-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
requestdata.ts
365 lines (330 loc) · 11.2 KB
/
requestdata.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
// TODO: Remove this file once equivalent integration is used everywhere
/* eslint-disable complexity */
/**
* The functions here, which enrich an event with request data, are mostly for use in Node, but are safe for use in a
* browser context. They live here in `@sentry/utils` rather than in `@sentry/node` so that they can be used in
* frameworks (like nextjs), which, because of SSR, run the same code in both Node and browser contexts.
*
* TODO (v8 / #5257): Remove the note below
* Note that for now, the tests for this code have to live in `@sentry/node`, since they test both these functions and
* the backwards-compatibility-preserving wrappers which still live in `handlers.ts` there.
*/
/* eslint-disable max-lines */
/* eslint-disable @typescript-eslint/no-explicit-any */
import { Event, ExtractedNodeRequestData, PolymorphicRequest, Transaction, TransactionSource } from '@sentry/types';
import { isPlainObject, isString } from './is';
import { normalize } from './normalize';
import { stripUrlQueryAndFragment } from './url';
const DEFAULT_INCLUDES = {
ip: false,
request: true,
transaction: true,
user: true,
};
const DEFAULT_REQUEST_INCLUDES = ['cookies', 'data', 'headers', 'method', 'query_string', 'url'];
const DEFAULT_USER_INCLUDES = ['id', 'username', 'email'];
type InjectedNodeDeps = {
cookie: {
parse: (cookieStr: string) => Record<string, string>;
};
url: {
parse: (urlStr: string) => {
query: string | null;
};
};
};
/**
* Sets parameterized route as transaction name e.g.: `GET /users/:id`
* Also adds more context data on the transaction from the request
*/
export function addRequestDataToTransaction(
transaction: Transaction | undefined,
req: PolymorphicRequest,
deps?: InjectedNodeDeps,
): void {
if (!transaction) return;
if (!transaction.metadata.source || transaction.metadata.source === 'url') {
// Attempt to grab a parameterized route off of the request
transaction.setName(...extractPathForTransaction(req, { path: true, method: true }));
}
transaction.setData('url', req.originalUrl || req.url);
if (req.baseUrl) {
transaction.setData('baseUrl', req.baseUrl);
}
transaction.setData('query', extractQueryParams(req, deps));
}
/**
* Extracts a complete and parameterized path from the request object and uses it to construct transaction name.
* If the parameterized transaction name cannot be extracted, we fall back to the raw URL.
*
* Additionally, this function determines and returns the transaction name source
*
* eg. GET /mountpoint/user/:id
*
* @param req A request object
* @param options What to include in the transaction name (method, path, or a custom route name to be
* used instead of the request's route)
*
* @returns A tuple of the fully constructed transaction name [0] and its source [1] (can be either 'route' or 'url')
*/
export function extractPathForTransaction(
req: PolymorphicRequest,
options: { path?: boolean; method?: boolean; customRoute?: string } = {},
): [string, TransactionSource] {
const method = req.method && req.method.toUpperCase();
let path = '';
let source: TransactionSource = 'url';
// Check to see if there's a parameterized route we can use (as there is in Express)
if (options.customRoute || req.route) {
path = options.customRoute || `${req.baseUrl || ''}${req.route && req.route.path}`;
source = 'route';
}
// Otherwise, just take the original URL
else if (req.originalUrl || req.url) {
path = stripUrlQueryAndFragment(req.originalUrl || req.url || '');
}
let name = '';
if (options.method && method) {
name += method;
}
if (options.method && options.path) {
name += ' ';
}
if (options.path && path) {
name += path;
}
return [name, source];
}
type TransactionNamingScheme = 'path' | 'methodPath' | 'handler';
/** JSDoc */
function extractTransaction(req: PolymorphicRequest, type: boolean | TransactionNamingScheme): string {
switch (type) {
case 'path': {
return extractPathForTransaction(req, { path: true })[0];
}
case 'handler': {
return (req.route && req.route.stack && req.route.stack[0] && req.route.stack[0].name) || '<anonymous>';
}
case 'methodPath':
default: {
return extractPathForTransaction(req, { path: true, method: true })[0];
}
}
}
/** JSDoc */
function extractUserData(
user: {
[key: string]: any;
},
keys: boolean | string[],
): { [key: string]: any } {
const extractedUser: { [key: string]: any } = {};
const attributes = Array.isArray(keys) ? keys : DEFAULT_USER_INCLUDES;
attributes.forEach(key => {
if (user && key in user) {
extractedUser[key] = user[key];
}
});
return extractedUser;
}
/**
* Normalize data from the request object, accounting for framework differences.
*
* @param req The request object from which to extract data
* @param options.include An optional array of keys to include in the normalized data. Defaults to
* DEFAULT_REQUEST_INCLUDES if not provided.
* @param options.deps Injected, platform-specific dependencies
* @returns An object containing normalized request data
*/
export function extractRequestData(
req: PolymorphicRequest,
options?: {
include?: string[];
deps?: InjectedNodeDeps;
},
): ExtractedNodeRequestData {
const { include = DEFAULT_REQUEST_INCLUDES, deps } = options || {};
const requestData: { [key: string]: any } = {};
// headers:
// node, express, koa, nextjs: req.headers
const headers = (req.headers || {}) as {
host?: string;
cookie?: string;
};
// method:
// node, express, koa, nextjs: req.method
const method = req.method;
// host:
// express: req.hostname in > 4 and req.host in < 4
// koa: req.host
// node, nextjs: req.headers.host
const host = req.hostname || req.host || headers.host || '<no host>';
// protocol:
// node, nextjs: <n/a>
// express, koa: req.protocol
const protocol = req.protocol === 'https' || (req.socket && req.socket.encrypted) ? 'https' : 'http';
// url (including path and query string):
// node, express: req.originalUrl
// koa, nextjs: req.url
const originalUrl = req.originalUrl || req.url || '';
// absolute url
const absoluteUrl = `${protocol}://${host}${originalUrl}`;
include.forEach(key => {
switch (key) {
case 'headers': {
requestData.headers = headers;
break;
}
case 'method': {
requestData.method = method;
break;
}
case 'url': {
requestData.url = absoluteUrl;
break;
}
case 'cookies': {
// cookies:
// node, express, koa: req.headers.cookie
// vercel, sails.js, express (w/ cookie middleware), nextjs: req.cookies
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
requestData.cookies =
// TODO (v8 / #5257): We're only sending the empty object for backwards compatibility, so the last bit can
// come off in v8
req.cookies || (headers.cookie && deps && deps.cookie && deps.cookie.parse(headers.cookie)) || {};
break;
}
case 'query_string': {
// query string:
// node: req.url (raw)
// express, koa, nextjs: req.query
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
requestData.query_string = extractQueryParams(req, deps);
break;
}
case 'data': {
if (method === 'GET' || method === 'HEAD') {
break;
}
// body data:
// express, koa, nextjs: req.body
//
// when using node by itself, you have to read the incoming stream(see
// https://nodejs.dev/learn/get-http-request-body-data-using-nodejs); if a user is doing that, we can't know
// where they're going to store the final result, so they'll have to capture this data themselves
if (req.body !== undefined) {
requestData.data = isString(req.body) ? req.body : JSON.stringify(normalize(req.body));
}
break;
}
default: {
if ({}.hasOwnProperty.call(req, key)) {
requestData[key] = (req as { [key: string]: any })[key];
}
}
}
});
return requestData;
}
/**
* Options deciding what parts of the request to use when enhancing an event
*/
export interface AddRequestDataToEventOptions {
/** Flags controlling whether each type of data should be added to the event */
include?: {
ip?: boolean;
request?: boolean | string[];
transaction?: boolean | TransactionNamingScheme;
user?: boolean | string[];
};
/** Injected platform-specific dependencies */
deps?: {
cookie: {
parse: (cookieStr: string) => Record<string, string>;
};
url: {
parse: (urlStr: string) => {
query: string | null;
};
};
};
}
/**
* Add data from the given request to the given event
*
* @param event The event to which the request data will be added
* @param req Request object
* @param options.include Flags to control what data is included
* @param options.deps Injected platform-specific dependencies
* @hidden
*/
export function addRequestDataToEvent(
event: Event,
req: PolymorphicRequest,
options?: AddRequestDataToEventOptions,
): Event {
const include = {
...DEFAULT_INCLUDES,
...options?.include,
};
if (include.request) {
const extractedRequestData = Array.isArray(include.request)
? extractRequestData(req, { include: include.request, deps: options?.deps })
: extractRequestData(req, { deps: options?.deps });
event.request = {
...event.request,
...extractedRequestData,
};
}
if (include.user) {
const extractedUser = req.user && isPlainObject(req.user) ? extractUserData(req.user, include.user) : {};
if (Object.keys(extractedUser).length) {
event.user = {
...event.user,
...extractedUser,
};
}
}
// client ip:
// node, nextjs: req.socket.remoteAddress
// express, koa: req.ip
if (include.ip) {
const ip = req.ip || (req.socket && req.socket.remoteAddress);
if (ip) {
event.user = {
...event.user,
ip_address: ip,
};
}
}
if (include.transaction && !event.transaction) {
// TODO do we even need this anymore?
// TODO make this work for nextjs
event.transaction = extractTransaction(req, include.transaction);
}
return event;
}
function extractQueryParams(
req: PolymorphicRequest,
deps?: InjectedNodeDeps,
): string | Record<string, unknown> | undefined {
// url (including path and query string):
// node, express: req.originalUrl
// koa, nextjs: req.url
let originalUrl = req.originalUrl || req.url || '';
if (!originalUrl) {
return;
}
// The `URL` constructor can't handle internal URLs of the form `/some/path/here`, so stick a dummy protocol and
// hostname on the beginning. Since the point here is just to grab the query string, it doesn't matter what we use.
if (originalUrl.startsWith('/')) {
originalUrl = `http://dogs.are.great${originalUrl}`;
}
return (
req.query ||
(typeof URL !== undefined && new URL(originalUrl).search.replace('?', '')) ||
// In Node 8, `URL` isn't in the global scope, so we have to use the built-in module from Node
(deps && deps.url && deps.url.parse(originalUrl).query) ||
undefined
);
}