securenow 5.6.0 → 5.7.0

package/nextjs-webpack-config.js

@@ -0,0 +1,77 @@
+/**
+ * Next.js webpack configuration for SecureNow
+ * 
+ * Add this to your next.config.js to suppress OpenTelemetry instrumentation warnings
+ * 
+ * Usage:
+ * const { getSecureNowWebpackConfig } = require('securenow/nextjs-webpack-config');
+ * 
+ * module.exports = {
+ *   webpack: (config, options) => {
+ *     return getSecureNowWebpackConfig(config, options);
+ *   }
+ * };
+ */
+
+function getSecureNowWebpackConfig(config, options) {
+  const { isServer } = options;
+  
+  // Only apply to server-side builds
+  if (isServer) {
+    // Suppress warnings for OpenTelemetry instrumentations
+    config.ignoreWarnings = config.ignoreWarnings || [];
+    
+    config.ignoreWarnings.push(
+      // Ignore "Critical dependency" warnings from instrumentations
+      {
+        module: /@opentelemetry\/instrumentation/,
+        message: /Critical dependency: the request of a dependency is an expression/,
+      },
+      // Ignore missing optional peer dependencies
+      {
+        module: /@opentelemetry/,
+        message: /Module not found.*@opentelemetry\/winston-transport/,
+      },
+      {
+        module: /@opentelemetry/,
+        message: /Module not found.*@opentelemetry\/exporter-jaeger/,
+      }
+    );
+    
+    // Externalize problematic packages (don't bundle them)
+    config.externals = config.externals || [];
+    
+    // Add OpenTelemetry packages as externals
+    if (typeof config.externals === 'function') {
+      const originalExternals = config.externals;
+      config.externals = async (...args) => {
+        const result = await originalExternals(...args);
+        if (result) return result;
+        
+        const [context, request] = args;
+        
+        // Externalize OpenTelemetry instrumentation packages
+        if (request.startsWith('@opentelemetry/')) {
+          return `commonjs ${request}`;
+        }
+        
+        return undefined;
+      };
+    } else if (Array.isArray(config.externals)) {
+      config.externals.push(/@opentelemetry\//);
+    } else {
+      config.externals = [/@opentelemetry\//];
+    }
+  }
+  
+  return config;
+}
+
+module.exports = { getSecureNowWebpackConfig };
+
+
+
+
+
+
+

package/nextjs.js

@@ -551,17 +551,30 @@ function registerSecureNow(options = {}) {
           const origWarn = console.warn;
           const origError = console.error;
 
+          const { context: otelContext, trace: otelTrace } = require('@opentelemetry/api');
+          function _emitLog(sn, st, args) {
+            try {
+              const activeCtx = otelContext.active();
+              const spanCtx = otelTrace.getSpanContext(activeCtx);
+              logger.emit({
+                severityNumber: sn,
+                severityText: st,
+                body: args.map(String).join(' '),
+                ...(spanCtx && { context: activeCtx }),
+              });
+            } catch (_) {}
+          }
           console.log = (...args) => {
             origLog.apply(console, args);
-            try { logger.emit({ severityNumber: SeverityNumber.INFO, severityText: 'INFO', body: args.map(String).join(' ') }); } catch (_) {}
+            _emitLog(SeverityNumber.INFO, 'INFO', args);
           };
           console.warn = (...args) => {
             origWarn.apply(console, args);
-            try { logger.emit({ severityNumber: SeverityNumber.WARN, severityText: 'WARN', body: args.map(String).join(' ') }); } catch (_) {}
+            _emitLog(SeverityNumber.WARN, 'WARN', args);
           };
           console.error = (...args) => {
             origError.apply(console, args);
-            try { logger.emit({ severityNumber: SeverityNumber.ERROR, severityText: 'ERROR', body: args.map(String).join(' ') }); } catch (_) {}
+            _emitLog(SeverityNumber.ERROR, 'ERROR', args);
           };
 
           console.log('[securenow] 📋 Logging: ENABLED → %s', logsUrl);
@@ -575,6 +588,8 @@ function registerSecureNow(options = {}) {
                 const start = Date.now();
                 const method = req.method;
                 const url = req.url;
+                const reqCtx = otelContext.active();
+                const reqSpanCtx = otelTrace.getSpanContext(reqCtx);
 
                 res.on('finish', () => {
                   const duration = Date.now() - start;
@@ -598,6 +613,7 @@ function registerSecureNow(options = {}) {
                         'http.client_ip': String(ip).split(',')[0].trim(),
                         'http.user_agent': ua,
                       },
+                      ...(reqSpanCtx && { context: reqCtx }),
                     });
                   } catch (_) {}
                 });

package/nuxt-server-plugin.mjs

@@ -0,0 +1,400 @@
+/**
+ * SecureNow Nitro Server Plugin
+ *
+ * Initialises the OpenTelemetry SDK and hooks into Nitro's request lifecycle
+ * to create spans, capture metadata, and forward logs.
+ *
+ * This file is registered by the Nuxt module (nuxt.mjs) via addServerPlugin.
+ */
+
+import { NodeSDK } from '@opentelemetry/sdk-node';
+import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
+import { Resource } from '@opentelemetry/resources';
+import { SemanticResourceAttributes } from '@opentelemetry/semantic-conventions';
+import { HttpInstrumentation } from '@opentelemetry/instrumentation-http';
+import {
+  context as otelContext,
+  trace as otelTrace,
+  SpanStatusCode,
+} from '@opentelemetry/api';
+import { v4 as uuidv4 } from 'uuid';
+
+// ── Helpers ──
+
+const env = (k) =>
+  process.env[k] ?? process.env[k.toUpperCase()] ?? process.env[k.toLowerCase()];
+
+const parseHeaders = (str) => {
+  const out = {};
+  if (!str) return out;
+  for (const raw of String(str).split(',')) {
+    const s = raw.trim();
+    if (!s) continue;
+    const i = s.indexOf('=');
+    if (i === -1) continue;
+    out[s.slice(0, i).trim().toLowerCase()] = s.slice(i + 1).trim();
+  }
+  return out;
+};
+
+const DEFAULT_SENSITIVE_FIELDS = [
+  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
+  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
+  'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin',
+];
+
+function redactSensitiveData(obj, fields = DEFAULT_SENSITIVE_FIELDS) {
+  if (!obj || typeof obj !== 'object') return obj;
+  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
+  for (const key in redacted) {
+    const lower = key.toLowerCase();
+    if (fields.some((f) => lower.includes(f.toLowerCase()))) {
+      redacted[key] = '[REDACTED]';
+    } else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
+      redacted[key] = redactSensitiveData(redacted[key], fields);
+    }
+  }
+  return redacted;
+}
+
+// ── Runtime config helpers ──
+
+function getRuntimeOptions() {
+  try {
+    const cfg = useRuntimeConfig();
+    return cfg.securenow || {};
+  } catch {
+    return {};
+  }
+}
+
+// ── Plugin ──
+
+export default defineNitroPlugin((nitroApp) => {
+  const opts = getRuntimeOptions();
+
+  // ── Naming ──
+  const rawBase = (
+    opts.serviceName ||
+    env('OTEL_SERVICE_NAME') ||
+    env('SECURENOW_APPID') ||
+    ''
+  ).trim().replace(/^['"]|['"]$/g, '');
+
+  const baseName = rawBase || null;
+  const noUuid =
+    opts.noUuid ??
+    (String(env('SECURENOW_NO_UUID')) === '1' ||
+      String(env('SECURENOW_NO_UUID')).toLowerCase() === 'true');
+
+  let serviceName;
+  if (baseName) {
+    serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
+  } else {
+    serviceName = `nuxt-app-${uuidv4()}`;
+    console.warn(
+      '[securenow] ⚠️  No SECURENOW_APPID set. Using fallback: %s',
+      serviceName,
+    );
+    console.warn(
+      '[securenow] 💡 Set SECURENOW_APPID=your-app-name in .env for better tracking',
+    );
+  }
+
+  const serviceInstanceId = `${baseName || 'securenow'}-${uuidv4()}`;
+
+  // ── Endpoints ──
+  const endpointBase = (
+    opts.endpoint ||
+    env('SECURENOW_INSTANCE') ||
+    env('OTEL_EXPORTER_OTLP_ENDPOINT') ||
+    'https://freetrial.securenow.ai:4318'
+  ).replace(/\/$/, '');
+
+  const tracesUrl =
+    env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
+  const logsUrl =
+    env('OTEL_EXPORTER_OTLP_LOGS_ENDPOINT') || `${endpointBase}/v1/logs`;
+  const headers = parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS'));
+
+  // ── Resource ──
+  const resource = new Resource({
+    [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
+    [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: serviceInstanceId,
+    [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]:
+      env('NODE_ENV') || 'production',
+    [SemanticResourceAttributes.SERVICE_VERSION]:
+      process.env.npm_package_version || undefined,
+    'framework': 'nuxt',
+  });
+
+  // ── Body capture config ──
+  const captureBody =
+    opts.captureBody ??
+    (String(env('SECURENOW_CAPTURE_BODY')) === '1' ||
+      String(env('SECURENOW_CAPTURE_BODY')).toLowerCase() === 'true');
+  const maxBodySize = parseInt(env('SECURENOW_MAX_BODY_SIZE') || '10240');
+  const customSensitiveFields = (env('SECURENOW_SENSITIVE_FIELDS') || '')
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
+  const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
+
+  // ── HTTP instrumentation ──
+  const httpInstrumentation = new HttpInstrumentation({
+    requestHook: (span, request) => {
+      try {
+        const hdrs = request.headers || {};
+        const fwd = hdrs['x-forwarded-for'];
+        const clientIp =
+          (fwd ? String(fwd).split(',')[0].trim() : null) ||
+          hdrs['x-real-ip'] ||
+          hdrs['cf-connecting-ip'] ||
+          hdrs['x-client-ip'] ||
+          request.socket?.remoteAddress ||
+          'unknown';
+
+        span.setAttributes({
+          'http.client_ip': clientIp,
+          'http.user_agent': hdrs['user-agent'] || '',
+          'http.host': hdrs['x-forwarded-host'] || hdrs['host'] || '',
+          'http.scheme':
+            hdrs['x-forwarded-proto'] ||
+            (request.socket?.encrypted ? 'https' : 'http'),
+          'http.referer': hdrs['referer'] || '',
+          'http.origin': hdrs['origin'] || '',
+          'http.request_id':
+            hdrs['x-request-id'] || hdrs['x-trace-id'] || '',
+        });
+
+        if (hdrs['authorization']) {
+          span.setAttribute('http.security.auth_present', 'true');
+        }
+        if (hdrs['cookie']) {
+          span.setAttribute('http.security.cookies_present', 'true');
+        }
+
+        // Body capture via stream listener (same approach as tracing.js)
+        if (
+          captureBody &&
+          request.method &&
+          ['POST', 'PUT', 'PATCH'].includes(request.method)
+        ) {
+          const ct = hdrs['content-type'] || '';
+          if (
+            ct.includes('application/json') ||
+            ct.includes('application/graphql') ||
+            ct.includes('application/x-www-form-urlencoded')
+          ) {
+            const chunks = [];
+            let size = 0;
+            request.on('data', (chunk) => {
+              size += chunk.length;
+              if (size <= maxBodySize) chunks.push(chunk);
+            });
+            request.on('end', () => {
+              if (size > maxBodySize) {
+                span.setAttribute('http.request.body', `[TOO LARGE: ${size} bytes]`);
+                return;
+              }
+              if (chunks.length === 0) return;
+              const raw = Buffer.concat(chunks).toString('utf8');
+              try {
+                const parsed = JSON.parse(raw);
+                const redacted = redactSensitiveData(parsed, allSensitiveFields);
+                span.setAttributes({
+                  'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
+                  'http.request.body.type': ct.includes('graphql') ? 'graphql' : 'json',
+                  'http.request.body.size': size,
+                });
+              } catch {
+                span.setAttribute('http.request.body', raw.substring(0, 1000));
+                span.setAttribute('http.request.body.parse_error', true);
+              }
+            });
+          }
+        }
+      } catch {
+        // never break the request
+      }
+    },
+  });
+
+  // ── Trace exporter + SDK ──
+  const traceExporter = new OTLPTraceExporter({ url: tracesUrl, headers });
+
+  const sdk = new NodeSDK({
+    traceExporter,
+    resource,
+    instrumentations: [httpInstrumentation],
+  });
+
+  sdk.start();
+  console.log('[securenow] 🚀 Nuxt OTel SDK started → %s', tracesUrl);
+  console.log(
+    '[securenow] service.name=%s instance.id=%s',
+    serviceName,
+    serviceInstanceId,
+  );
+
+  // ── Logging ──
+  const loggingEnabled =
+    opts.logging ??
+    (String(env('SECURENOW_LOGGING_ENABLED')) === '1' ||
+      String(env('SECURENOW_LOGGING_ENABLED')).toLowerCase() === 'true');
+
+  let loggerProvider = null;
+
+  if (loggingEnabled) {
+    try {
+      const { OTLPLogExporter } = await import(
+        '@opentelemetry/exporter-logs-otlp-http'
+      );
+      const { LoggerProvider, BatchLogRecordProcessor } = await import(
+        '@opentelemetry/sdk-logs'
+      );
+
+      const logExporter = new OTLPLogExporter({ url: logsUrl, headers });
+      loggerProvider = new LoggerProvider({ resource });
+      loggerProvider.addLogRecordProcessor(
+        new BatchLogRecordProcessor(logExporter),
+      );
+
+      const logger = loggerProvider.getLogger('console', '1.0.0');
+      const SEV = { DEBUG: 5, INFO: 9, WARN: 13, ERROR: 17 };
+      const orig = {
+        log: console.log,
+        info: console.info,
+        warn: console.warn,
+        error: console.error,
+        debug: console.debug,
+      };
+
+      function emitLog(sn, st, args) {
+        try {
+          const ctx = otelContext.active();
+          const spanCtx = otelTrace.getSpanContext(ctx);
+          logger.emit({
+            severityNumber: sn,
+            severityText: st,
+            body: args
+              .map((a) =>
+                typeof a === 'object' && a !== null ? JSON.stringify(a) : String(a),
+              )
+              .join(' '),
+            attributes: { 'log.source': 'console', 'log.method': st.toLowerCase() },
+            ...(spanCtx && { context: ctx }),
+          });
+        } catch {
+          // swallow
+        }
+      }
+
+      console.log = (...a) => { emitLog(SEV.INFO, 'INFO', a); orig.log.apply(console, a); };
+      console.info = (...a) => { emitLog(SEV.INFO, 'INFO', a); orig.info.apply(console, a); };
+      console.warn = (...a) => { emitLog(SEV.WARN, 'WARN', a); orig.warn.apply(console, a); };
+      console.error = (...a) => { emitLog(SEV.ERROR, 'ERROR', a); orig.error.apply(console, a); };
+      console.debug = (...a) => { emitLog(SEV.DEBUG, 'DEBUG', a); orig.debug.apply(console, a); };
+
+      console.log('[securenow] 📋 Logging: ENABLED → %s', logsUrl);
+    } catch (e) {
+      console.warn('[securenow] ⚠️  Logging setup failed:', e.message);
+    }
+  } else {
+    console.log(
+      '[securenow] 📋 Logging: DISABLED (set SECURENOW_LOGGING_ENABLED=1 to enable)',
+    );
+  }
+
+  if (captureBody) {
+    console.log(
+      '[securenow] 📝 Body capture: ENABLED (max %d bytes, redacting %d fields)',
+      maxBodySize,
+      allSensitiveFields.length,
+    );
+  }
+
+  // ── Free trial banner ──
+  try {
+    const { isFreeTrial, patchHttpForBanner } = await import('./free-trial-banner.js');
+    if (isFreeTrial(endpointBase) && String(env('SECURENOW_HIDE_BANNER')) !== '1') {
+      patchHttpForBanner();
+    }
+  } catch {
+    // not critical
+  }
+
+  // ── Graceful shutdown ──
+  const shutdown = async (sig) => {
+    try {
+      await sdk.shutdown?.();
+      if (loggerProvider) await loggerProvider.shutdown?.();
+      console.log(`[securenow] Shut down on ${sig}`);
+    } catch {
+      // swallow
+    }
+  };
+  process.on('SIGINT', () => shutdown('SIGINT'));
+  process.on('SIGTERM', () => shutdown('SIGTERM'));
+
+  // ── Nitro request hooks for span enrichment ──
+  const tracer = otelTrace.getTracer('securenow-nuxt', '1.0.0');
+  const spanMap = new WeakMap();
+
+  nitroApp.hooks.hook('request', (event) => {
+    try {
+      const req = event.node.req;
+      const method = event.method || req.method || 'GET';
+      const path = event.path || req.url || '/';
+
+      const span = tracer.startSpan(`${method} ${path}`, {
+        attributes: {
+          'http.method': method,
+          'http.target': path,
+          'http.url': `${req.headers?.['x-forwarded-proto'] || 'http'}://${req.headers?.host || 'localhost'}${path}`,
+          'component': 'nuxt-nitro',
+        },
+      });
+
+      spanMap.set(event, span);
+    } catch {
+      // never break the request
+    }
+  });
+
+  nitroApp.hooks.hook('afterResponse', (event) => {
+    try {
+      const span = spanMap.get(event);
+      if (!span) return;
+
+      const status = event.node.res.statusCode || 200;
+      span.setAttribute('http.status_code', status);
+
+      if (status >= 500) {
+        span.setStatus({ code: SpanStatusCode.ERROR, message: `HTTP ${status}` });
+      }
+
+      span.end();
+      spanMap.delete(event);
+    } catch {
+      // swallow
+    }
+  });
+
+  nitroApp.hooks.hook('error', (error, { event }) => {
+    try {
+      const span = event ? spanMap.get(event) : null;
+      if (span) {
+        span.recordException(error);
+        span.setStatus({
+          code: SpanStatusCode.ERROR,
+          message: error.message || 'Internal Server Error',
+        });
+        span.end();
+        spanMap.delete(event);
+      }
+    } catch {
+      // swallow
+    }
+  });
+});

package/nuxt.d.ts

@@ -0,0 +1,60 @@
+/**
+ * SecureNow Nuxt 3 Module TypeScript Declarations
+ */
+
+export interface SecureNowNuxtOptions {
+  /**
+   * Service name for OpenTelemetry traces.
+   * @default process.env.SECURENOW_APPID || process.env.OTEL_SERVICE_NAME
+   */
+  serviceName?: string;
+
+  /**
+   * OTLP endpoint base URL.
+   * @default process.env.SECURENOW_INSTANCE || 'https://freetrial.securenow.ai:4318'
+   */
+  endpoint?: string;
+
+  /**
+   * Don't append UUID to service name (useful when running a single instance).
+   * @default false
+   */
+  noUuid?: boolean;
+
+  /**
+   * Capture request bodies (POST/PUT/PATCH) on traced spans.
+   * Sensitive fields are automatically redacted.
+   * @default false
+   */
+  captureBody?: boolean;
+
+  /**
+   * Enable console log forwarding as OTLP log records.
+   * @default false
+   */
+  logging?: boolean;
+}
+
+declare module 'nuxt/schema' {
+  interface NuxtConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface NuxtOptions {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface RuntimeConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+}
+
+declare module '@nuxt/schema' {
+  interface NuxtConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface NuxtOptions {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface RuntimeConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+}

package/nuxt.mjs

@@ -0,0 +1,75 @@
+/**
+ * SecureNow Nuxt 3 Module
+ *
+ * Usage in nuxt.config.ts:
+ *
+ *   export default defineNuxtConfig({
+ *     modules: ['securenow/nuxt'],
+ *     securenow: {            // optional overrides
+ *       serviceName: 'my-nuxt-app',
+ *     },
+ *   });
+ *
+ * Environment variables (same as all SecureNow integrations):
+ *   SECURENOW_APPID, SECURENOW_INSTANCE, SECURENOW_LOGGING_ENABLED, etc.
+ */
+
+import { defineNuxtModule, createResolver, addServerPlugin } from '@nuxt/kit';
+
+const OTEL_EXTERNALS = [
+  'securenow',
+  '@opentelemetry/api',
+  '@opentelemetry/api-logs',
+  '@opentelemetry/sdk-node',
+  '@opentelemetry/sdk-logs',
+  '@opentelemetry/auto-instrumentations-node',
+  '@opentelemetry/instrumentation',
+  '@opentelemetry/instrumentation-http',
+  '@opentelemetry/exporter-trace-otlp-http',
+  '@opentelemetry/exporter-logs-otlp-http',
+  '@opentelemetry/resources',
+  '@opentelemetry/semantic-conventions',
+];
+
+export default defineNuxtModule({
+  meta: {
+    name: 'securenow',
+    configKey: 'securenow',
+    compatibility: { nuxt: '>=3.0.0' },
+  },
+
+  defaults: {
+    serviceName: undefined,
+    endpoint: undefined,
+    noUuid: undefined,
+    captureBody: undefined,
+    logging: undefined,
+  },
+
+  setup(options, nuxt) {
+    const { resolve } = createResolver(import.meta.url);
+
+    // ── Externalize OTel packages so Nitro doesn't bundle them ──
+    nuxt.hook('nitro:config', (nitroConfig) => {
+      nitroConfig.externals = nitroConfig.externals || {};
+      nitroConfig.externals.external = [
+        ...(nitroConfig.externals.external || []),
+        ...OTEL_EXTERNALS,
+      ];
+    });
+
+    // ── Pass module options to the server plugin via runtimeConfig ──
+    nuxt.options.runtimeConfig.securenow = {
+      serviceName: options.serviceName,
+      endpoint: options.endpoint,
+      noUuid: options.noUuid,
+      captureBody: options.captureBody,
+      logging: options.logging,
+    };
+
+    // ── Register Nitro server plugin ──
+    addServerPlugin(resolve('./nuxt-server-plugin'));
+
+    console.log('[securenow] Nuxt module loaded — server plugin registered');
+  },
+});