Add the Sentry event ID in error response headers

Author: sandhose

crates/axum-utils/src/fancy_error.rs

@@ -19,6 +19,8 @@ use axum::{
 };
 use mas_templates::ErrorContext;
 
+use crate::sentry::SentryEventID;
+
 pub struct FancyError {
     context: ErrorContext,
 }
@@ -59,9 +61,10 @@ impl<E: std::fmt::Debug + std::fmt::Display> From<E> for FancyError {
 impl IntoResponse for FancyError {
     fn into_response(self) -> Response {
         let error = format!("{:?}", self.context);
-        sentry::capture_message(&error, sentry::Level::Error);
+        let event_id = sentry::capture_message(&error, sentry::Level::Error);
         (
             StatusCode::INTERNAL_SERVER_ERROR,
+            SentryEventID::from(event_id),
             Extension(self.context),
             error,
         )

crates/axum-utils/src/lib.rs

@@ -28,6 +28,7 @@ pub mod csrf;
 pub mod fancy_error;
 pub mod http_client_factory;
 pub mod jwt;
+pub mod sentry;
 pub mod session;
 pub mod user_authorization;
 

crates/axum-utils/src/sentry.rs

@@ -0,0 +1,38 @@
+// Copyright 2023 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use std::convert::Infallible;
+
+use axum::response::{IntoResponseParts, ResponseParts};
+use sentry::types::Uuid;
+
+/// A wrapper to include a Sentry event ID in the response headers.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+pub struct SentryEventID(Uuid);
+
+impl From<Uuid> for SentryEventID {
+    fn from(uuid: Uuid) -> Self {
+        Self(uuid)
+    }
+}
+
+impl IntoResponseParts for SentryEventID {
+    type Error = Infallible;
+    fn into_response_parts(self, mut res: ResponseParts) -> Result<ResponseParts, Self::Error> {
+        res.headers_mut()
+            .insert("X-Sentry-Event-ID", self.0.to_string().parse().unwrap());
+
+        Ok(res)
+    }
+}

crates/handlers/src/compat/login.rs

@@ -15,6 +15,7 @@
 use axum::{extract::State, response::IntoResponse, Json};
 use chrono::Duration;
 use hyper::StatusCode;
+use mas_axum_utils::sentry::SentryEventID;
 use mas_data_model::{CompatSession, CompatSsoLoginState, Device, TokenType, User};
 use mas_storage::{
     compat::{
@@ -169,8 +170,8 @@ impl_from_error_for_route!(mas_storage::RepositoryError);
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        sentry::capture_error(&self);
-        match self {
+        let event_id = sentry::capture_error(&self);
+        let response = match self {
             Self::Internal(_) | Self::SessionNotFound => MatrixError {
                 errcode: "M_UNKNOWN",
                 error: "Internal server error",
@@ -198,8 +199,9 @@ impl IntoResponse for RouteError {
                 error: "Invalid login token",
                 status: StatusCode::FORBIDDEN,
             },
-        }
-        .into_response()
+        };
+
+        (SentryEventID::from(event_id), response).into_response()
     }
 }
 

crates/handlers/src/compat/login_sso_redirect.rs

@@ -18,6 +18,7 @@ use axum::{
     response::IntoResponse,
 };
 use hyper::StatusCode;
+use mas_axum_utils::sentry::SentryEventID;
 use mas_router::{CompatLoginSsoAction, CompatLoginSsoComplete, UrlBuilder};
 use mas_storage::{compat::CompatSsoLoginRepository, BoxClock, BoxRepository, BoxRng};
 use rand::distributions::{Alphanumeric, DistString};
@@ -51,8 +52,13 @@ impl_from_error_for_route!(mas_storage::RepositoryError);
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        sentry::capture_error(&self);
-        (StatusCode::INTERNAL_SERVER_ERROR, format!("{self}")).into_response()
+        let event_id = sentry::capture_error(&self);
+        (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            SentryEventID::from(event_id),
+            format!("{self}"),
+        )
+            .into_response()
     }
 }
 

crates/handlers/src/compat/logout.rs

@@ -15,6 +15,7 @@
 use axum::{response::IntoResponse, Json, TypedHeader};
 use headers::{authorization::Bearer, Authorization};
 use hyper::StatusCode;
+use mas_axum_utils::sentry::SentryEventID;
 use mas_data_model::TokenType;
 use mas_storage::{
     compat::{CompatAccessTokenRepository, CompatSessionRepository},
@@ -45,8 +46,8 @@ impl_from_error_for_route!(mas_storage::RepositoryError);
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        sentry::capture_error(&self);
-        match self {
+        let event_id = sentry::capture_error(&self);
+        let response = match self {
             Self::Internal(_) => MatrixError {
                 errcode: "M_UNKNOWN",
                 error: "Internal error",
@@ -62,8 +63,9 @@ impl IntoResponse for RouteError {
                 error: "Invalid access token",
                 status: StatusCode::UNAUTHORIZED,
             },
-        }
-        .into_response()
+        };
+
+        (SentryEventID::from(event_id), response).into_response()
     }
 }
 

crates/handlers/src/compat/refresh.rs

@@ -15,6 +15,7 @@
 use axum::{extract::State, response::IntoResponse, Json};
 use chrono::Duration;
 use hyper::StatusCode;
+use mas_axum_utils::sentry::SentryEventID;
 use mas_data_model::{TokenFormatError, TokenType};
 use mas_storage::{
     compat::{CompatAccessTokenRepository, CompatRefreshTokenRepository, CompatSessionRepository},
@@ -52,8 +53,8 @@ pub enum RouteError {
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        sentry::capture_error(&self);
-        match self {
+        let event_id = sentry::capture_error(&self);
+        let response = match self {
             Self::Internal(_) | Self::UnknownSession => MatrixError {
                 errcode: "M_UNKNOWN",
                 error: "Internal error",
@@ -64,8 +65,9 @@ impl IntoResponse for RouteError {
                 error: "Invalid refresh token",
                 status: StatusCode::UNAUTHORIZED,
             },
-        }
-        .into_response()
+        };
+
+        (SentryEventID::from(event_id), response).into_response()
     }
 }
 

crates/handlers/src/graphql/mod.rs

@@ -28,7 +28,9 @@ use axum::{
 use futures_util::TryStreamExt;
 use headers::{authorization::Bearer, Authorization, ContentType, HeaderValue};
 use hyper::header::CACHE_CONTROL;
-use mas_axum_utils::{cookies::CookieJar, FancyError, SessionInfo, SessionInfoExt};
+use mas_axum_utils::{
+    cookies::CookieJar, sentry::SentryEventID, FancyError, SessionInfo, SessionInfoExt,
+};
 use mas_data_model::User;
 use mas_graphql::{Requester, Schema};
 use mas_matrix::HomeserverConnection;
@@ -144,9 +146,9 @@ impl_from_error_for_route!(mas_storage::RepositoryError);
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> Response {
-        sentry::capture_error(&self);
+        let event_id = sentry::capture_error(&self);
 
-        match self {
+        let response = match self {
             e @ (Self::Internal(_) | Self::LoadFailed) => {
                 let error = async_graphql::Error::new_with_source(e);
                 (
@@ -182,7 +184,9 @@ impl IntoResponse for RouteError {
                 )
                     .into_response()
             }
-        }
+        };
+
+        (SentryEventID::from(event_id), response).into_response()
     }
 }
 

crates/handlers/src/oauth2/authorization/complete.rs

@@ -17,7 +17,7 @@ use axum::{
     response::{Html, IntoResponse, Response},
 };
 use hyper::StatusCode;
-use mas_axum_utils::{cookies::CookieJar, csrf::CsrfExt, SessionInfoExt};
+use mas_axum_utils::{cookies::CookieJar, csrf::CsrfExt, sentry::SentryEventID, SessionInfoExt};
 use mas_data_model::{AuthorizationGrant, BrowserSession, Client, Device};
 use mas_keystore::Keystore;
 use mas_policy::{EvaluationResult, Policy};
@@ -53,9 +53,9 @@ pub enum RouteError {
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        sentry::capture_error(&self);
+        let event = sentry::capture_error(&self);
         // TODO: better error pages
-        match self {
+        let response = match self {
             RouteError::NotFound => {
                 (StatusCode::NOT_FOUND, "authorization grant was not found").into_response()
             }
@@ -67,7 +67,9 @@ impl IntoResponse for RouteError {
             RouteError::Internal(_) | Self::NoSuchClient => {
                 (StatusCode::INTERNAL_SERVER_ERROR, self.to_string()).into_response()
             }
-        }
+        };
+
+        (SentryEventID::from(event), response).into_response()
     }
 }
 

crates/handlers/src/oauth2/authorization/mod.rs

@@ -17,7 +17,7 @@ use axum::{
     response::{Html, IntoResponse, Response},
 };
 use hyper::StatusCode;
-use mas_axum_utils::{cookies::CookieJar, csrf::CsrfExt, SessionInfoExt};
+use mas_axum_utils::{cookies::CookieJar, csrf::CsrfExt, sentry::SentryEventID, SessionInfoExt};
 use mas_data_model::{AuthorizationCode, Pkce};
 use mas_keystore::Keystore;
 use mas_policy::Policy;
@@ -64,9 +64,9 @@ pub enum RouteError {
 
 impl IntoResponse for RouteError {
     fn into_response(self) -> axum::response::Response {
-        sentry::capture_error(&self);
+        let event_id = sentry::capture_error(&self);
         // TODO: better error pages
-        match self {
+        let response = match self {
             RouteError::Internal(e) => {
                 (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response()
             }
@@ -84,7 +84,9 @@ impl IntoResponse for RouteError {
                 format!("Invalid redirect URI ({e})"),
             )
                 .into_response(),
-        }
+        };
+
+        (SentryEventID::from(event_id), response).into_response()
     }
 }