express.js 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487
  1. import { _optionalChain } from '@sentry/utils';
  2. import { spanToJSON, SEMANTIC_ATTRIBUTE_SENTRY_SOURCE } from '@sentry/core';
  3. import { logger, getNumberOfUrlSegments, stripUrlQueryAndFragment, extractPathForTransaction, isRegExp, GLOBAL_OBJ } from '@sentry/utils';
  4. import { DEBUG_BUILD } from '../../common/debug-build.js';
  5. import { shouldDisableAutoInstrumentation } from './utils/node-utils.js';
  6. /* eslint-disable max-lines */
  7. /**
  8. * Express integration
  9. *
  10. * Provides an request and error handler for Express framework as well as tracing capabilities
  11. */
  12. class Express {
  13. /**
  14. * @inheritDoc
  15. */
  16. static __initStatic() {this.id = 'Express';}
  17. /**
  18. * @inheritDoc
  19. */
  20. /**
  21. * Express App instance
  22. */
  23. /**
  24. * @inheritDoc
  25. */
  26. constructor(options = {}) {
  27. this.name = Express.id;
  28. this._router = options.router || options.app;
  29. this._methods = (Array.isArray(options.methods) ? options.methods : []).concat('use');
  30. }
  31. /**
  32. * @inheritDoc
  33. */
  34. setupOnce(_, getCurrentHub) {
  35. if (!this._router) {
  36. DEBUG_BUILD && logger.error('ExpressIntegration is missing an Express instance');
  37. return;
  38. }
  39. if (shouldDisableAutoInstrumentation(getCurrentHub)) {
  40. DEBUG_BUILD && logger.log('Express Integration is skipped because of instrumenter configuration.');
  41. return;
  42. }
  43. instrumentMiddlewares(this._router, this._methods);
  44. instrumentRouter(this._router );
  45. }
  46. }Express.__initStatic();
  47. /**
  48. * Wraps original middleware function in a tracing call, which stores the info about the call as a span,
  49. * and finishes it once the middleware is done invoking.
  50. *
  51. * Express middlewares have 3 various forms, thus we have to take care of all of them:
  52. * // sync
  53. * app.use(function (req, res) { ... })
  54. * // async
  55. * app.use(function (req, res, next) { ... })
  56. * // error handler
  57. * app.use(function (err, req, res, next) { ... })
  58. *
  59. * They all internally delegate to the `router[method]` of the given application instance.
  60. */
  61. // eslint-disable-next-line @typescript-eslint/ban-types, @typescript-eslint/no-explicit-any
  62. function wrap(fn, method) {
  63. const arity = fn.length;
  64. switch (arity) {
  65. case 2: {
  66. return function ( req, res) {
  67. const transaction = res.__sentry_transaction;
  68. if (transaction) {
  69. // eslint-disable-next-line deprecation/deprecation
  70. const span = transaction.startChild({
  71. description: fn.name,
  72. op: `middleware.express.${method}`,
  73. origin: 'auto.middleware.express',
  74. });
  75. res.once('finish', () => {
  76. span.end();
  77. });
  78. }
  79. return fn.call(this, req, res);
  80. };
  81. }
  82. case 3: {
  83. return function (
  84. req,
  85. res,
  86. next,
  87. ) {
  88. const transaction = res.__sentry_transaction;
  89. // eslint-disable-next-line deprecation/deprecation
  90. const span = _optionalChain([transaction, 'optionalAccess', _2 => _2.startChild, 'call', _3 => _3({
  91. description: fn.name,
  92. op: `middleware.express.${method}`,
  93. origin: 'auto.middleware.express',
  94. })]);
  95. fn.call(this, req, res, function ( ...args) {
  96. _optionalChain([span, 'optionalAccess', _4 => _4.end, 'call', _5 => _5()]);
  97. next.call(this, ...args);
  98. });
  99. };
  100. }
  101. case 4: {
  102. return function (
  103. err,
  104. req,
  105. res,
  106. next,
  107. ) {
  108. const transaction = res.__sentry_transaction;
  109. // eslint-disable-next-line deprecation/deprecation
  110. const span = _optionalChain([transaction, 'optionalAccess', _6 => _6.startChild, 'call', _7 => _7({
  111. description: fn.name,
  112. op: `middleware.express.${method}`,
  113. origin: 'auto.middleware.express',
  114. })]);
  115. fn.call(this, err, req, res, function ( ...args) {
  116. _optionalChain([span, 'optionalAccess', _8 => _8.end, 'call', _9 => _9()]);
  117. next.call(this, ...args);
  118. });
  119. };
  120. }
  121. default: {
  122. throw new Error(`Express middleware takes 2-4 arguments. Got: ${arity}`);
  123. }
  124. }
  125. }
  126. /**
  127. * Takes all the function arguments passed to the original `app` or `router` method, eg. `app.use` or `router.use`
  128. * and wraps every function, as well as array of functions with a call to our `wrap` method.
  129. * We have to take care of the arrays as well as iterate over all of the arguments,
  130. * as `app.use` can accept middlewares in few various forms.
  131. *
  132. * app.use([<path>], <fn>)
  133. * app.use([<path>], <fn>, ...<fn>)
  134. * app.use([<path>], ...<fn>[])
  135. */
  136. function wrapMiddlewareArgs(args, method) {
  137. return args.map((arg) => {
  138. if (typeof arg === 'function') {
  139. return wrap(arg, method);
  140. }
  141. if (Array.isArray(arg)) {
  142. return arg.map((a) => {
  143. if (typeof a === 'function') {
  144. return wrap(a, method);
  145. }
  146. return a;
  147. });
  148. }
  149. return arg;
  150. });
  151. }
  152. /**
  153. * Patches original router to utilize our tracing functionality
  154. */
  155. function patchMiddleware(router, method) {
  156. const originalCallback = router[method];
  157. router[method] = function (...args) {
  158. return originalCallback.call(this, ...wrapMiddlewareArgs(args, method));
  159. };
  160. return router;
  161. }
  162. /**
  163. * Patches original router methods
  164. */
  165. function instrumentMiddlewares(router, methods = []) {
  166. methods.forEach((method) => patchMiddleware(router, method));
  167. }
  168. /**
  169. * Patches the prototype of Express.Router to accumulate the resolved route
  170. * if a layer instance's `match` function was called and it returned a successful match.
  171. *
  172. * @see https://github.com/expressjs/express/blob/master/lib/router/index.js
  173. *
  174. * @param appOrRouter the router instance which can either be an app (i.e. top-level) or a (nested) router.
  175. */
  176. function instrumentRouter(appOrRouter) {
  177. // This is how we can distinguish between app and routers
  178. const isApp = 'settings' in appOrRouter;
  179. // In case the app's top-level router hasn't been initialized yet, we have to do it now
  180. if (isApp && appOrRouter._router === undefined && appOrRouter.lazyrouter) {
  181. appOrRouter.lazyrouter();
  182. }
  183. const router = isApp ? appOrRouter._router : appOrRouter;
  184. if (!router) {
  185. /*
  186. If we end up here, this means likely that this integration is used with Express 3 or Express 5.
  187. For now, we don't support these versions (3 is very old and 5 is still in beta). To support Express 5,
  188. we'd need to make more changes to the routing instrumentation because the router is no longer part of
  189. the Express core package but maintained in its own package. The new router has different function
  190. signatures and works slightly differently, demanding more changes than just taking the router from
  191. `app.router` instead of `app._router`.
  192. @see https://github.com/pillarjs/router
  193. TODO: Proper Express 5 support
  194. */
  195. DEBUG_BUILD && logger.debug('Cannot instrument router for URL Parameterization (did not find a valid router).');
  196. DEBUG_BUILD && logger.debug('Routing instrumentation is currently only supported in Express 4.');
  197. return;
  198. }
  199. const routerProto = Object.getPrototypeOf(router) ;
  200. const originalProcessParams = routerProto.process_params;
  201. routerProto.process_params = function process_params(
  202. layer,
  203. called,
  204. req,
  205. res,
  206. done,
  207. ) {
  208. // Base case: We're in the first part of the URL (thus we start with the root '/')
  209. if (!req._reconstructedRoute) {
  210. req._reconstructedRoute = '';
  211. }
  212. // If the layer's partial route has params, is a regex or an array, the route is stored in layer.route.
  213. const { layerRoutePath, isRegex, isArray, numExtraSegments } = getLayerRoutePathInfo(layer);
  214. if (layerRoutePath || isRegex || isArray) {
  215. req._hasParameters = true;
  216. }
  217. // Otherwise, the hardcoded path (i.e. a partial route without params) is stored in layer.path
  218. let partialRoute;
  219. if (layerRoutePath) {
  220. partialRoute = layerRoutePath;
  221. } else {
  222. /**
  223. * prevent duplicate segment in _reconstructedRoute param if router match multiple routes before final path
  224. * example:
  225. * original url: /api/v1/1234
  226. * prevent: /api/api/v1/:userId
  227. * router structure
  228. * /api -> middleware
  229. * /api/v1 -> middleware
  230. * /1234 -> endpoint with param :userId
  231. * final _reconstructedRoute is /api/v1/:userId
  232. */
  233. partialRoute = preventDuplicateSegments(req.originalUrl, req._reconstructedRoute, layer.path) || '';
  234. }
  235. // Normalize the partial route so that it doesn't contain leading or trailing slashes
  236. // and exclude empty or '*' wildcard routes.
  237. // The exclusion of '*' routes is our best effort to not "pollute" the transaction name
  238. // with interim handlers (e.g. ones that check authentication or do other middleware stuff).
  239. // We want to end up with the parameterized URL of the incoming request without any extraneous path segments.
  240. const finalPartialRoute = partialRoute
  241. .split('/')
  242. .filter(segment => segment.length > 0 && (isRegex || isArray || !segment.includes('*')))
  243. .join('/');
  244. // If we found a valid partial URL, we append it to the reconstructed route
  245. if (finalPartialRoute && finalPartialRoute.length > 0) {
  246. // If the partial route is from a regex route, we append a '/' to close the regex
  247. req._reconstructedRoute += `/${finalPartialRoute}${isRegex ? '/' : ''}`;
  248. }
  249. // Now we check if we are in the "last" part of the route. We determine this by comparing the
  250. // number of URL segments from the original URL to that of our reconstructed parameterized URL.
  251. // If we've reached our final destination, we update the transaction name.
  252. const urlLength = getNumberOfUrlSegments(stripUrlQueryAndFragment(req.originalUrl || '')) + numExtraSegments;
  253. const routeLength = getNumberOfUrlSegments(req._reconstructedRoute);
  254. if (urlLength === routeLength) {
  255. if (!req._hasParameters) {
  256. if (req._reconstructedRoute !== req.originalUrl) {
  257. req._reconstructedRoute = req.originalUrl ? stripUrlQueryAndFragment(req.originalUrl) : req.originalUrl;
  258. }
  259. }
  260. const transaction = res.__sentry_transaction;
  261. const attributes = (transaction && spanToJSON(transaction).data) || {};
  262. if (transaction && attributes[SEMANTIC_ATTRIBUTE_SENTRY_SOURCE] !== 'custom') {
  263. // If the request URL is '/' or empty, the reconstructed route will be empty.
  264. // Therefore, we fall back to setting the final route to '/' in this case.
  265. const finalRoute = req._reconstructedRoute || '/';
  266. const [name, source] = extractPathForTransaction(req, { path: true, method: true, customRoute: finalRoute });
  267. transaction.updateName(name);
  268. transaction.setAttribute(SEMANTIC_ATTRIBUTE_SENTRY_SOURCE, source);
  269. }
  270. }
  271. return originalProcessParams.call(this, layer, called, req, res, done);
  272. };
  273. }
  274. /**
  275. * Recreate layer.route.path from layer.regexp and layer.keys.
  276. * Works until express.js used package path-to-regexp@0.1.7
  277. * or until layer.keys contain offset attribute
  278. *
  279. * @param layer the layer to extract the stringified route from
  280. *
  281. * @returns string in layer.route.path structure 'router/:pathParam' or undefined
  282. */
  283. const extractOriginalRoute = (
  284. path,
  285. regexp,
  286. keys,
  287. ) => {
  288. if (!path || !regexp || !keys || Object.keys(keys).length === 0 || !_optionalChain([keys, 'access', _10 => _10[0], 'optionalAccess', _11 => _11.offset])) {
  289. return undefined;
  290. }
  291. const orderedKeys = keys.sort((a, b) => a.offset - b.offset);
  292. // add d flag for getting indices from regexp result
  293. // eslint-disable-next-line @sentry-internal/sdk/no-regexp-constructor -- regexp comes from express.js
  294. const pathRegex = new RegExp(regexp, `${regexp.flags}d`);
  295. /**
  296. * use custom type cause of TS error with missing indices in RegExpExecArray
  297. */
  298. const execResult = pathRegex.exec(path) ;
  299. if (!execResult || !execResult.indices) {
  300. return undefined;
  301. }
  302. /**
  303. * remove first match from regex cause contain whole layer.path
  304. */
  305. const [, ...paramIndices] = execResult.indices;
  306. if (paramIndices.length !== orderedKeys.length) {
  307. return undefined;
  308. }
  309. let resultPath = path;
  310. let indexShift = 0;
  311. /**
  312. * iterate param matches from regexp.exec
  313. */
  314. paramIndices.forEach((item, index) => {
  315. /** check if offsets is define because in some cases regex d flag returns undefined */
  316. if (item) {
  317. const [startOffset, endOffset] = item;
  318. /**
  319. * isolate part before param
  320. */
  321. const substr1 = resultPath.substring(0, startOffset - indexShift);
  322. /**
  323. * define paramName as replacement in format :pathParam
  324. */
  325. const replacement = `:${orderedKeys[index].name}`;
  326. /**
  327. * isolate part after param
  328. */
  329. const substr2 = resultPath.substring(endOffset - indexShift);
  330. /**
  331. * recreate original path but with param replacement
  332. */
  333. resultPath = substr1 + replacement + substr2;
  334. /**
  335. * calculate new index shift after resultPath was modified
  336. */
  337. indexShift = indexShift + (endOffset - startOffset - replacement.length);
  338. }
  339. });
  340. return resultPath;
  341. };
  342. /**
  343. * Extracts and stringifies the layer's route which can either be a string with parameters (`users/:id`),
  344. * a RegEx (`/test/`) or an array of strings and regexes (`['/path1', /\/path[2-5]/, /path/:id]`). Additionally
  345. * returns extra information about the route, such as if the route is defined as regex or as an array.
  346. *
  347. * @param layer the layer to extract the stringified route from
  348. *
  349. * @returns an object containing the stringified route, a flag determining if the route was a regex
  350. * and the number of extra segments to the matched path that are additionally in the route,
  351. * if the route was an array (defaults to 0).
  352. */
  353. function getLayerRoutePathInfo(layer) {
  354. let lrp = _optionalChain([layer, 'access', _12 => _12.route, 'optionalAccess', _13 => _13.path]);
  355. const isRegex = isRegExp(lrp);
  356. const isArray = Array.isArray(lrp);
  357. if (!lrp) {
  358. // parse node.js major version
  359. // Next.js will complain if we directly use `proces.versions` here because of edge runtime.
  360. const [major] = (GLOBAL_OBJ ).process.versions.node.split('.').map(Number);
  361. // allow call extractOriginalRoute only if node version support Regex d flag, node 16+
  362. if (major >= 16) {
  363. /**
  364. * If lrp does not exist try to recreate original layer path from route regexp
  365. */
  366. lrp = extractOriginalRoute(layer.path, layer.regexp, layer.keys);
  367. }
  368. }
  369. if (!lrp) {
  370. return { isRegex, isArray, numExtraSegments: 0 };
  371. }
  372. const numExtraSegments = isArray
  373. ? Math.max(getNumberOfArrayUrlSegments(lrp ) - getNumberOfUrlSegments(layer.path || ''), 0)
  374. : 0;
  375. const layerRoutePath = getLayerRoutePathString(isArray, lrp);
  376. return { layerRoutePath, isRegex, isArray, numExtraSegments };
  377. }
  378. /**
  379. * Returns the number of URL segments in an array of routes
  380. *
  381. * Example: ['/api/test', /\/api\/post[0-9]/, '/users/:id/details`] -> 7
  382. */
  383. function getNumberOfArrayUrlSegments(routesArray) {
  384. return routesArray.reduce((accNumSegments, currentRoute) => {
  385. // array members can be a RegEx -> convert them toString
  386. return accNumSegments + getNumberOfUrlSegments(currentRoute.toString());
  387. }, 0);
  388. }
  389. /**
  390. * Extracts and returns the stringified version of the layers route path
  391. * Handles route arrays (by joining the paths together) as well as RegExp and normal
  392. * string values (in the latter case the toString conversion is technically unnecessary but
  393. * it doesn't hurt us either).
  394. */
  395. function getLayerRoutePathString(isArray, lrp) {
  396. if (isArray) {
  397. return (lrp ).map(r => r.toString()).join(',');
  398. }
  399. return lrp && lrp.toString();
  400. }
  401. /**
  402. * remove duplicate segment contain in layerPath against reconstructedRoute,
  403. * and return only unique segment that can be added into reconstructedRoute
  404. */
  405. function preventDuplicateSegments(
  406. originalUrl,
  407. reconstructedRoute,
  408. layerPath,
  409. ) {
  410. // filter query params
  411. const normalizeURL = stripUrlQueryAndFragment(originalUrl || '');
  412. const originalUrlSplit = _optionalChain([normalizeURL, 'optionalAccess', _14 => _14.split, 'call', _15 => _15('/'), 'access', _16 => _16.filter, 'call', _17 => _17(v => !!v)]);
  413. let tempCounter = 0;
  414. const currentOffset = _optionalChain([reconstructedRoute, 'optionalAccess', _18 => _18.split, 'call', _19 => _19('/'), 'access', _20 => _20.filter, 'call', _21 => _21(v => !!v), 'access', _22 => _22.length]) || 0;
  415. const result = _optionalChain([layerPath
  416. , 'optionalAccess', _23 => _23.split, 'call', _24 => _24('/')
  417. , 'access', _25 => _25.filter, 'call', _26 => _26(segment => {
  418. if (_optionalChain([originalUrlSplit, 'optionalAccess', _27 => _27[currentOffset + tempCounter]]) === segment) {
  419. tempCounter += 1;
  420. return true;
  421. }
  422. return false;
  423. })
  424. , 'access', _28 => _28.join, 'call', _29 => _29('/')]);
  425. return result;
  426. }
  427. export { Express, extractOriginalRoute, preventDuplicateSegments };
  428. //# sourceMappingURL=express.js.map