ahoy_matey 2.0.0 → 3.2.0

data/lib/ahoy/tracker.rb

@@ -1,5 +1,9 @@
+require "active_support/core_ext/digest/uuid"
+
 module Ahoy
   class Tracker
+    UUID_NAMESPACE = "a82ae811-5011-45ab-a728-569df7499c5f"
+
     attr_reader :request, :controller
 
     def initialize(**options)
@@ -7,6 +11,7 @@ module Ahoy
       @controller = options[:controller]
       @request = options[:request] || @controller.try(:request)
       @visit_token = options[:visit_token]
+      @user = options[:user]
       @options = options
     end
 
@@ -33,7 +38,7 @@ module Ahoy
       report_exception(e)
     end
 
-    def track_visit(defer: false)
+    def track_visit(defer: false, started_at: nil)
       if exclude?
         debug "Visit excluded"
       elsif missing_params?
@@ -42,16 +47,18 @@ module Ahoy
         if defer
           set_cookie("ahoy_track", true, nil, false)
         else
+          delete_cookie("ahoy_track")
+
           data = {
             visit_token: visit_token,
             visitor_token: visitor_token,
             user_id: user.try(:id),
-            started_at: trusted_time,
+            started_at: trusted_time(started_at),
           }.merge(visit_properties).select { |_, v| v }
 
           @store.track_visit(data)
 
-          Ahoy::GeocodeV2Job.perform_later(visit_token, data[:ip]) if Ahoy.geocode
+          Ahoy::GeocodeV2Job.perform_later(visit_token, data[:ip]) if Ahoy.geocode && data[:ip]
         end
       end
       true
@@ -60,12 +67,12 @@ module Ahoy
     end
 
     def geocode(data)
-      if exclude?
-        debug "Geocode excluded"
-      else
-        @store.geocode(data.select { |_, v| v })
-        true
-      end
+      data = {
+        visit_token: visit_token
+      }.merge(data).select { |_, v| v }
+
+      @store.geocode(data)
+      true
     rescue => e
       report_exception(e)
     end
@@ -91,8 +98,12 @@ module Ahoy
       @visit ||= @store.visit
     end
 
+    def visit_or_create
+      @visit ||= @store.visit_or_create
+    end
+
     def new_visit?
-      !existing_visit_token
+      Ahoy.cookies ? !existing_visit_token : visit.nil?
     end
 
     def new_visitor?
@@ -113,9 +124,8 @@ module Ahoy
       @user ||= @store.user
     end
 
-    # TODO better name
     def visit_properties
-      @visit_properties ||= Ahoy::VisitProperties.new(request, api: api?).generate
+      @visit_properties ||= request ? Ahoy::VisitProperties.new(request, api: api?).generate : {}
     end
 
     def visit_token
@@ -130,13 +140,13 @@ module Ahoy
 
     def reset
       reset_visit
-      request.cookie_jar.delete("ahoy_visitor")
+      delete_cookie("ahoy_visitor")
     end
 
     def reset_visit
-      request.cookie_jar.delete("ahoy_visit")
-      request.cookie_jar.delete("ahoy_events")
-      request.cookie_jar.delete("ahoy_track")
+      delete_cookie("ahoy_visit")
+      delete_cookie("ahoy_events")
+      delete_cookie("ahoy_track")
     end
 
     protected
@@ -146,7 +156,7 @@ module Ahoy
     end
 
     def missing_params?
-      if api? && Ahoy.protect_from_forgery
+      if Ahoy.cookies && api? && Ahoy.protect_from_forgery
         !(existing_visit_token && existing_visitor_token)
       else
         false
@@ -154,18 +164,24 @@ module Ahoy
     end
 
     def set_cookie(name, value, duration = nil, use_domain = true)
-      cookie = {
-        value: value
-      }
+      # safety net
+      return unless Ahoy.cookies && request
+
+      cookie = Ahoy.cookie_options.merge(value: value)
       cookie[:expires] = duration.from_now if duration
-      domain = Ahoy.cookie_domain
-      cookie[:domain] = domain if domain && use_domain
+      # prefer cookie_options[:domain] over cookie_domain
+      cookie[:domain] ||= Ahoy.cookie_domain if Ahoy.cookie_domain
+      cookie.delete(:domain) unless use_domain
       request.cookie_jar[name] = cookie
     end
 
+    def delete_cookie(name)
+      request.cookie_jar.delete(name) if request && request.cookie_jar[name]
+    end
+
     def trusted_time(time = nil)
       if !time || (api? && !(1.minute.ago..Time.now).cover?(time))
-        Time.zone.now
+        Time.current
       else
         time
       end
@@ -176,7 +192,12 @@ module Ahoy
     end
 
     def report_exception(e)
-      Safely.report_exception(e)
+      if defined?(ActionDispatch::RemoteIp::IpSpoofAttackError) && e.is_a?(ActionDispatch::RemoteIp::IpSpoofAttackError)
+        debug "Tracking excluded due to IP spoofing"
+      else
+        raise e if !defined?(Rails) || Rails.env.development? || Rails.env.test?
+        Safely.report_exception(e)
+      end
     end
 
     def generate_id
@@ -186,6 +207,7 @@ module Ahoy
     def visit_token_helper
       @visit_token_helper ||= begin
         token = existing_visit_token
+        token ||= visit_anonymity_set unless Ahoy.cookies
         token ||= generate_id unless Ahoy.api_only
         token
       end
@@ -194,6 +216,7 @@ module Ahoy
     def visitor_token_helper
       @visitor_token_helper ||= begin
         token = existing_visitor_token
+        token ||= visitor_anonymity_set unless Ahoy.cookies
         token ||= generate_id unless Ahoy.api_only
         token
       end
@@ -202,7 +225,7 @@ module Ahoy
     def existing_visit_token
       @existing_visit_token ||= begin
         token = visit_header
-        token ||= visit_cookie unless api? && Ahoy.protect_from_forgery
+        token ||= visit_cookie if Ahoy.cookies && !(api? && Ahoy.protect_from_forgery)
         token ||= visit_param if api?
         token
       end
@@ -211,12 +234,20 @@ module Ahoy
     def existing_visitor_token
       @existing_visitor_token ||= begin
         token = visitor_header
-        token ||= visitor_cookie unless api? && Ahoy.protect_from_forgery
+        token ||= visitor_cookie if Ahoy.cookies && !(api? && Ahoy.protect_from_forgery)
         token ||= visitor_param if api?
         token
       end
     end
 
+    def visit_anonymity_set
+      @visit_anonymity_set ||= Digest::UUID.uuid_v5(UUID_NAMESPACE, ["visit", Ahoy.mask_ip(request.remote_ip), request.user_agent].join("/"))
+    end
+
+    def visitor_anonymity_set
+      @visitor_anonymity_set ||= Digest::UUID.uuid_v5(UUID_NAMESPACE, ["visitor", Ahoy.mask_ip(request.remote_ip), request.user_agent].join("/"))
+    end
+
     def visit_cookie
       @visit_cookie ||= request && request.cookies["ahoy_visit"]
     end
@@ -242,11 +273,12 @@ module Ahoy
     end
 
     def ensure_token(token)
+      token = Ahoy::Utils.ensure_utf8(token)
       token.to_s.gsub(/[^a-z0-9\-]/i, "").first(64) if token
     end
 
     def debug(message)
-      Rails.logger.debug { "[ahoy] #{message}" }
+      Ahoy.log message
     end
   end
 end

data/lib/ahoy/utils.rb

@@ -0,0 +1,7 @@
+module Ahoy
+  module Utils
+    def self.ensure_utf8(str)
+      str.encode("UTF-8", "binary", invalid: :replace, undef: :replace, replace: "") if str
+    end
+  end
+end

data/lib/ahoy/version.rb

@@ -1,3 +1,3 @@
 module Ahoy
-  VERSION = "2.0.0"
+  VERSION = "3.2.0"
 end

data/lib/ahoy/visit_properties.rb

@@ -1,6 +1,6 @@
-require "browser"
-require "referer-parser"
-require "user_agent_parser"
+require "cgi"
+require "device_detector"
+require "uri"
 
 module Ahoy
   class VisitProperties
@@ -20,59 +20,95 @@ module Ahoy
     private
 
     def utm_properties
-      landing_uri = Addressable::URI.parse(landing_page) rescue nil
-      landing_params = (landing_uri && landing_uri.query_values) || {}
+      landing_params = {}
+      begin
+        landing_uri = URI.parse(landing_page)
+        # could also use Rack::Utils.parse_nested_query
+        landing_params = CGI.parse(landing_uri.query) if landing_uri
+      rescue
+        # do nothing
+      end
 
       props = {}
       %w(utm_source utm_medium utm_term utm_content utm_campaign).each do |name|
-        props[name.to_sym] = params[name] || landing_params[name]
+        props[name.to_sym] = params[name] || landing_params[name].try(:first)
       end
       props
     end
 
     def traffic_properties
-      # cache for performance
-      @@referrer_parser ||= RefererParser::Parser.new
-
+      uri = URI.parse(referrer) rescue nil
       {
-        referring_domain: (Addressable::URI.parse(referrer).host.first(255) rescue nil),
-        search_keyword: (@@referrer_parser.parse(@referrer)[:term][0..255] rescue nil).presence
+        referring_domain: uri.try(:host).try(:first, 255)
       }
     end
 
     def tech_properties
-      # cache for performance
-      @@user_agent_parser ||= UserAgentParser::Parser.new
+      if Ahoy.user_agent_parser == :device_detector
+        client = DeviceDetector.new(request.user_agent)
+        device_type =
+          case client.device_type
+          when "smartphone"
+            "Mobile"
+          when "tv"
+            "TV"
+          else
+            client.device_type.try(:titleize)
+          end
 
-      user_agent = request.user_agent
-      agent = @@user_agent_parser.parse(user_agent)
-      browser = Browser.new(user_agent)
-      device_type =
-        if browser.bot?
-          "Bot"
-        elsif browser.device.tv?
-          "TV"
-        elsif browser.device.console?
-          "Console"
-        elsif browser.device.tablet?
-          "Tablet"
-        elsif browser.device.mobile?
-          "Mobile"
-        else
-          "Desktop"
-        end
+        {
+          browser: client.name,
+          os: client.os_name,
+          device_type: device_type
+        }
+      else
+        raise "Add browser to your Gemfile to use legacy user agent parsing" unless defined?(Browser)
+        raise "Add user_agent_parser to your Gemfile to use legacy user agent parsing" unless defined?(UserAgentParser)
 
-      {
-        browser: agent.name,
-        os: agent.os.name,
-        device_type: device_type,
-      }
+        # cache for performance
+        @@user_agent_parser ||= UserAgentParser::Parser.new
+
+        user_agent = request.user_agent
+        agent = @@user_agent_parser.parse(user_agent)
+        browser = Browser.new(user_agent)
+        device_type =
+          if browser.bot?
+            "Bot"
+          elsif browser.device.tv?
+            "TV"
+          elsif browser.device.console?
+            "Console"
+          elsif browser.device.tablet?
+            "Tablet"
+          elsif browser.device.mobile?
+            "Mobile"
+          else
+            "Desktop"
+          end
+
+        {
+          browser: agent.name,
+          os: agent.os.name,
+          device_type: device_type
+        }
+      end
+    end
+
+    # masking based on Google Analytics anonymization
+    # https://support.google.com/analytics/answer/2763052
+    def ip
+      ip = request.remote_ip
+      if ip && Ahoy.mask_ips
+        Ahoy.mask_ip(ip)
+      else
+        ip
+      end
     end
 
     def request_properties
       {
-        ip: request.remote_ip,
-        user_agent: request.user_agent,
+        ip: ip,
+        user_agent: Ahoy::Utils.ensure_utf8(request.user_agent),
         referrer: referrer,
         landing_page: landing_page,
         platform: params["platform"],

data/lib/generators/ahoy/activerecord_generator.rb

@@ -1,40 +1,23 @@
-# taken from https://github.com/collectiveidea/audited/blob/master/lib/generators/audited/install_generator.rb
-require "rails/generators"
-require "rails/generators/migration"
-require "active_record"
 require "rails/generators/active_record"
 
 module Ahoy
   module Generators
     class ActiverecordGenerator < Rails::Generators::Base
-      include Rails::Generators::Migration
-      source_root File.expand_path("../templates", __FILE__)
+      include ActiveRecord::Generators::Migration
+      source_root File.join(__dir__, "templates")
 
       class_option :database, type: :string, aliases: "-d"
 
-      # Implement the required interface for Rails::Generators::Migration.
-      def self.next_migration_number(dirname) #:nodoc:
-        next_migration_number = current_migration_number(dirname) + 1
-        if ::ActiveRecord::Base.timestamped_migrations
-          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
-        else
-          "%.3d" % next_migration_number
-        end
-      end
-
       def copy_templates
         template "database_store_initializer.rb", "config/initializers/ahoy.rb"
         template "active_record_visit_model.rb", "app/models/ahoy/visit.rb"
         template "active_record_event_model.rb", "app/models/ahoy/event.rb"
         migration_template "active_record_migration.rb", "db/migrate/create_ahoy_visits_and_events.rb", migration_version: migration_version
-        migrate_command = rails5? ? "rails" : "rake"
-        puts "\nAlmost set! Last, run:\n\n    #{migrate_command} db:migrate"
+        puts "\nAlmost set! Last, run:\n\n    rails db:migrate"
       end
 
       def properties_type
-        # use connection_config instead of connection.adapter
-        # so database connection isn't needed
-        case ActiveRecord::Base.connection_config[:adapter].to_s
+        case adapter
         when /postg/i # postgres, postgis
           "jsonb"
         when /mysql/i
@@ -44,14 +27,22 @@ module Ahoy
         end
       end
 
-      def rails5?
-        Rails::VERSION::MAJOR >= 5
+      # use connection_config instead of connection.adapter
+      # so database connection isn't needed
+      def adapter
+        if ActiveRecord::VERSION::STRING.to_f >= 6.1
+          ActiveRecord::Base.connection_db_config.adapter.to_s
+        else
+          ActiveRecord::Base.connection_config[:adapter].to_s
+        end
+      end
+
+      def rails52?
+        ActiveRecord::VERSION::STRING.to_f >= 5.2
       end
 
       def migration_version
-        if rails5?
-          "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
-        end
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
       end
     end
   end

data/lib/generators/ahoy/base_generator.rb

@@ -3,7 +3,7 @@ require "rails/generators"
 module Ahoy
   module Generators
     class BaseGenerator < Rails::Generators::Base
-      source_root File.expand_path("../templates", __FILE__)
+      source_root File.join(__dir__, "templates")
 
       def copy_templates
         template "base_store_initializer.rb", "config/initializers/ahoy.rb"