readme-metrics 2.0.1 → 2.2.0

data/lib/readme/content_type_helper.rb

@@ -3,12 +3,12 @@ module Readme
     # Assumes the includer has a `content_type` method defined.
 
     JSON_MIME_TYPES = [
-      "application/json",
-      "application/x-json",
-      "text/json",
-      "text/x-json",
-      "+json"
-    ]
+      'application/json',
+      'application/x-json',
+      'text/json',
+      'text/x-json',
+      '+json'
+    ].freeze
 
     def json?
       JSON_MIME_TYPES.any? { |mime_type| content_type.include?(mime_type) }

data/lib/readme/errors.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Readme
   class Errors
-    API_KEY_ERROR = "Missing API Key"
-    REJECT_PARAMS_ERROR = "The `reject_params` option must be an array of strings"
-    ALLOW_ONLY_ERROR = "The `allow_only` option must be an array of strings"
-    BUFFER_LENGTH_ERROR = "The `buffer_length` must be an Integer"
-    DEVELOPMENT_ERROR = "The `development` option must be a boolean"
+    API_KEY_ERROR = 'Missing API Key'
+    REJECT_PARAMS_ERROR = 'The `reject_params` option must be an array of strings'
+    ALLOW_ONLY_ERROR = 'The `allow_only` option must be an array of strings'
+    BUFFER_LENGTH_ERROR = 'The `buffer_length` must be an Integer'
+    DEVELOPMENT_ERROR = 'The `development` option must be a boolean'
     LOGGER_ERROR = <<~MESSAGE
       The `logger` option must be class that responds to the following messages:
         :unkown, :fatal, :error, :warn, :info, :debug, :level

data/lib/readme/filter.rb

@@ -15,7 +15,7 @@ module Readme
     def self.redact(rejected_params)
       rejected_params.each_with_object({}) do |(k, v), hash|
         # If it's a string then return the length of the redacted field
-        hash[k.to_str] = "[REDACTED#{v.is_a?(String) ? " #{v.length}" : ""}]"
+        hash[k.to_str] = "[REDACTED#{v.is_a?(String) ? " #{v.length}" : ''}]"
       end
     end
 
@@ -65,7 +65,7 @@ module Readme
 
     class FilterArgsError < StandardError
       def initialize
-        msg = "Can only supply either reject_params or allow_only, not both."
+        msg = 'Can only supply either reject_params or allow_only, not both.'
         super(msg)
       end
     end

data/lib/readme/har/collection.rb

@@ -1,3 +1,5 @@
+require 'json'
+
 module Readme
   module Har
     class Collection
@@ -11,7 +13,7 @@ module Readme
       end
 
       def to_a
-        filtered_hash.map { |name, value| {name: name, value: value} }
+        filtered_hash.map { |name, value| { name: name, value: value.is_a?(Hash) ? value.to_json : value } }
       end
 
       private

data/lib/readme/har/request_serializer.rb

@@ -1,6 +1,6 @@
-require "cgi"
-require "readme/har/collection"
-require "readme/filter"
+require 'cgi'
+require 'readme/har/collection'
+require 'readme/filter'
 
 module Readme
   module Har
@@ -18,7 +18,7 @@ module Readme
           httpVersion: @request.http_version,
           headers: Har::Collection.new(@filter, @request.headers).to_a,
           cookies: Har::Collection.new(@filter, @request.cookies).to_a,
-          postData: postData,
+          postData: post_data,
           headersSize: -1,
           bodySize: @request.content_length
         }.compact
@@ -29,14 +29,14 @@ module Readme
       def url
         url = URI(@request.url)
         headers = @request.headers
-        forward_proto = headers["X-Forwarded-Proto"]
-        forward_host = headers["X-Forwarded-Host"]
+        forward_proto = headers['X-Forwarded-Proto']
+        forward_host = headers['X-Forwarded-Host']
         url.host = forward_host if forward_host.is_a?(String)
         url.scheme = forward_proto if forward_proto.is_a?(String)
         url.to_s
       end
 
-      def postData
+      def post_data
         if @request.content_type.nil?
           nil
         elsif @request.form_data?
@@ -59,22 +59,22 @@ module Readme
       def request_body
         if @filter.pass_through?
           pass_through_body
-        elsif is_form_urlencoded?
+        elsif form_urlencoded?
           form_urlencoded_body
-        elsif is_json?
+        elsif json?
           json_body
         else
           @request.body
         end
       end
 
-      def is_json?
-        ["application/json", "application/x-json", "text/json", "text/x-json"]
-          .include?(@request.content_type) || @request.content_type.include?("+json")
+      def json?
+        ['application/json', 'application/x-json', 'text/json', 'text/x-json']
+          .include?(@request.content_type) || @request.content_type.include?('+json')
       end
 
-      def is_form_urlencoded?
-        @request.content_type == "application/x-www-form-urlencoded"
+      def form_urlencoded?
+        @request.content_type == 'application/x-www-form-urlencoded'
       end
 
       def json_body

data/lib/readme/har/response_serializer.rb

@@ -1,5 +1,5 @@
-require "rack/utils"
-require "readme/har/collection"
+require 'rack/utils'
+require 'readme/har/collection'
 
 module Readme
   module Har
@@ -37,7 +37,7 @@ module Readme
       end
 
       def empty_content
-        {mimeType: "", size: 0}
+        { mimeType: '', size: 0 }
       end
 
       def json_content

data/lib/readme/har/serializer.rb

@@ -1,13 +1,15 @@
-require "rack"
-require "readme/metrics"
-require "readme/har/request_serializer"
-require "readme/har/response_serializer"
-require "readme/har/collection"
+# frozen_string_literal: true
+
+require 'rack'
+require 'readme/metrics'
+require 'readme/har/request_serializer'
+require 'readme/har/response_serializer'
+require 'readme/har/collection'
 
 module Readme
   module Har
     class Serializer
-      HAR_VERSION = "1.2"
+      HAR_VERSION = '1.2'
 
       def initialize(request, response, start_time, end_time, filter)
         @http_request = request
@@ -17,7 +19,7 @@ module Readme
         @filter = filter
       end
 
-      def to_json
+      def to_json(*_args)
         {
           log: {
             version: HAR_VERSION,
@@ -31,9 +33,9 @@ module Readme
 
       def creator
         {
-          name: Readme::Metrics::SDK_NAME,
+          name: 'readme-metrics (ruby)',
           version: Readme::Metrics::VERSION,
-          comment: "#{Readme::Metrics::PLATFORM}/#{RUBY_VERSION}"
+          comment: "#{RUBY_PLATFORM}/#{RUBY_VERSION}" # arm64-darwin21/2.7.2
         }
       end
 
@@ -44,7 +46,7 @@ module Readme
             timings: timings,
             request: request,
             response: response,
-            startedDateTime: @start_time.iso8601,
+            startedDateTime: @start_time.utc.iso8601(3),
             time: elapsed_time
           }
         ]

data/lib/readme/http_request.rb

@@ -1,6 +1,6 @@
-require "rack"
-require "rack/request"
-require_relative "content_type_helper"
+require 'rack'
+require 'rack/request'
+require_relative 'content_type_helper'
 
 module Readme
   class HttpRequest
@@ -11,7 +11,7 @@ module Readme
       Rack::HTTP_VERSION,
       Rack::HTTP_HOST,
       Rack::HTTP_PORT
-    ]
+    ].freeze
 
     def initialize(env)
       @request = Rack::Request.new(env)
@@ -50,7 +50,7 @@ module Readme
     end
 
     def options?
-      @request.request_method == "OPTIONS"
+      @request.request_method == 'OPTIONS'
     end
 
     def headers
@@ -60,6 +60,7 @@ module Readme
         .to_h
         .transform_keys { |header| normalize_header_name(header) }
         .merge unprefixed_headers
+        .merge host_header
     end
 
     def body
@@ -82,20 +83,28 @@ module Readme
     # Other "headers" like version and host are prefixed with `HTTP_` by Rack but
     # don't seem to be considered legit HTTP headers.
     def http_header?(name)
-      name.start_with?("HTTP") && !HTTP_NON_HEADERS.include?(name)
+      name.start_with?('HTTP') && !HTTP_NON_HEADERS.include?(name)
     end
 
     # Headers like `Content-Type: application/json` come into rack like
     # `"HTTP_CONTENT_TYPE" => "application/json"`.
     def normalize_header_name(header)
-      header.delete_prefix("HTTP_").split("_").map(&:capitalize).join("-")
+      header.delete_prefix('HTTP_').split('_').map(&:capitalize).join('-')
     end
 
     # These special headers are explicitly _not_ prefixed with HTTP_ in the Rack
     # env so we need to add them in manually
     def unprefixed_headers
-      {"Content-Type" => @request.content_type,
-       "Content-Length" => @request.content_length}.compact
+      {
+        'Content-Type' => @request.content_type,
+        'Content-Length' => @request.content_length
+      }.compact
+    end
+
+    def host_header
+      {
+        'Host' => @request.host
+      }.compact
     end
   end
 end

data/lib/readme/http_response.rb

@@ -1,6 +1,6 @@
-require "rack"
-require "rack/response"
-require_relative "content_type_helper"
+require 'rack'
+require 'rack/response'
+require_relative 'content_type_helper'
 
 module Readme
   class HttpResponse < SimpleDelegator
@@ -13,22 +13,22 @@ module Readme
     def body
       if raw_body.respond_to?(:rewind)
         raw_body.rewind
-        content = raw_body.each.reduce("", :+)
+        content = raw_body.each.sum('')
         raw_body.rewind
 
         content
       else
-        raw_body.each.reduce("", :+)
+        raw_body.each.sum('')
       end
     end
 
     def content_length
       if empty_body_status?
         0
-      elsif !headers["Content-Length"]
+      elsif !headers['Content-Length']
         body.bytesize
       else
-        headers["Content-Length"].to_i
+        headers['Content-Length'].to_i
       end
     end
 

data/lib/readme/metrics/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Readme
   class Metrics
-    VERSION = "2.0.1"
+    VERSION = '2.2.0'
   end
 end

data/lib/readme/metrics.rb

@@ -1,33 +1,21 @@
-require "readme/metrics/version"
-require "readme/har/serializer"
-require "readme/filter"
-require "readme/payload"
-require "readme/request_queue"
-require "readme/errors"
-require "readme/http_request"
-require "readme/http_response"
-require "httparty"
-require "logger"
-require "os"
+# frozen_string_literal: true
+
+require 'readme/metrics/version'
+require 'readme/har/serializer'
+require 'readme/filter'
+require 'readme/payload'
+require 'readme/request_queue'
+require 'readme/errors'
+require 'readme/http_request'
+require 'readme/http_response'
+require 'httparty'
+require 'logger'
 
 module Readme
   class Metrics
-    def self.platform
-      if OS.windows?
-        "windows"
-      elsif OS.mac?
-        "mac"
-      elsif OS.linux?
-        "linux"
-      else
-        "unknown"
-      end
-    end
-
-    SDK_NAME = "Readme.io Ruby SDK"
-    PLATFORM = platform
+    SDK_NAME = 'readme-metrics'
     DEFAULT_BUFFER_LENGTH = 1
-    ENDPOINT = "https://metrics.readme.io/v1/request"
+    ENDPOINT = URI.join(ENV['README_METRICS_SERVER'] || 'https://metrics.readme.io', '/v1/request')
 
     def self.logger
       @@logger
@@ -77,15 +65,16 @@ module Readme
       request = HttpRequest.new(env)
       har = Har::Serializer.new(request, response, start_time, end_time, @filter)
       user_info = @get_user_info.call(env)
+      ip = env['REMOTE_ADDR']
 
       if !user_info_valid?(user_info)
         Readme::Metrics.logger.warn Errors.bad_block_message(user_info)
       elsif request.options?
-        Readme::Metrics.logger.info "OPTIONS request omitted from ReadMe API logging"
+        Readme::Metrics.logger.info 'OPTIONS request omitted from ReadMe API logging'
       elsif !can_filter? request, response
         Readme::Metrics.logger.warn "Request or response body MIME type isn't supported for filtering. Omitting request from ReadMe API logging"
       else
-        payload = Payload.new(har, user_info, development: @development)
+        payload = Payload.new(har, user_info, ip, development: @development)
         @@request_queue.push(payload.to_json) unless payload.ignore
       end
     end
@@ -121,34 +110,36 @@ module Readme
         raise Errors::ConfigurationError, Errors::BUFFER_LENGTH_ERROR
       end
 
-      if options[:development] && !is_a_boolean?(options[:development])
+      if options[:development] && !a_boolean?(options[:development])
         raise Errors::ConfigurationError, Errors::DEVELOPMENT_ERROR
       end
 
-      if options[:logger] && has_logger_inferface?(options[:logger])
+      if options[:logger] && logger_inferface?(options[:logger])
         raise Errors::ConfigurationError, Errors::LOGGER_ERROR
       end
     end
 
-    def has_logger_inferface?(logger)
-      [
-        :unknown,
-        :fatal,
-        :error,
-        :warn,
-        :info,
-        :debug
+    def logger_inferface?(logger)
+      %i[
+        unknown
+        fatal
+        error
+        warn
+        info
+        debug
       ].any? { |message| !logger.respond_to? message }
     end
 
-    def is_a_boolean?(arg)
-      arg == true || arg == false
+    def a_boolean?(arg)
+      [true, false].include?(arg)
     end
 
+    # rubocop:disable Style/InverseMethods
     def user_info_valid?(user_info)
-      !user_info.nil? &&
+      (!user_info.nil? &&
         !user_info.values.any?(&:nil?) &&
-        user_info.has_key?(:api_key) || user_info.has_key?(:id)
+        user_info.key?(:api_key)) || user_info.key?(:id)
     end
+    # rubocop:enable Style/InverseMethods
   end
 end

data/lib/readme/payload.rb

@@ -1,24 +1,32 @@
-require "uuid"
+require 'socket'
+require 'securerandom'
+
+def validate_uuid(uuid)
+  return if uuid.nil?
+
+  uuid.match(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i)
+end
 
 module Readme
   class Payload
     attr_reader :ignore
 
-    def initialize(har, info, development:)
+    def initialize(har, info, ip_address, development:)
       @har = har
       @user_info = info.slice(:id, :label, :email)
       @user_info[:id] = info[:api_key] unless info[:api_key].nil? # swap api_key for id if api_key is present
       @log_id = info[:log_id]
       @ignore = info[:ignore]
+      @ip_address = ip_address
       @development = development
-      @uuid = UUID.new
+      @uuid = SecureRandom.uuid
     end
 
-    def to_json
+    def to_json(*_args)
       {
-        logId: UUID.validate(@log_id) ? @log_id : @uuid.generate,
+        _id: validate_uuid(@log_id) ? @log_id : @uuid,
         group: @user_info,
-        clientIPAddress: "1.1.1.1",
+        clientIPAddress: @ip_address,
         development: @development,
         request: JSON.parse(@har.to_json)
       }.to_json

data/lib/readme/request_queue.rb

@@ -1,4 +1,4 @@
-require "readme/metrics"
+require 'readme/metrics'
 
 module Readme
   class RequestQueue
@@ -30,8 +30,8 @@ module Readme
       Thread.new do
         HTTParty.post(
           Readme::Metrics::ENDPOINT,
-          basic_auth: {username: @api_key, password: ""},
-          headers: {"Content-Type" => "application/json"},
+          basic_auth: { username: @api_key, password: '' },
+          headers: { 'Content-Type' => 'application/json' },
           body: to_json(payloads)
         )
       end
@@ -42,7 +42,7 @@ module Readme
     end
 
     def to_json(payloads)
-      "[#{payloads.join(", ")}]"
+      "[#{payloads.join(', ')}]"
     end
   end
 end

data/lib/readme/webhook.rb

@@ -0,0 +1,42 @@
+require 'readme/metrics'
+
+module Readme
+  class MissingSignatureError < ArgumentError
+    def message
+      'Missing Signature'
+    end
+  end
+
+  class ExpiredSignatureError < RuntimeError
+    def message
+      'Expired Signature'
+    end
+  end
+
+  class InvalidSignatureError < RuntimeError
+    def message
+      'Invalid Signature'
+    end
+  end
+
+  class Webhook
+    def self.verify(body, signature, secret)
+      raise MissingSignatureError unless signature
+
+      parsed = signature.split(',').each_with_object({ time: -1, readme_signature: '' }) do |item, accum|
+        k, v = item.split('=')
+        accum[:time] = v if k.eql? 't'
+        accum[:readme_signature] = v if k.eql? 'v0'
+      end
+
+      # Make sure timestamp is recent to prevent replay attacks
+      thirty_minutes = 30 * 60
+      raise ExpiredSignatureError if Time.now.utc - Time.at(0, parsed[:time].to_i, :millisecond).utc > thirty_minutes
+
+      # Verify the signature is valid
+      unsigned = "#{parsed[:time]}.#{body}"
+      mac = OpenSSL::HMAC.hexdigest('SHA256', secret, unsigned)
+      raise InvalidSignatureError if mac != parsed[:readme_signature]
+    end
+  end
+end

data/readme-metrics.gemspec

@@ -1,31 +1,30 @@
-require_relative "lib/readme/metrics/version"
+require_relative 'lib/readme/metrics/version'
 
 Gem::Specification.new do |spec|
-  spec.name = "readme-metrics"
+  spec.name = 'readme-metrics'
   spec.version = Readme::Metrics::VERSION
-  spec.authors = ["ReadMe"]
-  spec.email = ["support@readme.io"]
-  spec.license = "ISC"
+  spec.authors = ['ReadMe']
+  spec.email = ['support@readme.io']
+  spec.license = 'ISC'
 
   spec.summary = "SDK for Readme's metrics API"
   spec.description = "Middleware for logging requests to Readme's metrics API"
-  spec.homepage = "https://docs.readme.com/metrics/docs/getting-started-with-api-metrics"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.7.0")
+  spec.homepage = 'https://docs.readme.com/metrics/docs/getting-started-with-api-metrics'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
 
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/readmeio/metrics-sdks/blob/main/packages/ruby"
-  spec.metadata["changelog_uri"] = "https://github.com/readmeio/metrics-sdks/blob/main/packages/ruby/CHANGELOG.md"
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/readmeio/metrics-sdks/tree/main/packages/ruby'
+  spec.metadata['changelog_uri'] = 'https://github.com/readmeio/metrics-sdks/blob/main/CHANGELOG.md'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files = Dir.chdir(File.expand_path("..", __FILE__)) do
+  spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
+
   # spec.bindir        = "exe"
   # spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency "httparty", "~> 0.18"
-  spec.add_runtime_dependency "uuid", "~> 2.3.8"
-  spec.add_runtime_dependency "os", "~> 1.1.4"
+  spec.add_runtime_dependency 'httparty', '~> 0.18'
 end