devlogs 2.3.2__tar.gz → 2.3.4__tar.gz

{devlogs-2.3.2/src/devlogs.egg-info → devlogs-2.3.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devlogs
-Version: 2.3.2
+Version: 2.3.4
 Summary: Developer-focused logging library for Python with OpenSearch integration.
 Author-email: Dan Driscoll <dan@thedandriscoll.org>
 License: MIT License

{devlogs-2.3.2 → devlogs-2.3.4}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "devlogs"
-version = "2.3.2"
+version = "2.3.4"
 description = "Developer-focused logging library for Python with OpenSearch integration."
 requires-python = ">=3.11"
 readme = "README.md"

{devlogs-2.3.2 → devlogs-2.3.4}/src/devlogs/_version_static.py

@@ -1,2 +1,2 @@
 # AUTO-GENERATED at build time — do not edit or commit
-__version__ = "2.3.2"
+__version__ = "2.3.4"

{devlogs-2.3.2 → devlogs-2.3.4}/src/devlogs/collector/server.py

@@ -4,6 +4,7 @@
 # - Forward mode: proxy to upstream collector
 # - Ingest mode: write directly to OpenSearch
 
+import hmac
 import json
 import logging
 import platform
@@ -127,27 +128,28 @@ app.add_middleware(
 )
 
 
-def get_client_ip(request: Request) -> str:
+def get_client_ip(request: Request, trusted_proxy_token: str = "") -> str:
     """Extract client IP from request.
 
     Returns a bare IPv4 or IPv6 address string (e.g. "192.168.1.5", "::1").
     No port, no brackets, no CIDR suffix.
 
-    Checks X-Forwarded-For header first (for proxied requests),
-    then falls back to direct client connection.
+    Proxy headers (X-Forwarded-For, X-Real-IP) are only honored when
+    DEVLOGS_TRUSTED_PROXY_TOKEN is configured and the request presents
+    a matching X-Trusted-Proxy-Token header. This prevents clients from
+    spoofing their IP address.
     """
-    # Check X-Forwarded-For header (from reverse proxy)
-    forwarded_for = request.headers.get("X-Forwarded-For")
-    if forwarded_for:
-        # Take the first (leftmost) IP in the chain
-        return forwarded_for.split(",")[0].strip()
-
-    # Check X-Real-IP header (alternative proxy header)
-    real_ip = request.headers.get("X-Real-IP")
-    if real_ip:
-        return real_ip.strip()
-
-    # Fall back to direct client
+    if trusted_proxy_token:
+        presented = request.headers.get("X-Trusted-Proxy-Token", "")
+        if presented and hmac.compare_digest(presented, trusted_proxy_token):
+            forwarded_for = request.headers.get("X-Forwarded-For")
+            if forwarded_for:
+                return forwarded_for.split(",")[0].strip()
+
+            real_ip = request.headers.get("X-Real-IP")
+            if real_ip:
+                return real_ip.strip()
+
     if request.client:
         return request.client.host
 
@@ -157,7 +159,8 @@ def get_client_ip(request: Request) -> str:
 @app.exception_handler(CollectorError)
 async def collector_error_handler(request: Request, exc: CollectorError):
     """Handle CollectorError exceptions with structured response."""
-    client_ip = get_client_ip(request)
+    cfg = load_config()
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.warning("%s %d %s: %s", client_ip, exc.status_code, exc.subcode, exc.message)
     return JSONResponse(
         status_code=exc.status_code,
@@ -202,7 +205,7 @@ async def ingest_logs(request: Request):
 
     # Determine operating mode
     mode = cfg.get_collector_mode()
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.info("%s POST / (%d bytes)", client_ip, len(body))
 
     if mode == "forward":
@@ -240,7 +243,7 @@ async def _handle_forward_mode(request: Request, cfg, body: bytes) -> Response:
         timeout=cfg.opensearch_timeout,
     )
 
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
 
     # If upstream returned 2xx, return 202
     if 200 <= status < 300:
@@ -297,7 +300,7 @@ def _validate_and_enrich_records(request: Request, cfg, body: bytes):
             raise
 
     # Get client info
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
 
     # Extract token (precedence: Bearer header → X-Devlogs-Token → URL userinfo → ?token=)
     authorization = request.headers.get("Authorization")
@@ -342,7 +345,7 @@ async def _handle_ingest_mode(request: Request, cfg, body: bytes) -> Response:
     index_map = parse_forward_index_map_kv(cfg.forward_index_map_kv)
 
     result = ingest_records(client, cfg.index, enriched_records, index_map)
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.info("%s 202 ingested %d record(s)", client_ip, result["ingested"])
 
     return Response(
@@ -377,7 +380,7 @@ async def _handle_plugin_mode(request: Request, cfg, body: bytes, plugin) -> Res
         result = {}
 
     ingested = result.get("ingested", len(enriched_records))
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.info("%s 202 plugin '%s' ingested %d record(s)", client_ip, plugin.name, ingested)
 
     return Response(

{devlogs-2.3.2 → devlogs-2.3.4}/src/devlogs/config.py

@@ -49,6 +49,9 @@ _DEVLOGS_CONFIG_KEYS = (
 	"DEVLOGS_TOKEN_MAP_KV",
 	# Legacy: Auth token header name (default: Authorization)
 	"DEVLOGS_AUTH_HEADER",
+	# Proxy trust: shared secret that a reverse proxy must present to have
+	# X-Forwarded-For / X-Real-IP headers honored
+	"DEVLOGS_TRUSTED_PROXY_TOKEN",
 )
 
 
@@ -465,6 +468,11 @@ class DevlogsConfig:
 		# Token-to-identity mapping (KV format)
 		self.token_map_kv = _getenv("DEVLOGS_TOKEN_MAP_KV", "")
 
+		# Trusted proxy token: if set, X-Forwarded-For / X-Real-IP headers are
+		# only honored when the request includes this token in X-Trusted-Proxy-Token.
+		# If empty, forwarded headers are never trusted.
+		self.trusted_proxy_token = _getenv("DEVLOGS_TRUSTED_PROXY_TOKEN", "")
+
 		# Forward mode: per-application index routing (KV format)
 		self.forward_index_map_kv = _getenv("DEVLOGS_FORWARD_INDEX_MAP_KV", "")
 

{devlogs-2.3.2 → devlogs-2.3.4}/src/devlogs/web/server.py

@@ -78,8 +78,10 @@ def tail(operation_id: Optional[str] = None, area: Optional[str] = None, compone
 
 @app.get("/ui/{path:path}")
 def serve_ui(path: str):
-	static_dir = os.path.join(os.path.dirname(__file__), "static")
-	file_path = os.path.join(static_dir, path)
+	static_dir = os.path.realpath(os.path.join(os.path.dirname(__file__), "static"))
+	file_path = os.path.realpath(os.path.join(static_dir, path))
+	if not file_path.startswith(static_dir + os.sep) and file_path != static_dir:
+		file_path = os.path.join(static_dir, "index.html")
 	if not os.path.isfile(file_path):
 		file_path = os.path.join(static_dir, "index.html")
 	return FileResponse(file_path)

{devlogs-2.3.2 → devlogs-2.3.4/src/devlogs.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devlogs
-Version: 2.3.2
+Version: 2.3.4
 Summary: Developer-focused logging library for Python with OpenSearch integration.
 Author-email: Dan Driscoll <dan@thedandriscoll.org>
 License: MIT License

{devlogs-2.3.2 → devlogs-2.3.4}/tests/test_collector_server.py

@@ -166,7 +166,7 @@ class TestIngestEndpoint:
         # TestClient uses testclient as host
         assert body["client_ip"] is not None
 
-    def test_captures_forwarded_ip(self, client, reset_config, monkeypatch):
+    def test_ignores_forwarded_ip_without_proxy_token(self, client, reset_config, monkeypatch):
         monkeypatch.setenv("DEVLOGS_OPENSEARCH_HOST", "localhost")
         monkeypatch.setenv("DEVLOGS_INDEX", "test-index")
 
@@ -184,6 +184,32 @@ class TestIngestEndpoint:
                 headers={"X-Forwarded-For": "192.168.1.100, 10.0.0.1"}
             )
 
+        assert response.status_code == 202
+        body = mock_client.index.call_args.kwargs["body"]
+        assert body["client_ip"] != "192.168.1.100"
+
+    def test_captures_forwarded_ip_with_proxy_token(self, client, reset_config, monkeypatch):
+        monkeypatch.setenv("DEVLOGS_OPENSEARCH_HOST", "localhost")
+        monkeypatch.setenv("DEVLOGS_INDEX", "test-index")
+        monkeypatch.setenv("DEVLOGS_TRUSTED_PROXY_TOKEN", "my-proxy-secret")
+
+        mock_client = Mock()
+        mock_client.index = Mock(return_value={})
+
+        with patch("devlogs.collector.server.get_opensearch_client", return_value=mock_client):
+            response = client.post(
+                "/",
+                json={
+                    "application": "test-app",
+                    "component": "api",
+                    "timestamp": "2024-01-15T10:30:00Z"
+                },
+                headers={
+                    "X-Forwarded-For": "192.168.1.100, 10.0.0.1",
+                    "X-Trusted-Proxy-Token": "my-proxy-secret",
+                }
+            )
+
         assert response.status_code == 202
         body = mock_client.index.call_args.kwargs["body"]
         assert body["client_ip"] == "192.168.1.100"
@@ -575,17 +601,44 @@ class TestForwardMode:
 class TestGetClientIp:
     """Tests for client IP extraction."""
 
-    def test_extracts_forwarded_for(self):
+    def test_ignores_forwarded_for_without_token(self):
         mock_request = Mock()
         mock_request.headers = {"X-Forwarded-For": "192.168.1.1, 10.0.0.1"}
         mock_request.client = Mock(host="127.0.0.1")
-        assert get_client_ip(mock_request) == "192.168.1.1"
+        assert get_client_ip(mock_request) == "127.0.0.1"
 
-    def test_extracts_real_ip(self):
+    def test_ignores_real_ip_without_token(self):
         mock_request = Mock()
         mock_request.headers = {"X-Real-IP": "192.168.1.1"}
         mock_request.client = Mock(host="127.0.0.1")
-        assert get_client_ip(mock_request) == "192.168.1.1"
+        assert get_client_ip(mock_request) == "127.0.0.1"
+
+    def test_extracts_forwarded_for_with_proxy_token(self):
+        mock_request = Mock()
+        mock_request.headers = {
+            "X-Forwarded-For": "192.168.1.1, 10.0.0.1",
+            "X-Trusted-Proxy-Token": "secret",
+        }
+        mock_request.client = Mock(host="127.0.0.1")
+        assert get_client_ip(mock_request, "secret") == "192.168.1.1"
+
+    def test_extracts_real_ip_with_proxy_token(self):
+        mock_request = Mock()
+        mock_request.headers = {
+            "X-Real-IP": "192.168.1.1",
+            "X-Trusted-Proxy-Token": "secret",
+        }
+        mock_request.client = Mock(host="127.0.0.1")
+        assert get_client_ip(mock_request, "secret") == "192.168.1.1"
+
+    def test_ignores_forwarded_for_with_wrong_token(self):
+        mock_request = Mock()
+        mock_request.headers = {
+            "X-Forwarded-For": "192.168.1.1, 10.0.0.1",
+            "X-Trusted-Proxy-Token": "wrong",
+        }
+        mock_request.client = Mock(host="127.0.0.1")
+        assert get_client_ip(mock_request, "secret") == "127.0.0.1"
 
     def test_falls_back_to_client(self):
         mock_request = Mock()