rest-easy 1.1.2 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec1e2b4f51ad07119add9f89dd2075a765fa2fc258766294aa7b05c1bc4e2951
-  data.tar.gz: 350b2381fd3e0dd4cde1815000684c474238ed5c5f8d438611a8fb5de9e381b8
+  metadata.gz: c9ea82724f82c4030a6844a7bad0eec6abe406c1dbdb7d75697431f7273cafd4
+  data.tar.gz: 704c05fc995113d8aeacf92d86c55d0d6acb4d034ac0f98016bca627ed9b0156
 SHA512:
-  metadata.gz: 358c1e91aca70417fc86738b71078bf931da0a562f3ea102875e25d6c32e117c0663337770b39bfc0bf978022dec0eafea220cf27c83e86f9f63f5c3038f6d99
-  data.tar.gz: 0b6d24c285a668c5dde3a90168d542c60b7b8008f20a75d39579c058448e8dd31482f23bda5fa770c25909736b43804cd03a591f7813345a0aabeccc75ad7b26
+  metadata.gz: 73c06f4654242606bd99af1b1f75f8feb3cf6cea6973513cc54d5ad6e7d62cf0e2ea783e62b1676c8c9e33adbf95c0bd3062c1df9aa79cd84a2618f95de8c342
+  data.tar.gz: eedad48faafdac8442419d1890e06632e0d92fac7d7946714d9dea9cad0ab30e5917f119ec7393858ad73e70bfc169ea18d9cd3e633356a0c39e9513c8154249

data/CHANGELOG.md

@@ -2,6 +2,27 @@
 
 ## [Unreleased]
 
+## [1.3.0] - 2026-05-19
+
+### Added
+
+- `base64` is now an explicit runtime dependency. It stopped being a
+  default gem in Ruby 3.4, so it must be declared for the basic-auth
+  strategy to load.
+
+### Changed
+
+- **Minimum Ruby version raised to 3.2.** Ruby 3.1 reached end-of-life
+  in March 2025 and is no longer supported or tested. Consumers on Ruby
+  3.1 are held at the previous release by Bundler.
+
+## [1.2.0] - 2026-05-17
+
+### Added
+
+- **`logger` setting.** When set to a `Logger`-compatible instance, Faraday's built-in logger middleware is attached to the connection and logs HTTP request/response lines and headers. Unset by default — no overhead when not in use. The standard auth-bearing headers (`Authorization`, `Proxy-Authorization`, `Cookie`, `Set-Cookie`) are always filtered to `[FILTERED]`; consumer gems are responsible for redacting domain-specific secrets in non-standard headers or response bodies (see README "Redacting domain-specific secrets").
+- **`log_bodies` setting** (default `false`). Opt-in toggle for logging request/response bodies. Off by default because bodies often carry domain-specific secrets that RestEasy cannot recognize.
+
 ## [1.1.2] - 2026-05-15
 
 ### Changed
@@ -48,7 +69,9 @@
 
 Initial release.
 
-[Unreleased]: https://github.com/accodeing/rest-easy/compare/v1.1.2...HEAD
+[Unreleased]: https://github.com/accodeing/rest-easy/compare/v1.3.0...HEAD
+[1.3.0]: https://github.com/accodeing/rest-easy/compare/v1.2.0...v1.3.0
+[1.2.0]: https://github.com/accodeing/rest-easy/compare/v1.1.2...v1.2.0
 [1.1.2]: https://github.com/accodeing/rest-easy/compare/v1.1.1...v1.1.2
 [1.1.1]: https://github.com/accodeing/rest-easy/compare/v1.1.0...v1.1.1
 [1.1.0]: https://github.com/accodeing/rest-easy/compare/v1.0.0...v1.1.0

data/README.md

@@ -20,7 +20,7 @@ Or your Gemfile:
 gem "rest-easy", "~> 1.0"
 ```
 
-Requires Ruby >= 3.1.
+Requires Ruby >= 3.2.
 
 ## Quick start
 
@@ -92,17 +92,100 @@ end
 
 ### Available settings
 
-| Setting                          | Default                    | Description                                       |
-|----------------------------------|----------------------------|---------------------------------------------------|
-| `base_url`                       | `"https://example.com"`    | Base URL for all requests                         |
-| `max_retries`                    | `3`                        | Retry count on request failure                    |
-| `authentication`                 | `Auth::Null.new`           | Authentication strategy                           |
-| `conversions.json_attributes`    | `:PascalCase`              | Naming convention for JSON response/request fields|
-| `conversions.query_parameters`   | `nil` (no transformation)  | Naming convention for query parameter keys        |
+| Setting                          | Default                    | Description                                                                                |
+|----------------------------------|----------------------------|--------------------------------------------------------------------------------------------|
+| `authentication`                 | `Auth::Null.new`           | Authentication strategy                                                                    |
+| `base_url`                       | `"https://example.com"`    | Base URL for all requests                                                                  |
+| `conversions.json_attributes`    | `:PascalCase`              | Naming convention for JSON response/request fields                                         |
+| `conversions.query_parameters`   | `nil` (no transformation)  | Naming convention for query parameter keys                                                 |
+| `log_bodies`                     | `false`                    | When `true`, request/response bodies are logged. Off by default to avoid leaking domain secrets |
+| `logger`                         | `nil`                      | When set, attaches Faraday's logger middleware and writes HTTP request/response details to it |
+| `max_retries`                    | `3`                        | Retry count on request failure                                                             |
+
+### Logging HTTP traffic
+
+Set `logger` to any `Logger`-compatible instance to log HTTP request and response details. The middleware is Faraday's built-in `Faraday::Response::Logger` and is only attached when the setting is non-nil — no overhead when unset.
+
+```ruby
+module Acme
+  extend RestEasy
+
+  configure do |config|
+    config.logger = Logger.new($stdout)
+  end
+end
+```
+
+By default, RestEasy logs request/response **lines and headers only**, with the following standard headers always filtered to `[FILTERED]`:
+
+- `Authorization`
+- `Proxy-Authorization`
+- `Cookie`
+- `Set-Cookie`
+
+Request and response **bodies are not logged by default**, because bodies frequently carry API-specific secrets (OAuth token responses, signed payloads, PII) that RestEasy has no way to recognize.
+
+> **Note:** The Faraday connection is built lazily on the first request and cached for the lifetime of the process. Changes to `logger` or `log_bodies` after the first request take effect only after restart.
+
+#### Logging request/response bodies
+
+If your API's bodies are safe to log — or you've added domain-specific scrubbing (see below) — opt in:
+
+```ruby
+module Acme
+  extend RestEasy
+
+  configure do |config|
+    config.logger     = Logger.new($stdout)
+    config.log_bodies = true
+  end
+end
+```
+
+#### Redacting domain-specific secrets
+
+RestEasy only knows about HTTP-standard auth headers. If your API returns secrets in response bodies (e.g. an access-token endpoint), or uses non-standard headers like `X-Acme-Api-Key`, your consumer gem is responsible for scrubbing them. The simplest pattern is to wrap the `Logger` instance before handing it to RestEasy — sketched here as a `SimpleDelegator`:
+
+```ruby
+# Sketch — wrap the Logger in your gem so it scrubs your
+# domain secrets out of each line before it's written.
+
+class RedactingLogger < SimpleDelegator
+  # ...your scrubbing logic, applied to each log message...
+end
+
+module Acme
+  extend RestEasy
+
+  configure do |config|
+    config.logger     = RedactingLogger.new(Logger.new($stdout))
+    config.log_bodies = true
+  end
+end
+```
+
+#### Exposing a debug switch in your consumer gem
+
+RestEasy does not read any environment variable itself — that decision belongs to the gem that wraps it. If you want consumers of your gem to flip logging on without editing code, expose your own env var and wire it to `config.logger`:
+
+```ruby
+module Acme
+  extend RestEasy
+
+  configure do |config|
+    if ENV["ACME_DEBUG"]
+      config.logger     = RedactingLogger.new(Logger.new($stdout))
+      config.log_bodies = true
+    end
+  end
+end
+```
+
+Now `ACME_DEBUG=1 bundle exec ...` turns on wire logging — with Acme-aware scrubbing — without any code changes in the consuming application.
 
 ### Faraday middleware
 
-Configure the underlying Faraday connection with a `connection` block:
+For middleware beyond the built-in logger, configure the underlying Faraday connection with a `connection` block:
 
 ```ruby
 module Acme

data/lib/rest_easy/settings.rb

@@ -6,14 +6,16 @@ module RestEasy
   class Settings
     extend Dry::Configurable
 
+    setting :attribute_convention # deprecated — propagated to conversions.json_attributes in configure
+    setting :authentication, default: Auth::Null.new, reader: true
     setting :base_url, default: "https://example.com", reader: true
+    setting :log_bodies, default: false, reader: true
+    setting :logger, reader: true
     setting :max_retries, default: 3, reader: true
-    setting :authentication, default: Auth::Null.new, reader: true
-    setting :attribute_convention # deprecated — propagated to conversions.json_attributes in configure
 
     setting :conversions do
-      setting :query_parameters, default: nil, reader: true
       setting :json_attributes, default: Conventions::DEFAULT, reader: true
+      setting :query_parameters, default: nil, reader: true
     end
   end
 end

data/lib/rest_easy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RestEasy
-  VERSION = "1.1.2"
+  VERSION = "1.3.0"
 end

data/lib/rest_easy.rb

@@ -66,6 +66,9 @@ module RestEasy
   # ── Module extension (ClassMethods) ──────────────────────────────────
 
   module ClassMethods
+    STANDARD_AUTH_HEADERS = %w[Authorization Proxy-Authorization Cookie Set-Cookie].freeze
+    private_constant :STANDARD_AUTH_HEADERS
+
     def config
       self::Settings.config
     end
@@ -107,6 +110,16 @@ module RestEasy
       @faraday_connection ||= Faraday.new(url: config.base_url) do |f|
         f.request :json
         f.response :json
+        if config.logger
+          # Faraday's logger emits headers as `Name: "value"` — the filters
+          # depend on that format. If the format changes, redaction silently
+          # breaks; the integration specs catch the common case.
+          f.response :logger, config.logger, bodies: config.log_bodies do |l|
+            STANDARD_AUTH_HEADERS.each do |name|
+              l.filter(/(#{Regexp.escape(name)}:\s*")[^"]+/i, '\1[FILTERED]')
+            end
+          end
+        end
         @connection_block&.call(f)
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rest-easy
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.3.0
 platform: ruby
 authors:
 - Jonas Schubert Erlandsson
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-05-15 00:00:00.000000000 Z
+date: 2026-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-types
@@ -68,6 +68,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -145,14 +159,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.6
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: Boilerplate for REST API libraries, using on dry-rb