discourse/config/initializers/006-mini_profiler.rb

# frozen_string_literal: true

# If Mini Profiler is included via gem
if Rails.configuration.respond_to?(:load_mini_profiler) && Rails.configuration.load_mini_profiler &&
     RUBY_ENGINE == "ruby"
  require "rack-mini-profiler"
  require "stackprof"

  begin
    require "memory_profiler"
  rescue => e
    STDERR.put "#{e} failed to require mini profiler"
  end

  # initialization is skipped so trigger it
  Rack::MiniProfilerRails.initialize!(Rails.application)
end

if defined?(Rack::MiniProfiler) && defined?(Rack::MiniProfiler::Config)
  # note, we may want to add some extra security here that disables mini profiler in a multi hosted env unless user global admin
  #   raw_connection means results are not namespaced
  #
  # namespacing gets complex, cause mini profiler is in the rack chain way before multisite
  Rack::MiniProfiler.config.storage_instance =
    Rack::MiniProfiler::RedisStore.new(connection: DiscourseRedis.new(nil, namespace: false))

  Rack::MiniProfiler.config.snapshot_every_n_requests = GlobalSetting.mini_profiler_snapshots_period
  Rack::MiniProfiler.config.snapshots_transport_destination_url =
    GlobalSetting.mini_profiler_snapshots_transport_url
  Rack::MiniProfiler.config.snapshots_transport_auth_key =
    GlobalSetting.mini_profiler_snapshots_transport_auth_key
  Rack::MiniProfiler.config.skip_paths = [
    %r{^/message-bus},
    %r{^/extra-locales},
    %r{topics/timings},
    /assets/,
    %r{/user_avatar/},
    %r{/letter_avatar/},
    %r{/letter_avatar_proxy/},
    %r{/highlight-js/},
    %r{/svg-sprite/},
    /qunit/,
    %r{srv/status},
    /commits-widget/,
    %r{^/cdn_asset},
    %r{^/logs},
    %r{^/site_customizations},
    %r{^/uploads},
    %r{^/secure-media-uploads},
    %r{^/secure-uploads},
    %r{^/javascripts/},
    %r{^/images/},
    %r{^/stylesheets/},
    %r{^/favicon/proxied},
    %r{^/theme-javascripts},
    %r{^/manifest.webmanifest},
    %r{^/opensearch.xml},
  ]

  # we DO NOT WANT mini-profiler loading on anything but real desktops and laptops
  # so let's rule out all handheld, tablet, and mobile devices
  Rack::MiniProfiler.config.pre_authorize_cb =
    lambda { |env| env["HTTP_USER_AGENT"] !~ /iPad|iPhone|Android/ }

  # without a user provider our results will use the ip address for namespacing
  #  with a load balancer in front this becomes really bad as some results can
  #  be stored associated with ip1 as the user and retrieved using ip2 causing 404s
  Rack::MiniProfiler.config.user_provider =
    lambda do |env|
      request = Rack::Request.new(env)
      id = request.cookies["_t"] || request.ip || "unknown"
      id = id.to_s
      # some security, lets not have these tokens floating about
      Digest::MD5.hexdigest(id)
    end

  # Cookie path should be set to the base path so Discourse's session cookie path
  #  does not get clobbered.
  Rack::MiniProfiler.config.cookie_path = Discourse.base_path.presence || "/"

  Rack::MiniProfiler.config.position = "right"

  Rack::MiniProfiler.config.backtrace_ignores ||= []
  Rack::MiniProfiler.config.backtrace_ignores << %r{lib/rack/message_bus.rb}
  Rack::MiniProfiler.config.backtrace_ignores << %r{config/initializers/silence_logger}
  Rack::MiniProfiler.config.backtrace_ignores << %r{config/initializers/quiet_logger}

  Rack::MiniProfiler.config.backtrace_includes = [%r{^/?(app|config|lib|test|plugins)}]

  Rack::MiniProfiler.config.max_traces_to_show = 100 if Rails.env.development?

  Rack::MiniProfiler.counter_method(Redis::Client, :call) { "redis" }
  # Rack::MiniProfiler.counter_method(ActiveRecord::QueryMethods, 'build_arel')
  # Rack::MiniProfiler.counter_method(Array, 'uniq')
  # require "#{Rails.root}/vendor/backports/notification"

  # inst = Class.new
  # class << inst
  #   def start(name,id,payload)
  #     if Rack::MiniProfiler.current && name !~ /(process_action.action_controller)|(render_template.action_view)/
  #       @prf ||= {}
  #       @prf[id] ||= []
  #       @prf[id] << Rack::MiniProfiler.start_step("#{payload[:serializer] if name =~ /serialize.serializer/} #{name}")
  #     end
  #   end

  #   def finish(name,id,payload)
  #     if Rack::MiniProfiler.current && name !~ /(process_action.action_controller)|(render_template.action_view)/
  #       t = @prf[id].pop
  #       @prf.delete id unless t
  #       Rack::MiniProfiler.finish_step t
  #     end
  #   end
  # end
  # disabling for now cause this slows stuff down too much
  # ActiveSupport::Notifications.subscribe(/.*/, inst)

  # Rack::MiniProfiler.profile_method ActionView::PathResolver, 'find_templates'
end

if ENV["PRINT_EXCEPTIONS"]
  trace =
    TracePoint.new(:raise) do |tp|
      puts tp.raised_exception
      puts tp.raised_exception.backtrace.join("\n")
      puts
    end
  trace.enable
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# If Mini Profiler is included via gem`
DEV: Compatibility with TruffleRuby (#16641) 2022-05-04 21:50:02 -04:00			`if Rails.configuration.respond_to?(:load_mini_profiler) && Rails.configuration.load_mini_profiler &&`
			`RUBY_ENGINE == "ruby"`
introduce rack:cache as a default, so users don't need to configure apache or nginx under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine) reorganised so mini profilers can be cleanly disabled from config file added caching for categories index move production.rb to production.sample.rb 2013-04-11 02:24:08 -04:00			`require "rack-mini-profiler"`
DEV: update rack-mini-profiler (#11597) Included support for flamegraphs using speedscope! 2020-12-28 21:54:41 -05:00			`require "stackprof"`
Partially revert https://github.com/discourse/discourse/commit/09b92dd3. 2016-06-30 13:21:40 -04:00
			`begin`
			`require "memory_profiler"`
			`rescue => e`
			`STDERR.put "#{e} failed to require mini profiler"`
			`end`
Ruby 2.2 fixes 2014-12-28 21:30:54 -05:00
introduce rack:cache as a default, so users don't need to configure apache or nginx under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine) reorganised so mini profilers can be cleanly disabled from config file added caching for categories index move production.rb to production.sample.rb 2013-04-11 02:24:08 -04:00			`# initialization is skipped so trigger it`
			`Rack::MiniProfilerRails.initialize!(Rails.application)`
			`end`

DEV: update mini profiler This provides us with instrumentation missing after rails upgrade Latest version of rails uses exec_params internally which is no longer routed to intercepted methods in mini profiler 1.0.0 2018-12-09 22:29:20 -05:00			`if defined?(Rack::MiniProfiler) && defined?(Rack::MiniProfiler::Config)`
mini profiler fix for multisite 2013-03-25 02:19:59 -04:00			`# note, we may want to add some extra security here that disables mini profiler in a multi hosted env unless user global admin`
			`# raw_connection means results are not namespaced`
			`#`
			`# namespacing gets complex, cause mini profiler is in the rack chain way before multisite`
Fix Redis command errors when trying to start app with a readonly Redis. 2017-08-02 01:32:01 -04:00			`Rack::MiniProfiler.config.storage_instance =`
			`Rack::MiniProfiler::RedisStore.new(connection: DiscourseRedis.new(nil, namespace: false))`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
DEV: Add ENV variable for enabling MiniProfiler snapshots (#10690) * DEV: Add ENV variable for enabling MiniProfiler snapshots * MiniProfiler is not loaded in test env 2020-09-17 11:18:35 -04:00			`Rack::MiniProfiler.config.snapshot_every_n_requests = GlobalSetting.mini_profiler_snapshots_period`
DEV: Add optional ENV variables for MiniProfiler snapshots transporter (#10985) 2020-10-21 12:37:28 -04:00			`Rack::MiniProfiler.config.snapshots_transport_destination_url =`
			`GlobalSetting.mini_profiler_snapshots_transport_url`
			`Rack::MiniProfiler.config.snapshots_transport_auth_key =`
			`GlobalSetting.mini_profiler_snapshots_transport_auth_key`
DEV: Add ENV variable for enabling MiniProfiler snapshots (#10690) * DEV: Add ENV variable for enabling MiniProfiler snapshots * MiniProfiler is not loaded in test env 2020-09-17 11:18:35 -04:00			`Rack::MiniProfiler.config.skip_paths = [`
ignore uploads for mini profiler 2015-04-16 22:16:37 -04:00			`%r{^/message-bus},`
bypass mini profiler for locales bypass cdn for now 2018-01-08 19:30:59 -05:00			`%r{^/extra-locales},`
ignore uploads for mini profiler 2015-04-16 22:16:37 -04:00			`%r{topics/timings},`
			`/assets/,`
			`%r{/user_avatar/},`
			`%r{/letter_avatar/},`
we need to bypass this in dev 2015-12-09 00:40:49 -05:00			`%r{/letter_avatar_proxy/},`
ignore uploads for mini profiler 2015-04-16 22:16:37 -04:00			`%r{/highlight-js/},`
Upgrade to FontAwesome 5 (take two) (#6673) * Add missing icons to set * Revert FA5 revert This reverts commit 42572ff * use new SVG syntax in locales * Noscript page changes (remove login button, center "powered by" footer text) * Cast wider net for SVG icons in settings - include any _icon setting for SVG registry (offers better support for plugin settings) - let themes store multiple pipe-delimited icons in a setting - also replaces broken onebox image icon with SVG reference in cooked post processor * interpolate icons in locales * Fix composer whisper icon alignment * Add support for stacked icons * SECURITY: enforce hostname to match discourse hostname This ensures that the hostname rails uses for various helpers always matches the Discourse hostname * load SVG sprite with pre-initializers * FIX: enable caching on SVG sprites * PERF: use JSONP for SVG sprites so they are served from CDN This avoids needing to deal with CORS for loading of the SVG Note, added the svg- prefix to the filename so we can quickly tell in dev tools what the file is * Add missing SVG sprite JSONP script to CSP * Upgrade to FA 5.5.0 * Add support for all FA4.7 icons - adds complete frontend and backend for renamed FA4.7 icons - improves performance of SvgSprite.bundle and SvgSprite.all_icons * Fix group avatar flair preview - adds an endpoint at /svg-sprites/search/:keyword - adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset * Remove FA 4.7 font files 2018-11-26 16:49:57 -05:00			`%r{/svg-sprite/},`
ignore uploads for mini profiler 2015-04-16 22:16:37 -04:00			`/qunit/,`
			`%r{srv/status},`
			`/commits-widget/,`
			`%r{^/cdn_asset},`
			`%r{^/logs},`
			`%r{^/site_customizations},`
add some ignores 2015-05-04 02:11:27 -04:00			`%r{^/uploads},`
FIX: Ignore secure-media-uploads for miniprofiler (#9070) 2020-02-27 21:11:30 -05:00			`%r{^/secure-media-uploads},`
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb 2022-09-28 19:24:33 -04:00			`%r{^/secure-uploads},`
add some ignores 2015-05-04 02:11:27 -04:00			`%r{^/javascripts/},`
FEATURE: move stylesheet cache out of the uploads directory 2015-05-05 01:50:13 -04:00			`%r{^/images/},`
FIX: favicon update broken when favicon lived on a CDN 2015-08-24 21:54:23 -04:00			`%r{^/stylesheets/},`
DEV: Do not MiniProfile theme-javascripts (#18067) This creates a huge amount of noise depending on the themes/theme components installed and doesn't provide much value. 2022-08-24 02:01:42 -04:00			`%r{^/favicon/proxied},`
			`%r{^/theme-javascripts},`
PERF: Skip metadata routes for mini_profiler (#20543) Mini-profiler causes routes to become uncacheable. When using mini_profiler in production, the lack of cache on these routes can have a noticeable impact on performance/rate-limiting. 2023-03-06 06:08:32 -05:00			`%r{^/manifest.webmanifest},`
			`%r{^/opensearch.xml},`
ignore uploads for mini profiler 2015-04-16 22:16:37 -04:00			`]`

clarify why block all mobile/tablet for miniprofiler 2016-03-15 19:54:40 -04:00			`# we DO NOT WANT mini-profiler loading on anything but real desktops and laptops`
			`# so let's rule out all handheld, tablet, and mobile devices`
remove trailing whitespaces :heart: 2013-02-25 11:42:20 -05:00			`Rack::MiniProfiler.config.pre_authorize_cb =`
DEV: Add ENV variable for enabling MiniProfiler snapshots (#10690) * DEV: Add ENV variable for enabling MiniProfiler snapshots * MiniProfiler is not loaded in test env 2020-09-17 11:18:35 -04:00			`lambda { \|env\| env["HTTP_USER_AGENT"] !~ /iPad\|iPhone\|Android/ }`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
comment out dead code add some explanations 2013-03-24 23:09:28 -04:00			`# without a user provider our results will use the ip address for namespacing`
			`# with a load balancer in front this becomes really bad as some results can`
Migrate all jasmine specs to Qunit. Removed Jasmine. 2013-06-19 15:06:23 -04:00			`# be stored associated with ip1 as the user and retrieved using ip2 causing 404s`
wow, this has been broken for OH so long, we need to segragate users correctly so MP results work as expected 2013-03-24 22:52:03 -04:00			`Rack::MiniProfiler.config.user_provider =`
			`lambda do \|env\|`
fix mp in prd 2013-03-24 23:36:55 -04:00			`request = Rack::Request.new(env)`
			`id = request.cookies["_t"] \|\| request.ip \|\| "unknown"`
			`id = id.to_s`
			`# some security, lets not have these tokens floating about`
			`Digest::MD5.hexdigest(id)`
wow, this has been broken for OH so long, we need to segragate users correctly so MP results work as expected 2013-03-24 22:52:03 -04:00			`end`

FIX: dev subfolder session cookies (#16031) rack-mini-profiler was setting a cookie path of / which was clobbering the session cookie path of Discourse.base_path. Fixes some issues when local dev is unable to read or write from/to the user session, such as during omniauth CSRF checks. 2022-02-23 09:42:57 -05:00			`# Cookie path should be set to the base path so Discourse's session cookie path`
			`# does not get clobbered.`
DEV: Ensure Mini Profiler's `cookie_path` is not empty or nil (#16039) Follow-up to https://github.com/discourse/discourse/commit/9c50c69bd22b8017bc5e83c661045ac865f859b4. 2022-02-23 14:18:58 -05:00			`Rack::MiniProfiler.config.cookie_path = Discourse.base_path.presence \|\| "/"`
FIX: dev subfolder session cookies (#16031) rack-mini-profiler was setting a cookie path of / which was clobbering the session cookie path of Discourse.base_path. Fixes some issues when local dev is unable to read or write from/to the user session, such as during omniauth CSRF checks. 2022-02-23 09:42:57 -05:00
FIX: CSS tweak and production position fix for miniprofiler (#17493) * DEV: Format miniprofiler html * FIX: Move miniprofiler to the right in production * UX: Fix and merge miniprofiler css 2022-07-14 07:03:43 -04:00			`Rack::MiniProfiler.config.position = "right"`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`Rack::MiniProfiler.config.backtrace_ignores \|\|= []`
			`Rack::MiniProfiler.config.backtrace_ignores << %r{lib/rack/message_bus.rb}`
			`Rack::MiniProfiler.config.backtrace_ignores << %r{config/initializers/silence_logger}`
			`Rack::MiniProfiler.config.backtrace_ignores << %r{config/initializers/quiet_logger}`

FIX: rack-mini-profiler not showing plugin frames Previously the default stack suppressor in rack-mini-profiler was excluding the plugin directory. This made islolating issues more complicated cause you needed to defer to pp=full-backtrace which is both slow and noisy 2019-08-19 01:47:53 -04:00			`Rack::MiniProfiler.config.backtrace_includes = [%r{^/?(app\|config\|lib\|test\|plugins)}]`

DEV: Increase number of mini-profiler traces in development. Assets are served via the server in development and the default 20 traces is too little for the number of assets we load in development. 2021-06-10 02:22:47 -04:00			`Rack::MiniProfiler.config.max_traces_to_show = 100 if Rails.env.development?`

DEV: Track redis calls count in mini profiler (#11088) 2020-10-30 12:11:22 -04:00			`Rack::MiniProfiler.counter_method(Redis::Client, :call) { "redis" }`
some soample counter methods 2013-08-30 02:44:17 -04:00			`# Rack::MiniProfiler.counter_method(ActiveRecord::QueryMethods, 'build_arel')`
			`# Rack::MiniProfiler.counter_method(Array, 'uniq')`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# require "#{Rails.root}/vendor/backports/notification"`

comment out dead code add some explanations 2013-03-24 23:09:28 -04:00			`# inst = Class.new`
			`# class << inst`
			`# def start(name,id,payload)`
			`# if Rack::MiniProfiler.current && name !~ /(process_action.action_controller)\|(render_template.action_view)/`
			`# @prf \|\|= {}`
			`# @prf[id] \|\|= []`
			`# @prf[id] << Rack::MiniProfiler.start_step("#{payload[:serializer] if name =~ /serialize.serializer/} #{name}")`
			`# end`
			`# end`

			`# def finish(name,id,payload)`
			`# if Rack::MiniProfiler.current && name !~ /(process_action.action_controller)\|(render_template.action_view)/`
			`# t = @prf[id].pop`
			`# @prf.delete id unless t`
			`# Rack::MiniProfiler.finish_step t`
			`# end`
			`# end`
			`# end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# disabling for now cause this slows stuff down too much`
			`# ActiveSupport::Notifications.subscribe(/.*/, inst)`

			`# Rack::MiniProfiler.profile_method ActionView::PathResolver, 'find_templates'`
			`end`
add some extra diagnostics 2015-08-19 02:58:25 -04:00
			`if ENV["PRINT_EXCEPTIONS"]`
			`trace =`
			`TracePoint.new(:raise) do \|tp\|`
			`puts tp.raised_exception`
			`puts tp.raised_exception.backtrace.join("\n")`
			`puts`
			`end`
			`trace.enable`
			`end`