feat: 转发 log 到 Sentry Structured Logs(含凭据脱敏)#72
Merged
Conversation
开启 sentry 的 log/logs feature,用 SentryLogger 包住 env_logger:所有 log 记录在打印控制台的同时转发为 Sentry Structured Logs(全级别 → Log),仅在错误 上报开启时生效(复用 errorReportingEnabled,release 默认关 / debug 开)。 安全:日志正文经 before_send_log(scrub_log) 脱敏后再发;扩展 redact_pii 覆盖 LCU 命令行里的 *-auth-token 及 password/secret/authorization/access_token, 避免 LCU 会话令牌、puuid、召唤师名随 info 级日志外传。
There was a problem hiding this comment.
Pull request overview
This PR adds forwarding of Rust log records to Sentry Structured Logs when error reporting is enabled, while extending observability redaction to reduce the risk of sending LCU/session identifiers and player PII.
Changes:
- Enables Sentry
log/logsfeatures and addsbefore_send_logredaction. - Wraps the console logger with
SentryLoggerwhen reporting is enabled. - Expands PII/credential redaction tests for LCU auth token command-line arguments.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
lol-record-analysis-tauri/src-tauri/src/observability.rs |
Enables Sentry Logs and adds log-body scrubbing plus expanded credential redaction. |
lol-record-analysis-tauri/src-tauri/src/main.rs |
Installs either plain console logging or Sentry-forwarding logging based on reporting settings. |
lol-record-analysis-tauri/src-tauri/Cargo.toml |
Enables Sentry logging-related crate features. |
lol-record-analysis-tauri/src-tauri/Cargo.lock |
Adds the resolved sentry-log dependency. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| static PII_PARAM_RE: LazyLock<Regex> = LazyLock::new(|| { | ||
| Regex::new( | ||
| r#"(?i)("?\b(?:game_?name|tag_?line|summoner_?name|display_?name|riot_?id|puuid|account|name)"?\s*[:=]\s*"?)([^"&,\s}\])]+)"#, | ||
| r#"(?i)("?\b(?:game_?name|tag_?line|summoner_?name|display_?name|riot_?id|puuid|account|name|auth_?token|access_?token|token|password|secret|authorization)"?\s*[:=]\s*"?)([^"&,\s}\])]+)"#, |
Owner
Author
There was a problem hiding this comment.
已修复(525f44f):从通用 PII 正则移除 authorization,新增 AUTH_HEADER_RE,值类允许空格,把 "Scheme token"(Bearer/Basic )整体脱敏,不再只洗 scheme 漏 token。补了 Bearer 与 LCU Basic 两个测试。
Copilot review(#72):原 PII_PARAM_RE 的值类遇空格即停,对 "Authorization: Bearer xxx" 只会把 Bearer 换成 <redacted> 而漏掉 token。改为:从通用正则移除 authorization, 新增 AUTH_HEADER_RE(值类允许空格)把 scheme+token 整体脱敏;补 Bearer/Basic 测试。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
log+logsfeature;用SentryLogger::with_dest(env_logger)包住控制台 logger,把所有log记录在打印到控制台的同时转发为 Sentry Structured Logs(LogFilter::Log,全级别含 info)。errorReportingEnabled:release 默认关 / debug 开),关闭时行为同从前(只走控制台)。ClientOptions.before_send_log = scrub_log,对日志正文body跑redact_pii;扩展redact_pii字段名表,新增覆盖 LCU 命令行的*-auth-token(--remoting-auth-token/--riotclient-auth-token)及password / secret / authorization / access_token,避免会话令牌 / puuid / 召唤师名随 info 日志外传。Test plan
cargo check通过(sentry 0.42 log/logs feature 编译)cargo fmt --check+cargo clippy --all-targets --all-features -Dwarnings通过cargo test:observability 9 passed,含新增should_redact_lcu_auth_tokensingest.us.sentry.io,代码已注明常不可达),实际送达 Sentry Logs 需在可达网络/代理下验证注意
log::error!)现作为 Log(level=error)进入 Sentry Logs,而非 Issues 事件;真实 panic 仍经 panic 集成进 Issues。