RubyGems - reputable - Versions diffs - 0.1.14 → 0.1.16 - Mend

reputable 0.1.14 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c71694602b9f9eb25537c91c895503e068d59f36b9fbafcefcb7104acacd945f
-  data.tar.gz: 95fabaa4a264c471b46957b781b49cef0cda4205ab35d312ebb85497d9a88657
+  metadata.gz: d33fb1c68fdaca4082540ed61021d61ec5d687779c6c290635327dfe58a83ec7
+  data.tar.gz: 8a217cc36dcc8eef21623025b2dca9b0ccd697b1a312fd46bcfa814c7958e189
 SHA512:
-  metadata.gz: 4a8f05f1bc68354e88b6591873de564f4dbc56531209d7b00781536d23303d969447f05f76bd040b8e078efc836c8697ef1894342168e93c1c5592eb3af62639
-  data.tar.gz: dcd56a2d35fb3d162ffe0813e336212ce61d3e57a6e64d94303f9198b62849211e24879a7302073d4f1e0d3fa90ad765edc0ce6e941951e38a9a67c4dfb6f5fe
+  metadata.gz: d9470847736221d9aa4b0c0012487f18b32ed15bba2f22d5e85bbcd3f376263aa66899b8e14eda2058b0aa0e52e1c659845a516dee09709f379d9ef660cd2ed4
+  data.tar.gz: 879cc235f75b50f054db621572dbd2dfb58020102bc784d14fed109b921bfa82a4f91f0fe4fff7c7c3f2811ff0f292d5638ab2864323bcf93ddbcd18ecf18a3c

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    reputable (0.1.14)
+    reputable (0.1.15)
       connection_pool (~> 2.2)
       redis (>= 4.0, < 6.0)

data/README.md CHANGED Viewed

@@ -301,6 +301,33 @@ Notes:
 - Use `blocked_page_path` only for local blocked pages (or to build a custom `failure_url`).
 - Override `challenge_redirect_status` (default `302`) or `verification_force_challenge` if needed.
+### Server/JS Request Reconciliation
+When using both server-side tracking (Rack middleware) and client-side JavaScript tracking, requests can be double-counted. The reconciliation system prevents this by correlating requests using a unique `request_id`.
+**Automatic Request ID**: The middleware automatically generates a UUID for each request and stores it in `env['reputable.request_id']`. This ID is included when pushing to the Redis buffer.
+**Exposing to JavaScript**: To enable reconciliation, expose the request_id in your views:
+```erb
+<%# In your layout (app/views/layouts/application.html.erb) %>
+<meta name="reputable-request-id" content="<%= request.env['reputable.request_id'] %>">
+<%# Or via JavaScript variable %>
+<script>
+  window.reputableConfig = {
+    requestId: '<%= request.env['reputable.request_id'] %>'
+  };
+</script>
+```
+The JavaScript snippet will automatically read the request_id from:
+1. `data-reputable-request-id` attribute on the script tag
+2. `window.reputableConfig.requestId`
+3. `<meta name="reputable-request-id">` tag
+**Bot Detection Signal**: If the middleware tracks a request but JavaScript never fires (after a 10-second grace period), the request is flagged with `risk:no_js`. This is a strong bot signal—bots and crawlers typically don't render JavaScript.
 ### Default Skipped Paths
 The middleware automatically skips:

data/lib/reputable/middleware.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require_relative "blocked_page"
+require "securerandom"
 module Reputable
   # Rack middleware for automatic request tracking
@@ -61,6 +62,10 @@ module Reputable
     end
     def call(env)
+      # Generate a unique request ID for reconciliation with JS tracking
+      # This ID is exposed to views so it can be included in the JS snippet
+      env['reputable.request_id'] = SecureRandom.uuid
       # Check for verification return parameters and verify signature if present
       handle_verification_return(env)
@@ -145,16 +150,35 @@ module Reputable
     def handle_verification_return(env)
       request = Rack::Request.new(env)
-      # Quick check to avoid overhead
-      return unless request.query_string.include?("reputable_status")
-      return unless request.params["reputable_status"] == "pass"
+      # Quick check to avoid overhead - support both new (reputable_r) and legacy (reputable_status) formats
+      query = request.query_string
+      return unless query.include?("reputable_r") || query.include?("reputable_status")
+      params = request.params
+      # Determine status from new format or legacy format
+      status = if params["reputable_r"]
+        decoded = Reputable.decode_reputable_response(params)
+        decoded&.dig("status")
+      else
+        params["reputable_status"]
+      end
-      if Reputable.verify_redirect_return(request.params)
+      return unless status == "pass"
+      if Reputable.verify_redirect_return(params)
         env["reputable.verified"] = true
-        ignore_analytics = request.params["reputable_ignore_analytics"]
+        # Extract ignore_analytics from new format or legacy format
+        ignore_analytics = if params["reputable_r"]
+          decoded = Reputable.decode_reputable_response(params)
+          decoded&.dig("ignore_analytics")
+        else
+          params["reputable_ignore_analytics"]
+        end
         unless ignore_analytics.nil?
-          env["reputable.ignore_analytics"] = ignore_analytics.to_s == "true"
+          env["reputable.ignore_analytics"] = ignore_analytics == true || ignore_analytics.to_s == "true"
         end
         # Store in session if available
@@ -371,7 +395,8 @@ module Reputable
         method: request.request_method,
         user_agent: env["HTTP_USER_AGENT"],
         referer: env["HTTP_REFERER"],
-        tags: build_tags(env)
+        tags: build_tags(env),
+        request_id: env["reputable.request_id"]
       }.compact
     rescue StandardError => e
       Reputable.logger&.debug("Reputable build_params: #{e.class} - #{e.message}")

data/lib/reputable/tracker.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module Reputable
       # @option options [String] :country Country code (ISO 3166-1 alpha-2)
       # @option options [Array<String>] :tags Custom classification tags
       # @option options [Hash] :metadata Additional metadata
+      # @option options [String] :request_id Unique request ID for reconciliation with JS tracking
       # @return [Boolean] true if successfully pushed to buffer, false otherwise
       #
       # @example Basic usage
@@ -32,7 +33,7 @@ module Reputable
       #     path: "/products/123"
       #   )
       #
-      # @example Full usage
+      # @example Full usage with request_id for JS reconciliation
       #   Reputable::Tracker.track_request(
       #     ip: request.ip,
       #     path: request.path,
@@ -40,6 +41,7 @@ module Reputable
       #     method: request.request_method,
       #     user_agent: request.user_agent,
       #     referer: request.referer,
+      #     request_id: env['reputable.request_id'],
       #     tags: ["view:page:product", "trust:channel:organic"]
       #   )
       def track_request(ip:, path:, **options)
@@ -80,7 +82,8 @@ module Reputable
           referer: options[:referer],
           country: options[:country],
           tags: options[:tags] || [],
-          metadata: options[:metadata]
+          metadata: options[:metadata],
+          request_id: options[:request_id]
         }.compact
       end

data/lib/reputable/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Reputable
-  VERSION = "0.1.14"
+  VERSION = "0.1.16"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reputable
 version: !ruby/object:Gem::Version
-  version: 0.1.14
+  version: 0.1.16
 platform: ruby
 authors:
 - Reputable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-01-28 00:00:00.000000000 Z
+date: 2026-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis