BE: Make it possible to hide stacktraces in HTTP responses #536

api/src/main/java/io/kafbat/ui/exception/GlobalErrorWebExceptionHandler.java

@@ -10,6 +10,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.web.WebProperties;
 import org.springframework.boot.autoconfigure.web.reactive.error.AbstractErrorWebExceptionHandler;
 import org.springframework.boot.web.reactive.error.ErrorAttributes;
@@ -35,6 +36,9 @@
 @Order(Ordered.HIGHEST_PRECEDENCE)
 public class GlobalErrorWebExceptionHandler extends AbstractErrorWebExceptionHandler {
 
+  @Value("${web.exception.include.stacktrace}")
+  private boolean includeStacktraceInException;
+
   public GlobalErrorWebExceptionHandler(ErrorAttributes errorAttributes,
                                         ApplicationContext applicationContext,
                                         ServerCodecConfigurer codecConfigurer) {
@@ -74,7 +78,7 @@ private Mono<ServerResponse> renderDefault(Throwable throwable, ServerRequest re
         .message(coalesce(throwable.getMessage(), "Unexpected internal error"))
         .requestId(requestId(request))
         .timestamp(currentTimestamp())
-        .stackTrace(Throwables.getStackTraceAsString(throwable));
+        .stackTrace(getStackTrace(throwable));
     return ServerResponse
         .status(ErrorCode.UNEXPECTED.httpStatus())
         .contentType(MediaType.APPLICATION_JSON)
@@ -88,7 +92,7 @@ private Mono<ServerResponse> render(CustomBaseException baseException, ServerReq
         .message(coalesce(baseException.getMessage(), "Internal error"))
         .requestId(requestId(request))
         .timestamp(currentTimestamp())
-        .stackTrace(Throwables.getStackTraceAsString(baseException));
+        .stackTrace(getStackTrace(baseException));
     return ServerResponse
         .status(errorCode.httpStatus())
         .contentType(MediaType.APPLICATION_JSON)
@@ -118,7 +122,7 @@ private Mono<ServerResponse> render(WebExchangeBindException exception, ServerRe
         .requestId(requestId(request))
         .timestamp(currentTimestamp())
         .fieldsErrors(fieldsErrors)
-        .stackTrace(Throwables.getStackTraceAsString(exception));
+        .stackTrace(getStackTrace(exception));
     return ServerResponse
         .status(HttpStatus.BAD_REQUEST)
         .contentType(MediaType.APPLICATION_JSON)
@@ -132,13 +136,21 @@ private Mono<ServerResponse> render(ResponseStatusException exception, ServerReq
         .message(msg)
         .requestId(requestId(request))
         .timestamp(currentTimestamp())
-        .stackTrace(Throwables.getStackTraceAsString(exception));
+        .stackTrace(getStackTrace(exception));
     return ServerResponse
         .status(exception.getStatusCode())
         .contentType(MediaType.APPLICATION_JSON)
         .bodyValue(response);
   }
 
+  private String getStackTrace(Throwable exception) {
+    if (!includeStacktraceInException) {
+      return "";
+    }
+
+    return Throwables.getStackTraceAsString(exception);
+  }
+
   private String requestId(ServerRequest request) {
     return request.exchange().getRequest().getId();
   }

api/src/main/resources/application-local.yml

@@ -147,3 +147,8 @@ rbac:
 
         - resource: audit
           actions: all
+
+web:
+  exception:
+    include:
+      stacktrace: true

api/src/main/resources/application.yml

@@ -19,3 +19,7 @@ logging:
     reactor.netty.http.server.AccessLog: INFO
     org.hibernate.validator: WARN
 
+web:
+  exception:
+    include:
+      stacktrace: false