#avoid sending error message as response in `axum`

if i fail to layer an extension, i get this message in the response body with a 500 error

Missing request extension: Extension of type `sqlx_core::pool::Pool<sqlx_sqlite::database::Sqlite>` was not found. Perhaps you forgot to add it? See `axum::Extension`.

i instead want to just log it and send an empty response body.

async fn main() -> Result<(), anyhow::Error> {
    // ...
    let pool = SqlitePool::connect(&database_url).await?;

    let app = Router::new()
        .route("/", get(home))
        // some other routes ...
        .layer(Extension(pool)) // if i remove this line
        ;

    // ...
}

https://docs.rs/axum-extra/latest/axum_extra/extract/struct.WithRejection.html

Use this

Or a middleware I guess

someone mentioned that it is possible to use State instead of extensions for things like database pools.
now i have another question.
i also have a middleware that assigns a unique request id to each request that the handlers can access as RequestId

pub struct RequestId(String);
impl RequestId {
    pub fn new() -> Self {
        Self(Uuid::new_v4().to_string())
    }
}


let app = Router::new()
        .route("/", get(home))
        // some other routes ...
        .layer(Extension(pool))
        .layer(axum::middleware::from_fn(
            |mut request: Request<Body>, next: Next| async {
                let request_id = RequestId::new();
                request.extensions_mut().insert(request_id);
                next.run(request).await
            },
         ));
        

pub async fn foo(
    Extension(request_id): Extension<RequestId>,
    Extension(pool): Extension<SqlitePool>,
) -> Result<StatusCode, HandlerError> { ... }

should that be state or extension?

it should be an extension

why?

can you show me how to do it with middleware?

’cause I said so

I mean

state is generally for stuff that is constant across requests

it’s like, mildly tricky to get it to be variable

not worth it

there are examples in axum’s middleware module. you’d just have to write some code that checks if the status is 500, and if so, takes the body, reads it into a String, logs it

it’s kind of cursed in comparison to WithRejection

but honestly axum error handling is cursed in general so

so i have to do this?

struct RejectionHandler { ... }

pub async fn foo(
    WithRejection(request_id, _): WithRejection<RequestId, RejectionHandler>,
) -> Result<StatusCode, HandlerError> { ... }

instead of this?

pub async fn foo(
    Extension(request_id): Extension<RequestId>,
) -> Result<StatusCode, HandlerError> { ... }

well it would actually need to be WithRejection<Extension<RequestId>, RejectionHandler>

or you could implement FromRequestParts for RequestId directly

to simplify things

then just make your own rejection type

so i have to write a middleware that create a RequestId and set it as a header value, say, X-REQUEST-ID, write a custom extractor to be used like this?

pub async fn foo(
    RequestId(request_id): RequestId<RequestId>,
) -> Result<StatusCode, HandlerError> { ... }

wat

RequestId<RequestId> is not a type you’d want to write

request_id: RequestId,

is the way to do it if RequestIs: FromRequestParts

oops i meant this

pub async fn foo(
    RequestId(request_id): RequestId,
) -> Result<StatusCode, HandlerError> { ... }

wh#

what type are you imagining in RequestId

pub struct RequestId(pub /* what goes here…? */);

like that type I replaced with a comment is the type of request_id

pub struct RequestId(pub String);

impl RequestId {
    pub fn new() -> Self {
        Self(Uuid::new_v4().to_string())
    }
}

Okay so then why are you destructuring it in the function args

request_id: RequestId,

if you just do this, you have request_id be of type RequestId

You could do RequestId(request_id) if you wanted request_id to be of type String

but why would you want that

oh ok, the inner String will be encapsulated.

this is also fine

and preferable

so is this a good idea?

so i have to write a middleware that create a RequestId and set it as a header value, say, X-REQUEST-ID, write a custom extractor to be used like this?

yeah sure

and what happens if the request id is not set?

because this the thing i'm trying to avoid at the end

having internal details leaked as response body

Missing request extension: Extension of type `sqlx_core::pool::Pool<sqlx_sqlite::database::Sqlite>` was not found. Perhaps you forgot to add it? See `axum::Extension`.

well you’re writing the extractor

you can panic, return a bare 500

idk

what do you want to do

oh right i can handle that situation

#[async_trait]
impl<S> FromRequestParts<S> for RequestId {
    type Rejection = HandlerError;
    async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> { ... }
}

this request_id will potentially be used in every handler function. and if there is any issue with getting the RequestId the whole app might start rejecting requests. is this a good idea?

or is it the case where the request_id is guaranteed to be always set?

Depends how you set it

like, if it’s with a middleware then it’ll be guaranteed to be set if the middleware is guaranteed to set it

yes it will be set in a middleware

then yeah, as long as the middleware doesn’t set it only conditionally it’s fine

the reason i'm doing this is because i want to return the request id in the json response when there is an error. so the users can raise a support ticket with that request id.

{
  "datetime": "2024-10-14T13:54:14.348240919Z",
  "error": "...",
  "request_id": "4af4d2bb-283e-4c83-85a3-c916621b3e03"
}

i also setup tracing span to show that request id in the logs

        .layer(
            TraceLayer::new_for_http().make_span_with(|request: &Request<_>| {
                let request_id = request
                    .extensions()
                    .get::<RequestId>()
                    .cloned()
                    .unwrap_or_else(|| {
                        tracing::warn!("unable to get RequestId extension when making span");
                        RequestId::unknown()
                    });

                tracing::info_span!(
                    "request",
                    request_id = %request_id,
                    method = %request.method(),
                    uri = %request.uri(),
                )
            }),
        )

2024-10-14T13:54:11.000543Z  INFO request{request_id=4395866c-ea1b-4e0c-ab5c-fbc99924db4e method=POST uri=/login}:login{username="zahash" remember=true}: server::login: user_id=1

2024-10-14T13:54:11.604185Z  INFO request{request_id=4395866c-ea1b-4e0c-ab5c-fbc99924db4e method=POST uri=/login}:login{username="zahash" remember=true}: server::login: session created session_id="***" created_at=2024-10-14 13:54:11.596599469 +00:00:00 expires_at=2024-11-13 13:54:11.596599469 +00:00:00 user_agent=Thunder Client (https://www.thunderclient.com)

2024-10-14T13:54:14.348198Z  INFO request{request_id=4af4d2bb-283e-4c83-85a3-c916621b3e03 method=POST uri=/login}: server::error: Auth(UserNotFound("asdf"))

how so?

there’s no way to guarantee that all the errors from your service are of a certain form

you have to map the rejections individually

it sucks

i wanted to fix it but it’s also a massive breaking change Lol

hmmm axum isn't "stabilized" yet right?

yeah

what do you like the most then?

wdym

backend library / framework

i mean i like axum

is that your number one pick?

I haven’t tried many others

well I tried Warp way back but I don’t like that one

warp is just cursed

wow i almost forgot it existed

@pseudo mantle is there a way to compile time check this?

HeaderValue::from_str("foo").unwrap()

const { HeaderValue::from_static("foo") }

what about this then?

HeaderValue::from_str(some_str_value_that_doesnt_have_a_static_lifetime).unwrap()

that doesn’t even make sense to compile-time check it

because if it’s non-'static it’s only known at runtime

ah right.

i generally don't like unwraps

        .layer(axum::middleware::from_fn(
            |mut request: Request<Body>, next: Next| async {
                let RequestId(request_id) = RequestId::new();
                request.headers_mut().insert(
                    "X-REQUEST-ID",
                    HeaderValue::from_str(&request_id)
                        .inspect_err(|e| {
                            tracing::warn!("invalid X-REQUEST-ID HeaderValue :: {:?}", e)
                        })
                        .unwrap(), // eww get away from me panic demon!!
                );
                next.run(request).await
            },
        ))

skill issue

unwraps are fine

is there a way to do some type gymnastics such that the unwrap is not required?

the method expects a str that contains Only visible ASCII characters (32-127)
is there a way to enforce that at the type level? create a new type that only contains those characters? that way, the unwrap is not required?

yes the uuid also only contains only those characters but it is not "enforced"

Yeah but it’s not worth it

don’t worry about it

but if you had to do it how would you go about it? (for science)

i wouldn’t

I would just have a function that goes Uuid → HeaderValue directly

and unwrap in side that function

i can't find any examples for this

https://docs.rs/axum/latest/axum/middleware/fn.from_fn.html

i mean the part that handles the errors

I mean that should be trivial

idk which part you’re finding hard

how do i find out that the error is because of a missing extension?

and somehow "catch" that error and log it and return a empty body

if you just care about the missing extension error you should use WithRejection

the middleware approach is to handle all 500 errors

there might be others possible

Anyway, you’re given a Response in the middleware

you just have to check its status code to see if it’s 500

if so, read the body into a string with something like https://docs.rs/axum/latest/axum/body/fn.to_bytes.html

then deal with it

but all i can see is the request

        .layer(axum::middleware::from_fn(
            |mut request: Request<Body>, next: Next| async { ... }
        )

Read the middlware docs again

it should be clear where you get the response

this?

        .layer(axum::middleware::from_fn(
            |mut request: Request<Body>, next: Next| async {
                let response = next.run(request).await;
                response
            },
        ))

Yeah

where should i put this? at the first or at the last?

        .route("/private", get(private))
        .with_state(AppState { pool })
        .layer(
            TraceLayer::new_for_http().make_span_with(|request: &Request<_>| {
                let request_id = request
                    .extensions()
                    .get::<RequestId>()
                    .cloned()
                    .unwrap_or_else(|| {
                        tracing::warn!("unable to get RequestId extension when making span");
                        RequestId::unknown()
                    });

                tracing::info_span!(
                    "request",
                    request_id = %request_id,
                    method = %request.method(),
                    uri = %request.uri(),
                )
            }),
        )
        .layer(axum::middleware::from_fn(
            |mut request: Request<Body>, next: Next| async {
                let request_id = RequestId::new();
                request.extensions_mut().insert(request_id);
                next.run(request).await
            },
        ))

That’s the correct order

??? i didn't include it.

Oh

        .layer(axum::middleware::from_fn(
            |mut request: Request<Body>, next: Next| async {
                let response = next.run(request).await;
                // some checks
                response
            },
        ))

I mean you may as well build in that code into your existing middleware

instead of making new middleware

less middleware is better

since you already have a from_fn, put it there

hmmm... but won't it pollute the RequestId generating part?
i just want to keep this separate

then put them in separate functions and call them both idk

it’s just weird to have multiple consecutive calls to middleware::from_fn

really? how so?

because every time you all that function every route gets boxed

so its lots of boxing

🥊

how to log the contents of the body? i'm only seeing this

2024-10-14T16:20:48.175703Z ERROR server: Body(UnsyncBoxBody)

        .layer(axum::middleware::from_fn(
            |request: Request<Body>, next: Next| async {
                let response = next.run(request).await;

                if response.status().is_server_error() {
                    // if internal server error, only send status code as response
                    // to avoid leaking internal details in body
                    tracing::error!("{:?}", response.body());
                    return response.status().into_response();
                }

                response
            },
        ))

Read the body into bytes as I said

convert it to a string using something like String::from_utf8_lossy

how do i do that?

I posted this earliër, but: https://docs.rs/axum/latest/axum/body/fn.to_bytes.html

to_bytes expects Body but response.body() gives &Body

https://docs.rs/hyper/latest/hyper/struct.Response.html#method.into_body

This kind of thing can be discovered by reading the docs

https://tenor.com/view/lazy-girl-gif-24741482

imma be lazy sometimes

@pseudo mantle the docs suggest keeping limit as usize::MAX if i don't care about it.
but is it safe to do so?
what are the situations where this could backfire?

The limit is for user-supplied bodies

this is a server-supplied body; you need not worry

@pseudo mantle how do you know so much btw? do you write rust at your job?

No

I’ve just worked with axum before

what do you do for work then?

I’m in education currently

oh like a professor?

no? I’m a student

I’m learning things

well in theory

oh. what degree?

Maths

phd in maths?

Well I might do that in future

I program as a hobby basically, which I’ve done for years now

nice. i used to work on some boring java backend at work.
but now i mostly do terraform + aws

@pseudo mantle can i add you as a friend? you seem to know a lot of rust

Sure. I prefer to answer questions here than in DMs though, so idk if it would be useful for you.

sure i will only ask in the forum