aboutsummaryrefslogblamecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware/request_id.rb
blob: bee446c8a5dd4bfde0de1daf573aa715a678addd (plain) (tree)
1
2
3
                      
                                               
                                              

















                                                                                                                        




                                                                 
 

                                  
                                                         
                                                   

           
 
                             
                            


         
require 'securerandom'
require 'active_support/core_ext/string/access'
require 'active_support/core_ext/object/blank'

module ActionDispatch
  # Makes a unique request id available to the action_dispatch.request_id env variable (which is then accessible through
  # ActionDispatch::Request#uuid) and sends the same id to the client via the X-Request-Id header.
  #
  # The unique request id is either based off the X-Request-Id header in the request, which would typically be generated
  # by a firewall, load balancer, or the web server, or, if this header is not available, a random uuid. If the
  # header is accepted from the outside world, we sanitize it to a max of 255 chars and alphanumeric and dashes only.
  #
  # The unique request id can be used to trace a request end-to-end and would typically end up being part of log files
  # from multiple pieces of the stack.
  class RequestId
    def initialize(app)
      @app = app
    end

    def call(env)
      env["action_dispatch.request_id"] = external_request_id(env) || internal_request_id
      status, headers, body = @app.call(env)

      headers["X-Request-Id"] = env["action_dispatch.request_id"]
      [ status, headers, body ]
    end

    private
      def external_request_id(env)
        if request_id = env["HTTP_X_REQUEST_ID"].presence
          request_id.gsub(/[^\w\-]/, "").first(255)
        end
      end

      def internal_request_id
        SecureRandom.hex(16)
      end
  end
end