RubyGems - dial - Versions diffs - 0.2.3 → 0.2.4 - Mend

dial 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +12 -3
data/lib/dial/configuration.rb +3 -2
data/lib/dial/constants.rb +2 -0
data/lib/dial/middleware/panel.rb +14 -3
data/lib/dial/middleware/ruby_stat.rb +1 -1
data/lib/dial/middleware.rb +7 -5
data/lib/dial/railtie.rb +0 -1
data/lib/dial/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edead8fe405ee09b2ece6be004f6200ddd9394707a41da3509cbd168f3b88c67
-  data.tar.gz: 506f4b258c2b0acf117b1f4885ede6cf93ec739c1f21e0dc82b1f3da086f9a2c
+  metadata.gz: c21506e3c567f79104e394c2ab2fc1c29d433ef9e9e27f201d8fe3e6bdc2227f
+  data.tar.gz: 5a8a65aa3fcdd52d59508ebac6bb12bfa156d6f577793f7c05ac8eb14d5409b3
 SHA512:
-  metadata.gz: c8f6c3705814f0cc0ae49bddf462741cf74d6de0733bd08280f6b01123368afb6ad46a1f7bf09329ee1c16c53a1d651c34b39d7277efce651f72550cd8e06557
-  data.tar.gz: 22236134d9731d47eacbc6d931ed2484b4e5451c875e554dcd5fc5fea3db84e3aaaf429db3f318939de30d52aa49ff49251f5300fc8243bf41e247d40c11c555
+  metadata.gz: c20d37444e2d186490ea5e75d30c2a6940d56adbff21c91d01a448d96b4b7b6baa0ead5da5305a1398dcd8e916f5a9dab60c2d0d101404a1377a998fe2d2d91c
+  data.tar.gz: 525eef47d8136c0c34ddc0c8460637370e87ea13d43c8d83e1c3b4c9dc992b192414f570a0258a9ffd16206a235611a5450982c3a9cf474f12552c16ef646613

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 ## [Unreleased]
+## [0.2.4] - 2025-03-03
+- Add configuration option for setting script CSP nonce (thanks @matthaigh27)
 ## [0.2.3] - 2025-02-28
 - Add configuration API

data/README.md CHANGED Viewed

@@ -39,12 +39,21 @@ mount Dial::Engine, at: "/" if Rails.env.development?
 # config/initializers/dial.rb
 Dial.configure do |config|
-  config.vernier_interval = 100 # default: 200
-  config.vernier_allocation_interval = 10_000 # default: 20_000
-  config.prosopite_ignore_queries += [/pg_sleep/i] # default: [/schema_migrations/i]
+  config.vernier_interval = 100
+  config.vernier_allocation_interval = 10_000
+  config.prosopite_ignore_queries += [/pg_sleep/i]
 end
 ```
+### Options
+Option | Description | Default
+- | - | -
+`vernier_interval` | Sets the `interval` option for vernier. | `200`
+`vernier_allocation_interval` | Sets the `allocation_interval` option for vernier. | `20_000`
+`prosopite_ignore_queries` | Sets the `ignore_queries` option for prosopite. | `[/schema_migrations/i]`
+`content_security_policy_nonce` | Sets the content security policy nonce to use when inserting Dial's script. Can be a string, or a Proc which receives `env` and response `headers` as arguments and returns the nonce. | Rails generated nonce or `nil`
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake test` to run the

data/lib/dial/configuration.rb CHANGED Viewed

@@ -15,14 +15,15 @@ module Dial
         vernier_interval: VERNIER_INTERVAL,
         vernier_allocation_interval: VERNIER_ALLOCATION_INTERVAL,
         prosopite_ignore_queries: PROSOPITE_IGNORE_QUERIES,
+        content_security_policy_nonce: -> (env, _headers) { env[NONCE] || "" },
       }
       @options.keys.each do |key|
-        define_singleton_method(key) do
+        define_singleton_method key do
           @options[key]
         end
-        define_singleton_method("#{key}=") do |value|
+        define_singleton_method "#{key}=" do |value|
           @options[key] = value
         end
       end

data/lib/dial/constants.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "rack"
+require "action_dispatch"
 require_relative "version"
@@ -10,6 +11,7 @@ module Dial
   HTTP_ACCEPT = "HTTP_ACCEPT"
   CONTENT_TYPE = ::Rack::CONTENT_TYPE
   CONTENT_LENGTH = ::Rack::CONTENT_LENGTH
+  NONCE = ::ActionDispatch::ContentSecurityPolicy::Request::NONCE
   REQUEST_TIMING = "dial_request_timing"
   FILE_STALE_SECONDS = 60 * 60

data/lib/dial/middleware/panel.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require "uri"
 module Dial
   class Panel
     class << self
-      def html env, profile_out_filename, query_logs, ruby_vm_stat, gc_stat, gc_stat_heap, server_timing
+      def html env, headers, profile_out_filename, query_logs, ruby_vm_stat, gc_stat, gc_stat_heap, server_timing
         <<~HTML
           <style>#{style}</style>
@@ -69,7 +69,9 @@ module Dial
             </div>
           </div>
-          <script>#{script}</script>
+          <script nonce="#{configured_nonce env, headers}">
+            #{script}
+          </script>
         HTML
       end
@@ -171,7 +173,7 @@ module Dial
       end
       def formatted_rails_route_info env
-        rails_route_info = begin
+        begin
           ::Rails.application.routes.recognize_path env[::Rack::PATH_INFO], method: env[::Rack::REQUEST_METHOD]
         rescue ::ActionController::RoutingError
           {}
@@ -253,6 +255,15 @@ module Dial
           HTML
         end.join
       end
+      def configured_nonce env, headers
+        config_nonce = Dial._configuration.content_security_policy_nonce
+        if config_nonce.instance_of? Proc
+          config_nonce.call env, headers
+        else
+          config_nonce
+        end
+      end
     end
   end
 end

data/lib/dial/middleware/ruby_stat.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Dial
     def stat_diff before, after, no_diff: []
       after.except(*no_diff).each_with_object({}) do |(key, value), diff|
         diff[key] = value - before[key]
-      end.merge after.slice *no_diff
+      end.merge after.slice(*no_diff)
     end
   end
 end

data/lib/dial/middleware.rb CHANGED Viewed

@@ -51,10 +51,12 @@ module Dial
       body = String.new.tap do |str|
         rack_body.each { |chunk| str << chunk }
         rack_body.close if rack_body.respond_to? :close
-      end.sub "</body>", <<~HTML
-          #{Panel.html env, profile_out_filename, query_logs, ruby_vm_stat, gc_stat, gc_stat_heap, server_timing}
-        </body>
-      HTML
+        str.sub! "</body>", <<~HTML
+            #{Panel.html env, headers, profile_out_filename, query_logs, ruby_vm_stat, gc_stat, gc_stat_heap, server_timing}
+          </body>
+        HTML
+      end
       headers[CONTENT_LENGTH] = body.bytesize.to_s
@@ -86,7 +88,7 @@ module Dial
     def clear_query_logs!
       [].tap do |query_logs|
-        File.open("#{query_log_dir_pathname}/#{PROSOPITE_LOG_FILENAME}", "r+") do |file|
+        File.open "#{query_log_dir_pathname}/#{PROSOPITE_LOG_FILENAME}", "r+" do |file|
           entry = section = count = nil
           file.each_line do |line|
             entry, section, count = process_query_log_line line, entry, section, count

data/lib/dial/railtie.rb CHANGED Viewed

@@ -48,7 +48,6 @@ module Dial
       app.config.after_initialize do
         Dial._configuration.freeze
-        # set static configuration options
         ::Prosopite.ignore_queries = Dial._configuration.prosopite_ignore_queries
       end
     end

data/lib/dial/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dial
-  VERSION = "0.2.3"
+  VERSION = "0.2.4"
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dial
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.2.4
 platform: ruby
 authors:
 - Joshua Young
 bindir: bin
 cert_chain: []
-date: 2025-02-28 00:00:00.000000000 Z
+date: 2025-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties