lhc

Fixes no implicit conversion of nil into String when request includes bearer proc but no bearer token.

• Stop reporting to Rollbar if errors are explicitly ignored.

Fix re-authentication for the endpoints without auth options.

Add sprockets-rails gem as a dev dependency

When a request url did include a parameter which did not match any provided parameters to be scrubbed, then the app ran into:

expected LHC::NotFound, got #<NoMethodError: undefined method `[]' for nil:NilClass>

This release fixes that.

Filter more sensitive data from request's cache key and from response's effective URL.
Introduce usage of local_uri for filtering the data from the effective URL.

This release fixes FrozenError (can't modify frozen String: "[FILTERED]") which happened when the app configured config.scrubs[:headers] << 'Authorization' and a request with a bearer token or basic auth were made.

Configuring scrubs

You can filter out sensitive request data from your log files and rollbar by appending them to LHS.config.scrubs. These values will be marked [FILTERED] in the log and on rollbar. Also nested parameters are being filtered.
The scrubbing configuration affects all request done by LHC independent of the endpoint. You can scrub any attribute within :params, :headers or :body. For :auth you either can choose :bearer or :basic (default is both).

LHS scrubs per default:

• Bearer Token within the Request Header
• Basic Auth username and password within the Request Header
• password and password_confirmation within the Request Body

Enhance the default scrubbing by pushing the name of the parameter, which should be scrubbed, as string to the existing configuration.
You can also add multiple parameters at once by pushing multiple strings.

Example:

  LHC.configure do |c|
    c.scrubs[:params] << 'api_key'
    c.scrubs[:body].push('user_token', 'secret_key')
  end

For disabling scrubbing, add following configuration:

  LHC.configure do |c|
    c.scrubs = {}
  end

If you want to turn off :bearer or :basic scrubbing, then just overwrite the :auth configuration.

Example:

  LHC.configure do |c|
    c.scrubs[:auth] = [:bearer]
  end

If your app has a different authentication strategy than Bearer Authentication or Basic Authentication then you can filter the data by scrubbing the whole header:

  LHC.configure do |c|
    c.scrubs[:headers] << 'Authorization'
  end

Major Changes
This Release automatically filters out sensitive data from the logs and rollbar notifications. No further changes needed.

This release upgrades rubocop and switches GitHub Action from using actions/setup-ruby to use ruby/setup-ruby.
It also removes the localch specific rubocop rules. Now we only have .rubocop.yml.

Furthermore this PR disables following cops:

• Lint/DeprecatedConstants
• Lint/EmptyBlock
• Lint/EmptyClass
• Lint/OrAssignmentToConstant
• Lint/SymbolConversion
• Lint/NonDeterministicRequireOrder
• Lint/ConstantDefinitionInBlock
• Lint/ToJSON
• Layout/LineLength
• Style/HashConversion
• Style/NilLambda
• Style/SingleArgumentDig
• Style/OptionalBooleanParameter
• Style/CaseLikeIf
• Style/OptionalBooleanParameter
• Style/RedundantBegin
• Style/RedundantAssignment
• Performance/StringInclude

Major Changes
This version requires ruby 2.7 and higher

Fix warning URI.escape is obsolete mentioned here: #193

This Introduces monitoring for caching.

It extends the monitoring interceptor to record miss or hit in order to monitor http caching.

Also:

• Fixes some module_parent_name calls to improve support of active support 5 and 6 and to get rid of some warnings
• Fixes a bug where interceptors after_response was not called, if a response was served from cache

This adds the possibility to configure multi-level (local & central) caching for the caching interceptor.

Also:

• Removes old cache configuration keys, e.g. cache_expires_in which have been deprecation warned since years now
• Drops support for ActiveSupport 4 (mainly because only 5.2 introduces RedisCacheStore to ActiveSupport)
• Drops LHC::Caching.logger in favor of simple stdout (puts), mainly because it hasn't been used anywhere

Caching Interceptor

You can also use a central http cache to be used by the LHC::Caching interceptor.

If you configure a local and a central cache, LHC will perform multi-level-caching.
LHC will try to retrieve cached information first from the central, in case of a miss from the local cache, while writing back into both.

  LHC::Caching.central = {
    read: 'redis://[email protected]:6379/0',
    write: 'redis://[email protected]:6379/0'
  }

Procs in Configuration

Allow all values that deal with header information to be procs.

Bugfix Release: Prevent nil access

Procs and Timestamp parsing

• Allow procs as option for 'remaining'
• Parse timestamps if they're in a more human readable format.

Just to kick rubygems.org cache invalidation butt.

When error response bodies where containing a "response" key, lhc's internal Data::Base was running into a SystemStackError: stack level too deep error.

https://github.com/local-ch/lhc/releases/tag/v12.1.0 introduced a bug.

Because the auth interceptors uses instance variables for auth_options once it has been initalized with the before_raw_request hook (as used by body auth) other interceptors can not pass auth options anymore even at a later hook (before_request).

This PR removes the instance variable usage and lets auth interceptor always access the original auth option hash. So that other interceptor can prepare those options (like LHS auto auth interceptor).

Body Authentication

  LHC.post('http://local.ch', auth: { body: { userToken: 'dheur5hrk3' } })

Adds the following to body of all requests:

  {
    "userToken": "dheur5hrk3"
  }

Fixes #173

Basically uses the strict_encode64 to encode basic auth credentials in the correct way.