rack-request_police 0.0.4alpha → 0.1.0alpha

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3b19dd3ef21082440b913381f62d63a583824518
-  data.tar.gz: 6fe2b2f75c81e661b70b87fb00bd9a27196e1892
+  metadata.gz: 032ca4a54509f306b4699d1461798949e6364efe
+  data.tar.gz: 6ce6034762b55d4fd09fafefa83b6c13a367b6a1
 SHA512:
-  metadata.gz: 033dd061cbb11b0f89575066515d53401dc8b52e999414f1fd1e8b202f37b0ad5ff91033f5ea993a1873dd41ae7eb08bf0119ef0efeeab878c6ea4aee4f67ba0
-  data.tar.gz: 6d9d3df6d4e7823642340d830ad157278fd08280cafb9fd285365e9e6433766534f800877663c8aa9620e222083bb93d44190ef328edf0624f921b65ffe47b5d
+  metadata.gz: 160d0fde3ac9edc4f6a470e1e7e742a58d544a4f7a510df86962cf7851d6c44529b700a9bd679651102c7c6762ff1ac7261adf268dfa12309d3e52d3c0d70da0
+  data.tar.gz: 82abba729dfbd1ecfd73cef00e5bfd5a28467908dbd409e0d1ab2b706c1ee2fa548a6cce151ead42b88e28a1d803f41f660cac9c5146a8bf1f167b24c61212a0

data/.gitignore

@@ -13,3 +13,4 @@
 *.a
 mkmf.log
 .ruby-version
+.ruby-gemset

data/CHANGELOG.md

@@ -0,0 +1,15 @@
+## 0.1.0alpha
+
+**Backward incompatible changes**
+
+- store logged headers under `headers` key (see `Storage::Unit`)
+- don't log not-existing headers unless _truthy_ fallback value is provided
+- display headers in web interface
+
+## 0.0.5alpha
+
+- log specified headers feature (backend) #3 (@michaldarda)
+
+## 0.0.x
+
+- initial drafts

data/README.md

@@ -12,6 +12,7 @@ Features:
 
 - filter requests by method (get/post/patch/delete) and/or regular expression
 - log requests into storage of your choice (at the moment redis supported)
+- choose what headers you want to store and transform them if you want to
 
 Work in progress.
 
@@ -60,6 +61,33 @@ Rack::RequestPolice.configure do |config|
   # array of methods that should be logged (all four by default)
   # requests not included in this list will be ignored
   config.method = [:get, :post, :delete, :patch]
+
+  # array of headers that you want to store for each request (empty by default)
+  config.headers = [
+    "HTTP_HEADER_NAME",
+    "HTTP_ANOTHER_HEADER_NAME"
+  ]
+
+  # each item in headers array can be also defined using helper method config.header
+  #
+  # @param original_header_name is required and it is a name of original header
+  #
+  # options:
+  # storage_name - name of under which http header will be stored, default - original_header_name
+  # fallback_value - truthy value of header that will be logged if header is missing
+  #                  (missing headers are not logged by default)
+  #
+  # @block - optional transformations of the header before it is stored
+  #
+  # Example:
+  # config.headers = [
+  #   config.header("HTTP_HEADER_NAME",
+  #     storage_name: 'HEADER_NAME',
+  #     fallback_value: 'HEADER_IS_MISSING'
+  #   ) { |header| header.downcase },
+  #   config.header("HTTP_ANOTHER_HEADER_NAME"),
+  #   config.header("HTTP_ANOTHER_FANCY_HEADER", storage_name: 'fancy_header')
+  # ]
 end
 ```
 

data/lib/rack/request_police/middleware.rb

@@ -25,6 +25,10 @@ module Rack
             if %w(POST PATCH DELETE).include?(env['REQUEST_METHOD'])
               request_params.merge!('data' => utf8_input(env))
             end
+
+            headers = request_headers(env)
+            request_params.merge!('headers' => headers) unless headers.empty?
+
             ::Rack::RequestPolice.storage.log_request(request_params)
           end
         end
@@ -34,6 +38,22 @@ module Rack
 
       private
 
+      def request_headers(env)
+        Rack::RequestPolice.headers.each_with_object({}) do |header_hash, result|
+          header_name    = header_hash.fetch(:original_header_name)
+          transformation = header_hash.fetch(:transformation)
+
+          fallback_value = header_hash.fetch(:fallback_value)
+          storage_name   = header_hash.fetch(:storage_name)
+
+          header_value = env[header_name]
+          header_value = transformation.call(header_value) if header_value
+          header_value ||= fallback_value
+
+          result[storage_name] = header_value if header_value
+        end
+      end
+
       def utf8_input(env)
         env['rack.input'].read
           .force_encoding('utf-8')

data/lib/rack/request_police/storage/redis.rb

@@ -26,7 +26,7 @@ module Rack
           total_size = redis.llen(REDIS_KEY)
           items      = redis.lrange(REDIS_KEY, starting, ending).map do |json|
             hash = parser.load(json)
-            Unit.new(hash['method'], hash['ip'], hash['url'], Time.at(hash['time']), hash['data'])
+            Unit.new(hash['method'], hash['ip'], hash['url'], Time.at(hash['time']), hash['data'], hash['headers'])
           end
 
           [current_page, total_size, items]

data/lib/rack/request_police/storage/unit.rb

@@ -1,7 +1,7 @@
 module Rack
   module RequestPolice
     module Storage
-      class Unit < Struct.new(:method, :ip, :url, :time, :data)
+      class Unit < Struct.new(:method, :ip, :url, :time, :data, :headers)
       end
     end
   end

data/lib/rack/request_police/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module RequestPolice
-    VERSION = "0.0.4alpha"
+    VERSION = "0.1.0alpha"
   end
 end

data/lib/rack/request_police/web_helpers.rb

@@ -34,7 +34,7 @@ module Rack
          ::Rack::Utils.escape_html(text)
       end
 
-      def parse_post_data(post_data)
+      def pretty_parse(post_data)
         JSON.pretty_generate(JSON.parse(post_data))
       rescue JSON::ParserError
         post_data

data/lib/rack/request_police.rb

@@ -12,6 +12,7 @@ module Rack
     @@storage = nil
     @@method  = [:get, :post, :delete, :patch]
     @@regex   = nil
+    @@headers = []
 
     def self.configure
       yield self
@@ -25,6 +26,34 @@ module Rack
       @@storage || fail(NoStorageFound)
     end
 
+    def self.headers
+      @@headers
+    end
+
+    def self.headers=(array)
+      @@headers = array.map do |h|
+        # because headers might be simple strings
+        # or a hash we need to normalize them
+        # and store all as hashes
+        if h.is_a?(String)
+          header(h)
+        else
+          h
+        end
+      end
+    end
+
+    def self.header(original_header_name, options = {}, &transformation)
+      {
+        original_header_name: original_header_name,
+        storage_name: options.fetch(:storage_name) { original_header_name },
+        fallback_value: options.fetch(:fallback_value) { nil },
+        # if user provided no transformation,
+        # simply return original header value
+        transformation: transformation || ->(h){ h }
+      }
+    end
+
     def self.method
       @@method
     end

data/spec/bench.rb

@@ -76,6 +76,43 @@ describe "Simple benchmark", type: :request do
     end
   end
 
+  context "with middleware (customized headers, redis storage)" do
+    let(:headers) {
+      {
+        "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest",
+        "HTTP_X_FORWARDED_FOR" => "129.78.138.66, 129.78.64.103",
+        "HTTP_X_CSRF_TOKEN" => "i8XNjC4b8KVok4uw5RftR38Wgp2BFwql",
+        "HTTP_AUTHORIZATION" => "Bearer Ym9zY236Ym9zY28="
+      }
+    }
+
+    after  { REDIS.flushdb }
+    before do
+      REDIS.flushdb
+      Rack::RequestPolice.configure do |c|
+        c.storage = Rack::RequestPolice::Storage::Redis.new(REDIS_OPTIONS)
+        c.regex = /.*/
+        c.method = [:get, :post, :delete]
+        c.headers = [
+          "HTTP_X_REQUESTED_WITH",
+          "HTTP_X_CSRF_TOKEN",
+          c.header("HTTP_X_FORWARDER_FOR", storage_name: "x-forwarded-for") { |h| h.split(",").first },
+          c.header("HTTP_AUTHORIZATION", storage_name: 'authorization') { |h| h.gsub("Bearer ", "") }
+        ]
+      end
+    end
+
+    it "benchmarks it" do
+      puts "with middleware (customized headers, redis storage)"
+      Benchmark.bm(7) do |x|
+        x.report("get") { repeat.times { get '/', {}, headers } }
+        x.report("post") { repeat.times { post '/', {}, headers } }
+        x.report("delete") { repeat.times { delete '/', {}, headers } }
+        x.report("patch") { repeat.times { patch '/', {}, headers } }
+      end
+    end
+  end
+
   context "with middleware (customized, redis storage, OJ json parser)" do
     after  { REDIS.flushdb }
     before do

data/spec/middleware_spec.rb

@@ -8,13 +8,16 @@ describe "My Middleware", type: :request do
       c.storage = DummyStorage.new
       c.regex = nil
       c.method = [:get, :post, :delete, :patch]
+      c.headers = []
     end
   end
-  after  { Timecop.return }
+
+  after { Timecop.return }
 
   context "logging all requests" do
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
         get '/' do
         end
@@ -52,12 +55,15 @@ describe "My Middleware", type: :request do
   context "logging only POST requests" do
     before do
       Rack::RequestPolice.configure do |c|
+        c.regex = nil
+        c.headers = []
         c.method = [:post]
       end
     end
 
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
         get '/' do
         end
@@ -85,12 +91,15 @@ describe "My Middleware", type: :request do
   context "logging PATCH requests" do
     before do
       Rack::RequestPolice.configure do |c|
+        c.regex = nil
+        c.headers = []
         c.method = [:patch]
       end
     end
 
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
         patch '/update' do
         end
@@ -110,12 +119,15 @@ describe "My Middleware", type: :request do
   context "logging DELETE requests" do
     before do
       Rack::RequestPolice.configure do |c|
+        c.regex = nil
+        c.headers = []
         c.method = [:delete]
       end
     end
 
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
         delete '/destroy' do
         end
@@ -136,11 +148,13 @@ describe "My Middleware", type: :request do
     before do
       Rack::RequestPolice.configure do |c|
         c.regex = /user/
+        c.headers = []
       end
     end
 
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
         get '/user' do
         end
@@ -169,11 +183,13 @@ describe "My Middleware", type: :request do
     before do
       Rack::RequestPolice.configure do |c|
         c.regex = /user\?id=1/
+        c.headers = []
       end
     end
 
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
         get '/user' do
         end
@@ -205,6 +221,7 @@ describe "My Middleware", type: :request do
 
     let(:app){
       Sinatra.new do
+        set :show_exceptions, false
         use(Rack::RequestPolice::Middleware)
       end
     }
@@ -213,4 +230,214 @@ describe "My Middleware", type: :request do
       expect { get '/' }.to raise_error(Rack::RequestPolice::NoStorageFound)
     end
   end
+
+  context "logging request with custom headers" do
+    let(:app){
+      Sinatra.new do
+        set :show_exceptions, false
+        use(Rack::RequestPolice::Middleware)
+        get '/user' do
+        end
+      end
+    }
+
+    context 'request contains requested headers' do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            "HTTP_MY_HEADER"
+          ]
+        end
+      end
+
+      it "logs header as it is" do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i,
+          "headers" => { "HTTP_MY_HEADER" => "MY%HEADER%VALUE" }
+        })
+
+        get '/user', {}, { 'HTTP_MY_HEADER' => 'MY%HEADER%VALUE' }
+
+        expect(last_response.status).to eq 200
+      end
+    end
+
+    context 'request contains requested headers + custom storage name + transformation' do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            c.header("HTTP_MY_HEADER", storage_name: 'my_header') { |h| h.downcase.gsub('%', '_')}
+          ]
+        end
+      end
+
+      it "logs header as custom name and transforms it" do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i,
+          "headers" => { "my_header" => "my_header_value" }
+        })
+
+        get '/user', {}, { 'HTTP_MY_HEADER' => 'MY%HEADER%VALUE' }
+
+        expect(last_response.status).to eq 200
+      end
+    end
+
+    context "headers do not exists in request but fallback value is provided" do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            c.header("HTTP_MY_HEADER",
+                     storage_name: 'my_header',
+                     fallback_value: 'HEADER_MISSING')  \
+            { |h| h.downcase.gsub('%', '_') }
+          ]
+        end
+      end
+
+      it "logs headers" do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i,
+          "headers" => { 'my_header' => 'HEADER_MISSING' }
+        })
+
+        get '/user', {}, {}
+
+        expect(last_response.status).to eq 200
+      end
+    end
+
+    context 'header do not exsits in request and transformation is provided' do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            c.header("HTTP_MY_HEADER", storage_name: 'my_header') { |h| h.downcase.gsub('%', '_')}
+          ]
+        end
+      end
+
+      it "ignores not existing header" do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i
+        })
+
+        get '/user', {}
+
+        expect(last_response.status).to eq 200
+      end
+    end
+
+    context 'header do not exists in request, transformation and fallback value are provided' do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            c.header("HTTP_MY_HEADER", storage_name: 'my_header', fallback_value: 'not found') { |h| h.downcase.gsub('%', '_')}
+          ]
+        end
+      end
+
+      it "logs header as custom name and falls-back to default value" do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i,
+          "headers" => { "my_header" => 'not found' }
+        })
+
+        get '/user', {}
+
+        expect(last_response.status).to eq 200
+      end
+    end
+
+    context 'headers do not exists in request, no transformation is provided' do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            c.header("HTTP_MY_HEADER")
+          ]
+        end
+      end
+
+      it "ignores not existing header" do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i
+        })
+
+        get '/user', {}
+
+        expect(last_response.status).to eq 200
+      end
+    end
+
+    context 'logging multiple headers' do
+      before do
+        Rack::RequestPolice.configure do |c|
+          c.storage = DummyStorage.new
+          c.regex = nil
+
+          c.headers = [
+            'HTTP_HEADER_1',
+            'HTTP_HEADER_2',
+            'HTTP_HEADER_3'
+          ]
+        end
+      end
+
+      it 'logs all declared headers' do
+        expect(Rack::RequestPolice.storage).to receive(:log_request)
+          .with({
+          "url" => "http://example.org/user",
+          "ip" => "127.0.0.1",
+          "method" => "get",
+          "time" => Time.now.to_i,
+          "headers" => { 'HTTP_HEADER_1' => "one", 'HTTP_HEADER_3' => 'two' }
+        })
+
+        get '/user', {}, { 'HTTP_HEADER_1' => 'one', 'HTTP_HEADER_3' => 'two' }
+
+        expect(last_response.status).to eq 200
+      end
+    end
+  end
 end

data/web/views/index.erb

@@ -74,9 +74,23 @@
                       <a href='#' data-details="details_<%= idx %>">toggle details</a></td>
                       <tr class="details" id="details_<%= idx %>">
                         <td colspan="5">
-                          <pre>
-                            <%= escape(parse_post_data(log.data)) %>
-                          </pre>
+                          <% if log.data %>
+                            <h4>Data:</h4>
+                            <pre>
+                              <%= escape(pretty_parse(log.data)) %>
+                            </pre>
+                          <% end %>
+
+                          <% if log.headers %>
+                            <h4>Headers:</h4>
+                            <pre>
+                              <%= escape(pretty_parse(log.headers)) %>
+                            </pre>
+                          <% end %>
+
+                          <% if !log.data && !log.headers %>
+                            <h4>No data / headers logged.</h4>
+                          <% end %>
                         </td>
                       </tr>
                     <% else %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-request_police
 version: !ruby/object:Gem::Version
-  version: 0.0.4alpha
+  version: 0.1.0alpha
 platform: ruby
 authors:
 - Rafał Wojsznis
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-11 00:00:00.000000000 Z
+date: 2015-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -161,6 +161,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -200,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: Rack middleware for logging selected request for further investigation /