implement body redaction

Author: denrase

supabase/lib/src/sentry_supabase_client.dart

@@ -3,8 +3,15 @@ import 'operation.dart';
 import 'package:sentry/sentry.dart';
 import 'dart:convert';
 
+typedef SentrySupabaseRedactRequestBody = String? Function(
+  String table,
+  String key,
+  String value,
+);
+
 class SentrySupabaseClient extends BaseClient {
   final bool _breadcrumbs;
+  final SentrySupabaseRedactRequestBody? _redactRequestBody;
   final Client _client;
   final Hub _hub;
 
@@ -40,9 +47,11 @@ class SentrySupabaseClient extends BaseClient {
 
   SentrySupabaseClient({
     required bool breadcrumbs,
+    SentrySupabaseRedactRequestBody? redactRequestBody,
     Client? client,
     Hub? hub,
   })  : _breadcrumbs = breadcrumbs,
+        _redactRequestBody = redactRequestBody,
         _client = client ?? Client(),
         _hub = hub ?? HubAdapter();
 
@@ -71,7 +80,13 @@ class SentrySupabaseClient extends BaseClient {
 
     final bodyString =
         request is Request && request.body.isNotEmpty ? request.body : null;
-    final body = bodyString != null ? jsonDecode(bodyString) : null;
+    var body = bodyString != null ? jsonDecode(bodyString) : null;
+
+    if (_redactRequestBody != null) {
+      for (final entry in body?.entries ?? []) {
+        body[entry.key] = _redactRequestBody(table, entry.key, entry.value);
+      }
+    }
 
     if (_breadcrumbs) {
       _addBreadcrumb(description, operation, query, body);

supabase/test/sentry_supabase_client_test.dart

@@ -183,6 +183,67 @@ void main() {
 
       expect(fixture.mockHub.addBreadcrumbCalls.length, 0);
     });
+
+    test('redact request body', () async {
+      final sentrySupabaseClient = fixture.getSut(
+        redactRequestBody: (table, key, value) {
+          switch (key) {
+            case "password":
+              return "<redacted>";
+            case "token":
+              return "<nope>";
+            case "secret":
+              return "<uwatm8>";
+            case "null-me":
+              return null;
+            default:
+              {
+                return value;
+              }
+          }
+        },
+      );
+      final supabase = SupabaseClient(
+        supabaseUrl,
+        supabaseKey,
+        httpClient: sentrySupabaseClient,
+      );
+
+      try {
+        await supabase.from("mock-table").insert(
+            {'user': 'picklerick', 'password': 'whoops', 'null-me': 'foo'});
+      } catch (e) {
+        print(e);
+      }
+
+      try {
+        await supabase
+            .from("mock-table")
+            .upsert({'user': 'picklerick', 'token': 'whoops'});
+      } catch (e) {
+        print(e);
+      }
+
+      try {
+        await supabase
+            .from("mock-table")
+            .update({'user': 'picklerick', 'secret': 'whoops'}).eq("id", 42);
+      } catch (e) {
+        print(e);
+      }
+
+      expect(fixture.mockHub.addBreadcrumbCalls.length, 3);
+      final inserted = fixture.mockHub.addBreadcrumbCalls[0].$1;
+      expect(inserted.data?['body'],
+          {'user': 'picklerick', 'password': '<redacted>', 'null-me': null});
+
+      final upserted = fixture.mockHub.addBreadcrumbCalls[1].$1;
+      expect(upserted.data?['body'], {'user': 'picklerick', 'token': '<nope>'});
+
+      final updated = fixture.mockHub.addBreadcrumbCalls[2].$1;
+      expect(
+          updated.data?['body'], {'user': 'picklerick', 'secret': '<uwatm8>'});
+    });
   });
 }
 
@@ -193,11 +254,14 @@ class Fixture {
   final mockClient = MockClient();
   final mockHub = MockHub();
 
-  SentrySupabaseClient getSut({bool breadcrumbs = true}) {
+  SentrySupabaseClient getSut(
+      {bool breadcrumbs = true,
+      SentrySupabaseRedactRequestBody? redactRequestBody}) {
     return SentrySupabaseClient(
       breadcrumbs: breadcrumbs,
       client: mockClient,
       hub: mockHub,
+      redactRequestBody: redactRequestBody,
     );
   }
 }