From d7a1b578986ac0280ccd37faefa4d6d829f642f0 Mon Sep 17 00:00:00 2001 From: bbrunell Date: Sun, 2 Feb 2025 10:23:14 +0100 Subject: [PATCH 01/15] Add request body size control options Add MaxRequestBodySize enum to control request body capture with options: - None: Don't capture request body (default) - Small: Capture up to 1000 bytes - Medium: Capture up to 10000 bytes - Always: Capture entire body Add max_request_body_size field to ClientOptions struct with default value of None --- sentry-core/src/clientoptions.rs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index 9926cbcd..5acc051b 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -40,6 +40,18 @@ pub enum SessionMode { Request, } +#[derive(Clone)] +pub enum MaxRequestBodySize { + /// Don't capture request body + None, + /// Capture up to 1000 bytes + Small, + /// Capture up to 10000 bytes + Medium, + /// Capture entire body + Always, +} + /// Configuration settings for the client. /// /// These options are explained in more detail in the general @@ -148,6 +160,8 @@ pub struct ClientOptions { pub trim_backtraces: bool, /// The user agent that should be reported. pub user_agent: Cow<'static, str>, + /// Controls how much of request bodies are captured + pub max_request_body_size: MaxRequestBodySize, } impl ClientOptions { @@ -256,6 +270,7 @@ impl Default for ClientOptions { extra_border_frames: vec![], trim_backtraces: true, user_agent: Cow::Borrowed(USER_AGENT), + max_request_body_size: MaxRequestBodySize::None, } } } From a2fef26c0e7a2d829f996edc1a2acecc3fa55046 Mon Sep 17 00:00:00 2001 From: bbrunell Date: Sun, 2 Feb 2025 18:20:00 +0100 Subject: [PATCH 02/15] feat(sentry-actix): Add request body capture functionality Add support for capturing request bodies in the Sentry middleware for Actix-Web. This includes: - Configurable request body size limits (Small/Medium/Always) - Support for JSON and form-urlencoded content types - Body capture and restoration logic to maintain request integrity - Additional span data enrichment Updates dependencies: - Add serde_json, actix-http, futures dependencies --- sentry-actix/Cargo.toml | 3 + sentry-actix/src/lib.rs | 103 +++++++++++++++++++++++++------ sentry-core/src/clientoptions.rs | 2 +- sentry-core/src/lib.rs | 3 + 4 files changed, 91 insertions(+), 20 deletions(-) diff --git a/sentry-actix/Cargo.toml b/sentry-actix/Cargo.toml index 3a7e94e4..d2429bbc 100644 --- a/sentry-actix/Cargo.toml +++ b/sentry-actix/Cargo.toml @@ -18,6 +18,9 @@ futures-util = { version = "0.3.5", default-features = false } sentry-core = { version = "0.36.0", path = "../sentry-core", default-features = false, features = [ "client", ] } +serde_json = "1.0.133" +actix-http = "3.9.0" +futures = "0.3" [dev-dependencies] actix-web = { version = "4" } diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index faf33241..d92d38f3 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -73,16 +73,22 @@ use std::borrow::Cow; use std::pin::Pin; +use std::rc::Rc; use std::sync::Arc; +use actix_http::header::HeaderMap; use actix_web::dev::{Service, ServiceRequest, ServiceResponse, Transform}; +use actix_web::error::PayloadError; use actix_web::http::StatusCode; -use actix_web::Error; +use actix_web::web::BytesMut; +use actix_web::{Error, HttpMessage}; use futures_util::future::{ok, Future, Ready}; use futures_util::FutureExt; use sentry_core::protocol::{self, ClientSdkPackage, Event, Request}; +use sentry_core::MaxRequestBodySize; use sentry_core::{Hub, SentryFutureExt}; +use serde_json::json; /// A helper construct that can be used to reconfigure and build the middleware. pub struct SentryBuilder { @@ -180,7 +186,7 @@ impl Default for Sentry { impl Transform for Sentry where - S: Service, Error = Error>, + S: Service, Error = Error> + 'static, S::Future: 'static, { type Response = ServiceResponse; @@ -191,7 +197,7 @@ where fn new_transform(&self, service: S) -> Self::Future { ok(SentryMiddleware { - service, + service: Rc::new(service), inner: self.clone(), }) } @@ -199,13 +205,55 @@ where /// The middleware for individual services. pub struct SentryMiddleware { - service: S, + service: Rc, inner: Sentry, } +async fn should_capture_request_body(headers: &HeaderMap) -> bool { + headers + .get("content-type") + .and_then(|h| h.to_str().ok()) + .map(|s| s.to_lowercase()) + .map_or(false, |ct| { + ct.contains("application/json") || ct.contains("application/x-www-form-urlencoded") + }) +} + +/// Extract a body from the HTTP request +async fn body_from_http(req: &mut ServiceRequest) -> Result { + let mut stream = req.take_payload(); + + let mut body = BytesMut::new(); + while let Some(chunk) = futures_util::StreamExt::next(&mut stream).await { + let chunk = chunk?; + body.extend_from_slice(&chunk); + } + let (_, mut orig_payload) = actix_http::h1::Payload::create(true); + orig_payload.unread_data(body.clone().freeze()); + req.set_payload(actix_web::dev::Payload::from(orig_payload)); + + Ok::<_, PayloadError>(body) +} + +async fn capture_request_body( + req: &mut ServiceRequest, + max_size: MaxRequestBodySize, +) -> Option { + let request_body = body_from_http(req).await.unwrap(); + let request_body_str = String::from_utf8_lossy(&request_body).into_owned(); + + match max_size { + MaxRequestBodySize::Small if request_body_str.len() < 1_000 => Some(request_body_str), + MaxRequestBodySize::Medium if request_body_str.len() < 10_000 => Some(request_body_str), + MaxRequestBodySize::Always => Some(request_body_str), + MaxRequestBodySize::None => unreachable!(), + _ => Some(String::new()), + } +} + impl Service for SentryMiddleware where - S: Service, Error = Error>, + S: Service, Error = Error> + 'static, S::Future: 'static, { type Response = ServiceResponse; @@ -230,6 +278,10 @@ where options.auto_session_tracking && options.session_mode == sentry_core::SessionMode::Request }); + let max_request_body_size = client + .as_ref() + .map(|client| client.options().max_request_body_size.clone()) + .unwrap_or(MaxRequestBodySize::None); if track_sessions { hub.start_session(); } @@ -237,7 +289,7 @@ where .as_ref() .is_some_and(|client| client.options().send_default_pii); - let sentry_req = sentry_request_from_http(&req, with_pii); + let mut sentry_req = sentry_request_from_http(&req, with_pii); let name = transaction_name_from_http(&req); let transaction = if inner.start_transaction { @@ -255,21 +307,34 @@ where None }; - let parent_span = hub.configure_scope(|scope| { - let parent_span = scope.get_span(); - if let Some(transaction) = transaction.as_ref() { - scope.set_span(Some(transaction.clone().into())); - } else { - scope.set_transaction((!inner.start_transaction).then_some(&name)); - } - scope.add_event_processor(move |event| Some(process_event(event, &sentry_req))); - parent_span - }); + let svc = self.service.clone(); + async move { + let mut req = req; - let fut = self.service.call(req).bind_hub(hub.clone()); + if max_request_body_size != MaxRequestBodySize::None { + if should_capture_request_body(req.headers()).await { + sentry_req.data = capture_request_body(&mut req, max_request_body_size).await; + } + } - async move { - // Service errors + let mut parent_span = hub.configure_scope(|scope| { + let parent_span = scope.get_span(); + if let Some(transaction) = transaction.as_ref() { + scope.set_span(Some(transaction.clone().into())); + } else { + scope.set_transaction((!inner.start_transaction).then_some(&name)); + } + scope.add_event_processor(move |event| Some(process_event(event, &sentry_req))); + parent_span + }); + parent_span = parent_span.map(|span| { + span.set_data( + "other_span_data", + json!({"other_span_data": "This is another data"}).into(), + ); + span + }); + let fut = svc.call(req).bind_hub(hub.clone()); let mut res: Self::Response = match fut.await { Ok(res) => res, Err(e) => { diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index 5acc051b..b19ffaf4 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -40,7 +40,7 @@ pub enum SessionMode { Request, } -#[derive(Clone)] +#[derive(Clone, PartialEq)] pub enum MaxRequestBodySize { /// Don't capture request body None, diff --git a/sentry-core/src/lib.rs b/sentry-core/src/lib.rs index 5cc39cd5..d427be4b 100644 --- a/sentry-core/src/lib.rs +++ b/sentry-core/src/lib.rs @@ -150,6 +150,9 @@ mod session; #[cfg(all(feature = "client", feature = "metrics"))] mod units; +#[cfg(feature = "client")] +pub use crate::clientoptions::MaxRequestBodySize; + #[cfg(feature = "client")] pub use crate::{client::Client, hub_impl::SwitchGuard as HubSwitchGuard}; From 84f8d9be8e9bfd226dce5202d9e1c461e760a07e Mon Sep 17 00:00:00 2001 From: bbrunell Date: Sun, 2 Feb 2025 18:35:00 +0100 Subject: [PATCH 03/15] remove unused futures dependency --- sentry-actix/Cargo.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/sentry-actix/Cargo.toml b/sentry-actix/Cargo.toml index d2429bbc..76fc2b02 100644 --- a/sentry-actix/Cargo.toml +++ b/sentry-actix/Cargo.toml @@ -20,7 +20,6 @@ sentry-core = { version = "0.36.0", path = "../sentry-core", default-features = ] } serde_json = "1.0.133" actix-http = "3.9.0" -futures = "0.3" [dev-dependencies] actix-web = { version = "4" } From 1b0fd64d367064bc0681446bdad08730d29124a1 Mon Sep 17 00:00:00 2001 From: lcian Date: Mon, 3 Feb 2025 14:59:31 +0100 Subject: [PATCH 04/15] remove useless code and dependency, address clippy lints --- sentry-actix/Cargo.toml | 1 - sentry-actix/src/lib.rs | 20 ++++++-------------- sentry-core/src/clientoptions.rs | 6 ++++++ 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/sentry-actix/Cargo.toml b/sentry-actix/Cargo.toml index 76fc2b02..12725490 100644 --- a/sentry-actix/Cargo.toml +++ b/sentry-actix/Cargo.toml @@ -18,7 +18,6 @@ futures-util = { version = "0.3.5", default-features = false } sentry-core = { version = "0.36.0", path = "../sentry-core", default-features = false, features = [ "client", ] } -serde_json = "1.0.133" actix-http = "3.9.0" [dev-dependencies] diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index d92d38f3..843c6f36 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -88,7 +88,6 @@ use futures_util::FutureExt; use sentry_core::protocol::{self, ClientSdkPackage, Event, Request}; use sentry_core::MaxRequestBodySize; use sentry_core::{Hub, SentryFutureExt}; -use serde_json::json; /// A helper construct that can be used to reconfigure and build the middleware. pub struct SentryBuilder { @@ -214,7 +213,7 @@ async fn should_capture_request_body(headers: &HeaderMap) -> bool { .get("content-type") .and_then(|h| h.to_str().ok()) .map(|s| s.to_lowercase()) - .map_or(false, |ct| { + .is_some_and(|ct| { ct.contains("application/json") || ct.contains("application/x-www-form-urlencoded") }) } @@ -311,13 +310,13 @@ where async move { let mut req = req; - if max_request_body_size != MaxRequestBodySize::None { - if should_capture_request_body(req.headers()).await { - sentry_req.data = capture_request_body(&mut req, max_request_body_size).await; - } + if max_request_body_size != MaxRequestBodySize::None + && should_capture_request_body(req.headers()).await + { + sentry_req.data = capture_request_body(&mut req, max_request_body_size).await; } - let mut parent_span = hub.configure_scope(|scope| { + let parent_span = hub.configure_scope(|scope| { let parent_span = scope.get_span(); if let Some(transaction) = transaction.as_ref() { scope.set_span(Some(transaction.clone().into())); @@ -327,13 +326,6 @@ where scope.add_event_processor(move |event| Some(process_event(event, &sentry_req))); parent_span }); - parent_span = parent_span.map(|span| { - span.set_data( - "other_span_data", - json!({"other_span_data": "This is another data"}).into(), - ); - span - }); let fut = svc.call(req).bind_hub(hub.clone()); let mut res: Self::Response = match fut.await { Ok(res) => res, diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index b19ffaf4..cd184f1c 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -40,6 +40,12 @@ pub enum SessionMode { Request, } +/// The maximum size of an HTTP request body that the SDK captures. +/// +/// Only request bodies that parse as JSON or form data are currently captured. +/// See the [Documentation on attaching request body](https://develop.sentry.dev/sdk/expected-features/#attaching-request-body-in-server-sdks) +/// and the [Documentation on handling sensitive data](https://develop.sentry.dev/sdk/expected-features/data-handling/#sensitive-data) +/// for more information. #[derive(Clone, PartialEq)] pub enum MaxRequestBodySize { /// Don't capture request body From 374d5745dabb8affe832278f308f3798e5271197 Mon Sep 17 00:00:00 2001 From: bbrunell Date: Tue, 4 Feb 2025 21:51:10 +0100 Subject: [PATCH 05/15] remove unnecessary async for should_capture_request_body --- sentry-actix/src/lib.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 59559d8a..6bdea634 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -208,7 +208,7 @@ pub struct SentryMiddleware { inner: Sentry, } -async fn should_capture_request_body(headers: &HeaderMap) -> bool { +fn should_capture_request_body(headers: &HeaderMap) -> bool { headers .get("content-type") .and_then(|h| h.to_str().ok()) @@ -314,7 +314,7 @@ where let mut req = req; if max_request_body_size != MaxRequestBodySize::None - && should_capture_request_body(req.headers()).await + && should_capture_request_body(req.headers()) { sentry_req.data = capture_request_body(&mut req, max_request_body_size).await; } From 395774af531fa968b3ccb9d76c8c6886246a782b Mon Sep 17 00:00:00 2001 From: bbrunell Date: Tue, 4 Feb 2025 22:23:21 +0100 Subject: [PATCH 06/15] feat: Add MaxRequestBodySize check for request body limits Implements a method to validate request body sizes against predefined limits: - None: Don't capture request bodies (default) - Small: Capture up to 1000 bytes - Medium: Capture up to 10000 bytes - Always: Capture entire body --- sentry-core/src/clientoptions.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index cd184f1c..fba39d82 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -58,6 +58,18 @@ pub enum MaxRequestBodySize { Always, } +impl MaxRequestBodySize { + /// Check if the content length is within the size limit. + pub fn is_within_size_limit(&self, content_length: usize) -> bool { + match self { + MaxRequestBodySize::None => false, + MaxRequestBodySize::Small => content_length <= 1_000, + MaxRequestBodySize::Medium => content_length <= 10_000, + MaxRequestBodySize::Always => true, + } + } +} + /// Configuration settings for the client. /// /// These options are explained in more detail in the general From 0072bcf8d16edefc1171420ac133e55492eb7446 Mon Sep 17 00:00:00 2001 From: bbrunell Date: Tue, 4 Feb 2025 22:40:36 +0100 Subject: [PATCH 07/15] feat(sentry-actix): Improve request body capture logic - Add chunked transfer encoding check to prevent capturing chunked requests - Add strict content-type validation for JSON and form-urlencoded - Implement content length validation against size limits --- sentry-actix/src/lib.rs | 55 ++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 6bdea634..84f7d109 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -76,7 +76,7 @@ use std::pin::Pin; use std::rc::Rc; use std::sync::Arc; -use actix_http::header::HeaderMap; +use actix_http::header::{self, HeaderMap}; use actix_web::dev::{Service, ServiceRequest, ServiceResponse, Transform}; use actix_web::error::PayloadError; use actix_web::http::StatusCode; @@ -208,14 +208,34 @@ pub struct SentryMiddleware { inner: Sentry, } -fn should_capture_request_body(headers: &HeaderMap) -> bool { - headers - .get("content-type") +async fn should_capture_request_body( + headers: &HeaderMap, + max_request_body_size: MaxRequestBodySize, +) -> bool { + let is_chunked = headers + .get(header::TRANSFER_ENCODING) .and_then(|h| h.to_str().ok()) - .map(|s| s.to_lowercase()) - .is_some_and(|ct| { - ct.contains("application/json") || ct.contains("application/x-www-form-urlencoded") - }) + .map(|transfer_encoding| transfer_encoding.contains("chunked")) + .unwrap_or(false); + + let is_valid_content_type = headers + .get(header::CONTENT_TYPE) + .and_then(|h| h.to_str().ok()) + .is_some_and(|content_type| { + matches!( + content_type, + "application/json" | "application/x-www-form-urlencoded" + ) + }); + + let is_within_size_limit = headers + .get(header::CONTENT_LENGTH) + .and_then(|h| h.to_str().ok()) + .and_then(|content_length| content_length.parse::().ok()) + .map(|content_length| max_request_body_size.is_within_size_limit(content_length)) + .unwrap_or(false); + + !is_chunked && is_valid_content_type && is_within_size_limit } /// Extract a body from the HTTP request @@ -234,20 +254,9 @@ async fn body_from_http(req: &mut ServiceRequest) -> Result(body) } -async fn capture_request_body( - req: &mut ServiceRequest, - max_size: MaxRequestBodySize, -) -> Option { +async fn capture_request_body(req: &mut ServiceRequest) -> String { let request_body = body_from_http(req).await.unwrap(); - let request_body_str = String::from_utf8_lossy(&request_body).into_owned(); - - match max_size { - MaxRequestBodySize::Small if request_body_str.len() < 1_000 => Some(request_body_str), - MaxRequestBodySize::Medium if request_body_str.len() < 10_000 => Some(request_body_str), - MaxRequestBodySize::Always => Some(request_body_str), - MaxRequestBodySize::None => unreachable!(), - _ => Some(String::new()), - } + String::from_utf8_lossy(&request_body).into_owned() } impl Service for SentryMiddleware @@ -314,9 +323,9 @@ where let mut req = req; if max_request_body_size != MaxRequestBodySize::None - && should_capture_request_body(req.headers()) + && should_capture_request_body(&req.headers(), max_request_body_size).await { - sentry_req.data = capture_request_body(&mut req, max_request_body_size).await; + sentry_req.data = Some(capture_request_body(&mut req).await); } let parent_span = hub.configure_scope(|scope| { From 728ca9cd5e7cc9f18adb74b536ebc0167936d7bf Mon Sep 17 00:00:00 2001 From: bbrunell Date: Tue, 4 Feb 2025 22:51:14 +0100 Subject: [PATCH 08/15] clippy --- sentry-actix/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 84f7d109..941fa856 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -323,7 +323,7 @@ where let mut req = req; if max_request_body_size != MaxRequestBodySize::None - && should_capture_request_body(&req.headers(), max_request_body_size).await + && should_capture_request_body(req.headers(), max_request_body_size).await { sentry_req.data = Some(capture_request_body(&mut req).await); } From 8304e43c80ce1fc77253380d8761a9e82406c56b Mon Sep 17 00:00:00 2001 From: bbrunell Date: Tue, 4 Feb 2025 22:52:45 +0100 Subject: [PATCH 09/15] feat(core): add explicit size limit option for request body capture Add new `Explicit(usize)` variant to `MaxRequestBodySize` enum, allowing users to specify custom maximum request body size limits for event capture. --- sentry-core/src/clientoptions.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index fba39d82..cf462b5b 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -56,6 +56,8 @@ pub enum MaxRequestBodySize { Medium, /// Capture entire body Always, + /// Capture up to a specific size + Explicit(usize), } impl MaxRequestBodySize { @@ -66,6 +68,7 @@ impl MaxRequestBodySize { MaxRequestBodySize::Small => content_length <= 1_000, MaxRequestBodySize::Medium => content_length <= 10_000, MaxRequestBodySize::Always => true, + MaxRequestBodySize::Explicit(size) => content_length <= *size, } } } From 212509a5aef3b1b4e1f0d03cfb67839bcae5a4bd Mon Sep 17 00:00:00 2001 From: bbrunell Date: Thu, 6 Feb 2025 19:47:30 +0100 Subject: [PATCH 10/15] remove unnecessary async for should_capture_request_body --- sentry-actix/src/lib.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 941fa856..0ef545f5 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -208,7 +208,7 @@ pub struct SentryMiddleware { inner: Sentry, } -async fn should_capture_request_body( +fn should_capture_request_body( headers: &HeaderMap, max_request_body_size: MaxRequestBodySize, ) -> bool { @@ -323,7 +323,7 @@ where let mut req = req; if max_request_body_size != MaxRequestBodySize::None - && should_capture_request_body(req.headers(), max_request_body_size).await + && should_capture_request_body(req.headers(), max_request_body_size) { sentry_req.data = Some(capture_request_body(&mut req).await); } From 15cbe05375c15060cd85ad45730ec44f7d24917e Mon Sep 17 00:00:00 2001 From: bbrunell Date: Thu, 6 Feb 2025 19:56:19 +0100 Subject: [PATCH 11/15] Add copy trait on MaxRequestBodySize --- sentry-core/src/clientoptions.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index cf462b5b..8358f70e 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -46,7 +46,7 @@ pub enum SessionMode { /// See the [Documentation on attaching request body](https://develop.sentry.dev/sdk/expected-features/#attaching-request-body-in-server-sdks) /// and the [Documentation on handling sensitive data](https://develop.sentry.dev/sdk/expected-features/data-handling/#sensitive-data) /// for more information. -#[derive(Clone, PartialEq)] +#[derive(Clone, Copy, PartialEq)] pub enum MaxRequestBodySize { /// Don't capture request body None, From 419e0b6e7e0f7bcb462c674a380fa96ed9f31c94 Mon Sep 17 00:00:00 2001 From: bbrunell Date: Thu, 6 Feb 2025 20:00:02 +0100 Subject: [PATCH 12/15] Remove MaxRequestBodySize::None check It's already handle by the is_within_size_limit. --- sentry-actix/src/lib.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 0ef545f5..48d34565 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -322,9 +322,7 @@ where async move { let mut req = req; - if max_request_body_size != MaxRequestBodySize::None - && should_capture_request_body(req.headers(), max_request_body_size) - { + if should_capture_request_body(req.headers(), max_request_body_size) { sentry_req.data = Some(capture_request_body(&mut req).await); } From 6fc160f9b5de0c5d480f7a5df6945d1f360138ba Mon Sep 17 00:00:00 2001 From: bbrunell Date: Sun, 9 Feb 2025 22:55:02 +0100 Subject: [PATCH 13/15] replace unwrap by empty string --- sentry-actix/src/lib.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 48d34565..82e4c18c 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -255,8 +255,11 @@ async fn body_from_http(req: &mut ServiceRequest) -> Result String { - let request_body = body_from_http(req).await.unwrap(); - String::from_utf8_lossy(&request_body).into_owned() + if let Ok(request_body) = body_from_http(req).await { + String::from_utf8_lossy(&request_body).into_owned() + } else { + String::new() + } } impl Service for SentryMiddleware From 72ebe3dbd55028b08194ecc74630b42e881f824d Mon Sep 17 00:00:00 2001 From: bbrunell Date: Sun, 9 Feb 2025 22:55:17 +0100 Subject: [PATCH 14/15] use copy instead of clone for max_request_body_size --- sentry-actix/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry-actix/src/lib.rs b/sentry-actix/src/lib.rs index 82e4c18c..be0f21c3 100644 --- a/sentry-actix/src/lib.rs +++ b/sentry-actix/src/lib.rs @@ -291,7 +291,7 @@ where }); let max_request_body_size = client .as_ref() - .map(|client| client.options().max_request_body_size.clone()) + .map(|client| client.options().max_request_body_size) .unwrap_or(MaxRequestBodySize::None); if track_sessions { hub.start_session(); From ca1632b48f3b42b2fe9d804946dd2cc24937f8e4 Mon Sep 17 00:00:00 2001 From: lcian Date: Fri, 14 Feb 2025 14:32:13 +0100 Subject: [PATCH 15/15] set default max_request_body_size to medium --- sentry-core/src/clientoptions.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sentry-core/src/clientoptions.rs b/sentry-core/src/clientoptions.rs index 8358f70e..583aae8c 100644 --- a/sentry-core/src/clientoptions.rs +++ b/sentry-core/src/clientoptions.rs @@ -291,7 +291,7 @@ impl Default for ClientOptions { extra_border_frames: vec![], trim_backtraces: true, user_agent: Cow::Borrowed(USER_AGENT), - max_request_body_size: MaxRequestBodySize::None, + max_request_body_size: MaxRequestBodySize::Medium, } } }