logstruct 0.1.2 → 0.1.4

data/lib/log_struct/integrations/carrierwave.rb

@@ -53,7 +53,7 @@ module LogStruct
 
           # Log the store operation with structured data
           log_data = Log::CarrierWave::Upload.new(
-            storage: storage.class.name,
+            storage: storage.class.name.split("::").last.downcase.to_sym,
             file_id: identifier,
             filename: file.filename,
             mime_type: file.content_type,
@@ -62,11 +62,9 @@ module LogStruct
             uploader: self.class.name,
             model: model.class.name,
             mount_point: mounted_as.to_s,
-            additional_data: {
-              version: version_name.to_s,
-              store_path: store_path,
-              extension: file.extension
-            }
+            version: version_name.to_s,
+            store_path: store_path,
+            extension: file.extension
           )
 
           ::Rails.logger.info(log_data)
@@ -85,7 +83,7 @@ module LogStruct
 
           # Log the retrieve operation with structured data
           log_data = Log::CarrierWave::Download.new(
-            storage: storage.class.name,
+            storage: storage.class.name.split("::").last.downcase.to_sym,
             file_id: identifier,
             filename: file&.filename,
             mime_type: file&.content_type,
@@ -94,9 +92,9 @@ module LogStruct
             uploader: self.class.name,
             model: model.class.name,
             mount_point: mounted_as.to_s,
-            additional_data: {
-              version: version_name.to_s
-            }
+            version: version_name.to_s,
+            store_path: store_path,
+            extension: file&.extension
           )
 
           ::Rails.logger.info(log_data)

data/lib/log_struct/integrations/good_job/log_subscriber.rb

@@ -49,7 +49,7 @@ module LogStruct
             **base_fields.to_kwargs,
             scheduled_at: (job&.scheduled_at ? Time.at(job.scheduled_at.to_i) : nil),
             duration_ms: event.duration.to_f,
-            additional_data: {enqueue_caller: job&.enqueue_caller_location},
+            enqueue_caller: job&.enqueue_caller_location,
             timestamp: ts
           ))
         end
@@ -91,7 +91,7 @@ module LogStruct
             finished_at: end_ts,
             process_id: ::Process.pid,
             thread_id: Thread.current.object_id.to_s(36),
-            additional_data: {result: payload[:result]},
+            result: payload[:result]&.to_s,
             timestamp: start_ts
           ))
         end
@@ -109,9 +109,9 @@ module LogStruct
           logger.error(Log::GoodJob::Error.new(
             **base_fields.to_kwargs,
             exception_executions: execution&.exception_executions,
-            err_class: exception&.class&.name,
+            error_class: exception&.class&.name,
             error_message: exception&.message,
-            backtrace: exception&.backtrace&.first(20),
+            backtrace: exception&.backtrace,
             duration_ms: event.duration.to_f,
             process_id: ::Process.pid,
             thread_id: Thread.current.object_id.to_s(36),
@@ -146,7 +146,7 @@ module LogStruct
           Log::GoodJob::BaseFields.new(
             job_id: job&.job_id,
             job_class: job&.job_class,
-            queue_name: job&.queue_name,
+            queue_name: job&.queue_name&.to_sym,
             arguments: job&.arguments,
             executions: execution&.executions
           )

data/lib/log_struct/integrations/good_job/logger.rb

@@ -46,11 +46,6 @@ module LogStruct
               end
             end
 
-            # Emit a GoodJob::Log event with context and extra fields as additional_data
-            extras = {}
-            extras[:scheduled_at] = job_context[:scheduled_at] if job_context.key?(:scheduled_at)
-            extras[:priority] = job_context[:priority] if job_context.key?(:priority)
-
             log_struct = Log::GoodJob::Log.new(
               message: message || (block ? block.call : ""),
               process_id: ::Process.pid,
@@ -59,7 +54,8 @@ module LogStruct
               job_class: job_context[:job_class],
               queue_name: job_context[:queue_name],
               executions: job_context[:executions],
-              additional_data: extras
+              scheduled_at: job_context[:scheduled_at],
+              priority: job_context[:priority]
             )
 
             super(log_struct, payload, &nil)

data/lib/log_struct/integrations/good_job.rb

@@ -82,7 +82,7 @@ module LogStruct
         if goodjob_module.respond_to?(:on_thread_error=)
           goodjob_module.on_thread_error = ->(exception) do
             log_entry = LogStruct::Log::GoodJob::Error.new(
-              err_class: exception.class.name,
+              error_class: exception.class.name,
               error_message: exception.message,
               backtrace: exception.backtrace,
               process_id: ::Process.pid,

data/lib/log_struct/integrations/host_authorization.rb

@@ -3,6 +3,7 @@
 
 require "action_dispatch/middleware/host_authorization"
 require_relative "../enums/event"
+require_relative "../log/security/blocked_host"
 
 module LogStruct
   module Integrations
@@ -34,23 +35,6 @@ module LogStruct
         return nil unless config.enabled
         return nil unless config.integrations.enable_host_authorization
 
-        # In test environment, ensure HostAuthorization does not block requests
-        # from the default integration test hosts. Allow all hosts explicitly.
-        if ::Rails.env.test? && ::Rails.application.config.respond_to?(:hosts)
-          begin
-            ::Rails.application.config.hosts << /.*\z/
-          rescue
-            # best-effort; ignore if hosts not configurable
-          end
-          # Additionally, exclude all requests from HostAuthorization in test
-          begin
-            ::Rails.application.config.host_authorization ||= {}
-            ::Rails.application.config.host_authorization[:exclude] = ->(_request) { true }
-          rescue
-            # best-effort
-          end
-        end
-
         # Define the response app as a separate variable to fix block alignment
         response_app = lambda do |env|
           request = ::ActionDispatch::Request.new(env)
@@ -58,32 +42,39 @@ module LogStruct
           # This can be helpful later when reviewing logs.
           blocked_hosts = env["action_dispatch.blocked_hosts"]
 
-          # Create a security error to be handled
-          blocked_host_error = ::ActionController::BadRequest.new(
-            "Blocked host detected: #{request.host}"
-          )
+          # Build allowed_hosts array
+          allowed_hosts_array = T.let(nil, T.nilable(T::Array[String]))
+          if blocked_hosts.respond_to?(:allowed_hosts)
+            allowed_hosts_array = blocked_hosts.allowed_hosts
+          end
+
+          # Get allow_ip_hosts value
+          allow_ip_hosts_value = T.let(nil, T.nilable(T::Boolean))
+          if blocked_hosts.respond_to?(:allow_ip_hosts)
+            allow_ip_hosts_value = blocked_hosts.allow_ip_hosts
+          end
 
-          # Create request context hash
-          context = {
+          # Create structured log entry for blocked host
+          log_entry = LogStruct::Log::Security::BlockedHost.new(
+            message: "Blocked host detected: #{request.host}",
             blocked_host: request.host,
-            client_ip: request.ip,
-            x_forwarded_for: request.x_forwarded_for,
-            http_method: request.method,
             path: request.path,
+            http_method: request.method,
+            source_ip: request.ip,
             user_agent: request.user_agent,
-            allowed_hosts: blocked_hosts.allowed_hosts,
-            allow_ip_hosts: blocked_hosts.allow_ip_hosts
-          }
-
-          # Handle error according to configured mode (log, report, raise)
-          LogStruct.handle_exception(
-            blocked_host_error,
-            source: Source::Security,
-            context: context
+            referer: request.referer,
+            request_id: request.request_id,
+            x_forwarded_for: request.x_forwarded_for,
+            allowed_hosts: allowed_hosts_array&.empty? ? nil : allowed_hosts_array,
+            allow_ip_hosts: allow_ip_hosts_value
           )
 
+          # Log the blocked host
+          LogStruct.warn(log_entry)
+
           # Use pre-defined headers and response if we are only logging or reporting
-          [FORBIDDEN_STATUS, RESPONSE_HEADERS, [RESPONSE_HTML]]
+          # Dup the headers so they can be modified by downstream middleware
+          [FORBIDDEN_STATUS, RESPONSE_HEADERS.dup, [RESPONSE_HTML]]
         end
 
         # Merge our response_app into existing host_authorization config to preserve excludes

data/lib/log_struct/integrations/lograge.rb

@@ -50,7 +50,7 @@ module LogStruct
                 Log::Request.new(
                   http_method: data[:method]&.to_s,
                   path: data[:path]&.to_s,
-                  format: data[:format]&.to_s,
+                  format: data[:format]&.to_sym,
                   controller: data[:controller]&.to_s,
                   action: data[:action]&.to_s,
                   status: status,

data/lib/log_struct/integrations/rack_error_handler/middleware.rb

@@ -55,8 +55,14 @@ module LogStruct
         def call(env)
           return @app.call(env) unless LogStruct.enabled?
 
-          # Try to process the request
+          request = ::ActionDispatch::Request.new(env)
+
           begin
+            # Trigger the same spoofing checks that ActionDispatch::RemoteIp performs after
+            # it is initialized in the middleware stack. We run this manually because we
+            # execute before that middleware and still want spoofing attacks to surface here.
+            perform_remote_ip_check!(request)
+
             @app.call(env)
           rescue ::ActionDispatch::RemoteIp::IpSpoofAttackError => ip_spoof_error
             # Create a security log for IP spoofing
@@ -65,7 +71,7 @@ module LogStruct
               http_method: env["REQUEST_METHOD"],
               user_agent: env["HTTP_USER_AGENT"],
               referer: env["HTTP_REFERER"],
-              request_id: env["action_dispatch.request_id"],
+              request_id: request.request_id,
               message: ip_spoof_error.message,
               client_ip: env["HTTP_CLIENT_IP"],
               x_forwarded_for: env["HTTP_X_FORWARDED_FOR"],
@@ -74,16 +80,9 @@ module LogStruct
 
             ::Rails.logger.warn(security_log)
 
-            # Report the error
-            context = extract_request_context(env)
-            LogStruct.handle_exception(ip_spoof_error, source: Source::Security, context: context)
-
-            # If handle_exception raised an exception then Rails will deal with it (e.g. config.exceptions_app)
-            # If we are only logging or reporting these security errors, then return a default response
-            [FORBIDDEN_STATUS, IP_SPOOF_HEADERS, [IP_SPOOF_HTML]]
+            [FORBIDDEN_STATUS, IP_SPOOF_HEADERS.dup, [IP_SPOOF_HTML]]
           rescue ::ActionController::InvalidAuthenticityToken => invalid_auth_token_error
             # Create a security log for CSRF error
-            request = ::ActionDispatch::Request.new(env)
             security_log = Log::Security::CSRFViolation.new(
               path: request.path,
               http_method: request.method,
@@ -97,15 +96,15 @@ module LogStruct
             LogStruct.error(security_log)
 
             # Report to error reporting service and/or re-raise
-            context = extract_request_context(env)
+            context = extract_request_context(env, request)
             LogStruct.handle_exception(invalid_auth_token_error, source: Source::Security, context: context)
 
             # If handle_exception raised an exception then Rails will deal with it (e.g. config.exceptions_app)
             # If we are only logging or reporting these security errors, then return a default response
-            [FORBIDDEN_STATUS, CSRF_HEADERS, [CSRF_HTML]]
+            [FORBIDDEN_STATUS, CSRF_HEADERS.dup, [CSRF_HTML]]
           rescue => error
             # Extract request context for error reporting
-            context = extract_request_context(env)
+            context = extract_request_context(env, request)
 
             # Create and log a structured exception with request context
             exception_log = Log.from_exception(Source::Rails, error, context)
@@ -119,9 +118,22 @@ module LogStruct
 
         private
 
-        sig { params(env: T::Hash[String, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
-        def extract_request_context(env)
-          request = ::ActionDispatch::Request.new(env)
+        sig { params(request: ::ActionDispatch::Request).void }
+        def perform_remote_ip_check!(request)
+          action_dispatch_config = ::Rails.application.config.action_dispatch
+          check_ip = action_dispatch_config.ip_spoofing_check
+          return unless check_ip
+
+          proxies = normalized_trusted_proxies(action_dispatch_config.trusted_proxies)
+
+          ::ActionDispatch::RemoteIp::GetIp
+            .new(request, check_ip, proxies)
+            .to_s
+        end
+
+        sig { params(env: T::Hash[String, T.untyped], request: T.nilable(::ActionDispatch::Request)).returns(T::Hash[Symbol, T.untyped]) }
+        def extract_request_context(env, request = nil)
+          request ||= ::ActionDispatch::Request.new(env)
           {
             request_id: request.request_id,
             path: request.path,
@@ -133,6 +145,32 @@ module LogStruct
           # If we can't extract request context, return minimal info
           {error_extracting_context: error.message}
         end
+
+        sig { params(configured_proxies: T.untyped).returns(T.untyped) }
+        def normalized_trusted_proxies(configured_proxies)
+          if configured_proxies.nil? || (configured_proxies.respond_to?(:empty?) && configured_proxies.empty?)
+            return ::ActionDispatch::RemoteIp::TRUSTED_PROXIES
+          end
+
+          return configured_proxies if configured_proxies.respond_to?(:any?)
+
+          raise(
+            ArgumentError,
+            <<~EOM
+              Setting config.action_dispatch.trusted_proxies to a single value isn't
+              supported. Please set this to an enumerable instead. For
+              example, instead of:
+
+              config.action_dispatch.trusted_proxies = IPAddr.new("10.0.0.0/8")
+
+              Wrap the value in an Array:
+
+              config.action_dispatch.trusted_proxies = [IPAddr.new("10.0.0.0/8")]
+
+              Note that passing an enumerable will *replace* the default set of trusted proxies.
+            EOM
+          )
+        end
       end
     end
   end

data/lib/log_struct/integrations/rack_error_handler.rb

@@ -19,9 +19,9 @@ module LogStruct
         return nil unless config.integrations.enable_rack_error_handler
 
         # Add structured logging middleware for security violations and errors
-        # Need to insert after ShowExceptions to catch IP spoofing errors
-        ::Rails.application.middleware.insert_after(
-          ::ActionDispatch::ShowExceptions,
+        # Need to insert before RemoteIp to catch IP spoofing errors it raises
+        ::Rails.application.middleware.insert_before(
+          ::ActionDispatch::RemoteIp,
           Integrations::RackErrorHandler::Middleware
         )
 

data/lib/log_struct/integrations/shrine.rb

@@ -37,50 +37,47 @@ module LogStruct
           end
 
           # Create structured log data
+          # Ensure storage is always a symbol
+          storage_sym = payload[:storage].to_sym
+
           log_data = case event_type
           when Event::Upload
             Log::Shrine::Upload.new(
-              storage: payload[:storage],
+              storage: storage_sym,
               location: payload[:location],
-              uploader: payload[:uploader],
+              uploader: payload[:uploader]&.to_s,
               upload_options: payload[:upload_options],
               options: payload[:options],
-              duration_ms: event.duration,
-              additional_data: payload.except(:storage, :location, :uploader, :upload_options, :options)
+              duration_ms: event.duration.to_f
             )
           when Event::Download
             Log::Shrine::Download.new(
-              storage: payload[:storage],
+              storage: storage_sym,
               location: payload[:location],
-              download_options: payload[:download_options],
-              additional_data: payload.except(:storage, :location, :download_options)
+              download_options: payload[:download_options]
             )
           when Event::Delete
             Log::Shrine::Delete.new(
-              storage: payload[:storage],
-              location: payload[:location],
-              additional_data: payload.except(:storage, :location)
+              storage: storage_sym,
+              location: payload[:location]
             )
           when Event::Metadata
-            Log::Shrine::Metadata.new(
-              storage: payload[:storage],
-              location: payload[:location],
-              metadata: payload[:metadata],
-              additional_data: payload.except(:storage, :location, :metadata)
-            )
+            metadata_params = {
+              storage: storage_sym,
+              metadata: payload[:metadata]
+            }
+            metadata_params[:location] = payload[:location] if payload[:location]
+            Log::Shrine::Metadata.new(**metadata_params)
           when Event::Exist
             Log::Shrine::Exist.new(
-              storage: payload[:storage],
+              storage: storage_sym,
               location: payload[:location],
-              exist: payload[:exist],
-              additional_data: payload.except(:storage, :location, :exist)
+              exist: payload[:exist]
             )
           else
-            Log::Shrine::Metadata.new(
-              storage: payload[:storage],
-              location: payload[:location],
-              metadata: payload[:metadata]
-            )
+            unknown_params = {storage: storage_sym, metadata: payload[:metadata]}
+            unknown_params[:location] = payload[:location] if payload[:location]
+            Log::Shrine::Metadata.new(**unknown_params)
           end
 
           # Pass the structured hash to the logger

data/lib/log_struct/integrations/sidekiq/logger.rb

@@ -23,11 +23,18 @@ module LogStruct
         # Override log methods to create Sidekiq log structs
         %i[debug info warn error fatal].each do |level|
           define_method(level) do |message = nil, payload = nil, &block|
+            # Ensure message is a String (Sidekiq may pass Hash for config logs)
+            msg = if message.nil?
+              block ? block.call.to_s : ""
+            else
+              message.to_s
+            end
+
             # Create a Sidekiq log struct with the message
             log_struct = Log::Sidekiq.new(
               level: LogStruct::Level.from_severity(level.to_s.upcase),
               event: Event::Log,
-              message: message || (block ? block.call : ""),
+              message: msg,
               process_id: ::Process.pid,
               thread_id: Sidekiq.tid,
               context: ::Sidekiq::Context.current || {}

data/lib/log_struct/integrations.rb

@@ -38,11 +38,25 @@ module LogStruct
       end
     end
 
-    sig { void }
-    def self.setup_integrations
+    sig { params(stage: Symbol).void }
+    def self.setup_integrations(stage: :all)
       config = LogStruct.config
 
-      # Set up each integration with consistent configuration pattern
+      case stage
+      when :non_middleware
+        setup_non_middleware_integrations(config)
+      when :middleware
+        setup_middleware_integrations(config)
+      when :all
+        setup_non_middleware_integrations(config)
+        setup_middleware_integrations(config)
+      else
+        raise ArgumentError, "Unknown integration stage: #{stage}"
+      end
+    end
+
+    sig { params(config: LogStruct::Configuration).void }
+    def self.setup_non_middleware_integrations(config)
       Integrations::Lograge.setup(config) if config.integrations.enable_lograge
       Integrations::ActionMailer.setup(config) if config.integrations.enable_actionmailer
       Integrations::ActiveJob.setup(config) if config.integrations.enable_activejob
@@ -51,8 +65,6 @@ module LogStruct
       Integrations::GoodJob.setup(config) if config.integrations.enable_goodjob
       Integrations::Ahoy.setup(config) if config.integrations.enable_ahoy
       Integrations::ActiveModelSerializers.setup(config) if config.integrations.enable_active_model_serializers
-      Integrations::HostAuthorization.setup(config) if config.integrations.enable_host_authorization
-      Integrations::RackErrorHandler.setup(config) if config.integrations.enable_rack_error_handler
       Integrations::Shrine.setup(config) if config.integrations.enable_shrine
       Integrations::ActiveStorage.setup(config) if config.integrations.enable_activestorage
       Integrations::CarrierWave.setup(config) if config.integrations.enable_carrierwave
@@ -62,5 +74,13 @@ module LogStruct
       end
       Integrations::Puma.setup(config) if config.integrations.enable_puma
     end
+
+    sig { params(config: LogStruct::Configuration).void }
+    def self.setup_middleware_integrations(config)
+      Integrations::HostAuthorization.setup(config) if config.integrations.enable_host_authorization
+      Integrations::RackErrorHandler.setup(config) if config.integrations.enable_rack_error_handler
+    end
+
+    private_class_method :setup_non_middleware_integrations, :setup_middleware_integrations
   end
 end

data/lib/log_struct/log/action_mailer/delivered.rb

@@ -9,9 +9,9 @@
 require "log_struct/shared/interfaces/common_fields"
 require "log_struct/shared/interfaces/additional_data_field"
 require "log_struct/shared/interfaces/request_fields"
-require "log_struct/shared/shared/serialize_common"
-require "log_struct/shared/shared/merge_additional_data_fields"
-require "log_struct/shared/shared/add_request_fields"
+require "log_struct/shared/serialize_common"
+require "log_struct/shared/merge_additional_data_fields"
+require "log_struct/shared/add_request_fields"
 require_relative "../../enums/source"
 require_relative "../../enums/event"
 require_relative "../../enums/level"
@@ -21,11 +21,6 @@ module LogStruct
   module Log
     class ActionMailer
       class Delivered < T::Struct
-        # typed: strict
-        # frozen_string_literal: true
-
-        extend T::Sig
-
         extend T::Sig
 
         # Shared/common fields
@@ -37,62 +32,32 @@ module LogStruct
         const :to, T.nilable(T::Array[String]), default: nil
         const :from, T.nilable(String), default: nil
         const :subject, T.nilable(String), default: nil
-
-        # Event-specific fields
+        const :message_id, T.nilable(String), default: nil
+        const :mailer_class, T.nilable(String), default: nil
+        const :mailer_action, T.nilable(String), default: nil
+        const :attachment_count, T.nilable(Integer), default: nil
 
         # Additional data
         include LogStruct::Log::Interfaces::AdditionalDataField
         const :additional_data, T.nilable(T::Hash[T.any(String, Symbol), T.untyped]), default: nil
         include LogStruct::Log::Shared::MergeAdditionalDataFields
 
-        # Request fields (optional)
-
         # Serialize shared fields
         include LogStruct::Log::Interfaces::CommonFields
         include LogStruct::Log::Shared::SerializeCommon
 
-        sig {
-          params(to: T.untyped,
-            from: T.untyped,
-            subject: T.untyped).returns(T::Hash[LogStruct::LogField, T.untyped])
-        }
-        def self.base_hash(to: nil,
-          from: nil,
-          subject: nil)
-          h = {}
+        sig { returns(T::Hash[LogStruct::LogField, T.untyped]) }
+        def to_h
+          h = T.let({}, T::Hash[LogStruct::LogField, T.untyped])
           h[LogField::To] = to unless to.nil?
           h[LogField::From] = from unless from.nil?
           h[LogField::Subject] = subject unless subject.nil?
+          h[LogField::MessageId] = message_id unless message_id.nil?
+          h[LogField::MailerClass] = mailer_class unless mailer_class.nil?
+          h[LogField::MailerAction] = mailer_action unless mailer_action.nil?
+          h[LogField::AttachmentCount] = attachment_count unless attachment_count.nil?
           h
         end
-
-        sig {
-          params(to: T.untyped,
-            from: T.untyped,
-            subject: T.untyped,
-            additional_data: T.untyped,
-            timestamp: T.untyped).returns(T::Hash[LogStruct::LogField, T.untyped])
-        }
-        def self.build(to: nil,
-          from: nil,
-          subject: nil,
-          additional_data: nil,
-          timestamp: Time.now)
-          base_hash(to: to,
-            from: from,
-            subject: subject)
-        end
-
-        sig { returns(T::Hash[LogStruct::LogField, T.untyped]) }
-        def to_h
-          self.class.build(
-            to: to,
-            from: from,
-            subject: subject,
-            additional_data: additional_data,
-            timestamp: timestamp
-          )
-        end
       end
     end
   end