From c394248dc94183d318652e9ac5f0e9d09b11b0fe Mon Sep 17 00:00:00 2001 From: Nico Verbruggen Date: Mon, 1 Dec 2025 23:40:40 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20Renamed=20field=20to=20`X-phpmon?= =?UTF-8?q?-session-uuid`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I've also documented how this UUID is used to the best of my ability. --- phpmon/Common/Http/RealWebApi.swift | 4 ++-- phpmon/Domain/App/App+UUID.swift | 20 +++++++++++++++----- phpmon/Domain/App/CrashReporter.swift | 1 + phpmon/en.lproj/Localizable.strings | 2 +- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/phpmon/Common/Http/RealWebApi.swift b/phpmon/Common/Http/RealWebApi.swift index 377f225c..1a614c65 100644 --- a/phpmon/Common/Http/RealWebApi.swift +++ b/phpmon/Common/Http/RealWebApi.swift @@ -84,8 +84,8 @@ class RealWebApi: WebApiProtocol { return [ // Fun fact: NUR stands for "NSURLSession Update Requester" "User-Agent": "phpmon-nur/3.0", - // Optional randomized user API ID - "X-phpmon-api-id": App.shared.getApiId(), + // Optional randomized API session UUID + "X-phpmon-session-uuid": App.shared.getApiId(), // Required fields "X-phpmon-version": "\(App.shortVersion) (\(App.bundleVersion))", "X-phpmon-os-version": "\(App.macVersion)", diff --git a/phpmon/Domain/App/App+UUID.swift b/phpmon/Domain/App/App+UUID.swift index 4b2a64ee..55de32ba 100644 --- a/phpmon/Domain/App/App+UUID.swift +++ b/phpmon/Domain/App/App+UUID.swift @@ -24,13 +24,23 @@ struct Api { extension App { /** Returns a unique UUID that automatically refreshes every 36 hours. - It is used to more accurately throttle requests for a given IP, since - multiple users could be coming from one residential or business IP. + It is used to more accurately throttle API requests for a given IP, + since multiple users could be coming from one residential/business IP. - This UUID is NOT used for tracking purposes, only to identify unique - users of PHP Monitor to properly scale the server and throttle the API. + - Important: This UUID is NOT used for tracking. + It is used for legitimate purposes only. + Read more below to find out how this UUID is used. - The UUID is stored in UserDefaults and regenerated when expired. + How it is used: + + - Allows identifying which IP addresses might be throttled too quickly + (example: many requests with the same IP, but different unique UUIDs) + + - Allows counting how many unique users checked for updates in 24 hours + (example: previous assumption was: 1 IP = 1 user; not always true!) + + The UUID is stored in UserDefaults and regenerated when it has expired. + Because I only use this for user counting, the ID is reset after 36 hours. */ func getApiId() -> String { let defaults = UserDefaults.standard diff --git a/phpmon/Domain/App/CrashReporter.swift b/phpmon/Domain/App/CrashReporter.swift index a9e0a577..5fef99e8 100644 --- a/phpmon/Domain/App/CrashReporter.swift +++ b/phpmon/Domain/App/CrashReporter.swift @@ -100,6 +100,7 @@ class CrashReporter { request.httpMethod = "POST" request.setValue("text/crash", forHTTPHeaderField: "Content-Type") request.setValue("phpmon-crashrep/1.0", forHTTPHeaderField: "User-Agent") + request.setValue(App.shared.getApiId(), forHTTPHeaderField: "X-phpmon-session-uuid") request.httpBody = text.data(using: .utf8) request.timeoutInterval = timeout diff --git a/phpmon/en.lproj/Localizable.strings b/phpmon/en.lproj/Localizable.strings index 1c8ef6b2..fa9152d6 100644 --- a/phpmon/en.lproj/Localizable.strings +++ b/phpmon/en.lproj/Localizable.strings @@ -942,7 +942,7 @@ PHP Monitor will tell Valet to unsecure and re-secure all expired domains for yo "cert_alert.renew" = "Re-secure Domain(s)"; "cert_alert.cancel" = "Not Now"; -"crash_reporter.title" = "PHP Monitor crashed earlier, want to send a crash report?"; +"crash_reporter.title" = "PHP Monitor crashed earlier, do you want to send a crash report?"; "crash_reporter.subtitle" = "It is possible to send the crash report to the developer of the app, so this issue can be fixed. This is highly recommended. Would you like to do that?"; "crash_reporter.description" = "Without sending this crash report, the developer may not be aware of this particular issue. No logs or personal data is sent with the crash report, only the unsymbolicated crash report. No further action is necessary on your part.