Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make reporting of client-safe errors configurable #2647

Merged
merged 14 commits into from
Jan 16, 2025
Merged

Make reporting of client-safe errors configurable #2647

merged 14 commits into from
Jan 16, 2025

Conversation

remipelhate
Copy link
Contributor

@remipelhate remipelhate commented Dec 29, 2024
edited
Loading

  • Added or updated tests
  • Documented user facing changes
  • Updated CHANGELOG.md

Changes

While it makes perfect sense to not pass client safe errors to Laravel's exception handler by default, in some cases, it can be useful to be able to do so.

Laravel allows to define a minimum log level at which each individual log channel is invoked. For example, sentry can be set to only report errors with a minimum level of warning, whereas slack only gets triggered as of critical:

// config/logging.php

return [
    'channels' => [
        'slack' => [
            'driver' => 'slack',
            'url' => env('LOG_SLACK_WEBHOOK_URL'),
            'username' => 'Laravel Log',
            'emoji' => ':boom:',
            'level' => env('LOG_LEVEL', Psr\Log\LogLevel::CRITICAL),
        ],
        'sentry' => [
            'driver' => 'sentry',
            'level' => env('LOG_LEVEL', Psr\Log\LogLevel::WARNING),
            'bubble' => true,
        ],
    ],
];

I've used this setup for a project where the team wanted to be able to track all authentication and authorization exceptions in Prometheus, as those can give insights on potential ACL issues or misuse. The problem is that Lighthouse marks these errors as client safe, causing them not to be passed to Laravel's exception handler.

This PR introduces a new Nuwave\Lighthouse\Execution\AlwaysReportingErrorHandler which can be used instead of Nuwave\Lighthouse\Execution\ReportingErrorHandler in the lighthouse.php config:

'error_handlers' => [
-    Nuwave\Lighthouse\Execution\ReportingErrorHandler::class,
+    Nuwave\Lighthouse\Execution\AlwaysReportingErrorHandler::class,
],

When using Nuwave\Lighthouse\Execution\AlwaysReportingErrorHandler, client-safe exceptions will be passed to the
default Laravel exception handler, allowing you to configure appropriate error reporting outside of Lighthouse.

Breaking changes

No

@remipelhate remipelhate marked this pull request as ready for review December 29, 2024 13:31
spawnia
spawnia reviewed Jan 3, 2025
View reviewed changes
Copy link
Collaborator

@spawnia spawnia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not fully convinced that a configuration option at that level is the best option. The problem I see with this approach is that its value is only used from within ReportingErrorHandler, which is configurable in itself. Thus, for users that omit or replace ReportingErrorHandler, the option report_client_safe_errors has no effect.

CHANGELOG.md Outdated Show resolved Hide resolved
docs/master/digging-deeper/error-handling.md Outdated Show resolved Hide resolved
docs/master/digging-deeper/error-handling.md Outdated Show resolved Hide resolved
src/Execution/ReportingErrorHandler.php Outdated Show resolved Hide resolved
tests/Integration/Execution/ReportingErrorHandlerTest.php Outdated Show resolved Hide resolved
tests/Integration/Execution/ReportingErrorHandlerTest.php Outdated Show resolved Hide resolved
src/lighthouse.php Outdated Show resolved Hide resolved
@spawnia spawnia added the enhancement A feature or improvement label Jan 3, 2025
@remipelhate
Copy link
Contributor Author

remipelhate commented Jan 3, 2025
edited
Loading

I am not fully convinced that a configuration option at that level is the best option. The problem I see with this approach is that its value is only used from within ReportingErrorHandler, which is configurable in itself. Thus, for users that omit or replace ReportingErrorHandler, the option report_client_safe_errors has no effect.

That's a valid concern. Would you perhaps prefer to solve this on the ReportingErrorHandler itself? I noticed first-party Laravel packages are using static config callbacks more often lately, so perhaps that could be an option? Something along the lines of:

// app/Providers/GraphQLServiceProvider.php

public function boot(): void
{
    ReportingErrorHandler::reportClientSafeErrors();
}

I'm not always keen on static config, but it does fit Laravel's way of working.

Another option could be to bind it to the container and extend the instance when resolving it:

// app/Providers/GraphQLServiceProvider.php

public function boot(): void
{
    $this->app->extend(ReportingErrorHandler::class, fn (ReportingErrorHandler $errorHandler) => $errorHandler->reportClientSafeErrors());
}

This requires some more code, but removes the static context.

@remipelhate
Copy link
Contributor Author

Or perhaps we could solve this through a named constructor on the ReportingErrorHandler which could be referenced in the config?

// config/lighthouse.php
return [
    'error_handlers' => [
        [Nuwave\Lighthouse\Execution\ReportingErrorHandler::class, 'includeClientSafeErrors'],
        // or...
        Nuwave\Lighthouse\Execution\ReportingErrorHandler::class . '@includeClientSafeErrors',
    ],
];

@spawnia
Copy link
Collaborator

spawnia commented Jan 3, 2025

Another option would be to add a new class to replace ReportingErrorHandler, perhaps called AlwaysReportingErrorHandler?

@remipelhate
Copy link
Contributor Author

Another option would be to add a new class to replace ReportingErrorHandler, perhaps called AlwaysReportingErrorHandler?

Sure, that might work too. On it.

@remipelhate remipelhate changed the title Enable reporting client-safe errors Make reporting of client-safe errors configurable Jan 3, 2025
spawnia
spawnia reviewed Jan 7, 2025
View reviewed changes
docs/master/digging-deeper/error-handling.md Outdated Show resolved Hide resolved
src/Execution/ReportingErrorHandler.php Outdated Show resolved Hide resolved
@remipelhate remipelhate requested a review from spawnia January 10, 2025 13:41
@spawnia spawnia merged commit cc4b1d1 into nuwave:master Jan 16, 2025
38 checks passed
@spawnia
Copy link
Collaborator

spawnia commented Jan 16, 2025

Thank you @remipelhate, released with https://github.com/nuwave/lighthouse/releases/tag/v6.49.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spawnia spawnia Awaiting requested review from spawnia

Assignees
No one assigned
Labels
enhancement A feature or improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@remipelhate @spawnia