logster 2.3.1 → 2.3.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +9 -0
  4. data/lib/logster.rb +2 -0
  5. data/lib/logster/base_store.rb +6 -0
  6. data/lib/logster/configuration.rb +15 -2
  7. data/lib/logster/middleware/debug_exceptions.rb +9 -6
  8. data/lib/logster/middleware/reporter.rb +19 -3
  9. data/lib/logster/rails/railtie.rb +5 -1
  10. data/lib/logster/redis_rate_limiter.rb +110 -0
  11. data/lib/logster/redis_store.rb +20 -107
  12. data/lib/logster/version.rb +3 -1
  13. data/test/logster/middleware/test_reporter.rb +41 -1
  14. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1d19b6d2558ca3ac27df16998d9bab79aabc9e98f15d28894490e61b4d0f7987
4
- data.tar.gz: 5bb3053384ea1203e96ddbd26c11cccb88ba66e5fa3a7f342f4ae00049d2a1a8
3
+ metadata.gz: f2f37eb7a03d711e0162719afed21c5d2b085f641764a9cec168eba16761d0ff
4
+ data.tar.gz: 1398a1d9baea28cdb3015b863075d0d242ab423f11b78db3b7fd074df9de9d03
5
5
  SHA512:
6
- metadata.gz: 65f024a72e62ab478c7e77ad02193e9d8d8d88ab90f7b544b4c6751683600e52d776bc0bf56dd7a6f65c85e47bed7be7a28c7967db1011ee0f8b3ec9ef142863
7
- data.tar.gz: b0e4b102c3de5523ec8057fdc26234d60d70958a5fdd683783f1d59e0dc054a145869605f8c76e4dacfc1c8b49ba74b890abe681c66003194d55033cfcebcaea
6
+ metadata.gz: 893b198161a8c729c8e8290de1e82568f1b0caa2facb06e149216b456cdf8ce9ed76ea489296f632e431985ce769cbd3bb4c9fe90acb8c1641a2a48522d01c91
7
+ data.tar.gz: b7a1460c5d42d07bffe1df6fab527fd4ee6a733e10364f212fd8ee19e4180893b03e2b3b669ba9e7ef2efb01cbb91857ce4162e37f17b5a3efa18428a9595d48
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # CHANGELOG
2
2
 
3
+ - 2019-08-20: 2.3.2
4
+
5
+ - FEATURE: automatic 1 minute rate limiting for js error reporting per IP
6
+
3
7
  - 2019-08-15: 2.3.1
4
8
 
5
9
  - DEV: upgrade Ember to 3.8 and jQuery to 3.4.1 (#84)
data/README.md CHANGED
@@ -35,6 +35,15 @@ To run logster in other environments, in `config/application.rb`
35
35
  Logster.set_environments([:development, :staging, :production])
36
36
  ```
37
37
 
38
+ ### Configuration
39
+
40
+ Logster can be configured using `Logster.config`:
41
+
42
+ - `Logster.config.application_version`: set to a unique identifier denoting version of your app. The "solve" function takes this version into account when suppressing errors.
43
+ - `Logster.config.enable_js_error_reporting` : enable js error reporting from clients
44
+ - `Logster.config.rate_limit_error_reporting` : controls automatic 1 minute rate limiting for JS error reporting.
45
+ - `Logster.config.web_title` : `<title>` tag for logster error page.
46
+
38
47
  ### Tracking Error Rate
39
48
  Logster allows you to register a callback when the rate of errors has exceeded
40
49
  a given limit.
data/lib/logster.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'logster/logger'
2
4
  require 'logster/message'
3
5
  require 'logster/configuration'
data/lib/logster/base_store.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Logster
2
4
  class BaseStore
3
5
 
@@ -115,6 +117,10 @@ module Logster
115
117
  {}
116
118
  end
117
119
 
120
+ def rate_limited?(ip_address, perform: false, limit: 60)
121
+ not_implemented
122
+ end
123
+
118
124
  def report(severity, progname, msg, opts = {})
119
125
  return if (!msg || (String === msg && msg.empty?)) && skip_empty
120
126
  return if level && severity < level
data/lib/logster/configuration.rb CHANGED
@@ -1,7 +1,18 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Logster
2
4
  class Configuration
3
- attr_accessor :current_context, :allow_grouping, :environments,
4
- :application_version, :web_title, :env_expandable_keys, :enable_custom_patterns_via_ui
5
+ attr_accessor(
6
+ :allow_grouping,
7
+ :application_version,
8
+ :current_context,
9
+ :env_expandable_keys,
10
+ :enable_custom_patterns_via_ui,
11
+ :enable_js_error_reporting,
12
+ :environments,
13
+ :rate_limit_error_reporting,
14
+ :web_title
15
+ )
5
16
 
6
17
  attr_writer :subdirectory
7
18
 
@@ -12,6 +23,8 @@ module Logster
12
23
  @subdirectory = nil
13
24
  @env_expandable_keys = []
14
25
  @enable_custom_patterns_via_ui = false
26
+ @rate_limit_error_reporting = true
27
+ @enable_js_error_reporting = true
15
28
 
16
29
  @allow_grouping = false
17
30
 
data/lib/logster/middleware/debug_exceptions.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  class Logster::Middleware::DebugExceptions < ActionDispatch::DebugExceptions
2
4
  private
3
5
 
@@ -13,13 +15,14 @@ class Logster::Middleware::DebugExceptions < ActionDispatch::DebugExceptions
13
15
 
14
16
  Logster.config.current_context.call(env) do
15
17
  location = exception.backtrace[0]
16
- exception_string = exception.to_s
17
18
 
18
- Logster.logger.add_with_opts(::Logger::Severity::FATAL,
19
- exception.class.to_s << " (" << exception_string << ")\n#{location}",
20
- "web-exception",
21
- backtrace: exception.backtrace.join("\n"),
22
- env: env)
19
+ Logster.logger.add_with_opts(
20
+ ::Logger::Severity::FATAL,
21
+ "#{exception.class} (#{exception})\n#{location}",
22
+ "web-exception",
23
+ backtrace: exception.backtrace.join("\n"),
24
+ env: env
25
+ )
23
26
  end
24
27
 
25
28
  end
data/lib/logster/middleware/reporter.rb CHANGED
@@ -1,9 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Logster
2
4
  module Middleware
3
5
  class Reporter
4
6
 
5
- PATH_INFO = "PATH_INFO".freeze
6
- SCRIPT_NAME = "SCRIPT_NAME".freeze
7
+ PATH_INFO = "PATH_INFO"
8
+ SCRIPT_NAME = "SCRIPT_NAME"
7
9
 
8
10
  def initialize(app, config = {})
9
11
  @app = app
@@ -21,7 +23,18 @@ module Logster
21
23
  end
22
24
 
23
25
  if path == @error_path
26
+
27
+ if !Logster.config.enable_js_error_reporting
28
+ return [403, {}, "Access Denied"]
29
+ end
30
+
24
31
  Logster.config.current_context.call(env) do
32
+ if Logster.config.rate_limit_error_reporting
33
+ req = Rack::Request.new(env)
34
+ if Logster.store.rate_limited?(req.ip, perform: true)
35
+ return [429, {}, "Rate Limited"]
36
+ end
37
+ end
25
38
  report_js_error(env)
26
39
  end
27
40
  return [200, {}, ["OK"]]
@@ -34,9 +47,10 @@ module Logster
34
47
 
35
48
  def report_js_error(env)
36
49
  req = Rack::Request.new(env)
50
+
37
51
  params = req.params
38
52
 
39
- message = params["message"] || ""
53
+ message = (params["message"] || "").dup
40
54
  message << "\nUrl: " << params["url"] if params["url"]
41
55
  message << "\nLine: " << params["line"] if params["line"]
42
56
  message << "\nColumn: " << params["column"] if params["column"]
@@ -48,6 +62,8 @@ module Logster
48
62
  message,
49
63
  backtrace: backtrace,
50
64
  env: env)
65
+
66
+ true
51
67
  end
52
68
 
53
69
  end
data/lib/logster/rails/railtie.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Logster::Rails
2
4
 
3
5
  # this magically registers logster.js in the asset pipeline
@@ -30,7 +32,9 @@ module Logster::Rails
30
32
  return unless Logster.config.environments.include?(Rails.env.to_sym)
31
33
 
32
34
  if Logster::Logger === Rails.logger
33
- app.middleware.insert_before ActionDispatch::ShowExceptions, Logster::Middleware::Reporter
35
+ if Logster.config.enable_js_error_reporting
36
+ app.middleware.insert_before ActionDispatch::ShowExceptions, Logster::Middleware::Reporter
37
+ end
34
38
 
35
39
  if Rails::VERSION::MAJOR == 3
36
40
  app.middleware.insert_before ActionDispatch::DebugExceptions, Logster::Middleware::DebugExceptions
data/lib/logster/redis_rate_limiter.rb ADDED
@@ -0,0 +1,110 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Logster
4
+ class RedisRateLimiter
5
+ BUCKETS = 6
6
+ PREFIX = "__LOGSTER__RATE_LIMIT".freeze
7
+
8
+ attr_reader :duration, :callback
9
+
10
+ def self.clear_all(redis, redis_prefix = nil)
11
+ prefix = key_prefix(redis_prefix)
12
+
13
+ redis.eval "
14
+ local keys = redis.call('keys', '*#{prefix}*')
15
+ if (table.getn(keys) > 0) then
16
+ redis.call('del', unpack(keys))
17
+ end
18
+ "
19
+ end
20
+
21
+ def initialize(redis, severities, limit, duration, redis_prefix = nil, callback = nil)
22
+ @severities = severities
23
+ @limit = limit
24
+ @duration = duration
25
+ @callback = callback
26
+ @redis_prefix = redis_prefix
27
+ @redis = redis
28
+ @bucket_range = @duration / BUCKETS
29
+ @mget_keys = (0..(BUCKETS - 1)).map { |i| "#{key}:#{i}" }
30
+ end
31
+
32
+ def retrieve_rate
33
+ @redis.mget(@mget_keys).reduce(0) { |sum, value| sum + value.to_i }
34
+ end
35
+
36
+ def check(severity)
37
+ return unless @severities.include?(severity)
38
+ time = Time.now.to_i
39
+ num = bucket_number(time)
40
+ redis_key = "#{key}:#{num}"
41
+
42
+ current_rate = @redis.eval <<-LUA
43
+ local bucket_number = #{num}
44
+ local bucket_count = redis.call("INCR", "#{redis_key}")
45
+
46
+ if bucket_count == 1 then
47
+ redis.call("EXPIRE", "#{redis_key}", "#{bucket_expiry(time)}")
48
+ redis.call("DEL", "#{callback_key}")
49
+ end
50
+
51
+ local function retrieve_rate ()
52
+ local sum = 0
53
+ local values = redis.call("MGET", #{mget_keys(num)})
54
+ for index, value in ipairs(values) do
55
+ if value ~= false then sum = sum + value end
56
+ end
57
+ return sum
58
+ end
59
+
60
+ return (retrieve_rate() + bucket_count)
61
+ LUA
62
+
63
+ if !@redis.get(callback_key) && (current_rate >= @limit)
64
+ @callback.call(current_rate) if @callback
65
+ @redis.set(callback_key, 1)
66
+ end
67
+
68
+ current_rate
69
+ end
70
+
71
+ def key
72
+ # "_LOGSTER_RATE_LIMIT:012:20:30"
73
+ # Triggers callback when log levels of :debug, :info and :warn occurs 20 times within 30 secs
74
+ "#{key_prefix}:#{@severities.join("")}:#{@limit}:#{@duration}"
75
+ end
76
+
77
+ def callback_key
78
+ "#{key}:callback_triggered"
79
+ end
80
+
81
+ private
82
+
83
+ def self.key_prefix(redis_prefix)
84
+ if redis_prefix
85
+ "#{redis_prefix.call}:#{PREFIX}"
86
+ else
87
+ PREFIX
88
+ end
89
+
90
+ end
91
+
92
+ def key_prefix
93
+ self.class.key_prefix(@redis_prefix)
94
+ end
95
+
96
+ def mget_keys(bucket_num)
97
+ keys = @mget_keys.dup
98
+ keys.delete_at(bucket_num)
99
+ keys.map { |key| "'#{key}'" }.join(', ')
100
+ end
101
+
102
+ def bucket_number(time)
103
+ (time % @duration) / @bucket_range
104
+ end
105
+
106
+ def bucket_expiry(time)
107
+ @duration - ((time % @duration) % @bucket_range)
108
+ end
109
+ end
110
+ end
data/lib/logster/redis_store.rb CHANGED
@@ -1,114 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'json'
2
4
  require 'logster/base_store'
5
+ require 'logster/redis_rate_limiter'
3
6
 
4
7
  module Logster
5
- class RedisRateLimiter
6
- BUCKETS = 6
7
- PREFIX = "__LOGSTER__RATE_LIMIT".freeze
8
-
9
- attr_reader :duration, :callback
10
-
11
- def self.clear_all(redis, redis_prefix = nil)
12
- prefix = key_prefix(redis_prefix)
13
-
14
- redis.eval "
15
- local keys = redis.call('keys', '*#{prefix}*')
16
- if (table.getn(keys) > 0) then
17
- redis.call('del', unpack(keys))
18
- end
19
- "
20
- end
21
-
22
- def initialize(redis, severities, limit, duration, redis_prefix = nil, callback = nil)
23
- @severities = severities
24
- @limit = limit
25
- @duration = duration
26
- @callback = callback
27
- @redis_prefix = redis_prefix
28
- @redis = redis
29
- @bucket_range = @duration / BUCKETS
30
- @mget_keys = (0..(BUCKETS - 1)).map { |i| "#{key}:#{i}" }
31
- end
32
-
33
- def retrieve_rate
34
- @redis.mget(@mget_keys).reduce(0) { |sum, value| sum + value.to_i }
35
- end
36
-
37
- def check(severity)
38
- return unless @severities.include?(severity)
39
- time = Time.now.to_i
40
- num = bucket_number(time)
41
- redis_key = "#{key}:#{num}"
42
-
43
- current_rate = @redis.eval <<-LUA
44
- local bucket_number = #{num}
45
- local bucket_count = redis.call("INCR", "#{redis_key}")
46
-
47
- if bucket_count == 1 then
48
- redis.call("EXPIRE", "#{redis_key}", "#{bucket_expiry(time)}")
49
- redis.call("DEL", "#{callback_key}")
50
- end
51
-
52
- local function retrieve_rate ()
53
- local sum = 0
54
- local values = redis.call("MGET", #{mget_keys(num)})
55
- for index, value in ipairs(values) do
56
- if value ~= false then sum = sum + value end
57
- end
58
- return sum
59
- end
60
-
61
- return (retrieve_rate() + bucket_count)
62
- LUA
63
-
64
- if !@redis.get(callback_key) && (current_rate >= @limit)
65
- @callback.call(current_rate) if @callback
66
- @redis.set(callback_key, 1)
67
- end
68
-
69
- current_rate
70
- end
71
-
72
- def key
73
- # "_LOGSTER_RATE_LIMIT:012:20:30"
74
- # Triggers callback when log levels of :debug, :info and :warn occurs 20 times within 30 secs
75
- "#{key_prefix}:#{@severities.join("")}:#{@limit}:#{@duration}"
76
- end
77
-
78
- def callback_key
79
- "#{key}:callback_triggered"
80
- end
81
-
82
- private
83
-
84
- def self.key_prefix(redis_prefix)
85
- if redis_prefix
86
- "#{redis_prefix.call}:#{PREFIX}"
87
- else
88
- PREFIX
89
- end
90
-
91
- end
92
-
93
- def key_prefix
94
- self.class.key_prefix(@redis_prefix)
95
- end
96
-
97
- def mget_keys(bucket_num)
98
- keys = @mget_keys.dup
99
- keys.delete_at(bucket_num)
100
- keys.map { |key| "'#{key}'" }.join(', ')
101
- end
102
-
103
- def bucket_number(time)
104
- (time % @duration) / @bucket_range
105
- end
106
-
107
- def bucket_expiry(time)
108
- @duration - ((time % @duration) % @bucket_range)
109
- end
110
- end
111
-
112
8
  class RedisStore < BaseStore
113
9
 
114
10
  attr_accessor :redis, :max_backlog, :redis_raw_connection
@@ -278,6 +174,7 @@ module Logster
278
174
  end
279
175
  @redis.keys.each do |key|
280
176
  @redis.del(key) if key.include?(Logster::RedisRateLimiter::PREFIX)
177
+ @redis.del(key) if key.start_with?(ip_rate_limit_key(""))
281
178
  end
282
179
  end
283
180
 
@@ -373,6 +270,18 @@ module Logster
373
270
  @redis.hgetall(ignored_logs_count_key)
374
271
  end
375
272
 
273
+ def rate_limited?(ip_address, perform: false, limit: 60)
274
+ key = ip_rate_limit_key(ip_address)
275
+
276
+ limited = @redis.exists(key)
277
+
278
+ if perform && !limited
279
+ @redis.setex key, limit, ""
280
+ end
281
+
282
+ limited
283
+ end
284
+
376
285
  protected
377
286
 
378
287
  def clear_solved(count = nil)
@@ -583,6 +492,10 @@ module Logster
583
492
  @ignored_logs_count_key ||= "__LOGSTER__IGNORED_LOGS_COUNT_KEY__MAP"
584
493
  end
585
494
 
495
+ def ip_rate_limit_key(ip_address)
496
+ "__LOGSTER__IP_RATE_LIMIT_#{ip_address}"
497
+ end
498
+
586
499
  private
587
500
 
588
501
  def register_rate_limit(severities, limit, duration, callback)
data/lib/logster/version.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Logster
2
- VERSION = "2.3.1"
4
+ VERSION = "2.3.2"
3
5
  end
data/test/logster/middleware/test_reporter.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require_relative '../../test_helper'
2
4
  require 'rack'
3
5
  require 'logster/redis_store'
@@ -5,15 +7,53 @@ require 'logster/middleware/reporter'
5
7
 
6
8
  class TestReporter < Minitest::Test
7
9
 
10
+ def setup
11
+ Logster.store = Logster::RedisStore.new
12
+ Logster.store.clear_all
13
+ Logster.config.enable_js_error_reporting = true
14
+ end
15
+
8
16
  def test_logs_errors
9
- Logster.store = Logster::TestStore.new
17
+ reporter = Logster::Middleware::Reporter.new(nil)
18
+ env = Rack::MockRequest.env_for("/logs/report_js_error?message=hello")
19
+ status, = reporter.call(env)
20
+
21
+ assert_equal(200, status)
22
+ assert_equal(1, Logster.store.count)
23
+ end
24
+
25
+ def test_respects_ban_on_errors
26
+ Logster.config.enable_js_error_reporting = false
10
27
 
11
28
  reporter = Logster::Middleware::Reporter.new(nil)
12
29
  env = Rack::MockRequest.env_for("/logs/report_js_error?message=hello")
13
30
  status, = reporter.call(env)
14
31
 
32
+ assert_equal(403, status)
33
+ assert_equal(0, Logster.store.count)
34
+ end
35
+
36
+ def test_rate_limiting
37
+ reporter = Logster::Middleware::Reporter.new(nil)
38
+ env = Rack::MockRequest.env_for("/logs/report_js_error?message=hello")
39
+ status, = reporter.call(env)
40
+
15
41
  assert_equal(200, status)
16
42
  assert_equal(1, Logster.store.count)
43
+
44
+ reporter = Logster::Middleware::Reporter.new(nil)
45
+ env = Rack::MockRequest.env_for("/logs/report_js_error?message=hello2")
46
+ status, = reporter.call(env)
47
+
48
+ assert_equal(429, status)
49
+ assert_equal(1, Logster.store.count)
50
+
51
+ reporter = Logster::Middleware::Reporter.new(nil)
52
+ env = Rack::MockRequest.env_for("/logs/report_js_error?message=hello2", "REMOTE_ADDR" => "100.1.1.2")
53
+ status, = reporter.call(env)
54
+
55
+ assert_equal(200, status)
56
+ assert_equal(2, Logster.store.count)
17
57
  end
18
58
 
19
59
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logster
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.1
4
+ version: 2.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - UI for viewing logs in Rack
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-15 00:00:00.000000000 Z
11
+ date: 2019-08-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -248,6 +248,7 @@ files:
248
248
  - lib/logster/middleware/viewer.rb
249
249
  - lib/logster/pattern.rb
250
250
  - lib/logster/rails/railtie.rb
251
+ - lib/logster/redis_rate_limiter.rb
251
252
  - lib/logster/redis_store.rb
252
253
  - lib/logster/scheduler.rb
253
254
  - lib/logster/suppression_pattern.rb