discourse/lib/middleware/request_tracker.rb

# frozen_string_literal: true

require_dependency 'middleware/anonymous_cache'

class Middleware::RequestTracker

  @@detailed_request_loggers = nil

  # register callbacks for detailed request loggers called on every request
  # example:
  #
  # Middleware::RequestTracker.detailed_request_logger(->|env, data| do
  #   # do stuff with env and data
  # end
  def self.register_detailed_request_logger(callback)

    unless @patched_instrumentation
      require_dependency "method_profiler"
      MethodProfiler.patch(PG::Connection, [
        :exec, :async_exec, :exec_prepared, :send_query_prepared, :query
      ], :sql)

      MethodProfiler.patch(Redis::Client, [
        :call, :call_pipeline
      ], :redis)
      @patched_instrumentation = true
    end

    (@@detailed_request_loggers ||= []) << callback
  end

  def self.unregister_detailed_request_logger(callback)
    @@detailed_request_loggers.delete callback

    if @@detailed_request_loggers.length == 0
      @detailed_request_loggers = nil
    end

  end

  def initialize(app, settings = {})
    @app = app
  end

  def self.log_request_on_site(data, host)
    RailsMultisite::ConnectionManagement.with_hostname(host) do
      log_request(data)
    end
  end

  def self.log_request(data)
    status = data[:status]
    track_view = data[:track_view]

    if track_view
      if data[:is_crawler]
        ApplicationRequest.increment!(:page_view_crawler)
      elsif data[:has_auth_cookie]
        ApplicationRequest.increment!(:page_view_logged_in)
        ApplicationRequest.increment!(:page_view_logged_in_mobile) if data[:is_mobile]
      else
        ApplicationRequest.increment!(:page_view_anon)
        ApplicationRequest.increment!(:page_view_anon_mobile) if data[:is_mobile]
      end
    end

    ApplicationRequest.increment!(:http_total)

    if status >= 500
      ApplicationRequest.increment!(:http_5xx)
    elsif data[:is_background]
      ApplicationRequest.increment!(:http_background)
    elsif status >= 400
      ApplicationRequest.increment!(:http_4xx)
    elsif status >= 300
      ApplicationRequest.increment!(:http_3xx)
    elsif status >= 200 && status < 300
      ApplicationRequest.increment!(:http_2xx)
    end

  end

  def self.get_data(env, result, timing)
    status, headers = result
    status = status.to_i

    helper = Middleware::AnonymousCache::Helper.new(env)
    request = Rack::Request.new(env)

    env_track_view = env["HTTP_DISCOURSE_TRACK_VIEW"]
    track_view = status == 200
    track_view &&= env_track_view != "0" && env_track_view != "false"
    track_view &&= env_track_view || (request.get? && !request.xhr? && headers["Content-Type"] =~ /text\/html/)
    track_view = !!track_view

    {
      status: status,
      is_crawler: helper.is_crawler?,
      has_auth_cookie: helper.has_auth_cookie?,
      is_background: request.path =~ /^\/message-bus\// || request.path == /\/topics\/timings/,
      is_mobile: helper.is_mobile?,
      track_view: track_view,
      timing: timing
    }

  end

  def log_request_info(env, result, info)

    # we got to skip this on error ... its just logging
    data = self.class.get_data(env, result, info) rescue nil
    host = RailsMultisite::ConnectionManagement.host(env)

    if data
      if result && (headers = result[1])
        headers["X-Discourse-TrackView"] = "1" if data[:track_view]
      end

      if @@detailed_request_loggers
        @@detailed_request_loggers.each { |logger| logger.call(env, data) }
      end

      log_later(data, host)
    end

  end

  def call(env)
    result = nil

    if rate_limit(env)
      result = [429, {}, ["Slow down, too Many Requests from this IP Address"]]
      return result
    end

    env["discourse.request_tracker"] = self
    MethodProfiler.start if @@detailed_request_loggers
    result = @app.call(env)
    info = MethodProfiler.stop if @@detailed_request_loggers
    result
  ensure
    log_request_info(env, result, info) unless env["discourse.request_tracker.skip"]
  end

  PRIVATE_IP = /^(127\.)|(192\.168\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(::1$)|([fF][cCdD])/

  def is_private_ip?(ip)
    ip = IPAddr.new(ip) rescue nil
    !!(ip && ip.to_s.match?(PRIVATE_IP))
  end

  def rate_limit(env)

    if (
      GlobalSetting.max_requests_per_ip_mode == "block" ||
      GlobalSetting.max_requests_per_ip_mode == "warn" ||
      GlobalSetting.max_requests_per_ip_mode == "warn+block"
    )

      ip = Rack::Request.new(env).ip

      if !GlobalSetting.max_requests_rate_limit_on_private
        return false if is_private_ip?(ip)
      end

      limiter10 = RateLimiter.new(
        nil,
        "global_ip_limit_10_#{ip}",
        GlobalSetting.max_requests_per_ip_per_10_seconds,
        10,
        global: true
      )

      limiter60 = RateLimiter.new(
        nil,
        "global_ip_limit_60_#{ip}",
        GlobalSetting.max_requests_per_ip_per_10_seconds,
        10,
        global: true
      )

      type = 10
      begin
        limiter10.performed!
        type = 60
        limiter60.performed!
      rescue RateLimiter::LimitExceeded
        if (
          GlobalSetting.max_requests_per_ip_mode == "warn" ||
          GlobalSetting.max_requests_per_ip_mode == "warn+block"
        )
          Rails.logger.warn("Global IP rate limit exceeded for #{ip}: #{type} second rate limit, uri: #{env["REQUEST_URI"]}")
          !(GlobalSetting.max_requests_per_ip_mode == "warn")
        else
          true
        end
      end
    end
  end

  def log_later(data, host)
    Scheduler::Defer.later("Track view", _db = nil) do
      self.class.log_request_on_site(data, host)
    end
  end

end
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`# frozen_string_literal: true`

improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`require_dependency 'middleware/anonymous_cache'`

			`class Middleware::RequestTracker`

FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`@@detailed_request_loggers = nil`

			`# register callbacks for detailed request loggers called on every request`
			`# example:`
			`#`
			`# Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do`
			`# # do stuff with env and data`
			`# end`
			`def self.register_detailed_request_logger(callback)`

			`unless @patched_instrumentation`
			`require_dependency "method_profiler"`
			`MethodProfiler.patch(PG::Connection, [`
			`:exec, :async_exec, :exec_prepared, :send_query_prepared, :query`
			`], :sql)`

			`MethodProfiler.patch(Redis::Client, [`
			`:call, :call_pipeline`
			`], :redis)`
			`@patched_instrumentation = true`
			`end`

			`(@@detailed_request_loggers \|\|= []) << callback`
			`end`

			`def self.unregister_detailed_request_logger(callback)`
			`@@detailed_request_loggers.delete callback`

			`if @@detailed_request_loggers.length == 0`
			`@detailed_request_loggers = nil`
			`end`

			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def initialize(app, settings = {})`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`@app = app`
			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def self.log_request_on_site(data, host)`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`RailsMultisite::ConnectionManagement.with_hostname(host) do`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`log_request(data)`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`end`
			`end`

FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`def self.log_request(data)`
			`status = data[:status]`
			`track_view = data[:track_view]`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`if track_view`
			`if data[:is_crawler]`
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs 2015-02-05 22:39:04 -05:00			`ApplicationRequest.increment!(:page_view_crawler)`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`elsif data[:has_auth_cookie]`
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs 2015-02-05 22:39:04 -05:00			`ApplicationRequest.increment!(:page_view_logged_in)`
FEATURE: page view stats for mobile view 2015-07-03 17:02:57 -04:00			`ApplicationRequest.increment!(:page_view_logged_in_mobile) if data[:is_mobile]`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`else`
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs 2015-02-05 22:39:04 -05:00			`ApplicationRequest.increment!(:page_view_anon)`
FEATURE: page view stats for mobile view 2015-07-03 17:02:57 -04:00			`ApplicationRequest.increment!(:page_view_anon_mobile) if data[:is_mobile]`
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs 2015-02-05 22:39:04 -05:00			`end`
			`end`

			`ApplicationRequest.increment!(:http_total)`

			`if status >= 500`
			`ApplicationRequest.increment!(:http_5xx)`
background reqs failed or not are always counted seperately 2015-02-11 17:47:32 -05:00			`elsif data[:is_background]`
			`ApplicationRequest.increment!(:http_background)`
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs 2015-02-05 22:39:04 -05:00			`elsif status >= 400`
			`ApplicationRequest.increment!(:http_4xx)`
			`elsif status >= 300`
			`ApplicationRequest.increment!(:http_3xx)`
background reqs failed or not are always counted seperately 2015-02-11 17:47:32 -05:00			`elsif status >= 200 && status < 300`
			`ApplicationRequest.increment!(:http_2xx)`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`end`

			`end`

FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`def self.get_data(env, result, timing)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`status, headers = result`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`status = status.to_i`

			`helper = Middleware::AnonymousCache::Helper.new(env)`
			`request = Rack::Request.new(env)`
FEATURE: allow view exclusion using custom header Set Discourse-Track-View to either "0" or "false" to exclude request 2015-02-25 19:40:57 -05:00
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`env_track_view = env["HTTP_DISCOURSE_TRACK_VIEW"]`
FEATURE: allow view exclusion using custom header Set Discourse-Track-View to either "0" or "false" to exclude request 2015-02-25 19:40:57 -05:00			`track_view = status == 200`
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`track_view &&= env_track_view != "0" && env_track_view != "false"`
			`track_view &&= env_track_view \|\| (request.get? && !request.xhr? && headers["Content-Type"] =~ /text\/html/)`
FIX: page tracking was not properly tracking transitions PERF: move closure to self contained method so env is released earlier. 2015-09-16 21:06:21 -04:00			`track_view = !!track_view`
FEATURE: allow view exclusion using custom header Set Discourse-Track-View to either "0" or "false" to exclude request 2015-02-25 19:40:57 -05:00
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`{`
			`status: status,`
			`is_crawler: helper.is_crawler?,`
			`has_auth_cookie: helper.has_auth_cookie?,`
			`is_background: request.path =~ /^\/message-bus\// \|\| request.path == /\/topics\/timings/,`
FEATURE: page view stats for mobile view 2015-07-03 17:02:57 -04:00			`is_mobile: helper.is_mobile?,`
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`track_view: track_view,`
			`timing: timing`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`}`
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00			`end`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`def log_request_info(env, result, info)`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00
			`# we got to skip this on error ... its just logging`
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00			`data = self.class.get_data(env, result, info) rescue nil`
correct brokeness 2015-02-10 01:05:24 -05:00			`host = RailsMultisite::ConnectionManagement.host(env)`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00
			`if data`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`if result && (headers = result[1])`
make sure 1 is a string 2016-10-27 03:08:01 -04:00			`headers["X-Discourse-TrackView"] = "1" if data[:track_view]`
make code a bit safer 2016-10-27 01:50:56 -04:00			`end`
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->\|env, data\| do # do stuff with env and data end 2017-10-17 21:10:12 -04:00
			`if @@detailed_request_loggers`
			`@@detailed_request_loggers.each { \|logger\| logger.call(env, data) }`
			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`log_later(data, host)`
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`end`
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes 2015-02-10 01:03:33 -05:00
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`end`

Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`def call(env)`
FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00			`result = nil`

			`if rate_limit(env)`
			`result = [429, {}, ["Slow down, too Many Requests from this IP Address"]]`
			`return result`
			`end`

Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`env["discourse.request_tracker"] = self`
			`MethodProfiler.start if @@detailed_request_loggers`
			`result = @app.call(env)`
			`info = MethodProfiler.stop if @@detailed_request_loggers`
			`result`
			`ensure`
			`log_request_info(env, result, info) unless env["discourse.request_tracker.skip"]`
			`end`

FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00			`PRIVATE_IP = /^(127\.)\|(192\.168\.)\|(10\.)\|(172\.1[6-9]\.)\|(172\.2[0-9]\.)\|(172\.3[0-1]\.)\|(::1$)\|([fF][cCdD])/`

			`def is_private_ip?(ip)`
			`ip = IPAddr.new(ip) rescue nil`
			`!!(ip && ip.to_s.match?(PRIVATE_IP))`
			`end`

FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00			`def rate_limit(env)`
FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00
FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00			`if (`
			`GlobalSetting.max_requests_per_ip_mode == "block" \|\|`
FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00			`GlobalSetting.max_requests_per_ip_mode == "warn" \|\|`
			`GlobalSetting.max_requests_per_ip_mode == "warn+block"`
FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00			`)`

			`ip = Rack::Request.new(env).ip`

FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00			`if !GlobalSetting.max_requests_rate_limit_on_private`
			`return false if is_private_ip?(ip)`
			`end`

FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00			`limiter10 = RateLimiter.new(`
			`nil,`
			`"global_ip_limit_10_#{ip}",`
			`GlobalSetting.max_requests_per_ip_per_10_seconds,`
			`10,`
			`global: true`
			`)`

			`limiter60 = RateLimiter.new(`
			`nil,`
			`"global_ip_limit_60_#{ip}",`
			`GlobalSetting.max_requests_per_ip_per_10_seconds,`
			`10,`
			`global: true`
			`)`

			`type = 10`
			`begin`
			`limiter10.performed!`
			`type = 60`
			`limiter60.performed!`
			`rescue RateLimiter::LimitExceeded`
FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00			`if (`
			`GlobalSetting.max_requests_per_ip_mode == "warn" \|\|`
			`GlobalSetting.max_requests_per_ip_mode == "warn+block"`
			`)`
add better diagnostics for rate limits 2018-01-04 20:14:28 -05:00			`Rails.logger.warn("Global IP rate limit exceeded for #{ip}: #{type} second rate limit, uri: #{env["REQUEST_URI"]}")`
FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00			`!(GlobalSetting.max_requests_per_ip_mode == "warn")`
FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00			`else`
			`true`
			`end`
			`end`
			`end`
			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def log_later(data, host)`
			`Scheduler::Defer.later("Track view", _db = nil) do`
			`self.class.log_request_on_site(data, host)`
FIX: page tracking was not properly tracking transitions PERF: move closure to self contained method so env is released earlier. 2015-09-16 21:06:21 -04:00			`end`
			`end`

improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front 2015-02-05 00:08:52 -05:00			`end`