rack-mini-profiler 0.9.9.2 → 0.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a2b10bd196bae4ba4dd1b18d3bdf54744e895f86
-  data.tar.gz: 33866dddf039f21eca7380c23fd31a09071d8666
+  metadata.gz: ba607e06976028497914287036a4b96012892cc5
+  data.tar.gz: b4427269223c942280e544847be135d1fdd51943
 SHA512:
-  metadata.gz: 010b6b5b681db1dc8fddab3100c450a533be17b53290d07e9fafd89e29ac3fe6c6659371b978796455ebc8c6131192c1386186f1285abb81e5a1ccffcfe9e79a
-  data.tar.gz: 9cacdd67dc52d42556e6e0793d76675bf3bbc0ed27a748cd6f407b5996dc7a2f437e7ed559f905620ed267595bf3f79cf5744b25f5b4b7fd9f527c9c4b2bdf10
+  metadata.gz: 32f96b3ba1bb3667417e0255130aee336780167f28b06209b026ae5ccbe87542e5c100bd3297f178ead24a90deb27b460cdf90f409b63da2ba705cc7bb2fabfa
+  data.tar.gz: c62db46c5de3423581d3f0f2ca466f338b4d390d6bdad9f3bc0e8cb7a3f210ef24295ff0dfcd85925608c6bc05f85b0f5abcccd7a17ae0e053bb658faafd01be

data/CHANGELOG.md

@@ -1,6 +1,9 @@
 # CHANGELOG
 
-## 
+## 0.10.1 2016-05-18
+
+- [FEATURE] push forward the security checks so no work is ever done if a valid production
+    cookie is not available (@sam)
 
 ## 0.9.9.2 2016-03-06
 

data/README.md

@@ -196,6 +196,15 @@ window.MiniProfiler.pageTransition();
 
 This method will remove profiling information that was related to previous page and clear aggregate statistics.
 
+#### MiniProfiler's speed badge on pages that are not generated via Rails
+You need to inject the following in your SPA to load MiniProfiler's speed badge ([extra details surrounding this script](https://github.com/MiniProfiler/rack-mini-profiler/issues/139#issuecomment-192880706)):
+
+```html
+ <script async type="text/javascript" id="mini-profiler" src="/mini-profiler-resources/includes.js?v=12b4b45a3c42e6e15503d7a03810ff33" data-version="12b4b45a3c42e6e15503d7a03810ff33" data-path="/mini-profiler-resources/" data-current-id="redo66j4g1077kto8uh3" data-ids="redo66j4g1077kto8uh3" data-position="left" data-trivial="false" data-children="false" data-max-traces="10" data-controls="false" data-authorized="true" data-toggle-shortcut="Alt+P" data-start-hidden="false" data-collapse-results="true"></script>
+```
+
+_Note:_ The GUID (`data-version` and the `?v=` parameter on the `src`) will change with each release of `rack_mini_profiler`. The MiniProfiler's speed badge will continue to work, although you will have to change the GUID to expire the script to fetch the most recent version.
+
 ### Configuration Options
 
 You can set configuration options using the configuration accessor on `Rack::MiniProfiler`.
@@ -220,10 +229,11 @@ backtrace_remove|rails: `Rails.root`<br>Rack: `nil`|A string or regex to remove
 toggle_shortcut|Alt+P|Keyboard shortcut to toggle the mini_profiler's visibility. See [jquery.hotkeys](https://github.com/jeresig/jquery.hotkeys).
 start_hidden|`false`|`false` to make mini_profiler visible on page load.
 backtrace_threshold_ms|`0`|Minimum SQL query elapsed time before a backtrace is recorded. Backtrace recording can take a couple of milliseconds on rubies earlier than 2.0, impacting performance for very small queries.
-flamegraph_sample_rate|`0.5ms`|How often to capture stack traces for flamegraphs.
+flamegraph_sample_rate|`0.5`|How often to capture stack traces for flamegraphs in milliseconds.
 disable_env_dump|`false`|`true` disables `?pp=env`, which prevents sending ENV vars over HTTP.
 base_url_path|`'/mini-profiler-resources/'`|Path for assets; added as a prefix when naming assets and sought when responding to requests.
 collapse_results|`true`|If multiple timing results exist in a single page, collapse them till clicked.
+max_traces_to_show|20|Maximum number of mini profiler timing blocks to show on one page
 
 ### Custom middleware ordering (required if using `Rack::Deflate` with Rails)
 

data/lib/mini_profiler/client_settings.rb

@@ -12,39 +12,90 @@ module Rack
       attr_accessor :backtrace_level
 
 
-      def initialize(env)
+      def initialize(env, store, start)
         request = ::Rack::Request.new(env)
         @cookie = request.cookies[COOKIE_NAME]
+        @store = store
+        @start = start
+
+        @allowed_tokens, @orig_auth_tokens = nil
+
         if @cookie
           @cookie.split(",").map{|pair| pair.split("=")}.each do |k,v|
             @orig_disable_profiling = @disable_profiling = (v=='t') if k == "dp"
             @backtrace_level = v.to_i if k == "bt"
+            @orig_auth_tokens = v.to_s.split("|") if k == "a"
           end
         end
 
-        @backtrace_level = nil if !@backtrace_level.nil? && (@backtrace_level == 0 || @backtrace_level > BACKTRACE_NONE)
+        if !@backtrace_level.nil? && (@backtrace_level == 0 || @backtrace_level > BACKTRACE_NONE)
+          @backtrace_level = nil
+        end
+
         @orig_backtrace_level = @backtrace_level
 
       end
 
+      def handle_cookie(result)
+        status,headers,_body = result
+
+        if (MiniProfiler.config.authorization_mode == :whitelist && !MiniProfiler.request_authorized?)
+          # this is non-obvious, don't kill the profiling cookie on errors or short requests
+          # this ensures that stuff that never reaches the rails stack does not kill profiling
+          if status.to_i >= 200 && status.to_i < 300 && ((Time.now - @start) > 0.1)
+            discard_cookie!(headers)
+          end
+        else
+          write!(headers)
+        end
+
+        result
+      end
+
       def write!(headers)
-        if @orig_disable_profiling != @disable_profiling || @orig_backtrace_level != @backtrace_level || @cookie.nil?
+
+        tokens_changed = false
+
+        if MiniProfiler.request_authorized? && MiniProfiler.config.authorization_mode == :whitelist
+          @allowed_tokens ||= @store.allowed_tokens
+          tokens_changed = !@orig_auth_tokens || ((@allowed_tokens - @orig_auth_tokens).length > 0)
+        end
+
+        if  @orig_disable_profiling != @disable_profiling ||
+            @orig_backtrace_level != @backtrace_level ||
+            @cookie.nil? ||
+            tokens_changed
+
           settings = {"p" =>  "t" }
-          settings["dp"] = "t"              if @disable_profiling
-          settings["bt"] = @backtrace_level if @backtrace_level
+          settings["dp"] = "t"                  if @disable_profiling
+          settings["bt"] = @backtrace_level     if @backtrace_level
+          settings["a"] = @allowed_tokens.join("|") if @allowed_tokens && MiniProfiler.request_authorized?
+
           settings_string = settings.map{|k,v| "#{k}=#{v}"}.join(",")
           Rack::Utils.set_cookie_header!(headers, COOKIE_NAME, :value => settings_string, :path => '/')
         end
       end
 
       def discard_cookie!(headers)
-        Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, :path => '/')
+        if @cookie
+          Rack::Utils.delete_cookie_header!(headers, COOKIE_NAME, :path => '/')
+        end
       end
 
-      def has_cookie?
-        !@cookie.nil?
+      def has_valid_cookie?
+        valid_cookie = !@cookie.nil?
+
+        if (MiniProfiler.config.authorization_mode == :whitelist)
+          @allowed_tokens ||= @store.allowed_tokens
+
+          valid_cookie = (Array === @orig_auth_tokens) &&
+            ((@allowed_tokens & @orig_auth_tokens).length > 0)
+        end
+
+        valid_cookie
       end
 
+
       def disable_profiling?
         @disable_profiling
       end

data/lib/mini_profiler/config.rb

@@ -15,10 +15,15 @@ module Rack
     attr_accessor :authorization_mode, :auto_inject, :backtrace_ignores,
       :backtrace_includes, :backtrace_remove, :backtrace_threshold_ms,
       :base_url_path, :disable_caching, :disable_env_dump, :enabled,
-      :flamegraph_sample_rate, :logger, :position, :pre_authorize_cb,
-      :skip_paths, :skip_schema_queries, :start_hidden, :storage,
-      :storage_failure, :storage_instance, :storage_options, :toggle_shortcut,
-      :user_provider, :collapse_results
+      :flamegraph_sample_rate, :logger, :pre_authorize_cb, :skip_paths,
+      :skip_schema_queries, :storage, :storage_failure, :storage_instance,
+      :storage_options, :user_provider
+    attr_accessor :skip_sql_param_names, :max_sql_param_length
+
+    # ui accessors
+    attr_accessor :collapse_results, :max_traces_to_show, :position,
+      :show_children, :show_controls, :show_trivial, :start_hidden,
+      :toggle_shortcut
 
     # Deprecated options
     attr_accessor :use_existing_jquery
@@ -32,13 +37,10 @@ module Rack
           @pre_authorize_cb = lambda {|env| true}
 
           # called after rack chain, to ensure we are REALLY allowed to profile
-          @position               = 'left'  # Where it is displayed
           @skip_schema_queries    = false
           @storage                = MiniProfiler::MemoryStore
           @user_provider          = Proc.new{|env| Rack::Request.new(env).ip}
           @authorization_mode     = :allow_all
-          @toggle_shortcut        = 'Alt+P'
-          @start_hidden           = false
           @backtrace_threshold_ms = 0
           @flamegraph_sample_rate = 0.5
           @storage_failure = Proc.new do |exception|
@@ -48,7 +50,20 @@ module Rack
           end
           @enabled = true
           @disable_env_dump = false
-          @collapse_results = true
+          @max_sql_param_length = 0 # disable sql parameter collection by default
+          @skip_sql_param_names = /password/ # skips parameters with the name password by default
+
+          # ui parameters
+          @autorized          = true
+          @collapse_results   = true
+          @max_traces_to_show = 20
+          @position           = 'left'  # Where it is displayed
+          @show_children      = false
+          @show_controls      = false
+          @show_trivial       = false
+          @start_hidden       = false
+          @toggle_shortcut    = 'Alt+P'
+
           self
         }
       end

data/lib/mini_profiler/context.rb

@@ -1,5 +1,6 @@
 class Rack::MiniProfiler::Context
-  attr_accessor :inject_js,:current_timer,:page_struct,:skip_backtrace,:full_backtrace,:discard, :mpt_init, :measure
+  attr_accessor :inject_js,:current_timer,:page_struct,:skip_backtrace,
+                :full_backtrace,:discard, :mpt_init, :measure
 
   def initialize(opts = {})
     opts["measure"] = true unless opts.key? "measure"

data/lib/mini_profiler/profiler.rb

@@ -120,7 +120,8 @@ module Rack
     end
 
     def serve_html(env)
-      file_name = env['PATH_INFO'][(@config.base_url_path.length)..1000]
+      path      = env['PATH_INFO'].sub('//', '/')
+      file_name = path.sub(@config.base_url_path, '')
 
       return serve_results(env) if file_name.eql?('results')
 
@@ -148,11 +149,13 @@ module Rack
 
     def call(env)
 
-      client_settings = ClientSettings.new(env)
+      start = Time.now
+      client_settings = ClientSettings.new(env, @storage, start)
+      MiniProfiler.deauthorize_request if @config.authorization_mode == :whitelist
 
       status = headers = body = nil
       query_string = env['QUERY_STRING']
-      path         = env['PATH_INFO']
+      path         = env['PATH_INFO'].sub('//', '/')
 
       # Someone (e.g. Rails engine) could change the SCRIPT_NAME so we save it
       env['RACK_MINI_PROFILER_ORIGINAL_SCRIPT_NAME'] = env['SCRIPT_NAME']
@@ -161,18 +164,15 @@ module Rack
                 (@config.skip_paths && @config.skip_paths.any?{ |p| path.start_with?(p) }) ||
                 query_string =~ /pp=skip/
 
-      has_profiling_cookie = client_settings.has_cookie?
-
-      if skip_it || (@config.authorization_mode == :whitelist && !has_profiling_cookie)
-        status,headers,body = @app.call(env)
-        if !skip_it && @config.authorization_mode == :whitelist && !has_profiling_cookie && MiniProfiler.request_authorized?
-          client_settings.write!(headers)
-        end
-        return [status,headers,body]
+      if skip_it || (
+        @config.authorization_mode == :whitelist &&
+        !client_settings.has_valid_cookie?
+      )
+        return client_settings.handle_cookie(@app.call(env))
       end
 
       # handle all /mini-profiler requests here
-      return serve_html(env) if path.start_with? @config.base_url_path
+      return client_settings.handle_cookie(serve_html(env)) if path.start_with? @config.base_url_path
 
       has_disable_cookie = client_settings.disable_profiling?
       # manual session disable / enable
@@ -180,7 +180,7 @@ module Rack
         skip_it = true
       end
 
-      if query_string =~ /pp=enable/ && (@config.authorization_mode != :whitelist || MiniProfiler.request_authorized?)
+      if query_string =~ /pp=enable/
         skip_it = false
         config.enabled = true
       end
@@ -188,8 +188,7 @@ module Rack
       if skip_it || !config.enabled
         status,headers,body = @app.call(env)
         client_settings.disable_profiling = true
-        client_settings.write!(headers)
-        return [status,headers,body]
+        return client_settings.handle_cookie([status,headers,body])
       else
         client_settings.disable_profiling = false
       end
@@ -197,7 +196,7 @@ module Rack
       # profile gc
       if query_string =~ /pp=profile-gc/
         current.measure = false if current
-        return Rack::MiniProfiler::GCProfiler.new.profile_gc(@app, env)
+        return client_settings.handle_cookie(Rack::MiniProfiler::GCProfiler.new.profile_gc(@app, env))
       end
 
       # profile memory
@@ -214,11 +213,10 @@ module Rack
           body.close if body.respond_to? :close
         end
         report.pretty_print(result)
-        return text_result(result.string)
+        return client_settings.handle_cookie(text_result(result.string))
       end
 
       MiniProfiler.create_current(env, @config)
-      MiniProfiler.deauthorize_request if @config.authorization_mode == :whitelist
 
       if query_string =~ /pp=normal-backtrace/
         client_settings.backtrace_level = ClientSettings::BACKTRACE_DEFAULT
@@ -237,7 +235,6 @@ module Rack
       trace_exceptions = query_string =~ /pp=trace-exceptions/ && defined? TracePoint
       status, headers, body, exceptions,trace = nil
 
-      start = Time.now
 
       if trace_exceptions
         exceptions = []
@@ -280,7 +277,6 @@ module Rack
         else
           status,headers,body = @app.call(env)
         end
-        client_settings.write!(headers)
       ensure
         trace.disable if trace
       end
@@ -288,35 +284,30 @@ module Rack
       skip_it = current.discard
 
       if (config.authorization_mode == :whitelist && !MiniProfiler.request_authorized?)
-        # this is non-obvious, don't kill the profiling cookie on errors or short requests
-        # this ensures that stuff that never reaches the rails stack does not kill profiling
-        if status.to_i >= 200 && status.to_i < 300 && ((Time.now - start) > 0.1)
-          client_settings.discard_cookie!(headers)
-        end
         skip_it = true
       end
 
-      return [status,headers,body] if skip_it
+      return client_settings.handle_cookie([status,headers,body]) if skip_it
 
       # we must do this here, otherwise current[:discard] is not being properly treated
       if trace_exceptions
         body.close if body.respond_to? :close
-        return dump_exceptions exceptions
+        return client_settings.handle_cookie(dump_exceptions exceptions)
       end
 
       if query_string =~ /pp=env/ && !config.disable_env_dump
         body.close if body.respond_to? :close
-        return dump_env env
+        return client_settings.handle_cookie(dump_env env)
       end
 
       if query_string =~ /pp=analyze-memory/
         body.close if body.respond_to? :close
-        return analyze_memory
+        return client_settings.handle_cookie(analyze_memory)
       end
 
       if query_string =~ /pp=help/
         body.close if body.respond_to? :close
-        return help(client_settings, env)
+        return client_settings.handle_cookie(help(client_settings, env))
       end
 
       page_struct = current.page_struct
@@ -325,7 +316,7 @@ module Rack
 
       if flamegraph
         body.close if body.respond_to? :close
-        return self.flamegraph(flamegraph)
+        return client_settings.handle_cookie(self.flamegraph(flamegraph))
       end
 
 
@@ -336,9 +327,8 @@ module Rack
 
         # inject headers, script
         if status >= 200 && status < 300
-          client_settings.write!(headers)
           result = inject_profiler(env,status,headers,body)
-          return result if result
+          return client_settings.handle_cookie(result) if result
         end
       rescue Exception => e
         if @config.storage_failure != nil
@@ -346,8 +336,7 @@ module Rack
         end
       end
 
-      client_settings.write!(headers)
-      [status, headers, body]
+      client_settings.handle_cookie([status, headers, body])
 
     ensure
       # Make sure this always happens
@@ -542,7 +531,6 @@ Append the following to your query string:
 </html>
 "
 
-      client_settings.write!(headers)
       [200, headers, [body]]
     end
 
@@ -552,8 +540,12 @@ Append the following to your query string:
     end
 
     def ids(env)
-      # cap at 10 ids, otherwise there is a chance you can blow the header
-      ([current.page_struct[:id]] + (@storage.get_unviewed_ids(user(env)) || [])[0..8]).uniq
+      all = ([current.page_struct[:id]] + (@storage.get_unviewed_ids(user(env)) || [])).uniq
+      if all.size > @config.max_traces_to_show
+        all = all[0...@config.max_traces_to_show]
+        @storage.set_all_unviewed(user(env), all)
+      end
+      all
     end
 
     def ids_json(env)
@@ -587,10 +579,10 @@ Append the following to your query string:
        :path            => path,
        :version         => MiniProfiler::ASSET_VERSION,
        :position        => @config.position,
-       :showTrivial     => false,
-       :showChildren    => false,
-       :maxTracesToShow => 10,
-       :showControls    => false,
+       :showTrivial     => @config.show_trivial,
+       :showChildren    => @config.show_children,
+       :maxTracesToShow => @config.max_traces_to_show,
+       :showControls    => @config.show_controls,
        :authorized      => true,
        :toggleShortcut  => @config.toggle_shortcut,
        :startHidden     => @config.start_hidden,

data/lib/mini_profiler/profiling_methods.rb

@@ -2,10 +2,10 @@ module Rack
   class MiniProfiler
     module ProfilingMethods
 
-      def record_sql(query, elapsed_ms)
+      def record_sql(query, elapsed_ms, params = nil)
         return unless current && current.current_timer
         c = current
-        c.current_timer.add_sql(query, elapsed_ms, c.page_struct, c.skip_backtrace, c.full_backtrace)
+        c.current_timer.add_sql(query, elapsed_ms, c.page_struct, params, c.skip_backtrace, c.full_backtrace)
       end
 
       def start_step(name)

data/lib/mini_profiler/storage/abstract_store.rb

@@ -2,6 +2,9 @@ module Rack
   class MiniProfiler
     class AbstractStore
 
+      # maximum age of allowed tokens before cycling in seconds
+      MAX_TOKEN_AGE = 1800
+
       def save(page_struct)
         raise NotImplementedError.new("save is not implemented")
       end
@@ -18,6 +21,10 @@ module Rack
         raise NotImplementedError.new("set_viewed is not implemented")
       end
 
+      def set_all_unviewed(user, ids)
+        raise NotImplementedError.new("set_all_unviewed is not implemented")
+      end
+
       def get_unviewed_ids(user)
         raise NotImplementedError.new("get_unviewed_ids is not implemented")
       end
@@ -27,6 +34,11 @@ module Rack
         ""
       end
 
+      # a list of tokens that are permitted to access profiler in whitelist mode
+      def allowed_tokens
+        raise NotImplementedError.new("allowed_tokens is not implemented")
+      end
+
     end
   end
 end

data/lib/mini_profiler/storage/file_store.rb

@@ -51,6 +51,9 @@ module Rack
         @user_view_cache    = FileCache.new(@path, "mp_views")
         @user_view_lock     = Mutex.new
 
+        @auth_token_cache    = FileCache.new(@path, "tokens")
+        @auth_token_lock     = Mutex.new
+
         me = self
         t = CacheCleanupThread.new do
           interval = 10
@@ -114,12 +117,40 @@ module Rack
         }
       end
 
+      def set_all_unviewed(user, ids)
+        @user_view_lock.synchronize {
+          @user_view_cache[user] = ids.uniq
+        }
+      end
+
       def get_unviewed_ids(user)
         @user_view_lock.synchronize {
           @user_view_cache[user]
         }
       end
 
+      def flush_tokens
+        @auth_token_lock.synchronize {
+          @auth_token_cache[""] = nil
+        }
+      end
+
+      def allowed_tokens
+        @auth_token_lock.synchronize {
+          token1, token2, cycle_at = @auth_token_cache[""]
+
+          unless cycle_at && (Time === cycle_at) && (cycle_at > Time.now)
+            token2 = token1
+            token1 = SecureRandom.hex
+            cycle_at = Time.now + Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE
+          end
+
+          @auth_token_cache[""] = [token1, token2, cycle_at]
+
+          [token1, token2].compact
+        }
+      end
+
       def cleanup_cache
         files = Dir.entries(@path)
         @timer_struct_lock.synchronize {

data/lib/mini_profiler/storage/memcache_store.rb

@@ -43,10 +43,47 @@ module Rack
         end
       end
 
+      def set_all_unviewed(user, ids)
+        @client.set("#{@prefix}-#{user}-v", ids, @expires_in_seconds)
+      end
+
       def get_unviewed_ids(user)
         @client.get("#{@prefix}-#{user}-v") || []
       end
 
+      def flush_tokens
+        @client.set("#{@prefix}-tokens", nil)
+      end
+
+      def allowed_tokens
+
+        token_info = @client.get("#{@prefix}-tokens")
+        key1, key2, cycle_at = nil
+
+
+        if token_info
+           key1, key2, cycle_at = Marshal::load(token_info)
+
+           key1 = nil unless key1 && key1.length == 32
+           key2 = nil unless key2 && key2.length == 32
+
+           if key1 && cycle_at && (cycle_at > Time.now)
+              return [key1,key2].compact
+           end
+        end
+
+        timeout = Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE
+
+        # cycle keys
+        key2 = key1
+        key1 = SecureRandom.hex
+        cycle_at = Time.now + timeout
+
+        @client.set("#{@prefix}-tokens", Marshal::dump([key1, key2, cycle_at]))
+
+        [key1, key2].compact
+      end
+
     end
   end
 end

data/lib/mini_profiler/storage/memory_store.rb

@@ -49,11 +49,15 @@ module Rack
       def initialize(args = nil)
         args ||= {}
         @expires_in_seconds = args.fetch(:expires_in) { EXPIRES_IN_SECONDS }
+
+        @token1, @token2, @cycle_tokens_at = nil
+
         initialize_locks
         initialize_cleanup_thread(args)
       end
 
       def initialize_locks
+        @token_lock = Mutex.new
         @timer_struct_lock  = Mutex.new
         @user_view_lock     = Mutex.new
         @timer_struct_cache = {}
@@ -98,6 +102,12 @@ module Rack
         }
       end
 
+      def set_all_unviewed(user, ids)
+        @user_view_lock.synchronize {
+          @user_view_cache[user] = ids
+        }
+      end
+
       def get_unviewed_ids(user)
         @user_view_lock.synchronize {
           @user_view_cache[user]
@@ -110,6 +120,20 @@ module Rack
           @timer_struct_cache.delete_if { |k, v| v[:started] < expire_older_than }
         }
       end
+
+      def allowed_tokens
+        @token_lock.synchronize do
+
+          unless @cycle_at && (@cycle_at > Time.now)
+            @token2 = @token1
+            @token1 = SecureRandom.hex
+            @cycle_at = Time.now + Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE
+          end
+
+          [@token1, @token2].compact
+
+        end
+      end
     end
   end
 end

data/lib/mini_profiler/storage/redis_store.rb

@@ -2,6 +2,8 @@ module Rack
   class MiniProfiler
     class RedisStore < AbstractStore
 
+      attr_reader :prefix
+
       EXPIRES_IN_SECONDS = 60 * 60 * 24
 
       def initialize(args = nil)
@@ -33,6 +35,13 @@ module Rack
         redis.expire key, @expires_in_seconds
       end
 
+      def set_all_unviewed(user, ids)
+        key = "#{@prefix}-#{user}-v"
+        redis.del key
+        ids.each { |id| redis.sadd(key, id) }
+        redis.expire key, @expires_in_seconds
+      end
+
       def set_viewed(user, id)
         redis.srem "#{@prefix}-#{user}-v", id
       end
@@ -48,6 +57,43 @@ unviewed_ids: #{get_unviewed_ids(user)}
 "
       end
 
+      def flush_tokens
+        redis.del("#{@prefix}-key1", "#{@prefix}-key1_old", "#{@prefix}-key2")
+      end
+
+      # Only used for testing
+      def simulate_expire
+        redis.del("#{@prefix}-key1")
+      end
+
+      def allowed_tokens
+        key1, key1_old, key2 = redis.mget("#{@prefix}-key1", "#{@prefix}-key1_old", "#{@prefix}-key2")
+
+        if key1 && (key1.length == 32)
+          return [key1, key2].compact
+        end
+
+        timeout = Rack::MiniProfiler::AbstractStore::MAX_TOKEN_AGE
+
+        # TODO  this could be moved to lua to correct a concurrency flaw
+        # it is not critical cause worse case some requests will miss profiling info
+
+        # no key so go ahead and set it
+        key1 = SecureRandom.hex
+
+        if key1_old && (key1_old.length == 32)
+          key2 = key1_old
+          redis.setex "#{@prefix}-key2", timeout, key2
+        else
+          key2 = nil
+        end
+
+        redis.setex "#{@prefix}-key1", timeout, key1
+        redis.setex "#{@prefix}-key1_old", timeout*2, key1
+
+        [key1, key2].compact
+      end
+
       private
 
       def redis

data/lib/mini_profiler/timer_struct/request.rb

@@ -89,8 +89,8 @@ module Rack
           end
         end
 
-        def add_sql(query, elapsed_ms, page, skip_backtrace = false, full_backtrace = false)
-          TimerStruct::Sql.new(query, elapsed_ms, page, self , skip_backtrace, full_backtrace).tap do |timer|
+        def add_sql(query, elapsed_ms, page, params = nil, skip_backtrace = false, full_backtrace = false)
+          TimerStruct::Sql.new(query, elapsed_ms, page, self, params, skip_backtrace, full_backtrace).tap do |timer|
             self[:sql_timings].push(timer)
             timer[:parent_timing_id] = self[:id]
             self[:has_sql_timings]   = true

data/lib/mini_profiler/timer_struct/sql.rb

@@ -4,7 +4,7 @@ module Rack
     # Timing system for a SQL query
     module TimerStruct
       class Sql < TimerStruct::Base
-        def initialize(query, duration_ms, page, parent, skip_backtrace = false, full_backtrace = false)
+        def initialize(query, duration_ms, page, parent, params = nil, skip_backtrace = false, full_backtrace = false)
 
           stack_trace = nil
           unless skip_backtrace || duration_ms < Rack::MiniProfiler.config.backtrace_threshold_ms
@@ -39,7 +39,7 @@ module Rack
             :start_milliseconds                => start_millis,
             :duration_milliseconds             => duration_ms,
             :first_fetch_duration_milliseconds => duration_ms,
-            :parameters                        => nil,
+            :parameters                        => trim_binds(params),
             :parent_timing_id                  => nil,
             :is_duplicate                      => false
           )
@@ -53,6 +53,22 @@ module Rack
           @page[:duration_milliseconds_in_sql]        += elapsed_ms
         end
 
+        def trim_binds(binds)
+          max_len = Rack::MiniProfiler.config.max_sql_param_length
+          return if binds.nil? || max_len == 0
+          return binds if max_len.nil?
+          binds.map do |(name, val)|
+            val ||= name
+            if val.nil? || val == true || val == false || val.kind_of?(Numeric)
+              # keep these parameters as is
+            elsif val.kind_of?(String)
+              val = val[0...max_len] if max_len
+            else
+              val = val.class.name
+            end
+            [name, val]
+          end
+        end
       end
     end
   end

data/lib/mini_profiler/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class MiniProfiler
-    VERSION = '0.9.9.2'
+    VERSION = '0.10.1'
   end
 end

data/lib/patches/db/activerecord.rb

@@ -13,20 +13,29 @@ module Rack
         end
       end
 
+      def binds_to_params(binds)
+        return if binds.nil? || Rack::MiniProfiler.config.max_sql_param_length == 0
+        # map ActiveRecord::Relation::QueryAttribute to [name, value]
+        params = binds.map { |c| c.kind_of?(Array) ? [c.first, c.last] : [c.name, c.value] }
+        if (skip = Rack::MiniProfiler.config.skip_sql_param_names)
+          params.map { |(n,v)| n =~ skip ? [n, nil] : [n, v] }
+        else
+          params
+        end
+      end
+
       def log_with_miniprofiler(*args, &block)
         return log_without_miniprofiler(*args, &block) unless SqlPatches.should_measure?
 
-        sql, name, _binds = args
+        sql, name, binds = args
         start            = Time.now
         rval             = log_without_miniprofiler(*args, &block)
 
         # Don't log schema queries if the option is set
-#        return rval unless sql =~ /\"vms\"/
-#        return rval unless sql =~ /\"(vms|ext_management_systems)\"/
         return rval if Rack::MiniProfiler.config.skip_schema_queries and name =~ /SCHEMA/
 
         elapsed_time = SqlPatches.elapsed_time(start)
-        Rack::MiniProfiler.record_sql(sql, elapsed_time)
+        Rack::MiniProfiler.record_sql(sql, elapsed_time, binds_to_params(binds))
         rval
       end
     end

data/lib/patches/sql_patches.rb

@@ -1,4 +1,7 @@
 class SqlPatches
+  def self.unpatched?
+    !patched?
+  end
 
   def self.patched?
     @patched
@@ -8,28 +11,16 @@ class SqlPatches
     @patched = val
   end
 
-  def self.class_exists?(name)
-    eval(name + ".class").to_s.eql?('Class')
-  rescue NameError
-    false
-  end
-
   def self.correct_version?(required_version, klass)
     Gem::Dependency.new('', required_version).match?('', klass::VERSION)
   rescue NameError
     false
   end
 
-  def self.module_exists?(name)
-    eval(name + ".class").to_s.eql?('Module')
-  rescue NameError
-    false
-  end
-
-  def self.record_sql(statement, &block)
+  def self.record_sql(statement, parameters = nil, &block)
     start  = Time.now
     result = yield
-    record = ::Rack::MiniProfiler.record_sql( statement, elapsed_time(start) )
+    record = ::Rack::MiniProfiler.record_sql(statement, elapsed_time(start), parameters)
     return result, record
   end
 
@@ -43,15 +34,15 @@ class SqlPatches
   end
 end
 
-require 'patches/db/mysql2'           if defined?(Mysql2::Client) && SqlPatches.class_exists?("Mysql2::Client")
-require 'patches/db/pg'               if defined?(PG::Result) && SqlPatches.class_exists?("PG::Result")
-require 'patches/db/oracle_enhanced'  if defined?(ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter) && SqlPatches.class_exists?("ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter") && SqlPatches.correct_version?('~> 1.5.0', ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter)
-require 'patches/db/mongo'            if defined?(Mongo) && SqlPatches.module_exists?("Mongo")
-require 'patches/db/moped'            if defined?(Moped::Node) && SqlPatches.class_exists?("Moped::Node")
-require 'patches/db/plucky'           if defined?(Plucky::Query) && SqlPatches.class_exists?("Plucky::Query")
-require 'patches/db/rsolr'            if defined?(RSolr::Connection) && SqlPatches.class_exists?("RSolr::Connection") && RSolr::VERSION[0] != "0"
-require 'patches/db/sequel'           if defined?(Sequel::Database) && !SqlPatches.patched? && SqlPatches.class_exists?("Sequel::Database")
-require 'patches/db/activerecord'     if defined?(ActiveRecord) &&!SqlPatches.patched? && SqlPatches.module_exists?("ActiveRecord")
-require 'patches/db/nobrainer'        if defined?(NoBrainer) && SqlPatches.module_exists?("NoBrainer")
-require 'patches/db/riak'             if defined?(Riak) && SqlPatches.module_exists?("Riak")
-require 'patches/db/neo4j'            if defined?(Neo4j::Core) && SqlPatches.class_exists?("Neo4j::Core::Query")
+require 'patches/db/mysql2'           if defined?(Mysql2::Client) && Mysql2::Client.class == Class
+require 'patches/db/pg'               if defined?(PG::Result) && PG::Result.class == Class
+require 'patches/db/oracle_enhanced'  if defined?(ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter) && ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter.class == Class && SqlPatches.correct_version?('~> 1.5.0', ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter)
+require 'patches/db/mongo'            if defined?(Mongo::Server::Connection) && Mongo.class == Module
+require 'patches/db/moped'            if defined?(Moped::Node) && Moped::Node.class == Class
+require 'patches/db/plucky'           if defined?(Plucky::Query) && Plucky::Query.class == Class
+require 'patches/db/rsolr'            if defined?(RSolr::Connection) && RSolr::Connection.class == Class && RSolr::VERSION[0] != "0"
+require 'patches/db/sequel'           if SqlPatches.unpatched? && defined?(Sequel::Database) && Sequel::Database.class == Class
+require 'patches/db/activerecord'     if SqlPatches.unpatched? && defined?(ActiveRecord) && ActiveRecord.class == Module
+require 'patches/db/nobrainer'        if defined?(NoBrainer) && NoBrainer.class == Module
+require 'patches/db/riak'             if defined?(Riak) && Riak.class == Module
+require 'patches/db/neo4j'            if defined?(Neo4j::Core) && Neo4j::Core::Query.class == Class

data/lib/rack-mini-profiler.rb

@@ -1,6 +1,7 @@
 require 'json'
 require 'timeout'
 require 'thread'
+require 'securerandom'
 
 require 'mini_profiler/version'
 require 'mini_profiler/asset_version'

data/rack-mini-profiler.gemspec

@@ -19,21 +19,19 @@ Gem::Specification.new do |s|
     "CHANGELOG.md"
   ]
   s.add_runtime_dependency 'rack', '>= 1.2.0'
-  if RUBY_VERSION < "1.9"
-    s.add_runtime_dependency 'json', '>= 1.6'
-  end
+  s.required_ruby_version = '>= 1.9.3'
 
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'activerecord', '~> 3.0'
   s.add_development_dependency 'dalli'
-  s.add_development_dependency 'rspec'
-  s.add_development_dependency 'ZenTest'
-  s.add_development_dependency 'autotest'
+  s.add_development_dependency 'rspec', '~> 2.14.1'
   s.add_development_dependency 'redis'
   s.add_development_dependency 'therubyracer'
   s.add_development_dependency 'less'
   s.add_development_dependency 'flamegraph'
+  s.add_development_dependency 'guard'
+  s.add_development_dependency 'guard-rspec'
 
   s.require_paths = ["lib"]
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-mini-profiler
 version: !ruby/object:Gem::Version
-  version: 0.9.9.2
+  version: 0.10.1
 platform: ruby
 authors:
 - Sam Saffron
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-06 00:00:00.000000000 Z
+date: 2016-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -86,18 +86,18 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.14.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.14.1
 - !ruby/object:Gem::Dependency
-  name: ZenTest
+  name: redis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -111,7 +111,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: autotest
+  name: therubyracer
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -125,7 +125,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: redis
+  name: less
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -139,7 +139,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: therubyracer
+  name: flamegraph
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -153,7 +153,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: less
+  name: guard
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -167,7 +167,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: flamegraph
+  name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -250,7 +250,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -258,7 +258,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Profiles loading speed for rack applications.