middleware
middleware copied to clipboard
honojs
Sentry: request body not available
The request body is not available in Sentry. My suspicion is that c.req.raw can not be serialized as it's a ReadableStream (see https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L40)
@danielbuechele
Thank for raising the issue.
@sam-lippert
Could you take a look?
@danielbuechele If the Toucan dependencies are up to date, a request body should be able to be sent by calling getSentry(c).setRequestBody(await c.req.raw.text()) or getSentry(c).setRequestBody(await c.req.raw.json()) depending on the content type.
For context, I've been reading the Toucan documentation at https://www.npmjs.com/package/toucan-js, and this is what it appears to say:
By default, Toucan does not send any request data that might contain PII (Personally Identifiable Information) to Sentry.
This includes:
request headers request cookies request search params request body
So, it makes sense that this is the observed behavior. The docs also give the method mentioned earlier for manually associating the body:
Toucan.setRequestBody(body: unknown): void: Attaches request body to future events. body can be anything serializable.
@yusukebe I see that the type registration system on Context returns the Toucan type, so there should even be code completion for getSentry(c).setRequestBody() in vscode. Well done!
I think getSentry(c).setRequestBody(await c.req.raw.text()) should work, however it's somewhat impractical, because then you are getting an error in the route handler that the body was already used.
But in any case, what I'm not understanding is, why is c.req.raw, passed as body to Toucan, even if it's not serializable (https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L40C16-L40C26) and passing the request directly to the middleware is explicitly prevented by the type system (https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L21)?
If you're already reading the request body someplace else, then you can pass that instance to setRequestBody. However, if you don't have control over how the request body is being read, then you can use c.req.raw.clone() to get a copy of the request that you can pass to sentry.
But in any case, what I'm not understanding is, why is
c.req.raw,passed asbodyto Toucan, even if it's not serializable (https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L40C16-L40C26) and passing the request directly to the middleware is explicitly prevented by the type system (https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L21)?
@yusukebe Regarding this, should passthroughs for request and context be offered in this middleware?
Hi @sam-lippert
Does that mean creating options like passThroughRequest: boolean?
Does that mean creating options like
passThroughRequest: boolean?
No, it would mean modifying https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L21 so that it either omits no properties or removing this line and having the middleware accept ToucanOptions directly. There is already a passthough for all other options, so just that type would need to be changed to enable passthough. This would allow people to set their own request and context if needed but fall through to the defaults that are already present in https://github.com/honojs/middleware/blob/main/packages/sentry/src/index.ts#L40-L41 if they are not set.
@sam-lippert
Thanks! Understood well. Sounds good! There is no need to omit request and context.