readme-metrics 2.1.0 → 2.3.0

data/examples/metrics-rails/config/application.rb

@@ -0,0 +1,52 @@
+require_relative 'boot'
+
+require 'rails'
+# Pick the frameworks you want:
+require 'active_model/railtie'
+# require "active_job/railtie"
+require 'active_record/railtie'
+# require "active_storage/engine"
+require 'action_controller/railtie'
+# require "action_mailer/railtie"
+# require "action_mailbox/engine"
+# require "action_text/engine"
+require 'action_view/railtie'
+# require "action_cable/engine"
+# require "rails/test_unit/railtie"
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+unless ENV['README_API_KEY']
+  warn('Missing `README_API_KEY` environment variable')
+  exit(1)
+end
+
+module MetricsRails
+  class Application < Rails::Application
+    # Initialize configuration defaults for originally generated Rails version.
+    config.load_defaults 7.0
+
+    # Configuration for the application, engines, and railties goes here.
+    #
+    # These settings can be overridden in specific environments using the files
+    # in config/environments, which are processed later.
+    #
+    # config.time_zone = "Central Time (US & Canada)"
+    # config.eager_load_paths << Rails.root.join("extras")
+
+    # Only loads a smaller set of middleware suitable for API only apps.
+    # Middleware like session, flash, cookies can be added back manually.
+    # Skip views, helpers and assets when generating a new resource.
+    config.api_only = true
+
+    config.middleware.use Readme::Metrics, { api_key: ENV.fetch('README_API_KEY', nil) } do |_env|
+      {
+        api_key: 'owlbert-api-key',
+        label: 'Owlbert',
+        email: 'owlbert@example.com'
+      }
+    end
+  end
+end

data/examples/metrics-rails/config/boot.rb

@@ -0,0 +1,3 @@
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
+
+require 'bundler/setup' # Set up gems listed in the Gemfile.

data/examples/metrics-rails/config/credentials.yml.enc

@@ -0,0 +1 @@
+WUpk/vtruP+ILrYagtEbnThH7rgtMyjoYDklX/UTNVGBpFNvMUJEDLTSOVtS51bg9F4MJv5Z9C8k3fvr1cNCrJS1GuU1hBuqawb9UM5PrzPVskYt3d/+uTiaZAC8GCcbbVL0W5WK097OIASiMGztTsUe2Q8EF+7G9oCnak/EQiV6aSz/hQMuFhsLzqBPonSrOkyzuBnyrerNwQp8KmqPL1acD1OgyPe9iCD4ZDJtY75wMge8vOPpbUE5qU+OSVM9P3iGAd6FN6BK7lj7udDRz+KndKPl8rNwQcNwQSbPgvjt4fG7Wy4XJAHwBigXsmBsFHb75Q2yxt9Llm4CUpOxzyd04ArrdJOZq4tvAFbrj4RGVdpAz6ZXkHguwzdDWZKLhAEHTHrxLBaBM8WzenIi9eCVwgFVQW1fHZhh--JCC5l4U+wO+RX/ou--pLo5LzM5ZxUtRyDfhjrSyw==

data/examples/metrics-rails/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite. Versions 3.8.0 and up are supported.
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem "sqlite3"
+#
+default: &default
+  adapter: sqlite3
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  timeout: 5000
+
+development:
+  <<: *default
+  database: db/development.sqlite3
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  <<: *default
+  database: db/test.sqlite3
+
+production:
+  <<: *default
+  database: db/production.sqlite3

data/examples/metrics-rails/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require_relative 'application'
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/examples/metrics-rails/config/environments/development.rb

@@ -0,0 +1,56 @@
+require 'active_support/core_ext/integer/time'
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded any time
+  # it changes. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports.
+  config.consider_all_requests_local = true
+
+  # Enable server timing
+  config.server_timing = true
+
+  # Enable/disable caching. By default caching is disabled.
+  # Run rails dev:cache to toggle caching.
+  if Rails.root.join('tmp/caching-dev.txt').exist?
+    config.cache_store = :memory_store
+    config.public_file_server.headers = {
+      'Cache-Control' => "public, max-age=#{2.days.to_i}"
+    }
+  else
+    config.action_controller.perform_caching = false
+
+    config.cache_store = :null_store
+  end
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Highlight code that triggered database queries in logs.
+  config.active_record.verbose_query_logs = true
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+
+  # Uncomment if you wish to allow Action Cable access from any origin.
+  # config.action_cable.disable_request_forgery_protection = true
+end

data/examples/metrics-rails/config/environments/production.rb

@@ -0,0 +1,68 @@
+require 'active_support/core_ext/integer/time'
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local = false
+
+  # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
+  # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
+  # config.require_master_key = true
+
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.asset_host = "http://assets.example.com"
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+  # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Include generic and useful information about system operation, but avoid logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII).
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags.
+  config.log_tags = [:request_id]
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Don't log any deprecations.
+  config.active_support.report_deprecations = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = Logger::Formatter.new
+
+  # Use a different logger for distributed setups.
+  # require "syslog/logger"
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
+
+  if ENV['RAILS_LOG_TO_STDOUT'].present?
+    logger           = ActiveSupport::Logger.new($stdout)
+    logger.formatter = config.log_formatter
+    config.logger    = ActiveSupport::TaggedLogging.new(logger)
+  end
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+end

data/examples/metrics-rails/config/environments/test.rb

@@ -0,0 +1,50 @@
+require 'active_support/core_ext/integer/time'
+
+# The test environment is used exclusively to run your application's
+# test suite. You never need to work with it otherwise. Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs. Don't rely on the data there!
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Turn false under Spring and add config.action_view.cache_template_loading = true.
+  config.cache_classes = true
+
+  # Eager loading loads your whole application. When running a single test locally,
+  # this probably isn't necessary. It's a good idea to do in a continuous integration
+  # system, or in some way before deploying your code.
+  config.eager_load = ENV['CI'].present?
+
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {
+    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+  }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+  config.cache_store = :null_store
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+end

data/examples/metrics-rails/config/initializers/cors.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Avoid CORS issues when API is called from the frontend app.
+# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
+
+# Read more: https://github.com/cyu/rack-cors
+
+# Rails.application.config.middleware.insert_before 0, Rack::Cors do
+#   allow do
+#     origins "example.com"
+#
+#     resource "*",
+#       headers: :any,
+#       methods: [:get, :post, :put, :patch, :delete, :options, :head]
+#   end
+# end

data/examples/metrics-rails/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
+Rails.application.config.filter_parameters += %i[
+  passw secret token _key crypt salt certificate otp ssn
+]

data/examples/metrics-rails/config/initializers/inflections.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, "\\1en"
+#   inflect.singular /^(ox)en/i, "\\1"
+#   inflect.irregular "person", "people"
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym "RESTful"
+# end

data/examples/metrics-rails/config/locales/en.yml

@@ -0,0 +1,33 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t "hello"
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t("hello") %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# The following keys must be escaped otherwise they will not be retrieved by
+# the default I18n backend:
+#
+# true, false, on, off, yes, no
+#
+# Instead, surround them with single quotes.
+#
+# en:
+#   "true": "foo"
+#
+# To learn more, please read the Rails Internationalization guide
+# available at https://guides.rubyonrails.org/i18n.html.
+
+en:
+  hello: "Hello world"

data/examples/metrics-rails/config/puma.rb

@@ -0,0 +1,43 @@
+# Puma can serve each request in a thread from an internal thread pool.
+# The `threads` method setting takes two numbers: a minimum and maximum.
+# Any libraries that use thread pools should be configured to match
+# the maximum value specified for Puma. Default is set to 5 threads for minimum
+# and maximum; this matches the default thread size of Active Record.
+#
+max_threads_count = ENV.fetch('RAILS_MAX_THREADS', 5)
+min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count }
+threads min_threads_count, max_threads_count
+
+# Specifies the `worker_timeout` threshold that Puma will use to wait before
+# terminating a worker in development environments.
+#
+worker_timeout 3600 if ENV.fetch('RAILS_ENV', 'development') == 'development'
+
+# Specifies the `port` that Puma will listen on to receive requests; default is 8000.
+#
+port ENV.fetch('PORT', 8000)
+
+# Specifies the `environment` that Puma will run in.
+#
+environment ENV.fetch('RAILS_ENV') { 'development' }
+
+# Specifies the `pidfile` that Puma will use.
+pidfile ENV.fetch('PIDFILE') { 'tmp/pids/server.pid' }
+
+# Specifies the number of `workers` to boot in clustered mode.
+# Workers are forked web server processes. If using threads and workers together
+# the concurrency of the application would be max `threads` * `workers`.
+# Workers do not work on JRuby or Windows (both of which do not support
+# processes).
+#
+# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
+
+# Use the `preload_app!` method when specifying a `workers` number.
+# This directive tells Puma to first boot the application and load code
+# before forking the application. This takes advantage of Copy On Write
+# process behavior so workers use less memory.
+#
+# preload_app!
+
+# Allow puma to be restarted by `bin/rails restart` command.
+plugin :tmp_restart

data/examples/metrics-rails/config/routes.rb

@@ -0,0 +1,5 @@
+Rails.application.routes.draw do
+  get '/', to: 'metrics#index'
+  post '/', to: 'metrics#post'
+  post '/webhook', to: 'metrics#webhook'
+end

data/examples/metrics-rails/config.ru

@@ -0,0 +1,6 @@
+# This file is used by Rack-based servers to start the application.
+
+require_relative 'config/environment'
+
+run Rails.application
+Rails.application.load_server

data/examples/metrics-rails/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the bin/rails db:seed command (or created alongside the database with db:setup).
+#
+# Examples:
+#
+#   movies = Movie.create([{ name: "Star Wars" }, { name: "Lord of the Rings" }])
+#   Character.create(name: "Luke", movie: movies.first)

data/examples/metrics-rails/public/robots.txt

@@ -0,0 +1 @@
+# See https://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file

data/lib/readme/errors.rb

@@ -1,4 +1,4 @@
-# frozen-string-literal: true
+# frozen_string_literal: true
 
 module Readme
   class Errors

data/lib/readme/har/collection.rb

@@ -1,3 +1,5 @@
+require 'json'
+
 module Readme
   module Har
     class Collection
@@ -11,7 +13,7 @@ module Readme
       end
 
       def to_a
-        filtered_hash.map { |name, value| { name: name, value: value } }
+        filtered_hash.map { |name, value| { name: name, value: value.is_a?(Hash) ? value.to_json : value } }
       end
 
       private

data/lib/readme/har/serializer.rb

@@ -1,4 +1,4 @@
-# frozen-string-literal: true
+# frozen_string_literal: true
 
 require 'rack'
 require 'readme/metrics'
@@ -46,7 +46,7 @@ module Readme
             timings: timings,
             request: request,
             response: response,
-            startedDateTime: @start_time.iso8601,
+            startedDateTime: @start_time.utc.iso8601(3),
             time: elapsed_time
           }
         ]

data/lib/readme/http_request.rb

@@ -6,15 +6,29 @@ module Readme
   class HttpRequest
     include ContentTypeHelper
 
+    IS_RACK_V3 = Gem.loaded_specs['rack'].version > Gem::Version.create('3.0')
+
+    # rubocop:disable Style/MutableConstant
     HTTP_NON_HEADERS = [
       Rack::HTTP_COOKIE,
-      Rack::HTTP_VERSION,
       Rack::HTTP_HOST,
       Rack::HTTP_PORT
-    ].freeze
+    ]
+    # rubocop:enable Style/MutableConstant
+
+    if IS_RACK_V3
+      HTTP_NON_HEADERS.push(Rack::SERVER_PROTOCOL)
+    else
+      HTTP_NON_HEADERS.push(Rack::HTTP_VERSION)
+    end
+
+    HTTP_NON_HEADERS.freeze
 
     def initialize(env)
       @request = Rack::Request.new(env)
+      return unless IS_RACK_V3
+
+      @input = Rack::RewindableInput.new(@request.body)
     end
 
     def url
@@ -30,7 +44,11 @@ module Readme
     end
 
     def http_version
-      @request.get_header(Rack::HTTP_VERSION)
+      if IS_RACK_V3
+        @request.get_header(Rack::SERVER_PROTOCOL)
+      else
+        @request.get_header(Rack::HTTP_VERSION)
+      end
     end
 
     def request_method
@@ -60,14 +78,21 @@ module Readme
         .to_h
         .transform_keys { |header| normalize_header_name(header) }
         .merge unprefixed_headers
+        .merge host_header
     end
 
     def body
-      @request.body.rewind
-      content = @request.body.read
-      @request.body.rewind
+      if IS_RACK_V3
+        body = @input.read
+        @input.rewind
+        body
+      else
+        @request.body.rewind
+        content = @request.body.read
+        @request.body.rewind
 
-      content
+        content
+      end
     end
 
     def parsed_form_data
@@ -99,5 +124,11 @@ module Readme
         'Content-Length' => @request.content_length
       }.compact
     end
+
+    def host_header
+      {
+        'Host' => @request.host
+      }.compact
+    end
   end
 end

data/lib/readme/http_response.rb

@@ -13,12 +13,12 @@ module Readme
     def body
       if raw_body.respond_to?(:rewind)
         raw_body.rewind
-        content = raw_body.each.reduce('', :+)
+        content = raw_body.each.sum('')
         raw_body.rewind
 
         content
       else
-        raw_body.each.reduce('', :+)
+        raw_body.each.sum('')
       end
     end
 

data/lib/readme/metrics/version.rb

@@ -1,7 +1,7 @@
-# frozen-string-literal: true
+# frozen_string_literal: true
 
 module Readme
   class Metrics
-    VERSION = '2.1.0'
+    VERSION = '2.3.0'
   end
 end

data/lib/readme/metrics.rb

@@ -1,4 +1,4 @@
-# frozen-string-literal: true
+# frozen_string_literal: true
 
 require 'readme/metrics/version'
 require 'readme/har/serializer'
@@ -15,7 +15,7 @@ module Readme
   class Metrics
     SDK_NAME = 'readme-metrics'
     DEFAULT_BUFFER_LENGTH = 1
-    ENDPOINT = 'https://metrics.readme.io/v1/request'
+    ENDPOINT = URI.join(ENV['README_METRICS_SERVER'] || 'https://metrics.readme.io', '/v1/request')
 
     def self.logger
       @@logger
@@ -136,9 +136,9 @@ module Readme
 
     # rubocop:disable Style/InverseMethods
     def user_info_valid?(user_info)
-      !user_info.nil? &&
+      (!user_info.nil? &&
         !user_info.values.any?(&:nil?) &&
-        user_info.key?(:api_key) || user_info.key?(:id)
+        user_info.key?(:api_key)) || user_info.key?(:id)
     end
     # rubocop:enable Style/InverseMethods
   end

data/lib/readme/payload.rb

@@ -1,5 +1,11 @@
 require 'socket'
-require 'uuid'
+require 'securerandom'
+
+def validate_uuid(uuid)
+  return if uuid.nil?
+
+  uuid.match(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i)
+end
 
 module Readme
   class Payload
@@ -13,12 +19,12 @@ module Readme
       @ignore = info[:ignore]
       @ip_address = ip_address
       @development = development
-      @uuid = UUID.new
+      @uuid = SecureRandom.uuid
     end
 
     def to_json(*_args)
       {
-        logId: UUID.validate(@log_id) ? @log_id : @uuid.generate,
+        _id: validate_uuid(@log_id) ? @log_id : @uuid,
         group: @user_info,
         clientIPAddress: @ip_address,
         development: @development,

data/lib/readme/webhook.rb

@@ -0,0 +1,42 @@
+require 'readme/metrics'
+
+module Readme
+  class MissingSignatureError < ArgumentError
+    def message
+      'Missing Signature'
+    end
+  end
+
+  class ExpiredSignatureError < RuntimeError
+    def message
+      'Expired Signature'
+    end
+  end
+
+  class InvalidSignatureError < RuntimeError
+    def message
+      'Invalid Signature'
+    end
+  end
+
+  class Webhook
+    def self.verify(body, signature, secret)
+      raise MissingSignatureError unless signature
+
+      parsed = signature.split(',').each_with_object({ time: -1, readme_signature: '' }) do |item, accum|
+        k, v = item.split('=')
+        accum[:time] = v if k.eql? 't'
+        accum[:readme_signature] = v if k.eql? 'v0'
+      end
+
+      # Make sure timestamp is recent to prevent replay attacks
+      thirty_minutes = 30 * 60
+      raise ExpiredSignatureError if Time.now.utc - Time.at(0, parsed[:time].to_i, :millisecond).utc > thirty_minutes
+
+      # Verify the signature is valid
+      unsigned = "#{parsed[:time]}.#{body}"
+      mac = OpenSSL::HMAC.hexdigest('SHA256', secret, unsigned)
+      raise InvalidSignatureError if mac != parsed[:readme_signature]
+    end
+  end
+end

data/readme-metrics.gemspec

@@ -27,5 +27,5 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_runtime_dependency 'httparty', '~> 0.18'
-  spec.add_runtime_dependency 'uuid', '~> 2.3.8'
+  spec.add_runtime_dependency 'rack', '>= 2.2', '< 4'
 end