diff --git a/lib/server.js b/lib/server.js index 96a86c43..22ba06e3 100644 --- a/lib/server.js +++ b/lib/server.js @@ -9,8 +9,30 @@ 'use strict' require('./init') -const logger = require('winston') +const Sentry = require('@sentry/node') +const Tracing = require('@sentry/tracing') const express = require('express') + +const app = express() + +// Initialise Sentry as early as possible so that it can instrument packages +// which are required during initialisation. +Sentry.init({ + tracesSampleRate: 1, + integrations: [ + new Tracing.Integrations.Express({ + app, + methods: ['delete', 'get', 'head', 'options', 'patch', 'post', 'put'] + }), + new Tracing.Integrations.Mongo({ + // Exclude the actual query documents which may contain sensitive + // information from the traces. + describeOperations: false + }) + ] +}) + +const logger = require('winston') const bodyParser = require('body-parser') const xmlParser = require('express-xml-bodyparser') const cors = require('cors') @@ -89,8 +111,12 @@ const fhirCore = require('./fhir/core')(mongo, fhirResources) const fhirRoot = require('./fhir/root')(mongo, fhirResources) // Setup express -let app = express() - +app.use(Sentry.Handlers.requestHandler({ + // Remove the `data` key from the default set of keys. This prevents the + // request bodies which may contain sensitive data from being recorded. + request: ['cookies', 'headers', 'method', 'query_string', 'url'] +})) +app.use(Sentry.Handlers.tracingHandler()) app.use(bodyParser.json({limit: '10Mb', type: acceptedJSONContentTypes})) app.use(xmlParser()) app.use(cors({ exposedHeaders: 'Location' })) @@ -298,6 +324,7 @@ app.delete('/fhir/:resourceType/:id', (req, res, next) => { app.use(outcomeHandler) // Error handler +app.use(Sentry.Handlers.errorHandler()) app.use((err, req, res, next) => { logger.error(err) res.status(500).send(fhirCommon.internalServerErrorOutcome()) diff --git a/package.json b/package.json index f76e607f..c58604d3 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,8 @@ "licenses:generate": "license-checker --production --json --customPath license-format.json --relativeLicensePath --out licenses.json" }, "dependencies": { + "@sentry/node": "^6.11.0", + "@sentry/tracing": "^6.11.0", "async": "^2.6.1", "atna-audit": "^1.0.1", "body-parser": "^1.18.3", diff --git a/yarn.lock b/yarn.lock index ae5bd140..c68ba50d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,6 +2,74 @@ # yarn lockfile v1 +"@sentry/core@6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/core/-/core-6.11.0.tgz#40e94043afcf6407a109be26655c77832c64e740" + integrity sha512-09TB+f3pqEq8LFahFWHO6I/4DxHo+NcS52OkbWMDqEi6oNZRD7PhPn3i14LfjsYVv3u3AESU8oxSEGbFrr2UjQ== + dependencies: + "@sentry/hub" "6.11.0" + "@sentry/minimal" "6.11.0" + "@sentry/types" "6.11.0" + "@sentry/utils" "6.11.0" + tslib "^1.9.3" + +"@sentry/hub@6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/hub/-/hub-6.11.0.tgz#ddf9ddb0577d1c8290dc02c0242d274fe84d6c16" + integrity sha512-pT9hf+ZJfVFpoZopoC+yJmFNclr4NPqPcl2cgguqCHb69DklD1NxgBNWK8D6X05qjnNFDF991U6t1mxP9HrGuw== + dependencies: + "@sentry/types" "6.11.0" + "@sentry/utils" "6.11.0" + tslib "^1.9.3" + +"@sentry/minimal@6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/minimal/-/minimal-6.11.0.tgz#806d5512658370e40827b3e3663061db708fff33" + integrity sha512-XkZ7qrdlGp4IM/gjGxf1Q575yIbl5RvPbg+WFeekpo16Ufvzx37Mr8c2xsZaWosISVyE6eyFpooORjUlzy8EDw== + dependencies: + "@sentry/hub" "6.11.0" + "@sentry/types" "6.11.0" + tslib "^1.9.3" + +"@sentry/node@^6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/node/-/node-6.11.0.tgz#62614c18af779373a12311f2fb57a8dde278425a" + integrity sha512-vbk+V/n7ZIFD8rHPYy03t/gIG5V7LGdjU4qJxVDgNZzticfWPnd2sLgle/r+l60XF6SKW/epG4rnxnBcgPdWaw== + dependencies: + "@sentry/core" "6.11.0" + "@sentry/hub" "6.11.0" + "@sentry/tracing" "6.11.0" + "@sentry/types" "6.11.0" + "@sentry/utils" "6.11.0" + cookie "^0.4.1" + https-proxy-agent "^5.0.0" + lru_map "^0.3.3" + tslib "^1.9.3" + +"@sentry/tracing@6.11.0", "@sentry/tracing@^6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/tracing/-/tracing-6.11.0.tgz#9bd9287addea1ebc12c75b226f71c7713c0fac4f" + integrity sha512-9VA1/SY++WeoMQI4K6n/sYgIdRtCu9NLWqmGqu/5kbOtESYFgAt1DqSyqGCr00ZjQiC2s7tkDkTNZb38K6KytQ== + dependencies: + "@sentry/hub" "6.11.0" + "@sentry/minimal" "6.11.0" + "@sentry/types" "6.11.0" + "@sentry/utils" "6.11.0" + tslib "^1.9.3" + +"@sentry/types@6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/types/-/types-6.11.0.tgz#5122685478d32ddacd3a891cbcf550012df85f7c" + integrity sha512-gm5H9eZhL6bsIy/h3T+/Fzzz2vINhHhqd92CjHle3w7uXdTdFV98i2pDpErBGNTSNzbntqOMifYEB5ENtZAvcg== + +"@sentry/utils@6.11.0": + version "6.11.0" + resolved "https://registry.yarnpkg.com/@sentry/utils/-/utils-6.11.0.tgz#d1dee4faf4d9c42c54bba88d5a66fb96b902a14c" + integrity sha512-IOvyFHcnbRQxa++jO+ZUzRvFHEJ1cZjrBIQaNVc0IYF0twUOB5PTP6joTcix38ldaLeapaPZ9LGfudbvYvxkdg== + dependencies: + "@sentry/types" "6.11.0" + tslib "^1.9.3" + "@sinonjs/commons@^1", "@sinonjs/commons@^1.0.2", "@sinonjs/commons@^1.4.0": version "1.4.0" resolved "https://registry.yarnpkg.com/@sinonjs/commons/-/commons-1.4.0.tgz#7b3ec2d96af481d7a0321252e7b1c94724ec5a78" @@ -73,6 +141,13 @@ acorn@^5.5.0: version "5.6.2" resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.6.2.tgz#b1da1d7be2ac1b4a327fb9eab851702c5045b4e7" +agent-base@6: + version "6.0.2" + resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77" + integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== + dependencies: + debug "4" + agent-base@^4.3.0: version "4.3.0" resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-4.3.0.tgz#8165f01c436009bccad0b1d122f05ed770efc6ee" @@ -749,6 +824,11 @@ cookie@0.4.0: resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba" integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg== +cookie@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1" + integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA== + copy-descriptor@^0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d" @@ -854,6 +934,13 @@ debug@2.6.9, debug@^2.1.1, debug@^2.1.3, debug@^2.2.0, debug@^2.3.3, debug@^2.6. dependencies: ms "2.0.0" +debug@4: + version "4.3.2" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.2.tgz#f0a49c18ac8779e31d4a0c6029dfb76873c7428b" + integrity sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw== + dependencies: + ms "2.1.2" + debug@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" @@ -1850,6 +1937,14 @@ https-proxy-agent@^2.2.1: agent-base "^4.3.0" debug "^3.1.0" +https-proxy-agent@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.0.tgz#e2a90542abb68a762e0a0850f6c9edadfd8506b2" + integrity sha512-EkYm5BcKUGiduxzSt3Eppko+PiNWNEpa4ySk9vTC6wDsQJW9rHSa+UhGNJoRYp7bz6Ht1eaRIa6QaJqO5rCFbA== + dependencies: + agent-base "6" + debug "4" + iconv-lite@0.4.24, iconv-lite@^0.4.4: version "0.4.24" resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b" @@ -2520,6 +2615,11 @@ lru-cache@^4.0.1: pseudomap "^1.0.2" yallist "^2.1.2" +lru_map@^0.3.3: + version "0.3.3" + resolved "https://registry.yarnpkg.com/lru_map/-/lru_map-0.3.3.tgz#b5c8351b9464cbd750335a79650a0ec0e56118dd" + integrity sha1-tcg1G5Rky9dQM1p5ZQoOwOVhGN0= + map-cache@^0.2.2: version "0.2.2" resolved "https://registry.yarnpkg.com/map-cache/-/map-cache-0.2.2.tgz#c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf" @@ -2737,7 +2837,7 @@ ms@2.1.1: resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a" integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg== -ms@^2.1.1: +ms@2.1.2, ms@^2.1.1: version "2.1.2" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== @@ -4261,6 +4361,11 @@ tsame@^1.1.2: resolved "https://registry.yarnpkg.com/tsame/-/tsame-1.1.2.tgz#5ce0002acf685942789c63018797a2aa5e6b03c5" integrity sha512-ovCs24PGjmByVPr9tSIOs/yjUX9sJl0grEmOsj9dZA/UknQkgPOKcUqM84aSCvt9awHuhc/boMzTg3BHFalxWw== +tslib@^1.9.3: + version "1.14.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00" + integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg== + tunnel-agent@^0.6.0: version "0.6.0" resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"