gnu-social/plugins/ApiLogger/ApiLoggerPlugin.php

<?php
/*
 * StatusNet - the distributed open-source microblogging tool
 * Copyright (C) 2010, StatusNet, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * @package ApiLoggerPlugin
 * @maintainer Brion Vibber <brion@status.net>
 */

if (!defined('STATUSNET')) {
    exit(1);
}

class ApiLoggerPlugin extends Plugin
{
    const PLUGIN_VERSION = '2.0.0';
    // Lower this to do random sampling of API requests rather than all.
    // 0.1 will check about 10% of hits, etc.
    public $frequency = 1.0;

    function onArgsInitialize($args)
    {
        if (isset($args['action'])) {
            $action = strtolower($args['action']);
            if (substr($action, 0, 3) == 'api') {
                if ($this->frequency < 1.0 && $this->frequency > 0.0) {
                    $max = mt_getrandmax();
                    $n = mt_rand() / $max;
                    if ($n > $this->frequency) {
                        return true;
                    }
                }
                $uri = $_SERVER['REQUEST_URI'];

                $method = $_SERVER['REQUEST_METHOD'];
                $ssl = empty($_SERVER['HTTPS']) ? 'no' : 'yes';
                $cookie = empty($_SERVER['HTTP_COOKIE']) ? 'no' : 'yes';
                $etag = empty($_SERVER['HTTP_IF_MATCH']) ? 'no' : 'yes';
                $last = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? 'no' : 'yes';
                $auth = empty($_SERVER['HTTP_AUTHORIZATION']) ? 'no' : 'yes';
                if ($auth == 'no' && function_exists('apache_request_headers')) {
                    // Sometimes Authorization doesn't make it into $_SERVER.
                    // Probably someone thought it was scary.
                    $headers = apache_request_headers();
                    if (isset($headers['Authorization'])) {
                        $auth = 'yes';
                    }
                }
                $agent = empty($_SERVER['HTTP_USER_AGENT']) ? 'no' : $_SERVER['HTTP_USER_AGENT'];

                $query = (strpos($uri, '?') === false) ? 'no' : 'yes';
                if ($query == 'yes') {
                    if (preg_match('/\?since_id=\d+$/', $uri)) {
                        $query = 'since_id';
                    }
                }

                common_log(LOG_INFO, "STATLOG action:$action method:$method ssl:$ssl query:$query cookie:$cookie auth:$auth ifmatch:$etag ifmod:$last agent:$agent");
            }
        }
        return true;
    }

    function onPluginVersion(array &$versions)
    {
        $versions[] = array('name' => 'ApiLogger',
                            'version' => self::PLUGIN_VERSION,
                            'author' => 'Brion Vibber',
                            'homepage' => 'https://git.gnu.io/gnu/gnu-social/tree/master/plugins/ApiLogger',
                            'rawdescription' =>
                            // TRANS: Plugin description.
                            _m('Allows random sampling of API requests.'));
        return true;
    }
}
ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements. Data are sent to the 'info' level of logging, like so: [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353] STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;) Fields: * action: case-normalized name of the action class we're acting on * method: GET, POST, HEAD, etc * ssl: Are we on HTTPS? 'yes' or 'no' * query: Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id * cookie: Were we sent any cookies? 'yes' or 'no' * auth: Were we sent an HTTP Authorization header? 'yes' or 'no' * ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no' * ifmod: Were we sent an HTTP If-Modified-Since header? 'yes' or 'no' * agent: User-agent string, to aid in figuring out what these things are The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting user-agent) could still be friendly to SSL and auth'd GET requests. We kind of expect that the most frequent hits from clients will be GETs for a few common timelines, with auth headers, a since_id-only query, and no cookies. These should at least be amenable to returning 304 matches for etags or last-modified headers with private caching, but it's very possible that most clients won't actually think to save and send them. That would leave us expecting to handle a lot of timeline since_id hits that return a valid API response with no notices. At this point we don't expect to actually see if-match or if-modified-since a lot since most of our API responses are marked as uncacheable; so even if we output them they're not getting sent back to us. Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0: addPlugin('ApiLogger', array( 'frequency' => 0.5 // Record 50% of API hits )); 2010-10-28 00:30:11 +01:00			`<?php`
			`/*`
			`* StatusNet - the distributed open-source microblogging tool`
			`* Copyright (C) 2010, StatusNet, Inc.`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`/**`
			`* @package ApiLoggerPlugin`
			`* @maintainer Brion Vibber <brion@status.net>`
			`*/`

			`if (!defined('STATUSNET')) {`
			`exit(1);`
			`}`

			`class ApiLoggerPlugin extends Plugin`
			`{`
[VersionBump] 1.19.0, fairly late The core plugins whose version was attached to GS's were reseted to 2.0.0. 2.0.0 was chosen as reset version for plugins because it is higher than the one that was set by inheriting GS version. Furthermore, it's a major change from prior plugin versioning system thus it also makes semantic sense. Justification for version bump: == GS == 9a4ab31f26 1.19.0 c13b935201 1.18.3 c13b935201 1.18.2 18fc39d2cf 1.18.1 c083a8bcc2 1.18.0 e8783d46d0 1.17.1 d9a42550ff 1.17.0 1536d3ef29 1.16.0 c03ed457a6 1.15.0 d2e6519bad 1.14.2 fe411e8138 1.14.1 b17e0b4169 1.14.0 daa5f87fd4 1.13.0 d75b5d2f4a 1.11.7 f6dbf66983 1.11.6 6cf674f8f8 1.11.5 7845a09b34 1.11.4 e4d432295d 1.11.3 339204f1ee 1.11.2 a4e679a118 1.11.1 7967db6ff5 1.11.0 bc030da320 1.10.1 9cc7df51d6 1.10.0 bf7f17474d 1.9.2 8a07edec5f 1.9.1 0042971d74 1.9.0 6b5450b7e6 1.8.0 5dcc98d1c6 1.7.0 e6667db0cd 1.6.0 3290227b50 1.5.0 a59c439b46 1.4.0 496ab8c920 1.3.10 986030060b 1.3.9 1d529c021a 1.3.8 f89c052cf8 1.3.7 38f2ecefac 1.3.6 e473937cb9 1.3.5 9a39ebe66f 1.3.4 ddc3cecfc0 1.3.3 2b43d484eb 1.3.2 e8e487187e 1.3.1 == Plugins == XMPP plugin e0887220b0 bump patch e186ad57d0 bump patch OStatus e186ad57d0 bump patch Nodeinfo ceae66a30f bump minor 586fb5a517 bump major 195296846e bump minor 2019-06-03 01:56:52 +01:00			`const PLUGIN_VERSION = '2.0.0';`
ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements. Data are sent to the 'info' level of logging, like so: [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353] STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;) Fields: * action: case-normalized name of the action class we're acting on * method: GET, POST, HEAD, etc * ssl: Are we on HTTPS? 'yes' or 'no' * query: Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id * cookie: Were we sent any cookies? 'yes' or 'no' * auth: Were we sent an HTTP Authorization header? 'yes' or 'no' * ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no' * ifmod: Were we sent an HTTP If-Modified-Since header? 'yes' or 'no' * agent: User-agent string, to aid in figuring out what these things are The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting user-agent) could still be friendly to SSL and auth'd GET requests. We kind of expect that the most frequent hits from clients will be GETs for a few common timelines, with auth headers, a since_id-only query, and no cookies. These should at least be amenable to returning 304 matches for etags or last-modified headers with private caching, but it's very possible that most clients won't actually think to save and send them. That would leave us expecting to handle a lot of timeline since_id hits that return a valid API response with no notices. At this point we don't expect to actually see if-match or if-modified-since a lot since most of our API responses are marked as uncacheable; so even if we output them they're not getting sent back to us. Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0: addPlugin('ApiLogger', array( 'frequency' => 0.5 // Record 50% of API hits )); 2010-10-28 00:30:11 +01:00			`// Lower this to do random sampling of API requests rather than all.`
			`// 0.1 will check about 10% of hits, etc.`
			`public $frequency = 1.0;`

			`function onArgsInitialize($args)`
			`{`
			`if (isset($args['action'])) {`
			`$action = strtolower($args['action']);`
			`if (substr($action, 0, 3) == 'api') {`
			`if ($this->frequency < 1.0 && $this->frequency > 0.0) {`
			`$max = mt_getrandmax();`
			`$n = mt_rand() / $max;`
			`if ($n > $this->frequency) {`
			`return true;`
			`}`
			`}`
			`$uri = $_SERVER['REQUEST_URI'];`

			`$method = $_SERVER['REQUEST_METHOD'];`
			`$ssl = empty($_SERVER['HTTPS']) ? 'no' : 'yes';`
			`$cookie = empty($_SERVER['HTTP_COOKIE']) ? 'no' : 'yes';`
			`$etag = empty($_SERVER['HTTP_IF_MATCH']) ? 'no' : 'yes';`
			`$last = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? 'no' : 'yes';`
			`$auth = empty($_SERVER['HTTP_AUTHORIZATION']) ? 'no' : 'yes';`
Tweak for OAuth headers not seen in $_SERVER 2010-10-28 01:14:45 +01:00			`if ($auth == 'no' && function_exists('apache_request_headers')) {`
			`// Sometimes Authorization doesn't make it into $_SERVER.`
			`// Probably someone thought it was scary.`
			`$headers = apache_request_headers();`
			`if (isset($headers['Authorization'])) {`
			`$auth = 'yes';`
			`}`
			`}`
ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements. Data are sent to the 'info' level of logging, like so: [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353] STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;) Fields: * action: case-normalized name of the action class we're acting on * method: GET, POST, HEAD, etc * ssl: Are we on HTTPS? 'yes' or 'no' * query: Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id * cookie: Were we sent any cookies? 'yes' or 'no' * auth: Were we sent an HTTP Authorization header? 'yes' or 'no' * ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no' * ifmod: Were we sent an HTTP If-Modified-Since header? 'yes' or 'no' * agent: User-agent string, to aid in figuring out what these things are The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting user-agent) could still be friendly to SSL and auth'd GET requests. We kind of expect that the most frequent hits from clients will be GETs for a few common timelines, with auth headers, a since_id-only query, and no cookies. These should at least be amenable to returning 304 matches for etags or last-modified headers with private caching, but it's very possible that most clients won't actually think to save and send them. That would leave us expecting to handle a lot of timeline since_id hits that return a valid API response with no notices. At this point we don't expect to actually see if-match or if-modified-since a lot since most of our API responses are marked as uncacheable; so even if we output them they're not getting sent back to us. Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0: addPlugin('ApiLogger', array( 'frequency' => 0.5 // Record 50% of API hits )); 2010-10-28 00:30:11 +01:00			`$agent = empty($_SERVER['HTTP_USER_AGENT']) ? 'no' : $_SERVER['HTTP_USER_AGENT'];`

			`$query = (strpos($uri, '?') === false) ? 'no' : 'yes';`
			`if ($query == 'yes') {`
			`if (preg_match('/\?since_id=\d+$/', $uri)) {`
			`$query = 'since_id';`
			`}`
			`}`

			`common_log(LOG_INFO, "STATLOG action:$action method:$method ssl:$ssl query:$query cookie:$cookie auth:$auth ifmatch:$etag ifmod:$last agent:$agent");`
			`}`
			`}`
			`return true;`
			`}`
Update translator documentation. i18n/L10n fixes. Superfluous whitespace removed. onPluginVersion() added where missing. 2011-04-06 13:57:48 +01:00
Plugins didn't match lib/plugin.php onPluginVersion function definition I ran: for i in `grep -R onPluginVersion...version plugins/\|cut -d: -f1`; do sed -i '{ s/\(onPluginVersion(\)\(\&\$versions\)/\1array \2/ }' $i; done 2015-06-06 21:04:01 +01:00			`function onPluginVersion(array &$versions)`
Update translator documentation. i18n/L10n fixes. Superfluous whitespace removed. onPluginVersion() added where missing. 2011-04-06 13:57:48 +01:00			`{`
			`$versions[] = array('name' => 'ApiLogger',`
[VersionBump] 1.19.0, fairly late The core plugins whose version was attached to GS's were reseted to 2.0.0. 2.0.0 was chosen as reset version for plugins because it is higher than the one that was set by inheriting GS version. Furthermore, it's a major change from prior plugin versioning system thus it also makes semantic sense. Justification for version bump: == GS == 9a4ab31f26 1.19.0 c13b935201 1.18.3 c13b935201 1.18.2 18fc39d2cf 1.18.1 c083a8bcc2 1.18.0 e8783d46d0 1.17.1 d9a42550ff 1.17.0 1536d3ef29 1.16.0 c03ed457a6 1.15.0 d2e6519bad 1.14.2 fe411e8138 1.14.1 b17e0b4169 1.14.0 daa5f87fd4 1.13.0 d75b5d2f4a 1.11.7 f6dbf66983 1.11.6 6cf674f8f8 1.11.5 7845a09b34 1.11.4 e4d432295d 1.11.3 339204f1ee 1.11.2 a4e679a118 1.11.1 7967db6ff5 1.11.0 bc030da320 1.10.1 9cc7df51d6 1.10.0 bf7f17474d 1.9.2 8a07edec5f 1.9.1 0042971d74 1.9.0 6b5450b7e6 1.8.0 5dcc98d1c6 1.7.0 e6667db0cd 1.6.0 3290227b50 1.5.0 a59c439b46 1.4.0 496ab8c920 1.3.10 986030060b 1.3.9 1d529c021a 1.3.8 f89c052cf8 1.3.7 38f2ecefac 1.3.6 e473937cb9 1.3.5 9a39ebe66f 1.3.4 ddc3cecfc0 1.3.3 2b43d484eb 1.3.2 e8e487187e 1.3.1 == Plugins == XMPP plugin e0887220b0 bump patch e186ad57d0 bump patch OStatus e186ad57d0 bump patch Nodeinfo ceae66a30f bump minor 586fb5a517 bump major 195296846e bump minor 2019-06-03 01:56:52 +01:00			`'version' => self::PLUGIN_VERSION,`
Update translator documentation. i18n/L10n fixes. Superfluous whitespace removed. onPluginVersion() added where missing. 2011-04-06 13:57:48 +01:00			`'author' => 'Brion Vibber',`
Change status.net/wiki URLs to git.gnu.io 2016-01-22 16:38:42 +00:00			`'homepage' => 'https://git.gnu.io/gnu/gnu-social/tree/master/plugins/ApiLogger',`
Update translator documentation. i18n/L10n fixes. Superfluous whitespace removed. onPluginVersion() added where missing. 2011-04-06 13:57:48 +01:00			`'rawdescription' =>`
			`// TRANS: Plugin description.`
L10n and whitespace updates. 2011-04-06 14:08:39 +01:00			`_m('Allows random sampling of API requests.'));`
Update translator documentation. i18n/L10n fixes. Superfluous whitespace removed. onPluginVersion() added where missing. 2011-04-06 13:57:48 +01:00			`return true;`
			`}`
ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements. Data are sent to the 'info' level of logging, like so: [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353] STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;) Fields: * action: case-normalized name of the action class we're acting on * method: GET, POST, HEAD, etc * ssl: Are we on HTTPS? 'yes' or 'no' * query: Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id * cookie: Were we sent any cookies? 'yes' or 'no' * auth: Were we sent an HTTP Authorization header? 'yes' or 'no' * ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no' * ifmod: Were we sent an HTTP If-Modified-Since header? 'yes' or 'no' * agent: User-agent string, to aid in figuring out what these things are The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting user-agent) could still be friendly to SSL and auth'd GET requests. We kind of expect that the most frequent hits from clients will be GETs for a few common timelines, with auth headers, a since_id-only query, and no cookies. These should at least be amenable to returning 304 matches for etags or last-modified headers with private caching, but it's very possible that most clients won't actually think to save and send them. That would leave us expecting to handle a lot of timeline since_id hits that return a valid API response with no notices. At this point we don't expect to actually see if-match or if-modified-since a lot since most of our API responses are marked as uncacheable; so even if we output them they're not getting sent back to us. Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0: addPlugin('ApiLogger', array( 'frequency' => 0.5 // Record 50% of API hits )); 2010-10-28 00:30:11 +01:00			`}`