rack-mini-profiler 1.0.2 → 3.1.0

data/lib/mini_profiler/asset_version.rb

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 module Rack
   class MiniProfiler
-    ASSET_VERSION = '355f78011d9b95de14a5b1014b088681'.freeze
+    ASSET_VERSION = '35a79b300ab5afa978cb59af0b05e059'
   end
-end
+end

data/lib/mini_profiler/client_settings.rb

@@ -42,7 +42,7 @@ module Rack
       def handle_cookie(result)
         status, headers, _body = result
 
-        if (MiniProfiler.config.authorization_mode == :whitelist && !MiniProfiler.request_authorized?)
+        if (MiniProfiler.config.authorization_mode == :allow_authorized && !MiniProfiler.request_authorized?)
           # this is non-obvious, don't kill the profiling cookie on errors or short requests
           # this ensures that stuff that never reaches the rails stack does not kill profiling
           if status.to_i >= 200 && status.to_i < 300 && ((Process.clock_gettime(Process::CLOCK_MONOTONIC) - @start) > 0.1)
@@ -59,7 +59,7 @@ module Rack
 
         tokens_changed = false
 
-        if MiniProfiler.request_authorized? && MiniProfiler.config.authorization_mode == :whitelist
+        if MiniProfiler.request_authorized? && MiniProfiler.config.authorization_mode == :allow_authorized
           @allowed_tokens ||= @store.allowed_tokens
           tokens_changed = !@orig_auth_tokens || ((@allowed_tokens - @orig_auth_tokens).length > 0)
         end
@@ -74,25 +74,33 @@ module Rack
           settings["bt"] = @backtrace_level     if @backtrace_level
           settings["a"] = @allowed_tokens.join("|") if @allowed_tokens && MiniProfiler.request_authorized?
           settings_string = settings.map { |k, v| "#{k}=#{v}" }.join(",")
-          cookie = { value: settings_string, path: '/', httponly: true }
+          cookie = { value: settings_string, path: MiniProfiler.config.cookie_path, httponly: true }
           cookie[:secure] = true if @request.ssl?
+          cookie[:same_site] = 'Lax'
           Rack::Utils.set_cookie_header!(headers, COOKIE_NAME, cookie)
         end
       end
 
       def discard_cookie!(headers)
         if @cookie
-          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, path: '/')
+          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, path: MiniProfiler.config.cookie_path)
         end
       end
 
       def has_valid_cookie?
         valid_cookie = !@cookie.nil?
 
-        if (MiniProfiler.config.authorization_mode == :whitelist)
-          @allowed_tokens ||= @store.allowed_tokens
+        if (MiniProfiler.config.authorization_mode == :allow_authorized) && valid_cookie
+          begin
+            @allowed_tokens ||= @store.allowed_tokens
+          rescue => e
+            if MiniProfiler.config.storage_failure != nil
+              MiniProfiler.config.storage_failure.call(e)
+            end
+          end
 
-          valid_cookie = (Array === @orig_auth_tokens) &&
+          valid_cookie = @allowed_tokens &&
+            (Array === @orig_auth_tokens) &&
             ((@allowed_tokens & @orig_auth_tokens).length > 0)
         end
 

data/lib/mini_profiler/config.rb

@@ -17,6 +17,7 @@ module Rack
         new.instance_eval {
           @auto_inject      = true # automatically inject on every html page
           @base_url_path    = "/mini-profiler-resources/".dup
+          @cookie_path      = "/".dup
           @disable_caching  = true
           # called prior to rack chain, to ensure we are allowed to profile
           @pre_authorize_cb = lambda { |env| true }
@@ -28,15 +29,19 @@ module Rack
           @authorization_mode     = :allow_all
           @backtrace_threshold_ms = 0
           @flamegraph_sample_rate = 0.5
+          @flamegraph_mode = :wall
           @storage_failure = Proc.new do |exception|
             if @logger
               @logger.warn("MiniProfiler storage failure: #{exception.message}")
             end
           end
           @enabled = true
-          @disable_env_dump = false
           @max_sql_param_length = 0 # disable sql parameter collection by default
           @skip_sql_param_names = /password/ # skips parameters with the name password by default
+          @enable_advanced_debugging_tools = false
+          @snapshot_every_n_requests = -1
+          @max_snapshot_groups = 50
+          @max_snapshots_per_group = 15
 
           # ui parameters
           @autorized            = true
@@ -47,9 +52,17 @@ module Rack
           @show_trivial         = false
           @show_total_sql_count = false
           @start_hidden         = false
-          @toggle_shortcut      = 'Alt+P'
+          @toggle_shortcut      = 'alt+p'
           @html_container       = 'body'
           @position             = "top-left"
+          @snapshot_hidden_custom_fields = []
+          @snapshots_transport_destination_url = nil
+          @snapshots_transport_auth_key = nil
+          @snapshots_redact_sql_queries = true
+          @snapshots_transport_gzip_requests = false
+          @enable_hotwire_turbo_drive_support = false
+
+          @profile_parameter = "pp"
 
           self
         }
@@ -57,20 +70,53 @@ module Rack
 
       attr_accessor :authorization_mode, :auto_inject, :backtrace_ignores,
         :backtrace_includes, :backtrace_remove, :backtrace_threshold_ms,
-        :base_url_path, :disable_caching, :disable_env_dump, :enabled,
+        :base_url_path, :cookie_path, :disable_caching, :enabled,
         :flamegraph_sample_rate, :logger, :pre_authorize_cb, :skip_paths,
         :skip_schema_queries, :storage, :storage_failure, :storage_instance,
-        :storage_options, :user_provider
-      attr_accessor :skip_sql_param_names, :suppress_encoding, :max_sql_param_length
+        :storage_options, :user_provider, :enable_advanced_debugging_tools,
+        :skip_sql_param_names, :suppress_encoding, :max_sql_param_length,
+        :content_security_policy_nonce, :enable_hotwire_turbo_drive_support,
+        :flamegraph_mode, :profile_parameter
 
       # ui accessors
       attr_accessor :collapse_results, :max_traces_to_show, :position,
         :show_children, :show_controls, :show_trivial, :show_total_sql_count,
         :start_hidden, :toggle_shortcut, :html_container
 
+      # snapshot related config
+      attr_accessor :snapshot_every_n_requests, :max_snapshots_per_group,
+        :snapshot_hidden_custom_fields, :snapshots_transport_destination_url,
+        :snapshots_transport_auth_key, :snapshots_redact_sql_queries,
+        :snapshots_transport_gzip_requests, :max_snapshot_groups
+
       # Deprecated options
       attr_accessor :use_existing_jquery
 
+      attr_reader :assets_url
+
+      # redefined - since the accessor defines it first
+      undef :authorization_mode=
+      def authorization_mode=(mode)
+        if mode == :whitelist
+          warn "[DEPRECATION] `:whitelist` authorization mode is deprecated. Please use `:allow_authorized` instead."
+
+          mode = :allow_authorized
+        end
+
+        warn <<~DEP unless mode == :allow_authorized || mode == :allow_all
+          [DEPRECATION] unknown authorization mode #{mode}. Expected `:allow_all` or `:allow_authorized`.
+        DEP
+
+        @authorization_mode = mode
+      end
+
+      def assets_url=(lmbda)
+        if defined?(Rack::MiniProfilerRails)
+          Rack::MiniProfilerRails.create_engine
+        end
+        @assets_url = lmbda
+      end
+
       def vertical_position
         position.include?('bottom') ? 'bottom' : 'top'
       end

data/lib/mini_profiler/gc_profiler.rb

@@ -151,7 +151,7 @@ String stats:
       body << "#{count} : #{string}\n"
     end
 
-    return [200, { 'Content-Type' => 'text/plain' }, body]
+    [200, { 'Content-Type' => 'text/plain' }, body]
   ensure
     prev_gc_state ? GC.disable : GC.enable
   end

data/lib/mini_profiler/profiling_methods.rb

@@ -7,7 +7,14 @@ module Rack
       def record_sql(query, elapsed_ms, params = nil)
         return unless current && current.current_timer
         c = current
-        c.current_timer.add_sql(query, elapsed_ms, c.page_struct, params, c.skip_backtrace, c.full_backtrace)
+        c.current_timer.add_sql(
+          redact_sql_queries? ? nil : query,
+          elapsed_ms,
+          c.page_struct,
+          redact_sql_queries? ? nil : params,
+          c.skip_backtrace,
+          c.full_backtrace
+        )
       end
 
       def start_step(name)
@@ -108,15 +115,18 @@ module Rack
             end
           end
         end
+        if klass.respond_to?(:ruby2_keywords, true)
+          klass.send(:ruby2_keywords, with_profiling)
+        end
         klass.send :alias_method, method, with_profiling
       end
 
       def profile_singleton_method(klass, method, type = :profile, &blk)
-        profile_method(singleton_class(klass), method, type, &blk)
+        profile_method(klass.singleton_class, method, type, &blk)
       end
 
       def unprofile_singleton_method(klass, method)
-        unprofile_method(singleton_class(klass), method)
+        unprofile_method(klass.singleton_class, method)
       end
 
       # Add a custom timing. These are displayed similar to SQL/query time in
@@ -144,14 +154,9 @@ module Rack
 
       private
 
-      def singleton_class(klass)
-        class << klass; self; end
-      end
-
       def clean_method_name(method)
         method.to_s.gsub(/[\?\!]/, "")
       end
-
     end
   end
 end

data/lib/mini_profiler/snapshots_transporter.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+class ::Rack::MiniProfiler::SnapshotsTransporter
+  @@transported_snapshots_count = 0
+  @@successful_http_requests_count = 0
+  @@failed_http_requests_count = 0
+
+  class << self
+    def transported_snapshots_count
+      @@transported_snapshots_count
+    end
+    def successful_http_requests_count
+      @@successful_http_requests_count
+    end
+    def failed_http_requests_count
+      @@failed_http_requests_count
+    end
+
+    def transport(snapshot)
+      @transporter ||= self.new(Rack::MiniProfiler.config)
+      @transporter.ship(snapshot)
+    end
+  end
+
+  attr_reader :buffer
+  attr_accessor :max_buffer_size, :gzip_requests
+
+  def initialize(config)
+    @uri = URI(config.snapshots_transport_destination_url)
+    @auth_key = config.snapshots_transport_auth_key
+    @gzip_requests = config.snapshots_transport_gzip_requests
+    @thread = nil
+    @thread_mutex = Mutex.new
+    @buffer = []
+    @buffer_mutex = Mutex.new
+    @max_buffer_size = 100
+    @consecutive_failures_count = 0
+    @testing = false
+  end
+
+  def ship(snapshot)
+    @buffer_mutex.synchronize do
+      @buffer << snapshot
+      @buffer.shift if @buffer.size > @max_buffer_size
+    end
+    @thread_mutex.synchronize { start_thread }
+  end
+
+  def flush_buffer
+    buffer_content = @buffer_mutex.synchronize do
+      @buffer.dup if @buffer.size > 0
+    end
+    if buffer_content
+      headers = {
+        'Content-Type' => 'application/json',
+        'Mini-Profiler-Transport-Auth' => @auth_key
+      }
+      json = { snapshots: buffer_content }.to_json
+      body = if @gzip_requests
+        require 'zlib'
+        io = StringIO.new
+        gzip_writer = Zlib::GzipWriter.new(io)
+        gzip_writer.write(json)
+        gzip_writer.close
+        headers['Content-Encoding'] = 'gzip'
+        io.string
+      else
+        json
+      end
+      request = Net::HTTP::Post.new(@uri, headers)
+      request.body = body
+      http = Net::HTTP.new(@uri.hostname, @uri.port)
+      http.use_ssl = @uri.scheme == 'https'
+      res = http.request(request)
+      if res.code.to_i == 200
+        @@successful_http_requests_count += 1
+        @@transported_snapshots_count += buffer_content.size
+        @buffer_mutex.synchronize do
+          @buffer -= buffer_content
+        end
+        @consecutive_failures_count = 0
+      else
+        @@failed_http_requests_count += 1
+        @consecutive_failures_count += 1
+      end
+    end
+  end
+
+  def requests_interval
+    [30 + backoff_delay, 60 * 60].min
+  end
+
+  private
+
+  def backoff_delay
+    return 0 if @consecutive_failures_count == 0
+    2**@consecutive_failures_count
+  end
+
+  def start_thread
+    return if @thread&.alive? || @testing
+    @thread = Thread.new do
+      while true
+        sleep requests_interval
+        flush_buffer
+      end
+    end
+  end
+end

data/lib/mini_profiler/storage/abstract_store.rb

@@ -36,11 +36,62 @@ module Rack
         ""
       end
 
-      # a list of tokens that are permitted to access profiler in whitelist mode
+      # a list of tokens that are permitted to access profiler in explicit mode
       def allowed_tokens
         raise NotImplementedError.new("allowed_tokens is not implemented")
       end
 
+      def should_take_snapshot?(period)
+        raise NotImplementedError.new("should_take_snapshot? is not implemented")
+      end
+
+      def push_snapshot(page_struct, group_name, config)
+        raise NotImplementedError.new("push_snapshot is not implemented")
+      end
+
+      # returns a hash where the keys are group names and the values
+      # are hashes that contain 3 keys:
+      #   1. `:worst_score` => the duration of the worst/slowest snapshot in the group (float)
+      #   2. `:best_score` => the duration of the best/fastest snapshot in the group (float)
+      #   3. `:snapshots_count` => the number of snapshots in the group (integer)
+      def fetch_snapshots_overview
+        raise NotImplementedError.new("fetch_snapshots_overview is not implemented")
+      end
+
+      # @param group_name [String]
+      # @return [Array<Rack::MiniProfiler::TimerStruct::Page>] list of snapshots of the group. Blank array if the group doesn't exist.
+      def fetch_snapshots_group(group_name)
+        raise NotImplementedError.new("fetch_snapshots_group is not implemented")
+      end
+
+      def load_snapshot(id, group_name)
+        raise NotImplementedError.new("load_snapshot is not implemented")
+      end
+
+      def snapshots_overview
+        groups = fetch_snapshots_overview.to_a
+        groups.sort_by! { |name, hash| hash[:worst_score] }
+        groups.reverse!
+        groups.map! { |name, hash| hash.merge(name: name) }
+        groups
+      end
+
+      def snapshots_group(group_name)
+        snapshots = fetch_snapshots_group(group_name)
+        data = []
+        snapshots.each do |snapshot|
+          data << {
+            id: snapshot[:id],
+            duration: snapshot.duration_ms,
+            sql_count: snapshot[:sql_count],
+            timestamp: snapshot[:started_at],
+            custom_fields: snapshot[:custom_fields]
+          }
+        end
+        data.sort_by! { |s| s[:duration] }
+        data.reverse!
+        data
+      end
     end
   end
 end

data/lib/mini_profiler/storage/file_store.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'securerandom'
+
 module Rack
   class MiniProfiler
     class FileStore < AbstractStore
@@ -17,9 +19,11 @@ module Rack
         def [](key)
           begin
             data = ::File.open(path(key), "rb") { |f| f.read }
-            return Marshal.load data
+            # rubocop:disable Security/MarshalLoad
+            Marshal.load data
+            # rubocop:enable Security/MarshalLoad
           rescue
-            return nil
+            nil
           end
         end
 
@@ -31,7 +35,7 @@ module Rack
         end
 
         private
-        if RUBY_PLATFORM =~ /mswin(?!ce)|mingw|cygwin|bccwin/
+        if Gem.win_platform?
           def path(key)
             @path.dup << "/" << @prefix << "_" << key.gsub(/:/, '_')
           end

data/lib/mini_profiler/storage/memcache_store.rb

@@ -10,8 +10,10 @@ module Rack
       def initialize(args = nil)
         require 'dalli' unless defined? Dalli
         args ||= {}
+
         @prefix = args[:prefix] || "MPMemcacheStore"
         @prefix += "-#{Rack::MiniProfiler::VERSION}"
+
         @client             = args[:client]     || Dalli::Client.new
         @expires_in_seconds = args[:expires_in] || EXPIRES_IN_SECONDS
       end
@@ -22,7 +24,9 @@ module Rack
 
       def load(id)
         raw = @client.get("#{@prefix}#{id}")
-        Marshal::load(raw) if raw
+        # rubocop:disable Security/MarshalLoad
+        Marshal.load(raw) if raw
+        # rubocop:enable Security/MarshalLoad
       end
 
       def set_unviewed(user, id)
@@ -63,14 +67,16 @@ module Rack
         key1, key2, cycle_at = nil
 
         if token_info
-          key1, key2, cycle_at = Marshal::load(token_info)
+          # rubocop:disable Security/MarshalLoad
+          key1, key2, cycle_at = Marshal.load(token_info)
+          # rubocop:enable Security/MarshalLoad
 
-           key1 = nil unless key1 && key1.length == 32
-           key2 = nil unless key2 && key2.length == 32
+          key1 = nil unless key1 && key1.length == 32
+          key2 = nil unless key2 && key2.length == 32
 
-           if key1 && cycle_at && (cycle_at > Process.clock_gettime(Process::CLOCK_MONOTONIC))
-             return [key1, key2].compact
-           end
+          if key1 && cycle_at && (cycle_at > Process.clock_gettime(Process::CLOCK_MONOTONIC))
+            return [key1, key2].compact
+          end
         end
 
         timeout = Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE

data/lib/mini_profiler/storage/memory_store.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'securerandom'
+
 module Rack
   class MiniProfiler
     class MemoryStore < AbstractStore
@@ -52,17 +54,22 @@ module Rack
         @expires_in_seconds = args.fetch(:expires_in) { EXPIRES_IN_SECONDS }
 
         @token1, @token2, @cycle_at = nil
+        @snapshots_cycle = 0
+        @snapshot_groups = {}
+        @snapshots = []
 
         initialize_locks
         initialize_cleanup_thread(args)
       end
 
       def initialize_locks
-        @token_lock = Mutex.new
-        @timer_struct_lock  = Mutex.new
-        @user_view_lock     = Mutex.new
-        @timer_struct_cache = {}
-        @user_view_cache    = {}
+        @token_lock           = Mutex.new
+        @timer_struct_lock    = Mutex.new
+        @user_view_lock       = Mutex.new
+        @snapshots_cycle_lock = Mutex.new
+        @snapshots_lock       = Mutex.new
+        @timer_struct_cache   = {}
+        @user_view_cache      = {}
       end
 
       #FIXME: use weak ref, trouble it may be broken in 1.9 so need to use the 'ref' gem
@@ -135,6 +142,92 @@ module Rack
 
         end
       end
+
+      def should_take_snapshot?(period)
+        @snapshots_cycle_lock.synchronize do
+          @snapshots_cycle += 1
+          if @snapshots_cycle % period == 0
+            @snapshots_cycle = 0
+            true
+          else
+            false
+          end
+        end
+      end
+
+      def push_snapshot(page_struct, group_name, config)
+        @snapshots_lock.synchronize do
+          group = @snapshot_groups[group_name]
+          if !group
+            @snapshot_groups[group_name] = {
+              worst_score: page_struct.duration_ms,
+              best_score: page_struct.duration_ms,
+              snapshots: [page_struct]
+            }
+            if @snapshot_groups.size > config.max_snapshot_groups
+              group_keys = @snapshot_groups.keys
+              group_keys.sort_by! do |key|
+                @snapshot_groups[key][:worst_score]
+              end
+              group_keys.reverse!
+              group_keys.pop(group_keys.size - config.max_snapshot_groups)
+              @snapshot_groups = @snapshot_groups.slice(*group_keys)
+            end
+          else
+            snapshots = group[:snapshots]
+            snapshots << page_struct
+            snapshots.sort_by!(&:duration_ms)
+            snapshots.reverse!
+            if snapshots.size > config.max_snapshots_per_group
+              snapshots.pop(snapshots.size - config.max_snapshots_per_group)
+            end
+            group[:worst_score] = snapshots[0].duration_ms
+            group[:best_score] = snapshots[-1].duration_ms
+          end
+        end
+      end
+
+      def fetch_snapshots_overview
+        @snapshots_lock.synchronize do
+          groups = {}
+          @snapshot_groups.each do |name, group|
+            groups[name] = {
+              worst_score: group[:worst_score],
+              best_score: group[:best_score],
+              snapshots_count: group[:snapshots].size
+            }
+          end
+          groups
+        end
+      end
+
+      def fetch_snapshots_group(group_name)
+        @snapshots_lock.synchronize do
+          group = @snapshot_groups[group_name]
+          if group
+            group[:snapshots].dup
+          else
+            []
+          end
+        end
+      end
+
+      def load_snapshot(id, group_name)
+        @snapshots_lock.synchronize do
+          group = @snapshot_groups[group_name]
+          if group
+            group[:snapshots].find { |s| s[:id] == id }
+          end
+        end
+      end
+
+      private
+
+      # used in tests only
+      def wipe_snapshots_data
+        @snapshots_cycle = 0
+        @snapshot_groups = {}
+      end
     end
   end
 end