securenow 3.0.14 → 4.0.2

package/examples/test-nextjs-setup.js

@@ -0,0 +1,67 @@
+/**
+ * Test script to verify SecureNow Next.js setup
+ * 
+ * Run this to verify your configuration before integrating with Next.js:
+ * 
+ * SECURENOW_APPID=test-app node examples/test-nextjs-setup.js
+ */
+
+const { registerSecureNow } = require('../nextjs.js');
+
+console.log('Testing SecureNow Next.js integration...\n');
+
+// Test 1: Basic registration
+console.log('Test 1: Basic registration');
+try {
+  const sdk = registerSecureNow({
+    serviceName: 'test-nextjs-app',
+    endpoint: process.env.SECURENOW_INSTANCE || 'http://localhost:4318',
+  });
+  
+  if (sdk) {
+    console.log('✅ SDK registered successfully\n');
+  } else {
+    console.log('⚠️  SDK returned null (expected in Edge runtime)\n');
+  }
+} catch (error) {
+  console.error('❌ Registration failed:', error);
+  process.exit(1);
+}
+
+// Test 2: Create a test span
+console.log('Test 2: Creating test span');
+try {
+  const api = require('@opentelemetry/api');
+  const tracer = api.trace.getTracer('test-tracer');
+  const span = tracer.startSpan('test.span');
+  span.setAttribute('test.attribute', 'test-value');
+  span.setAttribute('test.number', 123);
+  span.end();
+  console.log('✅ Test span created and ended\n');
+} catch (error) {
+  console.error('❌ Span creation failed:', error);
+  process.exit(1);
+}
+
+// Test 3: Verify configuration
+console.log('Test 3: Configuration verification');
+console.log('- SECURENOW_APPID:', process.env.SECURENOW_APPID || '(not set)');
+console.log('- SECURENOW_INSTANCE:', process.env.SECURENOW_INSTANCE || '(using default)');
+console.log('- NODE_ENV:', process.env.NODE_ENV || 'development');
+console.log('- OTEL_LOG_LEVEL:', process.env.OTEL_LOG_LEVEL || '(none)');
+console.log('✅ Configuration loaded\n');
+
+// Test 4: Wait for export
+console.log('Test 4: Waiting for span export...');
+setTimeout(() => {
+  console.log('✅ Export should have completed\n');
+  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  console.log('✅ All tests passed!');
+  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  console.log('\nCheck your SigNoz dashboard for traces from "test-nextjs-app"\n');
+  process.exit(0);
+}, 2000);
+
+
+
+

package/nextjs.js

@@ -0,0 +1,203 @@
+'use strict';
+
+/**
+ * SecureNow Next.js Integration using @vercel/otel
+ * 
+ * Usage in Next.js app:
+ * 
+ * 1. Create instrumentation.ts (or .js) in your project root:
+ * 
+ *    import { registerSecureNow } from 'securenow/nextjs';
+ *    export function register() {
+ *      registerSecureNow();
+ *    }
+ * 
+ * 2. Set environment variables:
+ *    SECURENOW_APPID=my-nextjs-app
+ *    SECURENOW_INSTANCE=http://your-signoz-host:4318
+ * 
+ * That's it! 🎉 No webpack warnings!
+ */
+
+const { v4: uuidv4 } = require('uuid');
+
+const env = k => process.env[k] ?? process.env[k.toUpperCase()] ?? process.env[k.toLowerCase()];
+
+let isRegistered = false;
+
+/**
+ * Register SecureNow OpenTelemetry for Next.js using @vercel/otel
+ * @param {Object} options - Optional configuration
+ * @param {string} options.serviceName - Service name (defaults to SECURENOW_APPID or OTEL_SERVICE_NAME)
+ * @param {string} options.endpoint - Traces endpoint (defaults to SECURENOW_INSTANCE)
+ * @param {boolean} options.noUuid - Don't append UUID to service name
+ */
+function registerSecureNow(options = {}) {
+  // Only register once
+  if (isRegistered) {
+    console.log('[securenow] Already registered, skipping...');
+    return;
+  }
+
+  // Skip for Edge runtime
+  if (process.env.NEXT_RUNTIME === 'edge') {
+    console.log('[securenow] Skipping Edge runtime (Node.js only)');
+    return;
+  }
+
+  try {
+    console.log('[securenow] Next.js integration loading (pid=%d)', process.pid);
+
+    // -------- Configuration --------
+    const rawBase = (
+      options.serviceName || 
+      env('OTEL_SERVICE_NAME') || 
+      env('SECURENOW_APPID') || 
+      ''
+    ).trim().replace(/^['"]|['"]$/g, '');
+    
+    const baseName = rawBase || null;
+    const noUuid = options.noUuid ?? (String(env('SECURENOW_NO_UUID')) === '1' || String(env('SECURENOW_NO_UUID')).toLowerCase() === 'true');
+
+    // service.name
+    let serviceName;
+    if (baseName) {
+      serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
+    } else {
+      serviceName = `nextjs-app-${uuidv4()}`;
+      console.warn('[securenow] ⚠️  No SECURENOW_APPID or OTEL_SERVICE_NAME provided. Using fallback: %s', serviceName);
+      console.warn('[securenow] 💡 Set SECURENOW_APPID=your-app-name in .env.local for better tracking');
+    }
+
+    // -------- Endpoint Configuration --------
+    const endpointBase = (
+      options.endpoint || 
+      env('SECURENOW_INSTANCE') || 
+      env('OTEL_EXPORTER_OTLP_ENDPOINT') || 
+      'http://46.62.173.237:4318'
+    ).replace(/\/$/, '');
+    
+    const tracesUrl = env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
+
+    // Set environment variables for @vercel/otel to pick up
+    process.env.OTEL_SERVICE_NAME = serviceName;
+    process.env.OTEL_EXPORTER_OTLP_ENDPOINT = endpointBase;
+    process.env.OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = tracesUrl;
+
+    console.log('[securenow] 🚀 Next.js App → service.name=%s', serviceName);
+
+    // -------- Use @vercel/otel with enhanced configuration --------
+    const { registerOTel } = require('@vercel/otel');
+    const { HttpInstrumentation } = require('@opentelemetry/instrumentation-http');
+    
+    registerOTel({
+      serviceName: serviceName,
+      attributes: {
+        'deployment.environment': env('NODE_ENV') || env('VERCEL_ENV') || 'development',
+        'service.version': process.env.npm_package_version || process.env.VERCEL_GIT_COMMIT_SHA || undefined,
+        'vercel.region': process.env.VERCEL_REGION || undefined,
+      },
+      instrumentations: [
+        // Add HTTP instrumentation with request hooks to capture IP and headers
+        new HttpInstrumentation({
+          requireParentforOutgoingSpans: false,
+          requireParentforIncomingSpans: false,
+          requestHook: (span, request) => {
+            try {
+              // Capture client IP from various headers
+              const headers = request.headers || {};
+              
+              // Try different header sources for IP
+              const clientIp = 
+                headers['x-forwarded-for']?.split(',')[0]?.trim() ||
+                headers['x-real-ip'] ||
+                headers['cf-connecting-ip'] || // Cloudflare
+                headers['x-client-ip'] ||
+                request.socket?.remoteAddress ||
+                'unknown';
+              
+              // Add IP and request metadata to span
+              span.setAttributes({
+                'http.client_ip': clientIp,
+                'http.user_agent': headers['user-agent'] || 'unknown',
+                'http.referer': headers['referer'] || headers['referrer'] || '',
+                'http.host': headers['host'] || '',
+                'http.scheme': request.socket?.encrypted ? 'https' : 'http',
+                'http.forwarded_for': headers['x-forwarded-for'] || '',
+                'http.real_ip': headers['x-real-ip'] || '',
+                'http.request_id': headers['x-request-id'] || headers['x-trace-id'] || '',
+              });
+
+              // Add geographic headers if available (Vercel/Cloudflare)
+              if (headers['x-vercel-ip-country']) {
+                span.setAttributes({
+                  'http.geo.country': headers['x-vercel-ip-country'],
+                  'http.geo.region': headers['x-vercel-ip-country-region'] || '',
+                  'http.geo.city': headers['x-vercel-ip-city'] || '',
+                });
+              }
+              
+              if (headers['cf-ipcountry']) {
+                span.setAttribute('http.geo.country', headers['cf-ipcountry']);
+              }
+            } catch (error) {
+              // Silently fail to not break the request
+              console.debug('[securenow] Failed to capture request metadata:', error.message);
+            }
+          },
+          responseHook: (span, response) => {
+            try {
+              // Add response metadata
+              if (response.statusCode) {
+                span.setAttribute('http.status_code', response.statusCode);
+              }
+            } catch (error) {
+              console.debug('[securenow] Failed to capture response metadata:', error.message);
+            }
+          },
+        }),
+      ],
+      instrumentationConfig: {
+        fetch: {
+          // Propagate context to your backend APIs
+          propagateContextUrls: [
+            /^https?:\/\/localhost/,
+            /^https?:\/\/.*\.vercel\.app/,
+            // Add your backend domains here
+          ],
+          // Optionally ignore certain URLs
+          ignoreUrls: [
+            /_next\/static/,
+            /_next\/image/,
+            /\.map$/,
+          ],
+          // Add resource name template for better span naming
+          resourceNameTemplate: '{http.method} {http.target}',
+        },
+      },
+    });
+
+    isRegistered = true;
+    console.log('[securenow] ✅ OpenTelemetry started for Next.js → %s', tracesUrl);
+    console.log('[securenow] 📊 Auto-capturing: IP, User-Agent, Headers, Geographic data');
+
+    // Optional test span
+    if (String(env('SECURENOW_TEST_SPAN')) === '1') {
+      const api = require('@opentelemetry/api');
+      const tracer = api.trace.getTracer('securenow-nextjs');
+      const span = tracer.startSpan('securenow.nextjs.startup');
+      span.setAttribute('next.runtime', process.env.NEXT_RUNTIME || 'nodejs');
+      span.end();
+      console.log('[securenow] 🧪 Test span created');
+    }
+
+  } catch (error) {
+    console.error('[securenow] Failed to initialize OpenTelemetry:', error);
+    console.error('[securenow] Make sure you have @vercel/otel installed: npm install @vercel/otel');
+  }
+}
+
+module.exports = {
+  registerSecureNow,
+};
+

package/package.json

@@ -1,44 +1,90 @@
-{
-  "name": "securenow",
-  "version": "3.0.14",
-  "type": "commonjs",
-  "main": "register.js",
-  "exports": {
-    ".": "./register.js",
-    "./register": "./register.js",
-    "./tracing": "./tracing.js",
-    "./register-vite": "./register-vite.js",
-    "./web-vite": {
-      "import": "./web-vite.mjs",
-      "default": "./web-vite.mjs"
-    }
-  },
-  "files": [
-    "register.js",
-    "tracing.js",
-    "register-vite.js",
-    "web-vite.mjs",
-    "README.md"
-  ],
-  "dependencies": {
-    "@opentelemetry/api": "1.7.0",
-    "@opentelemetry/auto-instrumentations-node": "0.47.0",
-    "@opentelemetry/exporter-trace-otlp-http": "0.47.0",
-    "@opentelemetry/resources": "1.20.0",
-    "@opentelemetry/sdk-node": "0.47.0",
-    "@opentelemetry/semantic-conventions": "1.20.0",
-    "@opentelemetry/sdk-trace-web": "1.20.0",
-    "@opentelemetry/instrumentation": "0.47.0",
-    "@opentelemetry/instrumentation-document-load": "0.47.0",
-    "@opentelemetry/instrumentation-user-interaction": "0.47.0",
-    "@opentelemetry/instrumentation-fetch": "0.47.0",
-    "@opentelemetry/instrumentation-xml-http-request": "0.47.0",
-    "dotenv": "^17.2.1",
-    "uuid": "^9.0.0"
-  },
-  "overrides": {
-    "@opentelemetry/api": "1.7.0"
-  },
-  "sideEffects": true,
-  "license": "ISC"
-}
+{
+  "name": "securenow",
+  "version": "4.0.2",
+  "description": "OpenTelemetry instrumentation for Node.js and Next.js - Send traces to SigNoz or any OTLP backend",
+  "type": "commonjs",
+  "main": "register.js",
+  "bin": {
+    "securenow": "./cli.js"
+  },
+  "scripts": {
+    "postinstall": "node postinstall.js || exit 0"
+  },
+  "keywords": [
+    "opentelemetry",
+    "otel",
+    "tracing",
+    "observability",
+    "apm",
+    "monitoring",
+    "nextjs",
+    "next.js",
+    "signoz",
+    "instrumentation",
+    "telemetry",
+    "distributed-tracing",
+    "node",
+    "express",
+    "fastify",
+    "nestjs"
+  ],
+  "exports": {
+    ".": "./register.js",
+    "./register": "./register.js",
+    "./tracing": "./tracing.js",
+    "./nextjs": "./nextjs.js",
+    "./nextjs-webpack-config": "./nextjs-webpack-config.js",
+    "./register-vite": "./register-vite.js",
+    "./web-vite": {
+      "import": "./web-vite.mjs",
+      "default": "./web-vite.mjs"
+    }
+  },
+  "files": [
+    "register.js",
+    "tracing.js",
+    "nextjs.js",
+    "cli.js",
+    "postinstall.js",
+    "register-vite.js",
+    "web-vite.mjs",
+    "examples/",
+    "README.md",
+    "NEXTJS-GUIDE.md",
+    "NEXTJS-QUICKSTART.md",
+    "CUSTOMER-GUIDE.md",
+    "AUTO-SETUP.md",
+    "AUTOMATIC-IP-CAPTURE.md"
+  ],
+  "dependencies": {
+    "@opentelemetry/api": "1.7.0",
+    "@opentelemetry/auto-instrumentations-node": "0.47.0",
+    "@opentelemetry/exporter-trace-otlp-http": "0.47.0",
+    "@opentelemetry/instrumentation": "0.47.0",
+    "@opentelemetry/instrumentation-document-load": "0.47.0",
+    "@opentelemetry/instrumentation-fetch": "0.47.0",
+    "@opentelemetry/instrumentation-http": "^0.208.0",
+    "@opentelemetry/instrumentation-user-interaction": "0.47.0",
+    "@opentelemetry/instrumentation-xml-http-request": "0.47.0",
+    "@opentelemetry/resources": "1.20.0",
+    "@opentelemetry/sdk-node": "0.47.0",
+    "@opentelemetry/sdk-trace-web": "1.20.0",
+    "@opentelemetry/semantic-conventions": "1.20.0",
+    "@vercel/otel": "^1.14.0",
+    "dotenv": "^17.2.1",
+    "uuid": "^9.0.0"
+  },
+  "peerDependencies": {
+    "next": ">=13.0.0"
+  },
+  "peerDependenciesMeta": {
+    "next": {
+      "optional": true
+    }
+  },
+  "overrides": {
+    "@opentelemetry/api": "1.7.0"
+  },
+  "sideEffects": true,
+  "license": "ISC"
+}

package/postinstall.js

@@ -0,0 +1,215 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * SecureNow Post-Install Script
+ * 
+ * Automatically detects Next.js projects and offers to create instrumentation file
+ */
+
+const fs = require('fs');
+const path = require('path');
+const readline = require('readline');
+
+// Check if we're in a Next.js project
+function isNextJsProject() {
+  try {
+    const packageJsonPath = path.join(process.cwd(), 'package.json');
+    if (!fs.existsSync(packageJsonPath)) return false;
+    
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+    const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+    
+    return !!deps.next;
+  } catch (error) {
+    return false;
+  }
+}
+
+// Check if instrumentation file already exists
+function hasInstrumentationFile() {
+  const files = [
+    'instrumentation.ts',
+    'instrumentation.js',
+    'src/instrumentation.ts',
+    'src/instrumentation.js'
+  ];
+  
+  return files.some(file => fs.existsSync(path.join(process.cwd(), file)));
+}
+
+// Create TypeScript instrumentation file
+function createTsInstrumentation(targetPath) {
+  const content = `import { registerSecureNow } from 'securenow/nextjs';
+
+export function register() {
+  registerSecureNow();
+}
+
+/**
+ * Configuration via .env.local:
+ * 
+ * Required:
+ *   SECURENOW_APPID=my-nextjs-app
+ * 
+ * Optional:
+ *   SECURENOW_INSTANCE=http://your-signoz-server:4318
+ *   OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
+ *   OTEL_LOG_LEVEL=info
+ */
+`;
+  
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+
+// Create JavaScript instrumentation file
+function createJsInstrumentation(targetPath) {
+  const content = `const { registerSecureNow } = require('securenow/nextjs');
+
+export function register() {
+  registerSecureNow();
+}
+
+/**
+ * Configuration via .env.local:
+ * 
+ * Required:
+ *   SECURENOW_APPID=my-nextjs-app
+ * 
+ * Optional:
+ *   SECURENOW_INSTANCE=http://your-signoz-server:4318
+ *   OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
+ *   OTEL_LOG_LEVEL=info
+ */
+`;
+  
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+
+// Create .env.local template
+function createEnvTemplate(targetPath) {
+  const content = `# SecureNow Configuration
+# Required: Your application identifier
+SECURENOW_APPID=my-nextjs-app
+
+# Optional: Your SigNoz/OpenTelemetry collector endpoint
+# Default: http://46.62.173.237:4318
+SECURENOW_INSTANCE=http://your-signoz-server:4318
+
+# Optional: API key or authentication headers
+# OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"
+
+# Optional: Log level (debug|info|warn|error)
+# OTEL_LOG_LEVEL=info
+`;
+  
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+
+// Check if TypeScript is used
+function isTypeScriptProject() {
+  return fs.existsSync(path.join(process.cwd(), 'tsconfig.json'));
+}
+
+// Main setup function
+async function setup() {
+  // Skip if not in Next.js project
+  if (!isNextJsProject()) {
+    console.log('[securenow] Not a Next.js project, skipping auto-setup');
+    return;
+  }
+  
+  // Skip if instrumentation file already exists
+  if (hasInstrumentationFile()) {
+    console.log('[securenow] ✅ Instrumentation file already exists');
+    return;
+  }
+  
+  console.log('\n┌─────────────────────────────────────────────────┐');
+  console.log('│  🎉 SecureNow installed successfully!          │');
+  console.log('│  Next.js project detected                       │');
+  console.log('└─────────────────────────────────────────────────┘\n');
+  
+  // Check if we're in CI/non-interactive environment
+  if (process.env.CI || !process.stdin.isTTY) {
+    console.log('[securenow] ℹ️  Non-interactive environment detected');
+    console.log('[securenow] 💡 To complete setup, run: npx securenow init');
+    return;
+  }
+  
+  // Ask user if they want to auto-setup
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  
+  rl.question('Would you like to automatically create instrumentation file? (Y/n) ', (answer) => {
+    const shouldCreate = !answer || answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
+    
+    if (!shouldCreate) {
+      console.log('\n[securenow] No problem! To setup later, run: npx securenow init');
+      rl.close();
+      return;
+    }
+    
+    try {
+      const useTypeScript = isTypeScriptProject();
+      const srcExists = fs.existsSync(path.join(process.cwd(), 'src'));
+      
+      // Determine file path
+      const fileName = useTypeScript ? 'instrumentation.ts' : 'instrumentation.js';
+      const filePath = srcExists 
+        ? path.join(process.cwd(), 'src', fileName)
+        : path.join(process.cwd(), fileName);
+      
+      // Create instrumentation file
+      if (useTypeScript) {
+        createTsInstrumentation(filePath);
+      } else {
+        createJsInstrumentation(filePath);
+      }
+      
+      console.log(`\n✅ Created ${srcExists ? 'src/' : ''}${fileName}`);
+      
+      // Create .env.local if it doesn't exist
+      const envPath = path.join(process.cwd(), '.env.local');
+      if (!fs.existsSync(envPath)) {
+        createEnvTemplate(envPath);
+        console.log('✅ Created .env.local template');
+      }
+      
+      console.log('\n┌─────────────────────────────────────────────────┐');
+      console.log('│  🚀 Next Steps:                                 │');
+      console.log('│                                                 │');
+      console.log('│  1. Edit .env.local and set:                   │');
+      console.log('│     SECURENOW_APPID=your-app-name              │');
+      console.log('│     SECURENOW_INSTANCE=http://signoz:4318      │');
+      console.log('│                                                 │');
+      console.log('│  2. Run your app: npm run dev                  │');
+      console.log('│                                                 │');
+      console.log('│  3. Check SigNoz for traces!                   │');
+      console.log('│                                                 │');
+      console.log('│  📚 Full guide: npm docs securenow              │');
+      console.log('└─────────────────────────────────────────────────┘\n');
+      
+    } catch (error) {
+      console.error('\n❌ Failed to create instrumentation file:', error.message);
+      console.log('💡 You can create it manually or run: npx securenow init');
+    }
+    
+    rl.close();
+  });
+}
+
+// Run setup if this is a new installation (not being installed as a dependency of another package)
+if (require.main === module || process.env.npm_config_global !== 'true') {
+  setup().catch(err => {
+    console.error('[securenow] Setup error:', err);
+  });
+}
+
+module.exports = { setup };
+
+
+
+