fix(web): enforce opt-in sentry log forwarding

gildesmarais · gildesmarais · commit bebb6676046d · 2026-03-28T02:38:17.000+01:00
diff --git a/app/web/telemetry/app_logger.rb b/app/web/telemetry/app_logger.rb
@@ -36,7 +36,7 @@ def build_logger
         # @return [String]
         def format_entry(severity, datetime, _progname, message)
           payload = base_payload(severity, datetime).merge(normalize_message(message))
-          SentryLogs.emit(payload)
+          emit_to_sentry(payload)
           "#{payload.to_json}\n"
         end
 
@@ -97,6 +97,14 @@ def normalize_logfmt_value(raw_value)
 
           value
         end
+
+        # @param payload [Hash{Symbol=>Object}]
+        # @return [void]
+        def emit_to_sentry(payload)
+          SentryLogs.emit(payload)
+        rescue StandardError
+          nil
+        end
       end
     end
   end
diff --git a/app/web/telemetry/sentry_logs.rb b/app/web/telemetry/sentry_logs.rb
@@ -24,7 +24,10 @@ def emit(payload)
 
         # @return [Boolean]
         def enabled?
-          RuntimeEnv.sentry_enabled? && defined?(::Sentry) && !logger.nil?
+          RuntimeEnv.sentry_enabled? &&
+            RuntimeEnv.sentry_logs_enabled? &&
+            defined?(::Sentry) &&
+            !logger.nil?
         end
 
         # @return [Object, nil]
diff --git a/spec/html2rss/web/app_logger_spec.rb b/spec/html2rss/web/app_logger_spec.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
-require 'climate_control'
 require 'stringio'
 
 require_relative '../../../app/web/config/runtime_env'
@@ -25,5 +24,16 @@
       )
       expect(io.string).to include('"event_name":"boot.test"')
     end
+
+    it 'still writes structured logs when the Sentry bridge raises' do
+      allow(Logger).to receive(:new).and_return(test_logger)
+      allow(Html2rss::Web::SentryLogs).to receive(:emit).and_raise(StandardError, 'boom')
+
+      described_class.reset_logger!
+      expect do
+        described_class.logger.info({ event_name: 'boot.test', component: 'boot' }.to_json)
+      end.not_to raise_error
+      expect(io.string).to include('"event_name":"boot.test"')
+    end
   end
 end
diff --git a/spec/html2rss/web/boot/setup_spec.rb b/spec/html2rss/web/boot/setup_spec.rb
@@ -47,7 +47,13 @@
     end
 
     it 'captures and scrubs sensitive env vars after validation', :aggregate_failures do
-      stub_environment_validation
+      allow(Html2rss::Web::EnvironmentValidator).to receive(:validate_environment!).ordered do
+        expect(ENV.fetch('HTML2RSS_SECRET_KEY', nil)).to eq(boot_secret_key)
+        expect(ENV.fetch('HEALTH_CHECK_TOKEN', nil)).to eq('health-token')
+      end
+      allow(Html2rss::Web::EnvironmentValidator).to receive(:validate_production_security!).ordered do
+        expect(ENV.fetch('SENTRY_DSN', nil)).to eq(sentry_dsn)
+      end
 
       ClimateControl.modify(scrubbed_env) do
         described_class.call!
diff --git a/spec/html2rss/web/sentry_logs_spec.rb b/spec/html2rss/web/sentry_logs_spec.rb
@@ -29,13 +29,30 @@
 
   it 'filters auth and security pii before forwarding payloads to Sentry', :aggregate_failures do
     stub_const('Sentry', fake_sentry)
-    allow(described_class).to receive_messages(enabled?: true, logger: sentry_logger)
-
+    allow(Html2rss::Web::RuntimeEnv).to receive_messages(sentry_enabled?: true, sentry_logs_enabled?: true)
+    allow(described_class).to receive(:logger).and_return(sentry_logger)
+    expect(described_class.send(:enabled?)).to be(true)
     described_class.emit(raw_payload)
 
     expect_forwarded_payload
   end
 
+  it 'does not forward payloads when sentry logs are disabled' do
+    stub_const('Sentry', fake_sentry)
+    allow(Html2rss::Web::RuntimeEnv).to receive_messages(sentry_enabled?: true, sentry_logs_enabled?: false)
+    described_class.emit(raw_payload)
+
+    expect(captured_call).to eq({})
+  end
+
+  it 'does not forward payloads when sentry is disabled' do
+    stub_const('Sentry', fake_sentry)
+    allow(Html2rss::Web::RuntimeEnv).to receive_messages(sentry_enabled?: false, sentry_logs_enabled?: true)
+    described_class.emit(raw_payload)
+
+    expect(captured_call).to eq({})
+  end
+
   def build_sentry_logger
     logger_class = Struct.new(:captured_call) do
       def info(message, **attributes)
@@ -44,13 +61,11 @@ def info(message, **attributes)
       end
     end
 
-    logger_class.new(captured_call).tap do |logger|
-      allow(logger).to receive(:info).and_call_original
-    end
+    logger_class.new(captured_call)
   end
 
   def expect_forwarded_payload
-    expect(sentry_logger).to have_received(:info)
+    expect(captured_call).to include(:message, :attributes)
     expect_forwarded_message
     expect_forwarded_attributes
   end
