lapsoss 0.1.0

data/lib/lapsoss/user_context.rb

@@ -0,0 +1,355 @@
+# frozen_string_literal: true
+
+module Lapsoss
+  # Enhanced user context handling with privacy controls
+  class UserContext
+    SENSITIVE_FIELDS = %i[
+      email phone mobile telephone
+      address street city state zip postal_code country
+      ssn social_security_number
+      credit_card card_number cvv
+      password password_confirmation
+      secret token api_key
+      ip_address last_login_ip
+      birth_date date_of_birth dob
+      salary income wage
+    ].freeze
+
+    def initialize(privacy_mode: false, allowed_fields: nil, field_transformers: {})
+      @privacy_mode = privacy_mode
+      @allowed_fields = allowed_fields&.map(&:to_sym)
+      @field_transformers = field_transformers
+    end
+
+    def process_user_data(user_data)
+      return {} unless user_data.is_a?(Hash)
+
+      processed = {}
+
+      user_data.each do |key, value|
+        key_sym = key.to_sym
+
+        # Skip if not in allowed fields list (when specified)
+        if @allowed_fields && !@allowed_fields.include?(key_sym)
+          next
+        end
+
+        # Apply privacy filtering
+        if @privacy_mode && sensitive_field?(key_sym)
+          processed[key] = apply_privacy_filter(key_sym, value)
+        else
+          processed[key] = transform_field(key_sym, value)
+        end
+      end
+
+      processed
+    end
+
+    def merge_user_data(existing_data, new_data)
+      existing_processed = process_user_data(existing_data || {})
+      new_processed = process_user_data(new_data || {})
+
+      existing_processed.merge(new_processed)
+    end
+
+    def extract_user_id(user_data)
+      return nil unless user_data.is_a?(Hash)
+
+      # Try common user ID fields in order of preference
+      %i[id user_id uuid guid].each do |field|
+        value = user_data[field] || user_data[field.to_s]
+        return value if value
+      end
+
+      nil
+    end
+
+    def extract_user_segment(user_data)
+      return nil unless user_data.is_a?(Hash)
+
+      segments = {}
+
+      # Check for common user segments
+      segments[:internal] = !!(user_data[:internal] || user_data["internal"])
+      segments[:premium] = !!(user_data[:premium] || user_data["premium"])
+      segments[:beta] = !!(user_data[:beta] || user_data["beta"])
+      segments[:admin] = !!(user_data[:admin] || user_data["admin"])
+
+      # Check role-based segments
+      if role = (user_data[:role] || user_data["role"])
+        segments[:role] = role.to_s.downcase
+      end
+
+      # Check plan-based segments
+      if plan = (user_data[:plan] || user_data["plan"])
+        segments[:plan] = plan.to_s.downcase
+      end
+
+      segments.compact
+    end
+
+    def sanitize_for_logging(user_data)
+      return {} unless user_data.is_a?(Hash)
+
+      sanitized = {}
+
+      user_data.each do |key, value|
+        key_sym = key.to_sym
+
+        if sensitive_field?(key_sym)
+          sanitized[key] = "[REDACTED]"
+        elsif value.is_a?(Hash)
+          sanitized[key] = sanitize_for_logging(value)
+        elsif value.is_a?(Array)
+          sanitized[key] = value.map { |v| v.is_a?(Hash) ? sanitize_for_logging(v) : v }
+        else
+          sanitized[key] = value
+        end
+      end
+
+      sanitized
+    end
+
+    private
+
+    def sensitive_field?(field)
+      SENSITIVE_FIELDS.include?(field) || field.to_s.match?(/password|secret|token|key|ssn|credit|card/i)
+    end
+
+    def apply_privacy_filter(field, value)
+      case field
+      when :email
+        mask_email(value)
+      when :phone, :mobile, :telephone
+        mask_phone(value)
+      when :ip_address, :last_login_ip
+        mask_ip(value)
+      else
+        "[FILTERED]"
+      end
+    end
+
+    def transform_field(field, value)
+      if transformer = @field_transformers[field]
+        transformer.call(value)
+      else
+        value
+      end
+    end
+
+    def mask_email(email)
+      return "[INVALID_EMAIL]" unless email.is_a?(String) && email.include?("@")
+
+      local, domain = email.split("@", 2)
+      masked_local = local.length > 2 ? "#{local[0]}***#{local[-1]}" : "***"
+      "#{masked_local}@#{domain}"
+    end
+
+    def mask_phone(phone)
+      return "[INVALID_PHONE]" unless phone.is_a?(String)
+
+      # Remove all non-digits
+      digits = phone.gsub(/\D/, "")
+      return "[INVALID_PHONE]" if digits.length < 4
+
+      # Show last 4 digits
+      "*" * (digits.length - 4) + digits[-4..-1]
+    end
+
+    def mask_ip(ip)
+      return "[INVALID_IP]" unless ip.is_a?(String)
+
+      if ip.include?(":")
+        # IPv6 - mask last 4 groups
+        parts = ip.split(":")
+        parts[-4..-1] = ["****"] * 4 if parts.length >= 4
+        parts.join(":")
+      else
+        # IPv4 - mask last octet
+        parts = ip.split(".")
+        return "[INVALID_IP]" if parts.length != 4
+        parts[-1] = "***"
+        parts.join(".")
+      end
+    end
+  end
+
+  # User context provider that integrates with various authentication systems
+  class UserContextProvider
+    def initialize(providers: {})
+      @providers = providers
+    end
+
+    def get_user_context(event, hint = {})
+      context = {}
+
+      # Try each provider in order
+      @providers.each do |name, provider|
+        begin
+          if provider_context = provider.call(event, hint)
+            context.merge!(provider_context)
+          end
+        rescue StandardError => e
+          # Log provider error but don't fail
+          warn "User context provider #{name} failed: #{e.message}"
+        end
+      end
+
+      context
+    end
+
+    # Built-in providers for common authentication systems
+    def self.devise_provider
+      lambda do |event, hint|
+        return {} unless defined?(Devise) && defined?(Warden)
+
+        # Try to get user from Warden (used by Devise)
+        if request = hint[:request]
+          user = request.env["warden"]&.user
+          return {} unless user
+
+          {
+            id: user.id,
+            email: user.email,
+            username: user.respond_to?(:username) ? user.username : nil,
+            created_at: user.created_at,
+            role: user.respond_to?(:role) ? user.role : nil
+          }.compact
+        end
+
+        {}
+      end
+    end
+
+    def self.omniauth_provider
+      lambda do |event, hint|
+        return {} unless defined?(OmniAuth)
+
+        if request = hint[:request]
+          if auth_info = request.env["omniauth.auth"]
+            {
+              provider: auth_info["provider"],
+              uid: auth_info["uid"],
+              name: auth_info.dig("info", "name"),
+              email: auth_info.dig("info", "email"),
+              username: auth_info.dig("info", "nickname")
+            }.compact
+          end
+        end
+
+        {}
+      end
+    end
+
+    def self.session_provider
+      lambda do |event, hint|
+        return {} unless hint[:request]
+
+        request = hint[:request]
+        session = request.session rescue {}
+
+        {
+          session_id: session[:session_id] || session["session_id"],
+          user_id: session[:user_id] || session["user_id"],
+          csrf_token: session[:_csrf_token] || session["_csrf_token"]
+        }.compact
+      end
+    end
+
+    def self.thread_local_provider
+      lambda do |event, hint|
+        # Get user from thread-local storage
+        Thread.current[:current_user] || {}
+      end
+    end
+  end
+
+  # Integration with popular authentication gems
+  module UserContextIntegrations
+    def self.setup_devise_integration
+      return unless defined?(Devise)
+
+      # Add middleware to capture user context
+      if defined?(Rails)
+        Rails.application.config.middleware.use(UserContextMiddleware)
+      end
+    end
+
+    def self.setup_clearance_integration
+      return unless defined?(Clearance)
+
+      # Clearance integration
+      if defined?(Rails)
+        Rails.application.config.middleware.use(UserContextMiddleware) do |middleware|
+          middleware.user_provider = lambda do |request|
+            request.env[:clearance].current_user if request.env[:clearance]
+          end
+        end
+      end
+    end
+
+    def self.setup_authlogic_integration
+      return unless defined?(Authlogic)
+
+      # Authlogic integration
+      if defined?(Rails)
+        Rails.application.config.middleware.use(UserContextMiddleware) do |middleware|
+          middleware.user_provider = lambda do |request|
+            UserSession.find&.user if defined?(UserSession)
+          end
+        end
+      end
+    end
+  end
+
+  # Middleware to automatically capture user context
+  class UserContextMiddleware
+    def initialize(app, user_provider: nil)
+      @app = app
+      @user_provider = user_provider
+    end
+
+    def call(env)
+      request = Rack::Request.new(env)
+
+      # Capture user context
+      user_context = extract_user_context(request)
+
+      # Store in thread-local for access during request processing
+      Thread.current[:lapsoss_user_context] = user_context
+
+      @app.call(env)
+    ensure
+      Thread.current[:lapsoss_user_context] = nil
+    end
+
+    private
+
+    def extract_user_context(request)
+      if @user_provider
+        user = @user_provider.call(request)
+        return {} unless user
+
+        context = {
+          id: user.id,
+          email: user.email,
+          username: user.respond_to?(:username) ? user.username : nil
+        }
+
+        # Add role information if available
+        if user.respond_to?(:role)
+          context[:role] = user.role
+        end
+
+        # Add plan information if available
+        if user.respond_to?(:plan)
+          context[:plan] = user.plan
+        end
+
+        context.compact
+      else
+        {}
+      end
+    end
+  end
+end

data/lib/lapsoss/validators.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require "uri"
+
+module Lapsoss
+  module Validators
+    class ValidationError < StandardError; end
+
+    module_function
+
+    def validate_presence!(value, name)
+      if value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        raise ValidationError, "#{name} is required and cannot be nil or empty"
+      end
+    end
+
+    def validate_type!(value, types, name)
+      types = Array(types)
+      unless types.any? { |type| value.is_a?(type) }
+        type_names = types.map(&:name).join(' or ')
+        raise ValidationError, "#{name} must be a #{type_names}, got #{value.class} (#{value.inspect})"
+      end
+    end
+
+    def validate_callable!(value, name)
+      unless value.nil? || value.respond_to?(:call)
+        raise ValidationError, "#{name} must be callable (respond_to? :call) or nil, got #{value.class}"
+      end
+    end
+
+    def validate_numeric_range!(value, range, name)
+      validate_type!(value, [Numeric], name)
+      unless range.cover?(value)
+        raise ValidationError, "#{name} must be between #{range.min} and #{range.max}, got #{value}"
+      end
+    end
+
+    def validate_url!(value, name)
+      return if value.nil?
+
+      validate_type!(value, [String], name)
+
+      begin
+        uri = URI.parse(value)
+        unless uri.scheme && uri.host
+          raise ValidationError, "#{name} must be a valid URL with scheme and host"
+        end
+        unless %w[http https].include?(uri.scheme)
+          raise ValidationError, "#{name} must use http or https scheme"
+        end
+      rescue URI::InvalidURIError => e
+        raise ValidationError, "#{name} is not a valid URL: #{e.message}"
+      end
+    end
+
+    def validate_dsn!(dsn_string, name = "DSN")
+      return if dsn_string.nil?
+
+      validate_type!(dsn_string, [String], name)
+
+      begin
+        uri = URI.parse(dsn_string)
+
+        # Check required components
+        validate_presence!(uri.scheme, "#{name} scheme")
+        validate_presence!(uri.host, "#{name} host")
+        validate_presence!(uri.user, "#{name} public key")
+
+        # Validate scheme
+        unless %w[http https].include?(uri.scheme)
+          raise ValidationError, "#{name} must use http or https scheme"
+        end
+
+        # Extract project ID from path
+        path_parts = uri.path&.split("/") || []
+        project_id = path_parts.last
+        validate_presence!(project_id, "#{name} project ID")
+
+        # Validate project ID is numeric
+        unless project_id.match?(/^\d+$/)
+          raise ValidationError, "#{name} project ID must be numeric, got '#{project_id}'"
+        end
+
+      rescue URI::InvalidURIError => e
+        raise ValidationError, "#{name} is not a valid URI: #{e.message}"
+      end
+    end
+
+    def validate_api_key!(value, name, format: nil)
+      validate_presence!(value, name)
+      validate_type!(value, [String], name)
+
+      case format
+      when :uuid
+        unless value.match?(/\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/i)
+          raise ValidationError, "#{name} must be a valid UUID format"
+        end
+      when :hex
+        unless value.match?(/\A[0-9a-f]+\z/i)
+          raise ValidationError, "#{name} must be a valid hexadecimal string"
+        end
+      when :alphanumeric
+        unless value.match?(/\A[a-z0-9]+\z/i)
+          raise ValidationError, "#{name} must be alphanumeric"
+        end
+      end
+    end
+
+    def validate_environment!(value, name = "environment")
+      return if value.nil?
+
+      validate_type!(value, [String, Symbol], name)
+
+      env_string = value.to_s
+      unless env_string.match?(/\A[a-z0-9_-]+\z/i)
+        raise ValidationError, "#{name} must contain only alphanumeric characters, underscores, and hyphens"
+      end
+    end
+
+    def validate_sample_rate!(value, name = "sample_rate")
+      return if value.nil?
+
+      validate_numeric_range!(value, 0.0..1.0, name)
+    end
+
+    def validate_timeout!(value, name = "timeout")
+      return if value.nil?
+
+      validate_type!(value, [Numeric], name)
+      if value <= 0
+        raise ValidationError, "#{name} must be positive, got #{value}"
+      end
+    end
+
+    def validate_retries!(value, name = "max_retries")
+      return if value.nil?
+
+      validate_type!(value, [Integer], name)
+      validate_numeric_range!(value, 0..10, name)
+    end
+  end
+end

data/lib/lapsoss/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Lapsoss
+  VERSION = "0.1.0"
+end

data/lib/lapsoss.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require_relative "lapsoss/version"
+require_relative "lapsoss/configuration"
+require_relative "lapsoss/registry"
+require_relative "lapsoss/event"
+require_relative "lapsoss/router"
+require_relative "lapsoss/adapters/base"
+require_relative "lapsoss/current"
+require_relative "lapsoss/client"
+require_relative "lapsoss/fingerprinter"
+require_relative "lapsoss/backtrace_processor"
+require_relative "lapsoss/scrubber"
+require_relative "lapsoss/pipeline"
+require_relative "lapsoss/sampling"
+require_relative "lapsoss/user_context"
+require_relative "lapsoss/exclusions"
+require_relative "lapsoss/release_tracker"
+require_relative "lapsoss/railtie" if defined?(Rails)
+
+module Lapsoss
+  class Error < StandardError; end
+
+  class DeliveryError < Error
+    attr_reader :response, :cause
+
+    def initialize(message, response: nil, cause: nil)
+      super(message)
+      @response = response
+      @cause = cause
+    end
+  end
+
+  class << self
+    attr_reader :client
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+      configuration.validate!
+      configuration.apply!
+      @client = Client.new(configuration)
+    end
+
+    def capture_exception(exception, **context)
+      client.capture_exception(exception, **context)
+    end
+
+    def capture_message(message, level: :info, **context)
+      client.capture_message(message, level: level, **context)
+    end
+
+    def add_breadcrumb(message, type: :default, **metadata)
+      client.add_breadcrumb(message, type: type, **metadata)
+    end
+
+    def with_scope(context = {}, &block)
+      client.with_scope(context, &block)
+    end
+
+    def current_scope
+      client.current_scope
+    end
+
+    def flush(timeout: 2)
+      client.flush(timeout: timeout)
+    end
+
+    def shutdown
+      client.shutdown
+    end
+  end
+end