timber 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eab99caab83ef2be6496c0ad1db6d736cf54817f
-  data.tar.gz: dfdd212606d1ff42d908401e073ecf94a2cc2f72
+  metadata.gz: 59dfc96fa6eee2260cbfb09b2fb6eddfcae573e6
+  data.tar.gz: dce374823788ebcfeb4f036e2c01a09170354d2e
 SHA512:
-  metadata.gz: b7e9143deab1f3d58076b7c55600f8ee72d7a11f3d659c1494f6bef053d03e444555564e1a7a7977fc1ed8bfab8b2c5d53bd1d238d2934b5d23537e6f23da2e5
-  data.tar.gz: bb07cec849ea6a95a6480711b123612b1db91d6f4a59c23aac8c01b5f0b6ee921fc52ff43147a8123d9ad341b934055676e594cbc5ab4d1082268f423cd7d4f4
+  metadata.gz: 0cff008838b0289281df7f30904d65cf435a91c46f50050a23261cbba66c6a61db8632e649f77e3cbcb04fdda09b741b1cc02fc02aba0d0b239eb7105d298881
+  data.tar.gz: 4fbe781f747db8043c783e8732157f2d285e84f4ba14c0010b5944e082dbec86defdeacb9a5c66be5352122dd8652348aee09e26d33513256608569b927bf498

data/README.md

@@ -15,7 +15,7 @@
 
 Timber turns your raw text logs into rich JSON events that can be consumed by the
 [Timber.io service](https://timber.io). It improves log data quality at the source, adding
-critical event and context data to your logs so that you can filter out the noise and
+critical `event` and `context` data to your logs so that you can filter out the noise and
 solve problems faster.
 
 For example, Timber turns this:

data/lib/timber/cli/install.rb

@@ -9,7 +9,6 @@ module Timber
         include IOHelper
 
         def run(api_key)
-          puts ""
           puts colorize(Messages.header, :green)
           puts colorize(Messages.separator, :green)
           puts colorize(Messages.contact, :green)
@@ -17,7 +16,7 @@ module Timber
           puts ""
 
           if !api_key
-            puts colorize(Messages.no_api_key_provided, :red)
+            puts Messages.no_api_key_provided
             return
           end
 
@@ -28,6 +27,7 @@ module Timber
           app = Application.new(api)
 
           puts Messages.application_details(app)
+          puts ""
 
           case ask_yes_no("Are the above details correct?")
           when :yes
@@ -81,7 +81,7 @@ module Timber
             puts ""
             puts Messages.separator
             puts ""
-            puts colorize(Messages.commit_and_deploy_reminder, :green)
+            puts Messages.commit_and_deploy_reminder
 
             api.event!(:success)
 

data/lib/timber/cli/io_helper.rb

@@ -23,6 +23,7 @@ module Timber
 
         code =
           case color
+          when :blue then 34
           when :red then 31
           when :green then 32
           when :yellow then 33

data/lib/timber/cli/messages.rb

@@ -3,6 +3,8 @@
 module Timber
   class CLI
     module Messages
+      include IOHelper
+
       extend self
 
       APP_URL = "https://app.timber.io"
@@ -41,7 +43,12 @@ message.rstrip
 
       def commit_and_deploy_reminder
 message = <<-MESSAGE
-Last step! Commit these changes and deploy. 🚀
+Last step!
+
+    #{colorize("git add config/initializers/timber.rb", :blue)}
+    #{colorize("git commit -am 'Install Timber'", :blue)}
+
+    #{colorize("push and deploy", :blue)} 🚀
 MESSAGE
 message.rstrip
 end
@@ -75,7 +82,7 @@ Get free data on Timeber!
 * Get ✨ 50mb✨ for following #{TWITTER_HANDLE} on twitter
 
 (Your account will be credited within 2-3 business days.
- If you do not notice a credit please contact us: #{@support_email})
+ If you do not notice a credit please contact us: #{SUPPORT_EMAIL})
 MESSAGE
 message.rstrip
 end
@@ -94,11 +101,11 @@ message.rstrip
 
       def heroku_install(app)
 message = <<-MESSAGE
-Now we need to send your logs to the Timber service.
+Now we need to send your logs from Heroku to Timber.
 
-Please run this command in a separate terminal and return back here when complete:
+Please run this command in a separate terminal, return back when complete:
 
-    heroku drains:add #{app.heroku_drain_url}
+    #{colorize("heroku drains:add #{app.heroku_drain_url}", :blue)}
 
 Note: Your Heroku app must be generating logs for this to work.
 MESSAGE
@@ -107,24 +114,29 @@ message.rstrip
 
       def no_api_key_provided
 message = <<-MESSAGE
-Woops! You didn't provide an API key. You can do so via:
+Hey there! Welcome to Timber. In order to proceed, you'll need an API key.
+If you already have one, you can run this installer like:
 
-    bundle exec timber install my-api-key
+    #{colorize("bundle exec timber install my-api-key", :blue)}
 
 #{obtain_key_instructions}
 MESSAGE
-message.rstrip
+        message.rstrip
       end
 
       def obtain_key_instructions
 message = <<-MESSAGE
 Don't have a key? Head over to:
 
-    https://app.timber.io
+    #{colorize("https://app.timber.io", :blue)}
 
 Once there, create an application. Your API key will be displayed afterwards.
 For more detailed instructions, checkout our docs page:
+
 https://timber.io/docs/app/obtain-api-key/
+
+If you're confused, don't hesitate to contact us: #{SUPPORT_EMAIL}
+
 MESSAGE
 message.rstrip
       end

data/lib/timber/config.rb

@@ -27,6 +27,7 @@ module Timber
     def initialize
       @capture_http_bodies = true
       @capture_http_body_content_types = [FORM_URL_ENCODED_CONTENT_TYPE, JSON_CONTENT_TYPE]
+      @http_body_limit = 2000
     end
 
     # Enables and disables the capturing of HTTP bodies in `Events::HTTPServerRequest`,
@@ -47,6 +48,12 @@ module Timber
       @debug_logger
     end
 
+    # Truncates captured HTTP bodies to this specified limit. The default is `2000`.
+    # If you want to capture more data, you can raise this to a maximum of `5000`,
+    # or lower this to be more efficient with data.
+    def http_body_limit
+      @http_body_limit
+    end
 
     # This is the logger Timber writes to. It should be set to your global
     # logger to keep the logging destination consitent. Please see `delegate_logger_to`

data/lib/timber/contexts.rb

@@ -2,6 +2,7 @@ require "timber/contexts/custom"
 require "timber/contexts/http"
 require "timber/contexts/organization"
 require "timber/contexts/runtime"
+require "timber/contexts/session"
 require "timber/contexts/system"
 require "timber/contexts/user"
 

data/lib/timber/contexts/session.rb

@@ -0,0 +1,21 @@
+module Timber
+  module Contexts
+    # The session context tracks the current session for the given user.
+    #
+    # @note This is tracked automatically with the `Integrations::Rack::SessionContext` rack
+    #   middleware.
+    class Session < Context
+      @keyspace = :session
+
+      attr_reader :id
+
+      def initialize(attributes)
+        @id = attributes[:id] || raise(ArgumentError.new(":id is required"))
+      end
+
+      def as_json(_options = {})
+        {id: Timber::Util::Object.try(id, :to_s)}
+      end
+    end
+  end
+end

data/lib/timber/contexts/user.rb

@@ -2,33 +2,8 @@ module Timber
   module Contexts
     # The user context tracks the currently authenticated user.
     #
-    # You will want to add this context at the time log the user in, typically
-    # during the authentication flow.
-    #
-    # Note: Timber will attempt to automatically add this if you add a #current_user
-    # method to your controllers. Most authentication solutions do this for you automatically.
-    #
-    # @example Basic example
-    #   user_context = Timber::Contexts::User.new(id: "abc1234", name: "Ben Johnson")
-    #   Timber::CurrentContext.with(user_context) do
-    #     # Logging will automatically include this context
-    #     logger.info("This is a log message")
-    #   end
-    #
-    # @example Rails example
-    #   class ApplicationController < ActionController::Base
-    #     around_filter :capture_user_context
-    #     private
-    #       def capture_user_context
-    #         if current_user
-    #           user_context = Timber::Contexts::User.new(id: current_user.id,
-    #             name: current_user.name, email: current_user.email)
-    #           Timber::CurrentContext.with(user_context) { yield }
-    #         else
-    #           yield
-    #         end
-    #       end
-    #   end
+    # @note This is tracked automatically with the `Integrations::Rack::UserContext` rack
+    #   middleware.
     class User < Context
       @keyspace = :user
 

data/lib/timber/events/controller_call.rb

@@ -7,12 +7,14 @@ module Timber
     # @note This event should be installed automatically through integrations,
     #   such as the {Integrations::ActionController::LogSubscriber} integration.
     class ControllerCall < Timber::Event
+      PASSWORD_NAME = 'password'.freeze
+
       attr_reader :controller, :action, :params, :format
 
       def initialize(attributes)
         @controller = attributes[:controller] || raise(ArgumentError.new(":controller is required"))
         @action = attributes[:action] || raise(ArgumentError.new(":action is required"))
-        @params = attributes[:params]
+        @params = sanitize_params(attributes[:params])
         @format = attributes[:format]
       end
 
@@ -44,6 +46,22 @@ module Timber
             params.to_json
           end
         end
+
+        def sanitize_params(params)
+          if params.is_a?(::Hash)
+            params.each_with_object({}) do |(k, v), h|
+              k = k.to_s.downcase
+              case k
+              when PASSWORD_NAME
+                h[k] = SANITIZED_VALUE
+              else
+                h[k] = v
+              end
+            end
+          else
+            params
+          end
+        end
     end
   end
 end

data/lib/timber/events/http_server_request.rb

@@ -19,7 +19,10 @@ module Timber
         @scheme = attributes[:scheme] || raise(ArgumentError.new(":scheme is required"))
         @request_id = attributes[:request_id]
 
-        @body = Util::HTTPEvent.normalize_body(@headers["content-type"], attributes[:body])
+        # This is disabled for now. The ControllerCall event records the parsed params.
+        # This should be sufficient for body inspection. If we come across a case where
+        # it is not we can consider re-enabling this.
+        # @body = Util::HTTPEvent.normalize_body(attributes[:body])
       end
 
       def to_hash

data/lib/timber/integrations/rack.rb

@@ -1,6 +1,7 @@
 require "timber/integrations/rack/exception_event"
 require "timber/integrations/rack/http_context"
 require "timber/integrations/rack/http_events"
+require "timber/integrations/rack/session_context"
 require "timber/integrations/rack/user_context"
 
 module Timber
@@ -9,7 +10,7 @@ module Timber
       # All available middlewares. The order is relevant. Middlewares that set
       # context are added first so that context is included in subsequent log lines.
       def self.middlewares
-        @middlewares ||= [HTTPContext, UserContext, HTTPEvents, ExceptionEvent]
+        @middlewares ||= [HTTPContext, SessionContext, UserContext, HTTPEvents, ExceptionEvent]
       end
     end
   end

data/lib/timber/integrations/rack/session_context.rb

@@ -0,0 +1,37 @@
+module Timber
+  module Integrations
+    module Rack
+      # Reponsible for adding the Session context for applications that use `Rack`.
+      class SessionContext
+        def initialize(app)
+          @app = app
+        end
+
+        def call(env)
+          id = get_session_id(env)
+          if id
+            context = Contexts::Session.new(id: get_session_id(env))
+            CurrentContext.with(context) do
+              @app.call(env)
+            end
+          else
+            @app.call(env)
+          end
+        end
+
+        private
+          def get_session_id(env)
+            if env['rack.session']
+              begin
+                env['rack.session'].id
+              rescue Exception
+                nil
+              end
+            else
+              nil
+            end
+          end
+      end
+    end
+  end
+end

data/lib/timber/log_entry.rb

@@ -3,7 +3,7 @@ module Timber
   # `Logger` and the log device that you set it up with.
   class LogEntry #:nodoc:
     DT_PRECISION = 6.freeze
-    SCHEMA = "https://raw.githubusercontent.com/timberio/log-event-json-schema/1.2.20/schema.json".freeze
+    SCHEMA = "https://raw.githubusercontent.com/timberio/log-event-json-schema/1.2.21/schema.json".freeze
 
     attr_reader :context_snapshot, :event, :level, :message, :progname, :tags, :time, :time_ms
 

data/lib/timber/util/http_event.rb

@@ -1,8 +1,9 @@
 module Timber
   module Util
     module HTTPEvent
-      BODY_LIMIT = 5_000.freeze
+      AUTHORIZATION_HEADER = 'authorization'.freeze
       QUERY_STRING_LIMIT = 5_000.freeze
+      SANITIZED_VALUE = '[sanitized]'.freeze
 
       extend self
 
@@ -20,7 +21,7 @@ module Timber
             body = body.body.to_s
           end
 
-          body[0..(BODY_LIMIT - 1)]
+          body[0..(Config.instance.http_body_limit - 1)]
         else
           # Drop the body if it is not a format we want to capture.
           # This gives users more control to avoid loggin files, etc.
@@ -31,7 +32,13 @@ module Timber
       def normalize_headers(headers)
         if headers.is_a?(::Hash)
           headers.each_with_object({}) do |(k, v), h|
-            h[k.to_s.downcase] = v
+            k = k.to_s.downcase
+            case k
+            when AUTHORIZATION_HEADER
+              h[k] = SANITIZED_VALUE
+            else
+              h[k] = v
+            end
           end
         else
           headers

data/lib/timber/version.rb

@@ -1,3 +1,3 @@
 module Timber
-  VERSION = "2.0.0"
+  VERSION = "2.0.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: timber
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Timber Technologies, Inc.
@@ -160,6 +160,7 @@ files:
 - lib/timber/contexts/http.rb
 - lib/timber/contexts/organization.rb
 - lib/timber/contexts/runtime.rb
+- lib/timber/contexts/session.rb
 - lib/timber/contexts/system.rb
 - lib/timber/contexts/user.rb
 - lib/timber/current_context.rb
@@ -189,6 +190,7 @@ files:
 - lib/timber/integrations/rack/exception_event.rb
 - lib/timber/integrations/rack/http_context.rb
 - lib/timber/integrations/rack/http_events.rb
+- lib/timber/integrations/rack/session_context.rb
 - lib/timber/integrations/rack/user_context.rb
 - lib/timber/integrations/rails/rack_logger.rb
 - lib/timber/integrator.rb