-ruby.org/limiters/active_operations.html">active operation limiter</a>.
+        HTML
+      end
+    end
+  end
+end

lib/graphql/dashboard/operation_store.rb

@@ -11,6 +11,12 @@ class BaseController < Dashboard::ApplicationController
         def feature_installed?
           schema_class.respond_to?(:operation_store) && schema_class.operation_store.is_a?(GraphQL::Pro::OperationStore)
         end
+
+        INSTALLABLE_COMPONENT_HEADER_HTML = "<code>OperationStore</code> isn't installed for this schema yet.".html_safe
+        INSTALLABLE_COMPONENT_MESSAGE_HTML = <<-HTML.html_safe
+          Learn more about improving performance and security with stored operations
+          in the <a href="https://graphql-ruby.org/operation_store/overview.html"><code>OperationStore</code> docs</a>.
+        HTML
       end
 
       class ClientsController < BaseController

lib/graphql/dashboard/statics/charts.min.css

@@ -7,3 +7,24 @@
   width: 100%;
   white-space: pre-wrap;
 }
+
+#limiter-histogram .column {
+  max-height: 300px;
+}
+
+#limiter-histogram .column td {
+  --color-1: var(--bs-gray);
+  --color-2: var(--bs-red);
+  opacity: 0.6;
+}
+
+#limiter-histogram .column td:hover {
+  opacity: 1;
+}
+
+#limiter-histogram .column tbody tr th[scope=row] {
+  width: 150px;
+  transform: rotate(-75deg) translateY(55px) translateX(-50px);
+  left: auto;
+  --labels-align-inline: end;
+}

lib/graphql/dashboard/statics/dashboard.css

@@ -55,17 +55,34 @@ async function openOnPerfetto(operationName, tracePath) {
 function getCsrfToken() {
   return document.querySelector("meta[name='csrf-token']").content
 }
-async function deleteTrace(tracePath, event) {
+
+function deleteTrace(tracePath) {
   if (confirm("Are you sure you want to permanently delete this trace?")) {
-    var response = await fetch(tracePath, { method: "DELETE", headers: {
+    fetch(tracePath, { method: "DELETE", headers: {
       "X-CSRF-Token": getCsrfToken()
-    } })
-    if (response.ok) {
-      var row = event.target.closest("tr")
-      row.remove()
-    } else {
-      console.error("Delete request failed for", tracePath, response)
-    }
+    } }).then(function(_response) {
+      window.location.reload()
+    })
+  }
+}
+
+function deleteAllTraces(path) {
+  if (confirm("Are you sure you want to permanently delete ALL traces?")) {
+    fetch(path, { method: "DELETE", headers: {
+      "X-CSRF-Token": getCsrfToken()
+    } }).then(function(_response) {
+      window.location.reload()
+    })
+  }
+}
+
+function deleteAllSubscriptions(path) {
+  if (confirm("This will:\n\n- Remove all subscriptions from the database\n- Stop updates to all current subscribers\n\nAre you sure?")) {
+    fetch(path, { method: "POST", headers: {
+      "X-CSRF-Token": getCsrfToken()
+    } }).then(function(_response) {
+      window.location.reload()
+    })
   }
 }
 
@@ -114,6 +131,10 @@ document.addEventListener("click", function(event) {
     openOnPerfetto(dataset.perfettoOpen, dataset.perfettoPath)
   } else if (dataset.perfettoDelete) {
     deleteTrace(dataset.perfettoDelete, event)
+  } else if (dataset.perfettoDeleteAll) {
+    deleteAllTraces(dataset.perfettoDeleteAll)
+  } else if (dataset.subscriptionsDeleteAll) {
+    deleteAllSubscriptions(dataset.subscriptionsDeleteAll)
   } else if (event.target.id == "themeToggle") {
     toggleTheme()
   } else if (dataset.archiveClient || dataset.archiveAll) {

lib/graphql/dashboard/statics/dashboard.js

@@ -8,6 +8,14 @@ class BaseController < Graphql::Dashboard::ApplicationController
         def feature_installed?
           schema_class.subscriptions.is_a?(GraphQL::Pro::Subscriptions)
         end
+
+        INSTALLABLE_COMPONENT_HEADER_HTML = "GraphQL-Pro Subscriptions aren't installed on this schema yet.".html_safe
+        INSTALLABLE_COMPONENT_MESSAGE_HTML = <<-HTML.html_safe
+          Deliver live updates over
+          <a href="https://graphql-ruby.org/subscriptions/pusher_implementation.html">Pusher</a> or
+          <a href="https://graphql-ruby.org/subscriptions/ably_implementation.html"> Ably</a>
+          with GraphQL-Pro's subscription integrations.
+        HTML
       end
 
       class TopicsController < BaseController
@@ -80,7 +88,7 @@ def show
         def clear_all
           schema_class.subscriptions.clear
           flash[:success] = "All subscription data cleared."
-          redirect_to graphql_dashboard.subscriptions_topics_path
+          head :no_content
         end
       end
     end