Capture request body on unhandled exception

Author: jessarcher

config/nightwatch.php

@@ -6,6 +6,8 @@
     'deployment' => env('NIGHTWATCH_DEPLOY'),
     'server' => env('NIGHTWATCH_SERVER', (string) gethostname()),
     'capture_exception_source_code' => env('NIGHTWATCH_CAPTURE_EXCEPTION_SOURCE_CODE', true),
+    'capture_request_body' => env('NIGHTWATCH_CAPTURE_REQUEST_BODY', false),
+    'redact_keys' => explode(',', env('NIGHTWATCH_REDACT_KEYS', 'password,password_confirmation')),
     'redact_headers' => explode(',', env('NIGHTWATCH_REDACT_HEADERS', 'Authorization,Cookie,Proxy-Authorization,X-XSRF-TOKEN')),
 
     'sampling' => [

src/NightwatchServiceProvider.php

@@ -121,6 +121,8 @@ final class NightwatchServiceProvider extends ServiceProvider
      *     server?: string,
      *     ingest?: array{ uri?: string, timeout?: float|int, connection_timeout?: float|int, event_buffer?: int },
      *     capture_exception_source_code?: bool,
+     *     capture_request_body?: bool,
+     *     redact_keys?: string[],
      *     redact_headers?: string[],
      *  }
      */
@@ -252,6 +254,8 @@ private function buildAndRegisterCore(): void
                     publicPath: $this->app->publicPath(),
                 ),
                 captureExceptionSourceCode: (bool) ($this->nightwatchConfig['capture_exception_source_code'] ?? true),
+                captureRequestBody: (bool) ($this->nightwatchConfig['capture_request_body'] ?? false),
+                redactKeys: $this->nightwatchConfig['redact_keys'] ?? ['password', 'password_confirmation'],
                 redactHeaders: $this->nightwatchConfig['redact_headers'] ?? ['Authorization', 'Cookie', 'Proxy-Authorization', 'X-XSRF-TOKEN'],
                 config: $this->config,
             ),

src/Records/Request.php

@@ -2,7 +2,9 @@
 
 namespace Laravel\Nightwatch\Records;
 
+use Symfony\Component\HttpFoundation\FileBag;
 use Symfony\Component\HttpFoundation\HeaderBag;
+use Symfony\Component\HttpFoundation\InputBag;
 
 final class Request
 {
@@ -23,6 +25,8 @@ public function __construct(
         public readonly int $requestSize,
         public readonly int $responseSize,
         public HeaderBag $headers,
+        public ?InputBag $payload,
+        public FileBag $files,
     ) {
         //
     }

src/SensorManager.php

@@ -128,13 +128,16 @@ final class SensorManager
     public $commandSensor;
 
     /**
+     * @param  list<string>  $redactKeys
      * @param  list<string>  $redactHeaders
      */
     public function __construct(
         private RequestState|CommandState $executionState,
         private Clock $clock,
         public Location $location,
         private bool $captureExceptionSourceCode,
+        private bool $captureRequestBody,
+        private array $redactKeys,
         private array $redactHeaders,
         private Repository $config,
     ) {
@@ -158,6 +161,8 @@ public function request(Request $request, Response $response): array
     {
         $sensor = $this->requestSensor ??= new RequestSensor(
             requestState: $this->executionState, // @phpstan-ignore argument.type
+            captureBody: $this->captureRequestBody,
+            redactKeys: $this->redactKeys,
             redactHeaders: $this->redactHeaders,
         );
 

src/Sensors/RequestSensor.php

@@ -3,24 +3,31 @@
 namespace Laravel\Nightwatch\Sensors;
 
 use Illuminate\Http\Request;
+use Illuminate\Http\UploadedFile;
 use Illuminate\Routing\Route;
+use Illuminate\Support\Arr;
 use Laravel\Nightwatch\Concerns\RecordsContext;
 use Laravel\Nightwatch\Concerns\RedactsHeaders;
 use Laravel\Nightwatch\ExecutionStage;
 use Laravel\Nightwatch\Records\Request as RequestRecord;
 use Laravel\Nightwatch\State\RequestState;
 use Laravel\Nightwatch\Types\Str;
 use Symfony\Component\HttpFoundation\BinaryFileResponse;
+use Symfony\Component\HttpFoundation\InputBag;
 use Symfony\Component\HttpFoundation\Response;
 use Throwable;
 
+use function array_map;
 use function array_sum;
 use function hash;
 use function implode;
+use function in_array;
+use function is_array;
 use function is_int;
 use function is_numeric;
 use function is_string;
 use function json_encode;
+use function rescue;
 use function sort;
 use function strlen;
 use function tap;
@@ -34,10 +41,13 @@ final class RequestSensor
     use RedactsHeaders;
 
     /**
+     * @param  list<string>  $redactKeys
      * @param  list<string>  $redactHeaders
      */
     public function __construct(
         private RequestState $requestState,
+        private bool $captureBody,
+        private array $redactKeys,
         private array $redactHeaders,
     ) {
         //
@@ -91,6 +101,8 @@ public function __invoke(Request $request, Response $response): array
                     $headers->remove('php-auth-pw');
                     $headers->remove('php-auth-digest');
                 }),
+                payload: rescue(fn () => $request->getPayload(), report: false),
+                files: clone $request->files,
             ),
             function () use ($record) {
                 return [
@@ -139,6 +151,18 @@ function () use ($record) {
                     'exception_preview' => Str::tinyText($this->requestState->exceptionPreview),
                     'context' => $this->serializedContext(),
                     'headers' => Str::text(json_encode((object) $this->redactHeaders($record->headers, $this->redactHeaders)->all(), JSON_THROW_ON_ERROR | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_PRESERVE_ZERO_FRACTION)),
+                    'body' => $this->captureBody && $record->statusCode === 500
+                        ? Str::text(json_encode([
+                            'payload' => $record->payload instanceof InputBag ? $this->redactRecursively($record->payload->all()) : null,
+                            'files' => array_map(fn (UploadedFile $file) => [
+                                'client_name' => $file->getClientOriginalName(),
+                                'client_mime_type' => $file->getClientMimeType(),
+                                'mime_type' => $file->getMimeType(),
+                                'size' => $file->getSize(),
+                                'path' => $file->getPathname(),
+                            ], $record->files->all()),
+                        ], JSON_THROW_ON_ERROR | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT))
+                        : '',
                 ];
             },
         ];
@@ -169,4 +193,19 @@ private function parseResponseSize(Response $response): int
         // streamed response, e.g., echo Nightwatch::streaming($content);
         return 0;
     }
+
+    /**
+     * @param  array<mixed>  $array
+     * @return array<mixed>
+     */
+    private function redactRecursively(array $array): array
+    {
+        return Arr::map($array, function ($value, $key) {
+            if (is_array($value)) {
+                return $this->redactRecursively($value);
+            }
+
+            return ! in_array($key, $this->redactKeys, true) || ! is_string($value) ? $value : '['.strlen($value).' bytes redacted]';
+        });
+    }
 }

tests/Feature/Sensors/RequestSensorTest.php

@@ -13,6 +13,7 @@
 use Illuminate\Contracts\Support\Arrayable;
 use Illuminate\Foundation\Http\Events\RequestHandled;
 use Illuminate\Http\Request;
+use Illuminate\Http\UploadedFile;
 use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Context;
@@ -26,6 +27,7 @@
 use Orchestra\Testbench\Attributes\WithEnv;
 use Tests\TestCase;
 
+use function array_keys;
 use function fseek;
 use function fwrite;
 use function hash;
@@ -112,6 +114,7 @@ public function test_it_can_ingest_requests(): void
                 'exception_preview' => '',
                 'context' => Compatibility::$contextExists ? '{}' : '',
                 'headers' => '{"host":["localhost"],"user-agent":["Symfony"],"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"accept-language":["en-us,en;q=0.5"],"accept-charset":["ISO-8859-1,utf-8;q=0.7,*;q=0.7"]}',
+                'body' => '',
             ],
         ]);
     }
@@ -932,6 +935,140 @@ public function test_it_handles_unconventional_headers(): void
         });
     }
 
+    #[WithEnv('NIGHTWATCH_CAPTURE_REQUEST_BODY', 'true')]
+    public function test_it_captures_a_form_request_body_on_unhandled_exceptions(): void
+    {
+        $ingest = $this->fakeIngest();
+        Route::patch('/register', function () {
+            throw new Exception('Whoops!');
+        });
+
+        $response = $this
+            ->patch('/register?redirect=1', [
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '$f4c4d3',
+                ],
+                'avatar' => UploadedFile::fake()->create('avatar.jpg', 1, 'image/jpeg'),
+            ]);
+
+        $response->assertInternalServerError();
+        $ingest->assertWrittenTimes(1);
+        $ingest->assertLatestWrite('request:0.body', function ($body) {
+            $body = json_decode($body, true);
+            $this->assertNotNull($body);
+            $this->assertSame([
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '[7 bytes redacted]',
+                ],
+            ], $body['payload']);
+            $this->assertCount(1, $body['files']);
+            $this->assertEqualsCanonicalizing([
+                'client_name',
+                'client_mime_type',
+                'mime_type',
+                'size',
+                'path',
+            ], array_keys($body['files']['avatar']));
+            $this->assertSame('avatar.jpg', $body['files']['avatar']['client_name']);
+            $this->assertSame('image/jpeg', $body['files']['avatar']['client_mime_type']);
+            $this->assertSame('image/jpeg', $body['files']['avatar']['mime_type']);
+            $this->assertSame(1024, $body['files']['avatar']['size']);
+            $this->assertFileExists($body['files']['avatar']['path']);
+
+            return true;
+        });
+    }
+
+    #[WithEnv('NIGHTWATCH_CAPTURE_REQUEST_BODY', 'true')]
+    public function test_it_captures_a_json_body_on_unhandled_exceptions(): void
+    {
+        $ingest = $this->fakeIngest();
+        Route::patch('/register', function () {
+            throw new Exception('Whoops!');
+        });
+
+        $response = $this
+            ->patchJson('/register?redirect=1', [
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '$f4c4d3',
+                ],
+            ]);
+
+        $response->assertInternalServerError();
+        $ingest->assertWrittenTimes(1);
+        $ingest->assertLatestWrite('request:0.body', function ($body) {
+            $body = json_decode($body, true);
+            $this->assertNotNull($body);
+            $this->assertSame([
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '[7 bytes redacted]',
+                ],
+            ], $body['payload']);
+            $this->assertCount(0, $body['files']);
+
+            return true;
+        });
+    }
+
+    #[WithEnv('NIGHTWATCH_CAPTURE_REQUEST_BODY', 'true')]
+    #[WithEnv('NIGHTWATCH_REDACT_KEYS', 'foo')]
+    public function test_the_redacted_keys_can_be_customized(): void
+    {
+        $ingest = $this->fakeIngest();
+        Route::patch('/register', function () {
+            throw new Exception('Whoops!');
+        });
+
+        $response = $this
+            ->patch('/register?redirect=1', [
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '$f4c4d3',
+                ],
+                'foo' => 'bar',
+            ]);
+
+        $response->assertInternalServerError();
+        $ingest->assertWrittenTimes(1);
+        $ingest->assertLatestWrite('request:0.body', function ($body) {
+            $body = json_decode($body, true);
+            $this->assertNotNull($body);
+            $this->assertSame([
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '$f4c4d3',
+                ],
+                'foo' => '[3 bytes redacted]',
+            ], $body['payload']);
+
+            return true;
+        });
+    }
+
+    public function test_it_doesnt_capture_request_body_on_unhandled_exceptions_by_default(): void
+    {
+        $ingest = $this->fakeIngest();
+        Route::patch('/register', function () {
+            throw new Exception('Whoops!');
+        });
+
+        $response = $this
+            ->patchJson('/register?redirect=1', [
+                'user' => [
+                    'username' => 'taylor',
+                    'password' => '$f4c4d3',
+                ],
+            ]);
+
+        $response->assertInternalServerError();
+        $ingest->assertWrittenTimes(1);
+        $ingest->assertLatestWrite('request:0.body', '');
+    }
+
     public function test_livewire_2(): void
     {
         $this->markTestSkippedWhen(version_compare(InstalledVersions::getVersion('livewire/livewire'), '3.0.0', '>='), 'Requires Livewire 2');