views.py 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270
  1. import json
  2. import logging
  3. import random
  4. import string
  5. import uuid
  6. from urllib.parse import urlparse
  7. from django.conf import settings
  8. from django.core.exceptions import ValidationError
  9. from django.db.models import Exists, OuterRef
  10. from django.db.models.expressions import RawSQL
  11. from django.db.utils import IntegrityError
  12. from django.http import HttpResponse
  13. from django.test import RequestFactory
  14. from rest_framework import exceptions, permissions, status
  15. from rest_framework.response import Response
  16. from rest_framework.views import APIView
  17. from sentry_sdk import capture_exception, set_context, set_level
  18. from difs.models import DebugInformationFile
  19. from difs.tasks import difs_run_resolve_stacktrace
  20. # from glitchtip.exceptions import ServiceUnavailableException
  21. from performance.serializers import TransactionEventSerializer
  22. from projects.models import Project
  23. from sentry.utils.auth import parse_auth_header
  24. from .negotiation import IgnoreClientContentNegotiation
  25. from .parsers import EnvelopeParser
  26. from .serializers import (
  27. EnvelopeHeaderSerializer,
  28. StoreCSPReportSerializer,
  29. StoreDefaultSerializer,
  30. StoreErrorSerializer,
  31. )
  32. # from .tasks import ingest_event
  33. logger = logging.getLogger(__name__)
  34. def test_event_view(request):
  35. """
  36. This view is used only to test event store performance
  37. It requires DEBUG to be True
  38. """
  39. factory = RequestFactory()
  40. request = request = factory.get(
  41. "/api/6/store/?sentry_key=244703e8083f4b16988c376ea46e9a08"
  42. )
  43. with open("events/test_data/py_hi_event.json") as json_file:
  44. data = json.load(json_file)
  45. data["event_id"] = uuid.uuid4()
  46. data["message"] = "".join(
  47. random.choices(string.ascii_uppercase + string.digits, k=8)
  48. )
  49. request.data = data
  50. EventStoreAPIView().post(request, id=6)
  51. return HttpResponse("<html><body></body></html>")
  52. class BaseEventAPIView(APIView):
  53. permission_classes = [permissions.AllowAny]
  54. authentication_classes = []
  55. content_negotiation_class = IgnoreClientContentNegotiation
  56. http_method_names = ["post"]
  57. def check_status(self):
  58. if settings.MAINTENANCE_EVENT_FREEZE:
  59. raise ServiceUnavailableException(
  60. {
  61. "message": "Events are not currently being accepted due to maintenance."
  62. },
  63. )
  64. if settings.EVENT_STORE_DEBUG:
  65. print(json.dumps(self.request.data))
  66. @classmethod
  67. def auth_from_request(cls, request):
  68. # Accept both sentry or glitchtip prefix.
  69. for k in request.GET.keys():
  70. if k in ["sentry_key", "glitchtip_key"]:
  71. return request.GET[k]
  72. if auth_header := request.META.get(
  73. "HTTP_X_SENTRY_AUTH", request.META.get("HTTP_AUTHORIZATION")
  74. ):
  75. result = parse_auth_header(auth_header)
  76. return result.get("sentry_key", result.get("glitchtip_key"))
  77. if isinstance(request.data, list):
  78. if data_first := next(iter(request.data), None):
  79. if isinstance(data_first, dict):
  80. dsn = urlparse(data_first.get("dsn"))
  81. if username := dsn.username:
  82. return username
  83. raise exceptions.NotAuthenticated("Unable to find authentication information")
  84. def get_project(self, request, project_id):
  85. sentry_key = BaseEventAPIView.auth_from_request(request)
  86. difs_subquery = DebugInformationFile.objects.filter(project_id=OuterRef("pk"))
  87. if isinstance(request.data, list) and len(request.data) > 1:
  88. data = request.data[2]
  89. else:
  90. data = request.data
  91. try:
  92. project = (
  93. Project.objects.filter(id=project_id, projectkey__public_key=sentry_key)
  94. .annotate(
  95. has_difs=Exists(difs_subquery),
  96. release_id=RawSQL(
  97. "select releases_release.id from releases_release inner join releases_releaseproject on releases_releaseproject.release_id = releases_release.id and releases_releaseproject.project_id=%s where version=%s limit 1",
  98. [project_id, data.get("release")],
  99. ),
  100. environment_id=RawSQL(
  101. "select environments_environment.id from environments_environment inner join environments_environmentproject on environments_environmentproject.environment_id = environments_environment.id and environments_environmentproject.project_id=%s where environments_environment.name=%s limit 1",
  102. [project_id, data.get("environment")],
  103. ),
  104. )
  105. .select_related("organization")
  106. .only(
  107. "id",
  108. "first_event",
  109. "slug",
  110. "organization__is_accepting_events",
  111. "organization__slug",
  112. )
  113. .first()
  114. )
  115. except ValidationError as err:
  116. raise exceptions.AuthenticationFailed({"error": "Invalid api key"}) from err
  117. if not project:
  118. if Project.objects.filter(id=project_id).exists():
  119. raise exceptions.AuthenticationFailed({"error": "Invalid api key"})
  120. raise exceptions.ValidationError("Invalid project_id: %s" % project_id)
  121. if not project.organization.is_accepting_events:
  122. raise exceptions.Throttled(detail="event rejected due to rate limit")
  123. return project
  124. def get_event_serializer_class(self, data=None):
  125. """Determine event type and return serializer"""
  126. if data is None:
  127. data = []
  128. if "exception" in data and data["exception"]:
  129. return StoreErrorSerializer
  130. if "platform" not in data:
  131. return StoreCSPReportSerializer
  132. return StoreDefaultSerializer
  133. def process_event(self, data, request, project):
  134. set_context("incoming event", data)
  135. serializer = self.get_event_serializer_class(data)(
  136. data=data, context={"request": self.request, "project": project}
  137. )
  138. try:
  139. serializer.is_valid(raise_exception=True)
  140. except exceptions.ValidationError as err:
  141. set_level("warning")
  142. capture_exception(err)
  143. logger.warning("Invalid event %s", serializer.errors)
  144. return Response()
  145. event = serializer.save()
  146. if event.data.get("exception") is not None and project.has_difs:
  147. difs_run_resolve_stacktrace(event.event_id)
  148. return Response({"id": event.event_id_hex})
  149. class EventStoreAPIView(BaseEventAPIView):
  150. def post(self, request, *args, **kwargs):
  151. self.check_status()
  152. try:
  153. project = self.get_project(request, kwargs.get("id"))
  154. except exceptions.AuthenticationFailed as err:
  155. # Replace 403 status code with 401 to match OSS Sentry
  156. return Response(err.detail, status=401)
  157. return self.process_event(request.data, request, project)
  158. class CSPStoreAPIView(EventStoreAPIView):
  159. pass
  160. class EnvelopeAPIView(BaseEventAPIView):
  161. parser_classes = [EnvelopeParser]
  162. def get_serializer_class(self):
  163. return TransactionEventSerializer
  164. def post(self, request, *args, **kwargs):
  165. self.check_status()
  166. project = self.get_project(request, kwargs.get("id"))
  167. data = request.data
  168. if len(data) < 2:
  169. logger.warning("Envelope has no headers %s", data)
  170. raise exceptions.ValidationError("Envelope has no headers")
  171. event_header_serializer = EnvelopeHeaderSerializer(data=data.pop(0))
  172. event_header_serializer.is_valid(raise_exception=True)
  173. # Multi part envelopes are not yet supported
  174. message_header = data.pop(0)
  175. if message_header.get("type") == "transaction":
  176. serializer = self.get_serializer_class()(
  177. data=data.pop(0), context={"request": self.request, "project": project}
  178. )
  179. try:
  180. serializer.is_valid(raise_exception=True)
  181. except exceptions.ValidationError as err:
  182. logger.warning("Invalid envelope payload", exc_info=True)
  183. raise err
  184. try:
  185. event = serializer.save()
  186. except IntegrityError as err:
  187. logger.warning("Duplicate event id", exc_info=True)
  188. raise exceptions.ValidationError("Duplicate event id") from err
  189. return Response({"id": event.event_id_hex})
  190. elif message_header.get("type") == "event":
  191. event_data = data.pop(0)
  192. return self.process_event(event_data, request, project)
  193. elif message_header.get("type") == "session":
  194. return Response(
  195. {
  196. "message": "Attempted to record a session event, which are not supported. This is safe to ignore. You may be able to suppress this message by disabling auto session tracking in your SDK. See https://gitlab.com/glitchtip/glitchtip-backend/-/issues/206"
  197. },
  198. status=status.HTTP_501_NOT_IMPLEMENTED,
  199. )
  200. return Response(status=status.HTTP_501_NOT_IMPLEMENTED)
  201. # # The A prefix is temporary, do not copy it
  202. # class ABaseEventAPIView(BaseEventAPIView):
  203. # async def get_project(self, request, **kwargs):
  204. # sentry_key = BaseEventAPIView.auth_from_request(request)
  205. # project_id = kwargs.get("id")
  206. # return (
  207. # await Project.objects.filter(
  208. # id=project_id,
  209. # projectkey__public_key=sentry_key,
  210. # )
  211. # .select_related("organization")
  212. # .only(
  213. # "id",
  214. # "organization__is_accepting_events",
  215. # )
  216. # .afirst()
  217. # )
  218. # class AEventStoreAPIView(ABaseEventAPIView):
  219. # async def post(self, request, *args, **kwargs):
  220. # self.check_status()
  221. # data = request.data
  222. # if event_id_data := data.pop("event_id", None):
  223. # try:
  224. # event_id = uuid.UUID(event_id_data)
  225. # except ValueError:
  226. # raise exception.ValidationError("Invalid Event ID")
  227. # else:
  228. # event_id = uuid.uuid4()
  229. # project = await self.get_project(request, **kwargs)
  230. # if not project:
  231. # raise exceptions.ValidationError("Invalid DSN")
  232. # if not project.organization.is_accepting_events:
  233. # raise exceptions.Throttled(detail="event rejected due to rate limit")
  234. # res = ingest_event.delay(project.id, event_id, data)
  235. # return Response({"id": event_id.hex})