rack-mini-profiler 2.3.3 → 2.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ff9200889e574b3f90f901b90b88fe05f0c48993c945fc5dac37c2f1d86e693
-  data.tar.gz: bdca4fb3ada1b7c56525753b9eaa6430389f309a76152e3f8a7e0c9297463bea
+  metadata.gz: 6021effb717c193c4c70b3ac7a3550fd99c9abfd19432ac0ab9db63f62b11321
+  data.tar.gz: 8bce19855d2f6d908339e3108201282c519b4d8ad99b8e7e90dad9d3f718c929
 SHA512:
-  metadata.gz: 43b8c69b37ba90c80c31d8d410b05dda421322d5c6d1f45654807b526f7d990bec54eaa711aa34bbf43141831453a75543b3a27189103ea3f3bcbac7f3f4101a
-  data.tar.gz: bed607b319c32d85838767f7de608031411d7513fcbd8866d2d67feb44253b997e389671a903b192be07e04d1c018069ab835536de47ada14ad3af8bf89739d9
+  metadata.gz: 0c4354c194a6fa6018c57162e24e1cee85de7f296e45cd6182360b39abeb803b29a14674e2dfe93b3ba5d9bcb192814de8d091ad6b7db20d71af95e2cddcf4eb
+  data.tar.gz: e3c7f4da5fd5c79bfdb4c3582b50a38346d38784bfd92c6e7ce3fa41713104c74b6ad5622084d42624011ef850533c403002664f44ad7f6e1b1ac16a245c633b

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## 2.3.4 - 2022-02-23
+
+- [FEATURE] Add cookie path support for subfolder sites
+- [FIX] Remove deprecated uses of Redis#pipelined
+
 ## 2.3.3 - 2021-08-30
 
 - [FEATURE] Introduce `pp=flamegraph_mode`

data/README.md

@@ -166,14 +166,11 @@ export RACK_MINI_PROFILER_PATCH="false"
 
 ### Flamegraphs
 
-To generate [flamegraphs](http://samsaffron.com/archive/2013/03/19/flame-graphs-in-ruby-miniprofiler):
+To generate [flamegraphs](http://samsaffron.com/archive/2013/03/19/flame-graphs-in-ruby-miniprofiler), add the [**stackprof**](https://rubygems.org/gems/stackprof) gem to your Gemfile.
 
-* add the [**stackprof**](https://rubygems.org/gems/stackprof) gem to your Gemfile
-* visit a page in your app with `?pp=flamegraph`
+Then, to view the flamegraph as a direct HTML response from your request, just visit any page in your app with `?pp=flamegraph` appended to the URL. 
 
-To store flamegraph data for later viewing, append the `?pp=async-flamegraph` parameter. The request will return as normal.
-Flamegraph data for this request, and all subsequent requests made by this page (based on the `REFERER` header) will be stored.
-'flamegraph' links will appear for these requests in the MiniProfiler UI.
+Conversely, if you want your regular response instead (which is specially useful for JSON and/or XHR requests), just append the `?pp=async-flamegraph` parameter to your request/fetch URL; the request will then return as normal, and the flamegraph data will be stored for later *async* viewing, both for this request and for all subsequent requests made by this page (based on the `REFERER` header). For viewing these async flamegraphs, use the 'flamegraph' link that will appear inside the MiniProfiler UI for these requests.
 
 Note: Mini Profiler will not record SQL timings for a request if it asks for a flamegraph. The rationale behind this is to keep
 Mini Profiler's methods that are responsible for generating the timings data out of the flamegraph.
@@ -350,19 +347,41 @@ Single page applications built using Ember, Angular or other frameworks need som
 On route transition always call:
 
 ```
-window.MiniProfiler.pageTransition();
+if (window.MiniProfiler !== undefined) {
+  window.MiniProfiler.pageTransition();
+}
 ```
 
 This method will remove profiling information that was related to previous page and clear aggregate statistics.
 
 #### MiniProfiler's speed badge on pages that are not generated via Rails
-You need to inject the following in your SPA to load MiniProfiler's speed badge ([extra details surrounding this script](https://github.com/MiniProfiler/rack-mini-profiler/issues/139#issuecomment-192880706)):
+You need to inject the following in your SPA to load MiniProfiler's speed badge ([extra details surrounding this script](https://github.com/MiniProfiler/rack-mini-profiler/issues/139#issuecomment-192880706) and [credit for the script tag](https://github.com/MiniProfiler/rack-mini-profiler/issues/479#issue-782488320) to [@ivanyv](https://github.com/ivanyv)):
 
 ```html
- <script async type="text/javascript" id="mini-profiler" src="/mini-profiler-resources/includes.js?v=12b4b45a3c42e6e15503d7a03810ff33" data-version="12b4b45a3c42e6e15503d7a03810ff33" data-path="/mini-profiler-resources/" data-current-id="redo66j4g1077kto8uh3" data-ids="redo66j4g1077kto8uh3" data-horizontal-position="left" data-vertical-position="top" data-trivial="false" data-children="false" data-max-traces="10" data-controls="false" data-authorized="true" data-toggle-shortcut="Alt+P" data-start-hidden="false" data-collapse-results="true"></script>
-```
-
-_Note:_ The GUID (`data-version` and the `?v=` parameter on the `src`) will change with each release of `rack_mini_profiler`. The MiniProfiler's speed badge will continue to work, although you will have to change the GUID to expire the script to fetch the most recent version.
+ <script type="text/javascript" id="mini-profiler"
+        src="/mini-profiler-resources/includes.js?v=12b4b45a3c42e6e15503d7a03810ff33"
+        data-css-url="/mini-profiler-resources/includes.css?v=12b4b45a3c42e6e15503d7a03810ff33"
+        data-version="12b4b45a3c42e6e15503d7a03810ff33"
+        data-path="/mini-profiler-resources/"
+        data-horizontal-position="left"
+        data-vertical-position="top"
+        data-ids=""
+        data-trivial="false"
+        data-children="false"
+        data-max-traces="20"
+        data-controls="false"
+        data-total-sql-count="false"
+        data-authorized="true"
+        data-toggle-shortcut="alt+p"
+        data-start-hidden="false"
+        data-collapse-results="true"
+        data-html-container="body"
+        data-hidden-custom-fields></script>
+```
+
+See an [example of how to do this in a React useEffect](https://gist.github.com/katelovescode/01cfc2b962c165193b160fd10af6c4d5).
+
+_Note:_ The GUID (`data-version` and the `?v=` parameter on the `src` and `data-css-url`) will change with each release of `rack_mini_profiler`. The MiniProfiler's speed badge will continue to work, although you will have to change the GUID to expire the script to fetch the most recent version.
 
 #### Using MiniProfiler's built in route for apps without HTML responses
 MiniProfiler also ships with a `/rack-mini-profiler/requests` route that displays the speed badge on a blank HTML page. This can be useful when profiling an application that does not render HTML.
@@ -403,11 +422,12 @@ backtrace_threshold_ms|`0`|Minimum SQL query elapsed time before a backtrace is
 flamegraph_sample_rate|`0.5`|How often to capture stack traces for flamegraphs in milliseconds.
 flamegraph_mode|`:wall`|The [StackProf mode](https://github.com/tmm1/stackprof#all-options) to pass to `StackProf.run`.
 base_url_path|`'/mini-profiler-resources/'`|Path for assets; added as a prefix when naming assets and sought when responding to requests.
+cookie_path|`'/'`|Set-Cookie header path for profile cookie
 collapse_results|`true`|If multiple timing results exist in a single page, collapse them till clicked.
 max_traces_to_show|20|Maximum number of mini profiler timing blocks to show on one page
 html_container|`body`|The HTML container (as a jQuery selector) to inject the mini_profiler UI into
 show_total_sql_count|`false`|Displays the total number of SQL executions.
-enable_advanced_debugging_tools|`false`|Enables sensitive debugging tools that can be used via the UI. In production we recommend keeping this disabled as memory and environment debugging tools can expose contents of memory that may contain passwords.
+enable_advanced_debugging_tools|`false`|Enables sensitive debugging tools that can be used via the UI. In production we recommend keeping this disabled as memory and environment debugging tools can expose contents of memory that may contain passwords. Defaults to `true` in development.
 assets_url|`nil`|See the "Register MiniProfiler's assets in the Rails assets pipeline" section above.
 snapshot_every_n_requests|`-1`|Determines how frequently snapshots are taken. See the "Snapshots Sampling" above for more details.
 snapshots_limit|`1000`|Determines how many snapshots Mini Profiler is allowed to keep.

data/lib/mini_profiler/client_settings.rb

@@ -74,7 +74,7 @@ module Rack
           settings["bt"] = @backtrace_level     if @backtrace_level
           settings["a"] = @allowed_tokens.join("|") if @allowed_tokens && MiniProfiler.request_authorized?
           settings_string = settings.map { |k, v| "#{k}=#{v}" }.join(",")
-          cookie = { value: settings_string, path: '/', httponly: true }
+          cookie = { value: settings_string, path: MiniProfiler.config.cookie_path, httponly: true }
           cookie[:secure] = true if @request.ssl?
           cookie[:same_site] = 'Lax'
           Rack::Utils.set_cookie_header!(headers, COOKIE_NAME, cookie)
@@ -83,7 +83,7 @@ module Rack
 
       def discard_cookie!(headers)
         if @cookie
-          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, path: '/')
+          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, path: MiniProfiler.config.cookie_path)
         end
       end
 

data/lib/mini_profiler/config.rb

@@ -17,6 +17,7 @@ module Rack
         new.instance_eval {
           @auto_inject      = true # automatically inject on every html page
           @base_url_path    = "/mini-profiler-resources/".dup
+          @cookie_path      = "/".dup
           @disable_caching  = true
           # called prior to rack chain, to ensure we are allowed to profile
           @pre_authorize_cb = lambda { |env| true }
@@ -66,7 +67,7 @@ module Rack
 
       attr_accessor :authorization_mode, :auto_inject, :backtrace_ignores,
         :backtrace_includes, :backtrace_remove, :backtrace_threshold_ms,
-        :base_url_path, :disable_caching, :enabled,
+        :base_url_path, :cookie_path, :disable_caching, :enabled,
         :flamegraph_sample_rate, :logger, :pre_authorize_cb, :skip_paths,
         :skip_schema_queries, :storage, :storage_failure, :storage_instance,
         :storage_options, :user_provider, :enable_advanced_debugging_tools,

data/lib/mini_profiler/profiler.rb

@@ -773,7 +773,7 @@ This is the help menu of the <a href='#{Rack::MiniProfiler::SOURCE_CODE_URI}'>ra
       end
 
       # TODO : cache this snippet
-      script = IO.read(::File.expand_path('../html/profile_handler.js', ::File.dirname(__FILE__)))
+      script = ::File.read(::File.expand_path('../html/profile_handler.js', ::File.dirname(__FILE__)))
       # replace the variables
       settings.each do |k, v|
         regex = Regexp.new("\\{#{k.to_s}\\}")

data/lib/mini_profiler/storage/file_store.rb

@@ -17,7 +17,9 @@ module Rack
         def [](key)
           begin
             data = ::File.open(path(key), "rb") { |f| f.read }
+            # rubocop:disable Security/MarshalLoad
             Marshal.load data
+            # rubocop:enable Security/MarshalLoad
           rescue
             nil
           end

data/lib/mini_profiler/storage/memcache_store.rb

@@ -24,7 +24,9 @@ module Rack
 
       def load(id)
         raw = @client.get("#{@prefix}#{id}")
-        Marshal::load(raw) if raw
+        # rubocop:disable Security/MarshalLoad
+        Marshal.load(raw) if raw
+        # rubocop:enable Security/MarshalLoad
       end
 
       def set_unviewed(user, id)
@@ -65,14 +67,16 @@ module Rack
         key1, key2, cycle_at = nil
 
         if token_info
-          key1, key2, cycle_at = Marshal::load(token_info)
+          # rubocop:disable Security/MarshalLoad
+          key1, key2, cycle_at = Marshal.load(token_info)
+          # rubocop:enable Security/MarshalLoad
 
-           key1 = nil unless key1 && key1.length == 32
-           key2 = nil unless key2 && key2.length == 32
+          key1 = nil unless key1 && key1.length == 32
+          key2 = nil unless key2 && key2.length == 32
 
-           if key1 && cycle_at && (cycle_at > Process.clock_gettime(Process::CLOCK_MONOTONIC))
-             return [key1, key2].compact
-           end
+          if key1 && cycle_at && (cycle_at > Process.clock_gettime(Process::CLOCK_MONOTONIC))
+            return [key1, key2].compact
+          end
         end
 
         timeout = Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE

data/lib/mini_profiler/storage/redis_store.rb

@@ -25,7 +25,9 @@ module Rack
         key = prefixed_id(id)
         raw = redis.get key
         begin
-          Marshal::load(raw) if raw
+          # rubocop:disable Security/MarshalLoad
+          Marshal.load(raw) if raw
+          # rubocop:enable Security/MarshalLoad
         rescue
           # bad format, junk old data
           redis.del key
@@ -177,7 +179,9 @@ unviewed_ids: #{get_unviewed_ids(user)}
           batch = redis.mapped_hmget(hash_key, *ids).to_a
           batch.map! do |id, bytes|
             begin
+              # rubocop:disable Security/MarshalLoad
               Marshal.load(bytes)
+              # rubocop:enable Security/MarshalLoad
             rescue
               corrupt_snapshots << id
               nil
@@ -189,9 +193,9 @@ unviewed_ids: #{get_unviewed_ids(user)}
           iteration += 1
         end
         if corrupt_snapshots.size > 0
-          redis.pipelined do
-            redis.zrem(zset_key, corrupt_snapshots)
-            redis.hdel(hash_key, corrupt_snapshots)
+          redis.pipelined do |pipeline|
+            pipeline.zrem(zset_key, corrupt_snapshots)
+            pipeline.hdel(hash_key, corrupt_snapshots)
           end
         end
       end
@@ -200,11 +204,13 @@ unviewed_ids: #{get_unviewed_ids(user)}
         hash_key = snapshot_hash_key()
         bytes = redis.hget(hash_key, id)
         begin
+          # rubocop:disable Security/MarshalLoad
           Marshal.load(bytes)
+          # rubocop:enable Security/MarshalLoad
         rescue
-          redis.pipelined do
-            redis.zrem(snapshot_zset_key(), id)
-            redis.hdel(hash_key, id)
+          redis.pipelined do |pipeline|
+            pipeline.zrem(snapshot_zset_key(), id)
+            pipeline.hdel(hash_key, id)
           end
           nil
         end
@@ -253,11 +259,11 @@ unviewed_ids: #{get_unviewed_ids(user)}
 
       # only used in tests
       def wipe_snapshots_data
-        redis.pipelined do
-          redis.del(snapshot_counter_key())
-          redis.del(snapshot_zset_key())
-          redis.del(snapshot_hash_key())
-        end
+        redis.del(
+          snapshot_counter_key(),
+          snapshot_zset_key(),
+          snapshot_hash_key(),
+        )
       end
     end
   end

data/lib/mini_profiler/version.rb

@@ -2,7 +2,7 @@
 
 module Rack
   class MiniProfiler
-    VERSION = '2.3.3'
+    VERSION = '2.3.4'
     SOURCE_CODE_URI = 'https://github.com/MiniProfiler/rack-mini-profiler'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-mini-profiler
 version: !ruby/object:Gem::Version
-  version: 2.3.3
+  version: 2.3.4
 platform: ruby
 authors:
 - Sam Saffron
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-30 00:00:00.000000000 Z
+date: 2022-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack