ref(nextjs): Wrap server-side data-fetching methods during build

[lobsterkatie]

Ref: Ref: #5505

This adds wrapping of the nextjs server-side data-fetching methods (getStaticPaths, getStaticProps, and getServerSideProps) to the webpack config changes we make during app build. Eventually, this will let us create spans for them, use them to improve route parameterization, and trace requests which aren't currently getting traced on Vercel-deployed nextjs apps. For the moment, though, all the wrappers do is call the functions they wrap, in order to separate out the wrapping into its own PR.

Notes:

• For the moment, in order to allow us to iterate on it without fear of breaking people's apps, this feature is gated behind the sentry.autoWrapDataFetchers flag in next.config.js.

• To do the wrapping, we scan each page's AST for references to each of the three functions. If a given function is found, it is renamed (and all references to it similarly adjusted) so that its name starts with one or more underscores (so getServerSideProps becomes _getServerSideProps, for example). This then allows us to create a new, wrapped version of the (now-renamed) function, and export that wrapped version under the original name. (For example, we can then add export const getServerSideProps = withSentryGSSP(_getServerSideProps) to the page code using the loader, and nextjs will never know the difference.)

• Parsing of user code into an AST (and subsequent traversal of that AST) is done using @babel/parser and jscodeshift. (@babel/parser is used directly because jscodeshift neither exposes its parsers nor provides an option for specifying a parser by name (at least when used programmatically). Therefore, in order to use a jsx parser for JS pages and a tsx parser for TS pages, we need to supply them ourselves.)

Follow-up work:

• Add tests
• Make these wrappers do more than call the original functions

[github-actions]

size-limit report 📦

Path	Size
@sentry/browser - ES5 CDN Bundle (gzipped + minified)	19.37 KB (+0.02% 🔺)
@sentry/browser - ES5 CDN Bundle (minified)	59.96 KB (0%)
@sentry/browser - ES6 CDN Bundle (gzipped + minified)	17.94 KB (0%)
@sentry/browser - ES6 CDN Bundle (minified)	52.83 KB (0%)
@sentry/browser - Webpack (gzipped + minified)	19.7 KB (0%)
@sentry/browser - Webpack (minified)	64.17 KB (0%)
@sentry/react - Webpack (gzipped + minified)	19.72 KB (0%)
@sentry/nextjs Client - Webpack (gzipped + minified)	44.14 KB (0%)
@sentry/browser + @sentry/tracing - ES5 CDN Bundle (gzipped + minified)	25.77 KB (0%)
@sentry/browser + @sentry/tracing - ES6 CDN Bundle (gzipped + minified)	24.02 KB (+0.01% 🔺)

[Lms24]

Wow that's a lot of groundwork for getting this to work. Thanks for figuring this all out!
I had a couple of questions but overall I think this looks good.

[lforst]

Wanna put emphasis on how much I love what we're doing here. This is sooo so good DX wise. Thanks for tackling this admittedly very hard problem! 🌮

[lforst]

ABSOLUTE mind boggle: I tried to create a simple page in CJS and it just worked. I think you can just copy the following code into any next page and it should compile and run totally fine. The SDK doesn't seem to be working however. 🤔

const { default: Head } = require("next/head");
const { useState } = require("react");

const Sentry = require("@sentry/nextjs");

const Home = () => {
  const [shouldThrow, setShouldThrow] = useState(false);

  if (shouldThrow) {
    throw new Error("This is some render error!");
  }

  return (
    <div>
      <Head>
        <title>Create Next App</title>
        <meta name="description" content="Generated by create next app" />
        <link rel="icon" href="/favicon.ico" />
      </Head>
      <h1>Next.js Test Page</h1>
      <form>
        <input
          type="button"
          value="trigger onClick error"
          onClick={() => {
            try {
              throw new Error("This is some test onClick error!");
            } catch (err) {
              Sentry.captureException(err);
            }
          }}
        />
        <br />
        <input
          type="button"
          value="trigger render error"
          onClick={() => {
            setShouldThrow(true);
          }}
        />
      </form>
    </div>
  );
};

module.exports = {
  default: Home,
};

[lforst]

Another pass. For the sake of timelyness, feel free to ignore.

[AbhiPrasad]

Ok - so this does have the chance to break folks pretty badly as we are mucking with ASTs.

What do you think about this?
a) We gate this functionality behind an SDK option
b) We update the Sentry onboarding wizard/docs to enable this option by default - so only new users of the SDK will encounter possible issues with this for the most part
c) After a week or 2 passes, we enable the option by default

Do we care about this risk that much? Maybe it's fine to just

[lobsterkatie]

Ok - so this does have the chance to break folks pretty badly as we are mucking with ASTs.

What do you think about this? a) We gate this functionality behind an SDK option b) We update the Sentry onboarding wizard/docs to enable this option by default - so only new users of the SDK will encounter possible issues with this for the most part c) After a week or 2 passes, we enable the option by default

Do we care about this risk that much? Maybe it's fine to just

Honestly, my instinct was the same (to make it opt-in at first), but Vladan expressed that he felt that was being too cautious and we didn't need to bother. Do you still feel that way @vladanpaunovic? The more I dig into the different cases I'm needing to cover, the more I'm leaning back towards thinking it should start as experimental.

Either way, I think we should make a flag, so that users can either opt in if they choose or opt out if we choose and end up breaking things. (On that topic @lforst made a good point, though: We should figure out if doing this could break people only at build time - not great, but at least they know right away - or if it could also break in such a way that they don't find out until we crash their app (or at least render certain pages non-functional) at runtime - way worse, and something we obviously want to avoid in any way we can.)

UPDATE: We discussed this offline and will put this behind a flag for now, so that it's opt-in.

[vladanpaunovic]

Ok - so this does have the chance to break folks pretty badly as we are mucking with ASTs.
What do you think about this? a) We gate this functionality behind an SDK option b) We update the Sentry onboarding wizard/docs to enable this option by default - so only new users of the SDK will encounter possible issues with this for the most part c) After a week or 2 passes, we enable the option by default
Do we care about this risk that much? Maybe it's fine to just

Honestly, my instinct was the same (to make it opt-in at first), but Vladan expressed that he felt that was being too cautious and we didn't need to bother. Do you still feel that way @vladanpaunovic? The more I dig into the different cases I'm needing to cover, the more I'm leaning back towards thinking it should start as experimental.

Either way, I think we should make a flag, so that users can either opt in if they choose or opt out if we choose and end up breaking things. (On that topic @lforst made a good point, though: We should figure out if doing this could break people only at build time - not great, but at least they know right away - or if it could also break in such a way that they don't find out until we crash their app (or at least render certain pages non-functional) at runtime - way worse, and something we obviously want to avoid in any way we can.)

UPDATE: We discussed this offline and will put this behind a flag for now, so that it's opt-in.

Agreed.

@lobsterkatie please, create an issue somewhere in our backlog to promote the experimental feature into a stable one once we've gained more confidence.

[kachkaev]

After upgrading @sentry/nextjs to 7.10.0, I noticed a significant diff in the yarn.lock file:

It is mainly to do with the introduction of jscodeshift, which has bloated yarn.lock by ≈70-75 entries.

Some of jscodeshift's dependencies are quite dated. E.g. there’s micromatch@3.1.10, released in 2018. It is quite possible that some of the dated transient dependencies will introduce new vulnerabilities and although they are dev-only, this can be a concern for teams with strict security policies.

I am not suggesting to give up jscodeshift because I quite like the feature it enables. Just posting this comment to raise some attention to the problem it has introduced. It’d be great if Sentry team could help Meta release a new version of jscodeshift!

[lforst]

After upgrading @sentry/nextjs to 7.10.0, I noticed a significant diff in the yarn.lock file

@kachkaev Thanks for the heads up! It's actually something I didn't really consider when reviewing.

We're currently rethinking what we did in this PR and finding a different approach using rollup and @rollup/plugin-sucrase which should have way fewer dependencies and are better maintained. If you're interested you can follow the progress in #5602 and in #5505.