web: Clean up Sentry usage. Reduce API calls.

Author: GirlBossRush

web/src/admin/AdminInterface/AdminInterface.ts

@@ -5,7 +5,8 @@ import {
     EVENT_API_DRAWER_TOGGLE,
     EVENT_NOTIFICATION_DRAWER_TOGGLE,
 } from "@goauthentik/common/constants";
-import { configureSentry } from "@goauthentik/common/sentry";
+import { setSentryPII, tryInitializeSentry } from "@goauthentik/common/sentry";
+import { ServerContext } from "@goauthentik/common/server-context";
 import { me } from "@goauthentik/common/users";
 import { WebsocketClient } from "@goauthentik/common/ws";
 import { AuthenticatedInterface } from "@goauthentik/elements/Interface";
@@ -107,14 +108,21 @@ export class AdminInterface extends AuthenticatedInterface {
     }
 
     async firstUpdated(): Promise<void> {
-        configureSentry(true);
+        tryInitializeSentry(ServerContext.config);
         this.user = await me();
 
+        setSentryPII(this.user.user);
+
         const canAccessAdmin =
             this.user.user.isSuperuser ||
             // TODO: somehow add `access_admin_interface` to the API schema
             this.user.user.systemPermissions.includes("access_admin_interface");
+
         if (!canAccessAdmin && this.user.user.pk > 0) {
+            console.debug(
+                "authentik/admin: User does not have access to admin interface. Redirecting...",
+            );
+
             window.location.assign("/if/user/");
         }
     }

web/src/admin/providers/ldap/LDAPOptionsAndHelp.ts

@@ -15,7 +15,9 @@ export const bindModeOptions = [
     {
         label: msg("Direct binding"),
         value: LDAPAPIAccessMode.Direct,
-        description: html`${msg("Always execute the configured bind flow to authenticate the user")}`,
+        description: html`${msg(
+            "Always execute the configured bind flow to authenticate the user",
+        )}`,
     },
 ];
 
@@ -31,7 +33,9 @@ export const searchModeOptions = [
     {
         label: msg("Direct querying"),
         value: LDAPAPIAccessMode.Direct,
-        description: html`${msg("Always returns the latest data, but slower than cached querying")}`,
+        description: html`${msg(
+            "Always returns the latest data, but slower than cached querying",
+        )}`,
     },
 ];
 

web/src/common/sentry.ts

@@ -1,101 +1,126 @@
 import { VERSION } from "@goauthentik/common/constants";
-import { ServerContext } from "@goauthentik/common/server-context";
-import { me } from "@goauthentik/common/users";
-import {
-    ErrorEvent,
-    EventHint,
-    browserTracingIntegration,
-    init,
-    setTag,
-    setUser,
-} from "@sentry/browser";
+import { RouteInterfaceName, readInterfaceRouteParam } from "@goauthentik/elements/router/utils";
+import { BrowserOptions, browserTracingIntegration, init, setTag, setUser } from "@sentry/browser";
 
-import { CapabilitiesEnum, ResponseError } from "@goauthentik/api";
+import { CapabilitiesEnum, Config, ResponseError, UserSelf } from "@goauthentik/api";
 
 /**
  * A generic error that can be thrown without triggering Sentry's reporting.
+ *
+ * @category Sentry
  */
 export class SentryIgnoredError extends Error {}
 
-export const TAG_SENTRY_COMPONENT = "authentik.component";
-export const TAG_SENTRY_CAPABILITIES = "authentik.capabilities";
+/**
+ * Attempt initializing Spotlight.
+ *
+ * @see {@link https://spotlightjs.com/ Spotlight}
+ * @category Sentry
+ */
+export async function tryInitializingSpotlight() {
+    return import("@spotlightjs/spotlight").then((Spotlight) =>
+        Spotlight.init({ injectImmediately: true }),
+    );
+}
 
-export async function configureSentry(canDoPpi = false): Promise<void> {
-    const { errorReporting, capabilities } = ServerContext.config;
+/**
+ * Default Sentry options for the browser.
+ *
+ * @category Sentry
+ */
+const DEFAULT_SENTRY_BROWSER_OPTIONS = {
+    ignoreErrors: [
+        /network/gi,
+        /fetch/gi,
+        /module/gi,
+        // Error on edge on ios,
+        // https://stackoverflow.com/questions/69261499/what-is-instantsearchsdkjsbridgeclearhighlight
+        /instantSearchSDKJSBridgeClearHighlight/gi,
+        // Seems to be an issue in Safari and Firefox
+        /MutationObserver.observe/gi,
+        /NS_ERROR_FAILURE/gi,
+    ],
+    release: `authentik@${VERSION}`,
+    integrations: [
+        browserTracingIntegration({
+            shouldCreateSpanForRequest: (url: string) => {
+                return url.startsWith(window.location.host);
+            },
+        }),
+    ],
+    beforeSend: (event, hint) => {
+        if (!hint) {
+            return event;
+        }
+        if (hint.originalException instanceof SentryIgnoredError) {
+            return null;
+        }
+        if (
+            hint.originalException instanceof ResponseError ||
+            hint.originalException instanceof DOMException
+        ) {
+            return null;
+        }
+        return event;
+    },
+} as const satisfies BrowserOptions;
 
-    if (!errorReporting.enabled) return;
+/**
+ * Include the given user in Sentry events.
+ *
+ * @category Sentry
+ */
+export function setSentryPII(user: UserSelf): void {
+    console.debug("authentik/config: Sentry with PII enabled.");
 
+    setUser({ email: user.email });
+}
+
+/**
+ * Include the given capabilities in Sentry events.
+ *
+ * @category Sentry
+ */
+export function setSentryCapabilities(capabilities: CapabilitiesEnum[]): void {
+    setTag("authentik.capabilities", capabilities.join(","));
+}
+
+/**
+ * Include the given route interface in Sentry events.
+ *
+ * @category Sentry
+ */
+export function setSentryInterface(interfaceName: RouteInterfaceName) {
+    setTag("authentik.component", `web/${interfaceName}}`);
+}
+
+/**
+ * Attempt to initialize Sentry with the given configuration.
+ *
+ * @see {@linkcode setSentryPII}
+ * @see {@linkcode setSentryCapabilities}
+ * @see {@linkcode setSentryInterface}
+ * @category Sentry
+ */
+export function tryInitializeSentry({ errorReporting, capabilities }: Config): void {
     init({
+        ...DEFAULT_SENTRY_BROWSER_OPTIONS,
         dsn: errorReporting.sentryDsn,
-        ignoreErrors: [
-            /network/gi,
-            /fetch/gi,
-            /module/gi,
-            // Error on edge on ios,
-            // https://stackoverflow.com/questions/69261499/what-is-instantsearchsdkjsbridgeclearhighlight
-            /instantSearchSDKJSBridgeClearHighlight/gi,
-            // Seems to be an issue in Safari and Firefox
-            /MutationObserver.observe/gi,
-            /NS_ERROR_FAILURE/gi,
-        ],
-        release: `authentik@${VERSION}`,
-        integrations: [
-            browserTracingIntegration({
-                shouldCreateSpanForRequest: (url: string) => {
-                    return url.startsWith(window.location.host);
-                },
-            }),
-        ],
         tracesSampleRate: errorReporting.tracesSampleRate,
         environment: errorReporting.environment,
-        beforeSend: (
-            event: ErrorEvent,
-            hint: EventHint,
-        ): ErrorEvent | PromiseLike<ErrorEvent | null> | null => {
-            if (!hint) {
-                return event;
-            }
-            if (hint.originalException instanceof SentryIgnoredError) {
-                return null;
-            }
-            if (
-                hint.originalException instanceof ResponseError ||
-                hint.originalException instanceof DOMException
-            ) {
-                return null;
-            }
-            return event;
-        },
+        enabled: process.env.NODE_ENV !== "development",
     });
 
-    setTag(TAG_SENTRY_CAPABILITIES, capabilities.join(","));
-
-    if (window.location.pathname.includes("if/")) {
-        setTag(TAG_SENTRY_COMPONENT, `web/${currentInterface()}`);
-    }
+    setSentryCapabilities(capabilities);
+    setSentryInterface(readInterfaceRouteParam());
 
     if (capabilities.includes(CapabilitiesEnum.CanDebug)) {
-        const Spotlight = await import("@spotlightjs/spotlight");
-
-        Spotlight.init({ injectImmediately: true });
-    }
-
-    if (errorReporting.sendPii && canDoPpi) {
-        me().then((user) => {
-            setUser({ email: user.user.email });
-            console.debug("authentik/config: Sentry with PII enabled.");
-        });
-    } else {
-        console.debug("authentik/config: Sentry enabled.");
-    }
-}
-
-// Get the interface name from URL
-export function currentInterface(): string {
-    const pathMatches = window.location.pathname.match(/.+if\/(\w+)\//);
-    let currentInterface = "unknown";
-    if (pathMatches && pathMatches.length >= 2) {
-        currentInterface = pathMatches[1];
+        tryInitializingSpotlight()
+            .then(() => {
+                console.debug("authentik/config: Sentry with spotlight enabled.");
+            })
+            .catch((err) => {
+                console.warn("sentry: Failed to load spotlight", err);
+            });
     }
-    return currentInterface.toLowerCase();
 }

web/src/common/ui/config.ts

@@ -1,5 +1,5 @@
-import { currentInterface } from "@goauthentik/common/sentry";
 import { me } from "@goauthentik/common/users";
+import { readInterfaceRouteParam } from "@goauthentik/elements/router/utils";
 
 import { UiThemeEnum, UserSelf } from "@goauthentik/api";
 
@@ -77,7 +77,7 @@ export class DefaultUIConfig implements UIConfig {
     };
 
     constructor() {
-        if (currentInterface() === "user") {
+        if (readInterfaceRouteParam() === "user") {
             this.enabledFeatures.apiDrawer = false;
         }
     }

web/src/elements/PageHeader.ts

@@ -3,13 +3,13 @@ import {
     EVENT_WS_MESSAGE,
     TITLE_DEFAULT,
 } from "@goauthentik/common/constants";
-import { currentInterface } from "@goauthentik/common/sentry";
 import { ServerContext } from "@goauthentik/common/server-context";
 import { UIConfig, UserDisplay, uiConfig } from "@goauthentik/common/ui/config";
 import { me } from "@goauthentik/common/users";
 import "@goauthentik/components/ak-nav-buttons";
 import { AKElement } from "@goauthentik/elements/Base";
 import { WithBrandConfig } from "@goauthentik/elements/Interface/brandProvider";
+import { readInterfaceRouteParam } from "@goauthentik/elements/router/utils";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
 import { msg } from "@lit/localize";
@@ -126,7 +126,7 @@ export class PageHeader extends WithBrandConfig(AKElement) {
     }
 
     setTitle(header?: string) {
-        const currentIf = currentInterface();
+        const currentIf = readInterfaceRouteParam();
         let title = this.brand?.brandingTitle || TITLE_DEFAULT;
         if (currentIf === "admin") {
             title = `${msg("Admin")} - ${title}`;

web/src/elements/router/utils.ts

@@ -0,0 +1,18 @@
+/**
+ * The name identifier for the current interface.
+ */
+export type RouteInterfaceName = "user" | "admin" | "flow" | "unknown";
+
+/**
+ * Read the current interface route parameter from the URL.
+ *
+ * @param location - The location object to read the pathname from. Defaults to `window.location`.
+ * * @returns The name of the current interface, or "unknown" if not found.
+ */
+export function readInterfaceRouteParam(
+    location: Pick<URL, "pathname"> = window.location,
+): RouteInterfaceName {
+    const [, currentInterface = "unknown"] = location.pathname.match(/.+if\/(\w+)\//) || [];
+
+    return currentInterface.toLowerCase() as RouteInterfaceName;
+}

web/src/flow/FlowExecutor.ts

@@ -4,7 +4,7 @@ import {
     EVENT_FLOW_INSPECTOR_TOGGLE,
     TITLE_DEFAULT,
 } from "@goauthentik/common/constants";
-import { configureSentry } from "@goauthentik/common/sentry";
+import { tryInitializeSentry } from "@goauthentik/common/sentry";
 import { ServerContext } from "@goauthentik/common/server-context";
 import { WebsocketClient } from "@goauthentik/common/ws";
 import { Interface } from "@goauthentik/elements/Interface";
@@ -242,10 +242,12 @@ export class FlowExecutor extends Interface implements StageHost {
     }
 
     async firstUpdated(): Promise<void> {
-        configureSentry();
+        tryInitializeSentry(ServerContext.config);
+
         if (this.config?.capabilities.includes(CapabilitiesEnum.CanDebug)) {
             this.inspectorAvailable = true;
         }
+
         this.loading = true;
         try {
             const challenge = await new FlowsApi(DEFAULT_CONFIG).flowsExecutorGet({

web/src/user/UserInterface.ts

@@ -4,7 +4,7 @@ import {
     EVENT_NOTIFICATION_DRAWER_TOGGLE,
     EVENT_WS_MESSAGE,
 } from "@goauthentik/common/constants";
-import { configureSentry } from "@goauthentik/common/sentry";
+import { setSentryPII, tryInitializeSentry } from "@goauthentik/common/sentry";
 import { ServerContext } from "@goauthentik/common/server-context";
 import { UIConfig } from "@goauthentik/common/ui/config";
 import { me } from "@goauthentik/common/users";
@@ -280,7 +280,9 @@ export class UserInterface extends AuthenticatedInterface {
         super();
         this.ws = new WebsocketClient();
         this.fetchConfigurationDetails();
-        configureSentry(true);
+
+        tryInitializeSentry(ServerContext.config);
+
         this.toggleNotificationDrawer = this.toggleNotificationDrawer.bind(this);
         this.toggleApiDrawer = this.toggleApiDrawer.bind(this);
         this.fetchConfigurationDetails = this.fetchConfigurationDetails.bind(this);
@@ -321,8 +323,10 @@ export class UserInterface extends AuthenticatedInterface {
     }
 
     fetchConfigurationDetails() {
-        me().then((me: SessionUser) => {
-            this.me = me;
+        me().then((session: SessionUser) => {
+            this.me = session;
+            setSentryPII(session.user);
+
             new EventsApi(DEFAULT_CONFIG)
                 .eventsNotificationsList({
                     seen: false,