PyPI - devlogs - Versions diffs - 2.3.2__tar.gz → 2.3.5__tar.gz - Mend

devlogs 2.3.2tar.gz → 2.3.5tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

{devlogs-2.3.2/src/devlogs.egg-info → devlogs-2.3.5}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devlogs
-Version: 2.3.2
+Version: 2.3.5
 Summary: Developer-focused logging library for Python with OpenSearch integration.
 Author-email: Dan Driscoll <dan@thedandriscoll.org>
 License: MIT License

{devlogs-2.3.2 → devlogs-2.3.5}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "devlogs"
-version = "2.3.2"
+version = "2.3.5"
 description = "Developer-focused logging library for Python with OpenSearch integration."
 requires-python = ">=3.11"
 readme = "README.md"

{devlogs-2.3.2 → devlogs-2.3.5}/src/devlogs/_version_static.py RENAMED Viewed

@@ -1,2 +1,2 @@
 # AUTO-GENERATED at build time — do not edit or commit
-__version__ = "2.3.2"
+__version__ = "2.3.5"

{devlogs-2.3.2 → devlogs-2.3.5}/src/devlogs/cli.py RENAMED Viewed

@@ -926,6 +926,13 @@ def tail(
 	_apply_common_options(env, url)
 	cfg = load_config()
+	if cfg.url_mode == "collector":
+		typer.echo(typer.style(
+			"Error: the provided URL is a collector (ingest) endpoint and cannot be used for querying.\n"
+			"For Loki backends, use lokis://TOKEN@host/path instead of https://TOKEN@host/path",
+			fg=typer.colors.RED
+		), err=True)
+		raise typer.Exit(1)
 	if cfg.is_loki:
 		_tail_loki(cfg, application=application, operation_id=operation_id, area=area,
 			component=component, level=level, since=since, limit=limit, follow=follow,
@@ -1115,6 +1122,13 @@ def search(
 	_apply_common_options(env, url)
 	cfg = load_config()
+	if cfg.url_mode == "collector":
+		typer.echo(typer.style(
+			"Error: the provided URL is a collector (ingest) endpoint and cannot be used for querying.\n"
+			"For Loki backends, use lokis://TOKEN@host/path instead of https://TOKEN@host/path",
+			fg=typer.colors.RED
+		), err=True)
+		raise typer.Exit(1)
 	if cfg.is_loki:
 		_search_loki(cfg, q=q, application=application, area=area,
 			component=component, level=level, operation_id=operation_id,

{devlogs-2.3.2 → devlogs-2.3.5}/src/devlogs/collector/server.py RENAMED Viewed

@@ -4,6 +4,7 @@
 # - Forward mode: proxy to upstream collector
 # - Ingest mode: write directly to OpenSearch
+import hmac
 import json
 import logging
 import platform
@@ -127,27 +128,28 @@ app.add_middleware(
 )
-def get_client_ip(request: Request) -> str:
+def get_client_ip(request: Request, trusted_proxy_token: str = "") -> str:
     """Extract client IP from request.
     Returns a bare IPv4 or IPv6 address string (e.g. "192.168.1.5", "::1").
     No port, no brackets, no CIDR suffix.
-    Checks X-Forwarded-For header first (for proxied requests),
-    then falls back to direct client connection.
+    Proxy headers (X-Forwarded-For, X-Real-IP) are only honored when
+    DEVLOGS_TRUSTED_PROXY_TOKEN is configured and the request presents
+    a matching X-Trusted-Proxy-Token header. This prevents clients from
+    spoofing their IP address.
     """
-    # Check X-Forwarded-For header (from reverse proxy)
-    forwarded_for = request.headers.get("X-Forwarded-For")
-    if forwarded_for:
-        # Take the first (leftmost) IP in the chain
-        return forwarded_for.split(",")[0].strip()
-    # Check X-Real-IP header (alternative proxy header)
-    real_ip = request.headers.get("X-Real-IP")
-    if real_ip:
-        return real_ip.strip()
-    # Fall back to direct client
+    if trusted_proxy_token:
+        presented = request.headers.get("X-Trusted-Proxy-Token", "")
+        if presented and hmac.compare_digest(presented, trusted_proxy_token):
+            forwarded_for = request.headers.get("X-Forwarded-For")
+            if forwarded_for:
+                return forwarded_for.split(",")[0].strip()
+            real_ip = request.headers.get("X-Real-IP")
+            if real_ip:
+                return real_ip.strip()
     if request.client:
         return request.client.host
@@ -157,7 +159,8 @@ def get_client_ip(request: Request) -> str:
 @app.exception_handler(CollectorError)
 async def collector_error_handler(request: Request, exc: CollectorError):
     """Handle CollectorError exceptions with structured response."""
-    client_ip = get_client_ip(request)
+    cfg = load_config()
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.warning("%s %d %s: %s", client_ip, exc.status_code, exc.subcode, exc.message)
     return JSONResponse(
         status_code=exc.status_code,
@@ -202,7 +205,7 @@ async def ingest_logs(request: Request):
     # Determine operating mode
     mode = cfg.get_collector_mode()
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.info("%s POST / (%d bytes)", client_ip, len(body))
     if mode == "forward":
@@ -240,7 +243,7 @@ async def _handle_forward_mode(request: Request, cfg, body: bytes) -> Response:
         timeout=cfg.opensearch_timeout,
     )
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     # If upstream returned 2xx, return 202
     if 200 <= status < 300:
@@ -297,7 +300,7 @@ def _validate_and_enrich_records(request: Request, cfg, body: bytes):
             raise
     # Get client info
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     # Extract token (precedence: Bearer header → X-Devlogs-Token → URL userinfo → ?token=)
     authorization = request.headers.get("Authorization")
@@ -342,7 +345,7 @@ async def _handle_ingest_mode(request: Request, cfg, body: bytes) -> Response:
     index_map = parse_forward_index_map_kv(cfg.forward_index_map_kv)
     result = ingest_records(client, cfg.index, enriched_records, index_map)
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.info("%s 202 ingested %d record(s)", client_ip, result["ingested"])
     return Response(
@@ -377,7 +380,7 @@ async def _handle_plugin_mode(request: Request, cfg, body: bytes, plugin) -> Res
         result = {}
     ingested = result.get("ingested", len(enriched_records))
-    client_ip = get_client_ip(request)
+    client_ip = get_client_ip(request, cfg.trusted_proxy_token)
     logger.info("%s 202 plugin '%s' ingested %d record(s)", client_ip, plugin.name, ingested)
     return Response(

{devlogs-2.3.2 → devlogs-2.3.5}/src/devlogs/config.py RENAMED Viewed

@@ -49,6 +49,9 @@ _DEVLOGS_CONFIG_KEYS = (
 	"DEVLOGS_TOKEN_MAP_KV",
 	# Legacy: Auth token header name (default: Authorization)
 	"DEVLOGS_AUTH_HEADER",
+	# Proxy trust: shared secret that a reverse proxy must present to have
+	# X-Forwarded-For / X-Real-IP headers honored
+	"DEVLOGS_TRUSTED_PROXY_TOKEN",
 )
@@ -411,8 +414,9 @@ class DevlogsConfig:
 				# Treat unparseable DEVLOGS_URL as legacy OpenSearch
 				opensearch_url_config = _parse_opensearch_url(devlogs_url)
-		# Legacy: DEVLOGS_OPENSEARCH_URL overrides OpenSearch settings from DEVLOGS_URL
-		if legacy_opensearch_url:
+		# Legacy: DEVLOGS_OPENSEARCH_URL overrides OpenSearch settings from DEVLOGS_URL,
+		# but NOT when the URL was explicitly set via --url flag.
+		if legacy_opensearch_url and not _url_set_explicitly:
 			opensearch_url_config = _parse_opensearch_url(legacy_opensearch_url)
 			# Parse application filter from opensearch:// URL (second path segment)
 			if legacy_opensearch_url.startswith("opensearchs://") or legacy_opensearch_url.startswith("opensearch://"):
@@ -465,6 +469,11 @@ class DevlogsConfig:
 		# Token-to-identity mapping (KV format)
 		self.token_map_kv = _getenv("DEVLOGS_TOKEN_MAP_KV", "")
+		# Trusted proxy token: if set, X-Forwarded-For / X-Real-IP headers are
+		# only honored when the request includes this token in X-Trusted-Proxy-Token.
+		# If empty, forwarded headers are never trusted.
+		self.trusted_proxy_token = _getenv("DEVLOGS_TRUSTED_PROXY_TOKEN", "")
 		# Forward mode: per-application index routing (KV format)
 		self.forward_index_map_kv = _getenv("DEVLOGS_FORWARD_INDEX_MAP_KV", "")
@@ -531,15 +540,22 @@ def set_dotenv_path(path: str):
 	_dotenv_loaded = False  # Reset to force reload with new path
+_url_set_explicitly = False
 def set_url(url: str):
 	"""Set the URL, auto-detecting whether it's a collector or OpenSearch URL.
 	Uses parse_url() to detect the URL type:
 	- Collector URLs → sets DEVLOGS_URL
 	- OpenSearch URLs → sets DEVLOGS_OPENSEARCH_URL
+	When called (i.e. via --url flag), marks the URL as explicitly set so that
+	dotenv values cannot silently override it.
 	"""
+	global _url_set_explicitly
 	if not url:
 		return
+	_url_set_explicitly = True
 	try:
 		parsed = parse_url(url)
 	except URLParseError:

{devlogs-2.3.2 → devlogs-2.3.5}/src/devlogs/web/server.py RENAMED Viewed

@@ -78,8 +78,10 @@ def tail(operation_id: Optional[str] = None, area: Optional[str] = None, compone
 @app.get("/ui/{path:path}")
 def serve_ui(path: str):
-	static_dir = os.path.join(os.path.dirname(__file__), "static")
-	file_path = os.path.join(static_dir, path)
+	static_dir = os.path.realpath(os.path.join(os.path.dirname(__file__), "static"))
+	file_path = os.path.realpath(os.path.join(static_dir, path))
+	if not file_path.startswith(static_dir + os.sep) and file_path != static_dir:
+		file_path = os.path.join(static_dir, "index.html")
 	if not os.path.isfile(file_path):
 		file_path = os.path.join(static_dir, "index.html")
 	return FileResponse(file_path)

{devlogs-2.3.2 → devlogs-2.3.5/src/devlogs.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devlogs
-Version: 2.3.2
+Version: 2.3.5
 Summary: Developer-focused logging library for Python with OpenSearch integration.
 Author-email: Dan Driscoll <dan@thedandriscoll.org>
 License: MIT License

{devlogs-2.3.2 → devlogs-2.3.5}/tests/test_cli.py RENAMED Viewed

@@ -919,3 +919,25 @@ class TestLokiCLI:
         result = runner.invoke(cli.app, ["--url", "lokis://token@host.example.io/query", "last-error"])
         assert result.exit_code == 1
         assert "--application is required" in result.output
+    def test_tail_rejects_collector_url(self, monkeypatch):
+        """Test that tail fails with a clear error for collector (https) URLs."""
+        monkeypatch.setattr(config, "_dotenv_loaded", True)
+        monkeypatch.delenv("DEVLOGS_OPENSEARCH_URL", raising=False)
+        monkeypatch.delenv("DEVLOGS_OPENSEARCH_HOST", raising=False)
+        runner = CliRunner()
+        result = runner.invoke(cli.app, ["--url", "https://token@host.example.io/ingest", "tail"])
+        assert result.exit_code == 1
+        assert "collector" in result.output
+        assert "lokis://" in result.output
+    def test_search_rejects_collector_url(self, monkeypatch):
+        """Test that search fails with a clear error for collector (https) URLs."""
+        monkeypatch.setattr(config, "_dotenv_loaded", True)
+        monkeypatch.delenv("DEVLOGS_OPENSEARCH_URL", raising=False)
+        monkeypatch.delenv("DEVLOGS_OPENSEARCH_HOST", raising=False)
+        runner = CliRunner()
+        result = runner.invoke(cli.app, ["--url", "https://token@host.example.io/ingest", "search"])
+        assert result.exit_code == 1
+        assert "collector" in result.output
+        assert "lokis://" in result.output

{devlogs-2.3.2 → devlogs-2.3.5}/tests/test_collector_server.py RENAMED Viewed

@@ -166,7 +166,7 @@ class TestIngestEndpoint:
         # TestClient uses testclient as host
         assert body["client_ip"] is not None
-    def test_captures_forwarded_ip(self, client, reset_config, monkeypatch):
+    def test_ignores_forwarded_ip_without_proxy_token(self, client, reset_config, monkeypatch):
         monkeypatch.setenv("DEVLOGS_OPENSEARCH_HOST", "localhost")
         monkeypatch.setenv("DEVLOGS_INDEX", "test-index")
@@ -184,6 +184,32 @@ class TestIngestEndpoint:
                 headers={"X-Forwarded-For": "192.168.1.100, 10.0.0.1"}
             )
+        assert response.status_code == 202
+        body = mock_client.index.call_args.kwargs["body"]
+        assert body["client_ip"] != "192.168.1.100"
+    def test_captures_forwarded_ip_with_proxy_token(self, client, reset_config, monkeypatch):
+        monkeypatch.setenv("DEVLOGS_OPENSEARCH_HOST", "localhost")
+        monkeypatch.setenv("DEVLOGS_INDEX", "test-index")
+        monkeypatch.setenv("DEVLOGS_TRUSTED_PROXY_TOKEN", "my-proxy-secret")
+        mock_client = Mock()
+        mock_client.index = Mock(return_value={})
+        with patch("devlogs.collector.server.get_opensearch_client", return_value=mock_client):
+            response = client.post(
+                "/",
+                json={
+                    "application": "test-app",
+                    "component": "api",
+                    "timestamp": "2024-01-15T10:30:00Z"
+                },
+                headers={
+                    "X-Forwarded-For": "192.168.1.100, 10.0.0.1",
+                    "X-Trusted-Proxy-Token": "my-proxy-secret",
+                }
+            )
         assert response.status_code == 202
         body = mock_client.index.call_args.kwargs["body"]
         assert body["client_ip"] == "192.168.1.100"
@@ -575,17 +601,44 @@ class TestForwardMode:
 class TestGetClientIp:
     """Tests for client IP extraction."""
-    def test_extracts_forwarded_for(self):
+    def test_ignores_forwarded_for_without_token(self):
         mock_request = Mock()
         mock_request.headers = {"X-Forwarded-For": "192.168.1.1, 10.0.0.1"}
         mock_request.client = Mock(host="127.0.0.1")
-        assert get_client_ip(mock_request) == "192.168.1.1"
+        assert get_client_ip(mock_request) == "127.0.0.1"
-    def test_extracts_real_ip(self):
+    def test_ignores_real_ip_without_token(self):
         mock_request = Mock()
         mock_request.headers = {"X-Real-IP": "192.168.1.1"}
         mock_request.client = Mock(host="127.0.0.1")
-        assert get_client_ip(mock_request) == "192.168.1.1"
+        assert get_client_ip(mock_request) == "127.0.0.1"
+    def test_extracts_forwarded_for_with_proxy_token(self):
+        mock_request = Mock()
+        mock_request.headers = {
+            "X-Forwarded-For": "192.168.1.1, 10.0.0.1",
+            "X-Trusted-Proxy-Token": "secret",
+        }
+        mock_request.client = Mock(host="127.0.0.1")
+        assert get_client_ip(mock_request, "secret") == "192.168.1.1"
+    def test_extracts_real_ip_with_proxy_token(self):
+        mock_request = Mock()
+        mock_request.headers = {
+            "X-Real-IP": "192.168.1.1",
+            "X-Trusted-Proxy-Token": "secret",
+        }
+        mock_request.client = Mock(host="127.0.0.1")
+        assert get_client_ip(mock_request, "secret") == "192.168.1.1"
+    def test_ignores_forwarded_for_with_wrong_token(self):
+        mock_request = Mock()
+        mock_request.headers = {
+            "X-Forwarded-For": "192.168.1.1, 10.0.0.1",
+            "X-Trusted-Proxy-Token": "wrong",
+        }
+        mock_request.client = Mock(host="127.0.0.1")
+        assert get_client_ip(mock_request, "secret") == "127.0.0.1"
     def test_falls_back_to_client(self):
         mock_request = Mock()