Example #1
0
    def handle(self, data, address):
        from sentry.utils.auth import parse_auth_header
        from sentry.coreapi import (project_from_auth_vars, decode_and_decompress_data, safely_load_json_string,
                                    validate_data, insert_data_to_database, APIError)
        try:
            try:
                auth_header, data = data.split("\n\n", 1)
            except ValueError:
                raise APIError("missing auth header")
            project = project_from_auth_vars(parse_auth_header(auth_header), data)

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            try:
                validate_data(project, data)
            except InvalidTimestamp:
                # Log the error, remove the timestamp, and revalidate
                logger.error('Client %r passed an invalid value for timestamp %r' % (
                    data['timestamp'],
                    client or '<unknown client>',
                ))
                del data['timestamp']
                validate_data(project, data)

            return insert_data_to_database(data)
        except APIError, error:
            logger.error('bad message from %s: %s' % (address, error.msg))
            return error
Example #2
0
def store(request):
    try:
        auth_vars = extract_auth_vars(request)
        data = request.raw_post_data

        if auth_vars:
            project = project_from_auth_vars(auth_vars, data)
        elif request.GET.get('api_key') and request.GET.get(
                'project_id') and request.is_secure():
            # ssl requests dont have to have signature verification
            project = project_from_api_key_and_id(request.GET['api_key'],
                                                  request.GET['project_id'])
        elif request.GET.get('project_id') and request.user.is_authenticated():
            # authenticated users are simply trusted to provide the right id
            project = project_from_id(request)
        else:
            raise APIUnauthorized()

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        ensure_valid_project_id(project, data)

        insert_data_to_database(data)
    except APIError, error:
        return HttpResponse(error.msg, status=error.http_status)
Example #3
0
def store(request):
    try:
        auth_vars = extract_auth_vars(request)
        data = request.raw_post_data

        if auth_vars:
            server_version = auth_vars.get('sentry_version', '1.0')
        else:
            server_version = request.GET.get('version', '1.0')

        if server_version not in ('1.0', '2.0'):
            raise APIError('Client/server version mismatch. Unsupported version: %r' % server_version)

        if auth_vars:
            project = project_from_auth_vars(auth_vars, data)
        elif request.GET.get('api_key') and request.GET.get('project_id') and request.is_secure():
            # ssl requests dont have to have signature verification
            project = project_from_api_key_and_id(request.GET['api_key'], request.GET['project_id'])
        elif request.GET.get('project_id') and request.user.is_authenticated():
            # authenticated users are simply trusted to provide the right id
            project = project_from_id(request)
        else:
            raise APIUnauthorized()

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        validate_data(project, data)

        insert_data_to_database(data)
    except APIError, error:
        return HttpResponse(error.msg, status=error.http_status)
Example #4
0
def handle_sentry(data, address):
    from sentry.exceptions import InvalidData
    from sentry.coreapi import project_from_auth_vars, decode_and_decompress_data, \
        safely_load_json_string, validate_data, insert_data_to_database, APIError
    from sentry.utils.auth import parse_auth_header

    try:
        try:
            auth_header, data = data.split('\n\n', 1)
        except ValueError:
            raise APIError('missing auth header')

        auth_vars = parse_auth_header(auth_header)
        project = project_from_auth_vars(auth_vars, data)

        client = auth_vars.get('sentry_client')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, client)
        except InvalidData, e:
            raise APIError(unicode(e))

        return insert_data_to_database(data)
Example #5
0
    def handle(self, data, address):
        from sentry.utils.auth import parse_auth_header
        from sentry.coreapi import (project_from_auth_vars,
                                    decode_and_decompress_data,
                                    safely_load_json_string,
                                    ensure_valid_project_id,
                                    insert_data_to_database, APIError)
        try:
            try:
                auth_header, data = data.split("\n\n", 1)
            except ValueError:
                raise APIError("missing auth header")
            project = project_from_auth_vars(parse_auth_header(auth_header),
                                             data)

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            ensure_valid_project_id(project, data)

            return insert_data_to_database(data)
        except APIError, error:
            logger.error('bad message from %s: %s' % (address, error.msg))
            return error
Example #6
0
def handle_sentry(data, address):
    from sentry.exceptions import InvalidData
    from sentry.coreapi import project_from_auth_vars, decode_and_decompress_data, \
        safely_load_json_string, validate_data, insert_data_to_database, APIError
    from sentry.utils.auth import parse_auth_header

    try:
        try:
            auth_header, data = data.split('\n\n', 1)
        except ValueError:
            raise APIError('missing auth header')

        auth_vars = parse_auth_header(auth_header)
        project = project_from_auth_vars(auth_vars, data)

        client = auth_vars.get('sentry_client')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, client)
        except InvalidData, e:
            raise APIError(unicode(e))

        return insert_data_to_database(data)
Example #7
0
    def post(self, request, project, helper, key, **kwargs):
        json_body = safely_load_json_string(request.body)
        report_type = self.security_report_type(json_body)
        if report_type is None:
            raise APIError('Unrecognized security report type')
        interface = get_interface(report_type)

        try:
            instance = interface.from_raw(json_body)
        except jsonschema.ValidationError as e:
            raise APIError('Invalid security report: %s' %
                           str(e).splitlines()[0])

        # Do origin check based on the `document-uri` key as explained in `_dispatch`.
        origin = instance.get_origin()
        if not is_valid_origin(origin, project):
            if project:
                track_outcome(project.organization_id, project.id, key.id,
                              'invalid', FilterStatKeys.CORS)
            raise APIForbidden('Invalid origin')

        data = {
            'interface': interface.path,
            'report': instance,
            'release': request.GET.get('sentry_release'),
            'environment': request.GET.get('sentry_environment'),
        }

        self.process(request,
                     project=project,
                     helper=helper,
                     data=data,
                     key=key,
                     **kwargs)
        return HttpResponse(content_type='application/javascript', status=201)
Example #8
0
    def post(self, request, project, helper, **kwargs):
        json_body = safely_load_json_string(request.body)
        report_type = self.security_report_type(json_body)
        if report_type is None:
            raise APIError('Unrecognized security report type')
        interface = get_interface(report_type)

        try:
            instance = interface.from_raw(json_body)
        except jsonschema.ValidationError as e:
            raise APIError('Invalid security report: %s' %
                           str(e).splitlines()[0])

        # Do origin check based on the `document-uri` key as explained in `_dispatch`.
        origin = instance.get_origin()
        if not is_valid_origin(origin, project):
            if project:
                tsdb.incr(tsdb.models.project_total_received_cors, project.id)
            raise APIForbidden('Invalid origin')

        data = {
            'interface': interface.path,
            'report': instance,
            'release': request.GET.get('sentry_release'),
            'environment': request.GET.get('sentry_environment'),
        }

        response_or_event_id = self.process(request,
                                            project=project,
                                            helper=helper,
                                            data=data,
                                            **kwargs)
        if isinstance(response_or_event_id, HttpResponse):
            return response_or_event_id
        return HttpResponse(content_type='application/javascript', status=201)
Example #9
0
    def post(self, request, project, helper, **kwargs):
        json_body = safely_load_json_string(request.body)
        report_type = self.security_report_type(json_body)
        if report_type is None:
            raise APIError('Unrecognized security report type')
        interface = get_interface(report_type)

        try:
            instance = interface.from_raw(json_body)
        except jsonschema.ValidationError as e:
            raise APIError('Invalid security report: %s' % str(e).splitlines()[0])

        # Do origin check based on the `document-uri` key as explained in `_dispatch`.
        origin = instance.get_origin()
        if not is_valid_origin(origin, project):
            if project:
                tsdb.incr(tsdb.models.project_total_received_cors, project.id)
            raise APIForbidden('Invalid origin')

        data = {
            'interface': interface.path,
            'report': instance,
            'release': request.GET.get('sentry_release'),
            'environment': request.GET.get('sentry_environment'),
        }

        response_or_event_id = self.process(
            request, project=project, helper=helper, data=data, **kwargs
        )
        if isinstance(response_or_event_id, HttpResponse):
            return response_or_event_id
        return HttpResponse(content_type='application/javascript', status=201)
Example #10
0
    def post(self, request, project, helper, key, project_config, **kwargs):
        json_body = safely_load_json_string(request.body)
        report_type = self.security_report_type(json_body)
        if report_type is None:
            track_outcome(
                project_config.organization_id,
                project_config.project_id,
                key.id,
                Outcome.INVALID,
                "security_report_type",
            )
            raise APIError("Unrecognized security report type")
        interface = get_interface(report_type)

        try:
            instance = interface.from_raw(json_body)
        except jsonschema.ValidationError as e:
            track_outcome(
                project_config.organization_id,
                project_config.project_id,
                key.id,
                Outcome.INVALID,
                "security_report",
            )
            raise APIError("Invalid security report: %s" % str(e).splitlines()[0])

        # Do origin check based on the `document-uri` key as explained in `_dispatch`.
        origin = instance.get_origin()
        if not is_valid_origin(origin, project):
            track_outcome(
                project_config.organization_id,
                project_config.project_id,
                key.id,
                Outcome.INVALID,
                FilterStatKeys.CORS,
            )
            raise APIForbidden("Invalid origin")

        data = {
            "interface": interface.path,
            "report": instance,
            "release": request.GET.get("sentry_release"),
            "environment": request.GET.get("sentry_environment"),
        }

        self.process(
            request,
            project=project,
            helper=helper,
            data=data,
            key=key,
            project_config=project_config,
            **kwargs
        )

        return HttpResponse(content_type="application/javascript", status=201)
Example #11
0
    def process(self, request, project, auth, data, **kwargs):
        event_received.send_robust(ip=request.META['REMOTE_ADDR'],
                                   sender=type(self))

        # TODO: improve this API (e.g. make RateLimit act on __ne__)
        rate_limit = safe_execute(app.quotas.is_rate_limited, project=project)
        if isinstance(rate_limit, bool):
            rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)

        if rate_limit is not None and rate_limit.is_limited:
            raise APIRateLimited(rate_limit.retry_after)

        result = plugins.first('has_perm', request.user, 'create_event',
                               project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')

        if content_encoding == 'gzip':
            data = decompress_gzip(data)
        elif content_encoding == 'deflate':
            data = decompress_deflate(data)
        elif not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' %
                           (six.text_type(e), type(e)))

        # mutates data
        manager = EventManager(data)
        data = manager.normalize()

        # insert IP address if not available
        if auth.is_public:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # We filter data immediately before it ever gets into the queue
        inst = SensitiveDataFilter()
        inst.apply(data)

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        logger.debug('New event from project %s/%s (id=%s)', project.team.slug,
                     project.slug, event_id)

        return event_id
Example #12
0
File: api.py Project: fbentz/sentry
    def post(self, request, project, auth, **kwargs):
        data = request.raw_post_data

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #13
0
File: api.py Project: fbentz/sentry
    def post(self, request, project, auth, **kwargs):
        data = request.raw_post_data

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #14
0
    def process(self, request, project, auth, data, **kwargs):
        result = plugins.first('has_perm', request.user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #15
0
    def process(self, request, project, auth, data, **kwargs):
        event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self))

        # TODO: improve this API (e.g. make RateLimit act on __ne__)
        rate_limit = safe_execute(app.quotas.is_rate_limited, project=project)
        if isinstance(rate_limit, bool):
            rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)

        if rate_limit is not None and rate_limit.is_limited:
            raise APIRateLimited(rate_limit.retry_after)

        result = plugins.first('has_perm', request.user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')

        if content_encoding == 'gzip':
            data = decompress_gzip(data)
        elif content_encoding == 'deflate':
            data = decompress_deflate(data)
        elif not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e)))

        # mutates data
        manager = EventManager(data)
        data = manager.normalize()

        # insert IP address if not available
        if auth.is_public:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # We filter data immediately before it ever gets into the queue
        inst = SensitiveDataFilter()
        inst.apply(data)

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id)

        return event_id
Example #16
0
def _decode_event(data, content_encoding):
    if isinstance(data, six.binary_type):
        if content_encoding == 'gzip':
            data = decompress_gzip(data)
        elif content_encoding == 'deflate':
            data = decompress_deflate(data)
        elif data[0] != b'{':
            data = decode_and_decompress_data(data)
        else:
            data = decode_data(data)
    if isinstance(data, six.text_type):
        data = safely_load_json_string(data)

    return CanonicalKeyDict(data)
Example #17
0
    def process(self, request, project, auth, data, **kwargs):
        result = plugins.first('has_perm', request.user, 'create_event',
                               project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #18
0
def _decode_event(data, content_encoding):
    if isinstance(data, six.binary_type):
        if content_encoding == "gzip":
            data = decompress_gzip(data)
        elif content_encoding == "deflate":
            data = decompress_deflate(data)
        elif data[0] != b"{":
            data = decode_and_decompress_data(data)
        else:
            data = decode_data(data)
    if isinstance(data, six.text_type):
        data = safely_load_json_string(data)

    return CanonicalKeyDict(data)
Example #19
0
    def process(self, request, project, auth, data, **kwargs):
        event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self))

        rate_limits = [safe_execute(app.quotas.is_rate_limited, project=project)]
        for plugin in plugins.all():
            rate_limit = safe_execute(plugin.is_rate_limited, project=project)
            # We must handle the case of plugins not returning new RateLimit objects
            if isinstance(rate_limit, bool):
                rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
            rate_limits.append(rate_limit)

        if any(limit.is_limited for limit in rate_limits):
            raise APIRateLimited(max(limit.retry_after for limit in rate_limits))

        result = plugins.first('has_perm', request.user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')

        if content_encoding == 'gzip':
            data = decompress_gzip(data)
        elif content_encoding == 'deflate':
            data = decompress_deflate(data)
        elif not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))

        # mutates data
        Group.objects.normalize_event_data(data)

        # insert IP address if not available
        if auth.is_public:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id)

        return event_id
Example #20
0
    def process(self, request, project, auth, data, **kwargs):
        event_received.send(ip=request.META["REMOTE_ADDR"], sender=type(self))

        is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project)
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                is_rate_limited = True

        if is_rate_limited:
            raise APIRateLimited

        result = plugins.first("has_perm", request.user, "create_event", project)
        if result is False:
            raise APIForbidden("Creation of this event was blocked")

        content_encoding = request.META.get("HTTP_CONTENT_ENCODING", "")

        if content_encoding == "gzip":
            data = decompress_gzip(data)
        elif content_encoding == "deflate":
            data = decompress_deflate(data)
        elif not data.startswith("{"):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u"Invalid data: %s (%s)" % (unicode(e), type(e)))

        # mutates data
        Group.objects.normalize_event_data(data)

        # insert IP address if not available
        if auth.is_public:
            ensure_has_ip(data, request.META["REMOTE_ADDR"])

        event_id = data["event_id"]

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        logger.debug("New event from project %s/%s (id=%s)", project.team.slug, project.slug, event_id)

        return event_id
Example #21
0
def handle_sentry(data, address):
    from sentry.coreapi import (
        project_from_auth_vars,
        decode_and_decompress_data,
        safely_load_json_string,
        validate_data,
        insert_data_to_database,
        APIError,
        APIForbidden,
    )
    from sentry.models import Group
    from sentry.exceptions import InvalidData
    from sentry.plugins import plugins
    from sentry.utils.auth import parse_auth_header

    try:
        try:
            auth_header, data = data.split("\n\n", 1)
        except ValueError:
            raise APIError("missing auth header")

        try:
            auth_vars = parse_auth_header(auth_header)
        except (ValueError, IndexError):
            raise APIError("invalid auth header")

        project, user = project_from_auth_vars(auth_vars)

        result = plugins.first("has_perm", user, "create_event", project)
        if result is False:
            raise APIForbidden("Creation of this event was blocked")

        client = auth_vars.get("sentry_client")

        if not data.startswith("{"):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, client)
        except InvalidData, e:
            raise APIError(u"Invalid data: %s (%s)" % (unicode(e), type(e)))

        Group.objects.normalize_event_data(data)

        return insert_data_to_database(data)
Example #22
0
File: api.py Project: yaoqi/sentry
    def post(self, request, project, helper, key, **kwargs):
        json_body = safely_load_json_string(request.body)
        report_type = self.security_report_type(json_body)
        if report_type is None:
            track_outcome(
                project.organization_id,
                project.id,
                key.id,
                Outcome.INVALID,
                "security_report_type")
            raise APIError('Unrecognized security report type')
        interface = get_interface(report_type)

        try:
            instance = interface.from_raw(json_body)
        except jsonschema.ValidationError as e:
            track_outcome(
                project.organization_id,
                project.id,
                key.id,
                Outcome.INVALID,
                "security_report")
            raise APIError('Invalid security report: %s' % str(e).splitlines()[0])

        # Do origin check based on the `document-uri` key as explained in `_dispatch`.
        origin = instance.get_origin()
        if not is_valid_origin(origin, project):
            if project:
                track_outcome(
                    project.organization_id,
                    project.id,
                    key.id,
                    Outcome.INVALID,
                    FilterStatKeys.CORS)
            raise APIForbidden('Invalid origin')

        data = {
            'interface': interface.path,
            'report': instance,
            'release': request.GET.get('sentry_release'),
            'environment': request.GET.get('sentry_environment'),
        }

        self.process(request, project=project, helper=helper, data=data, key=key, **kwargs)
        return HttpResponse(content_type='application/javascript', status=201)
Example #23
0
    def process(self, request, project, auth, data, **kwargs):
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                return HttpResponse('Creation of this event was denied due to rate limiting.', content_type='text/plain', status=405)

        result = plugins.first('has_perm', request.user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #24
0
File: api.py Project: rca/sentry
    def process(self, request, project, auth, data, **kwargs):
        event_received.send(ip=request.META['REMOTE_ADDR'], sender=type(self))

        is_rate_limited = safe_execute(app.quotas.is_rate_limited,
                                       project=project)
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                is_rate_limited = True

        if is_rate_limited:
            raise APIRateLimited

        result = plugins.first('has_perm', request.user, 'create_event',
                               project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))

        # mutates data
        Group.objects.normalize_event_data(data)

        # insert IP address if not available
        if auth.is_public:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        logger.debug('New event from project %s/%s (id=%s)', project.team.slug,
                     project.slug, event_id)

        return event_id
Example #25
0
def handle_sentry(data, address):
    from sentry.coreapi import (project_from_auth_vars,
                                decode_and_decompress_data,
                                safely_load_json_string, validate_data,
                                insert_data_to_database, APIError,
                                APIForbidden)
    from sentry.models import Group
    from sentry.exceptions import InvalidData
    from sentry.plugins import plugins
    from sentry.utils.auth import parse_auth_header

    try:
        try:
            auth_header, data = data.split('\n\n', 1)
        except ValueError:
            raise APIError('missing auth header')

        try:
            auth_vars = parse_auth_header(auth_header)
        except (ValueError, IndexError):
            raise APIError('invalid auth header')

        project, user = project_from_auth_vars(auth_vars)

        result = plugins.first('has_perm', user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        client = auth_vars.get('sentry_client')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))

        Group.objects.normalize_event_data(data)

        return insert_data_to_database(data)
Example #26
0
    def process(self, request, project, auth, data, **kwargs):
        if safe_execute(app.quotas.is_rate_limited, project=project):
            raise APIRateLimited
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                raise APIRateLimited

        result = plugins.first('has_perm', request.user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #27
0
    def process(self, request, project, auth, data, **kwargs):
        if safe_execute(app.quotas.is_rate_limited, project=project):
            raise APIRateLimited
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                raise APIRateLimited

        result = plugins.first('has_perm', request.user, 'create_event',
                               project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #28
0
    def handle(self, data, address):
        from sentry.utils.auth import parse_auth_header
        from sentry.coreapi import (project_from_auth_vars, decode_and_decompress_data, safely_load_json_string,
                                    ensure_valid_project_id, insert_data_to_database, APIError)
        try:
            try:
                auth_header, data = data.split("\n\n", 1)
            except ValueError:
                raise APIError("missing auth header")
            project = project_from_auth_vars(parse_auth_header(auth_header), data)

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            ensure_valid_project_id(project, data)

            return insert_data_to_database(data)
        except APIError, error:
            logger.error('bad message from %s: %s' % (address, error.msg))
            return error
Example #29
0
    def process(self, request, project, auth, data, **kwargs):
        event_received.send(ip=request.META['REMOTE_ADDR'], sender=type(self))

        is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project)
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                is_rate_limited = True

        if is_rate_limited:
                raise APIRateLimited

        result = plugins.first('has_perm', request.user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))

        # mutates data
        Group.objects.normalize_event_data(data)

        # insert IP address if not available
        if auth.is_public:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id)

        return event_id
Example #30
0
    def process(self, request, project, auth, data, **kwargs):
        for plugin in plugins.all():
            if safe_execute(plugin.is_rate_limited, project=project):
                return HttpResponse(
                    'Creation of this event was denied due to rate limiting.',
                    content_type='text/plain',
                    status=405)

        result = plugins.first('has_perm', request.user, 'create_event',
                               project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
Example #31
0
File: udp.py Project: DouweM/sentry
def handle_sentry(data, address):
    from sentry.coreapi import project_from_auth_vars, decode_and_decompress_data, \
        safely_load_json_string, validate_data, insert_data_to_database, APIError, \
        APIForbidden
    from sentry.exceptions import InvalidData
    from sentry.plugins import plugins
    from sentry.utils.auth import parse_auth_header

    try:
        try:
            auth_header, data = data.split('\n\n', 1)
        except ValueError:
            raise APIError('missing auth header')

        try:
            auth_vars = parse_auth_header(auth_header)
        except (ValueError, IndexError):
            raise APIError('invalid auth header')

        project, user = project_from_auth_vars(auth_vars)

        result = plugins.first('has_perm', user, 'create_event', project)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        client = auth_vars.get('sentry_client')

        if not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            validate_data(project, data, client)
        except InvalidData, e:
            raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))

        return insert_data_to_database(data)
Example #32
0
def store(request, project=None):
    """
    The primary endpoint for storing new events.

    This will validate the client's authentication and data, and if
    successfull pass on the payload to the internal database handler.

    Authentication works in three flavors:

    1. Explicit signed requests

       These are implemented using the documented signed request protocol, and
       require an authentication header which is signed using with the project
       member's secret key.

    2. CORS Secured Requests

       Generally used for communications with client-side platforms (such as
       JavaScript in the browser), they require a standard header, excluding
       the signature and timestamp requirements, and must be listed in the
       origins for the given project (or the global origins).

    3. Implicit trusted requests

       Used by the Sentry core, they are only available from same-domain requests
       and do not require any authentication information. They only require that
       the user be authenticated, and a project_id be sent in the GET variables.

    """
    logger.debug('Inbound %r request from %r (%s)', request.method,
                 request.META['REMOTE_ADDR'],
                 request.META.get('HTTP_USER_AGENT'))
    client = '<unknown client>'

    response = HttpResponse()

    if request.method == 'POST':
        try:
            auth_vars = extract_auth_vars(request)
            data = request.raw_post_data

            if auth_vars:
                server_version = auth_vars.get('sentry_version', '1.0')
                client = auth_vars.get('sentry_client',
                                       request.META.get('HTTP_USER_AGENT'))
            else:
                server_version = request.GET.get('version', '1.0')
                client = request.META.get('HTTP_USER_AGENT',
                                          request.GET.get('client'))

            if server_version not in ('1.0', '2.0'):
                raise APIError(
                    'Client/server version mismatch: Unsupported version: %r' %
                    server_version)

            if server_version != '1.0' and not client:
                raise APIError(
                    'Client request error: Missing client version identifier.')

            referrer = request.META.get('HTTP_REFERER')

            if auth_vars:
                # We only require a signature if a referrer was not set
                # (this is restricted via the CORS headers)
                project_ = project_from_auth_vars(auth_vars,
                                                  data,
                                                  require_signature=False)

                if not project:
                    project = project_
                elif project_ != project:
                    raise APIError('Project ID mismatch')

            elif request.user.is_authenticated() and is_same_domain(
                    request.build_absolute_uri(), referrer):
                # authenticated users are simply trusted to provide the right id
                project_ = project_from_id(request)

                if not project:
                    project = project_
                elif project_ != project:
                    raise APIError('Project ID mismatch')

            else:
                raise APIUnauthorized()

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            try:
                validate_data(project, data, client)
            except InvalidData, e:
                raise APIError(u'Invalid data: %s' % unicode(e))

            insert_data_to_database(data)
        except APIError, error:
            logger.error('Client %r raised API error: %s',
                         client,
                         error,
                         extra={
                             'request': request,
                         },
                         exc_info=True)
            response = HttpResponse(unicode(error.msg),
                                    status=error.http_status)
Example #33
0
def store(request, project_id=None):
    """
    The primary endpoint for storing new events.

    This will validate the client's authentication and data, and if
    successfull pass on the payload to the internal database handler.

    Authentication works in three flavors:

    1. Explicit signed requests

       These are implemented using the documented signed request protocol, and
       require an authentication header which is signed using with the project
       member's secret key.

    2. CORS Secured Requests

       Generally used for communications with client-side platforms (such as
       JavaScript in the browser), they require a standard header, excluding
       the signature and timestamp requirements, and must be listed in the
       origins for the given project (or the global origins).

    3. Implicit trusted requests

       Used by the Sentry core, they are only available from same-domain requests
       and do not require any authentication information. They only require that
       the user be authenticated, and a project_id be sent in the GET variables.

    """
    logger.debug('Inbound %r request from %r', request.method, request.META['REMOTE_ADDR'])
    client = '<unknown client>'
    if project_id:
        if project_id.isdigit():
            lookup_kwargs = {'id': int(project_id)}
        else:
            lookup_kwargs = {'slug': project_id}
        try:
            project = Project.objects.get_from_cache(**lookup_kwargs)
        except Project.DoesNotExist:
            raise APIError('Project does not exist')
    else:
        project = None

    if request.method == 'POST':
        try:
            auth_vars = extract_auth_vars(request)
            data = request.raw_post_data

            if auth_vars:
                server_version = auth_vars.get('sentry_version', '1.0')
                client = auth_vars.get('sentry_client')
            else:
                server_version = request.GET.get('version', '1.0')
                client = request.META.get('HTTP_USER_AGENT', request.GET.get('client'))

            if server_version not in ('1.0', '2.0'):
                raise APIError('Client/server version mismatch: Unsupported version: %r' % server_version)

            if server_version != '1.0' and not client:
                raise APIError('Client request error: Missing client version identifier.')

            referrer = request.META.get('HTTP_REFERER')

            if auth_vars:
                # We only require a signature if a referrer was not set
                # (this is restricted via the CORS headers)
                origin = request.META.get('HTTP_ORIGIN')

                project_ = project_from_auth_vars(auth_vars, data,
                    require_signature=bool(not origin))

                if not project:
                    project = project_
                elif project_ != project:
                    raise APIError('Project ID mismatch')

            elif request.user.is_authenticated() and is_same_domain(request.build_absolute_uri(), referrer):
                # authenticated users are simply trusted to provide the right id
                project_ = project_from_id(request)

                if not project:
                    project = project_
                elif project_ != project:
                    raise APIError('Project ID mismatch')

            else:
                raise APIUnauthorized()

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            try:
                validate_data(project, data, client)
            except InvalidData, e:
                raise APIError(unicode(e))

            insert_data_to_database(data)
        except APIError, error:
            logging.error('Client %r raised API error: %s' % (client, error), exc_info=True)
            response = HttpResponse(unicode(error.msg), status=error.http_status)
Example #34
0
def test_safely_load_json_string_valid_payload():
    data = safely_load_json_string('{"foo": "bar"}')
    assert data == {'foo': 'bar'}
Example #35
0
def test_safely_load_json_string_invalid_json():
    with pytest.raises(APIError):
        safely_load_json_string('{')
Example #36
0
def test_safely_load_json_string_unexpected_type():
    with pytest.raises(APIError):
        safely_load_json_string('1')
Example #37
0
def test_safely_load_json_string_unexpected_type():
    with pytest.raises(APIError):
        safely_load_json_string('1')
Example #38
0
def store(request):
    """
    The primary endpoint for storing new events.

    This will validate the client's authentication and data, and if
    successfull pass on the payload to the internal database handler.

    Authentication works in three flavors:

    1. Explicit signed requests

       These are implemented using the documented signed request protocol, and
       require an authentication header which is signed using with the project
       member's secret key.

    2. Explicit trusted requests

       Generally used for communications with client-side platforms (such as
       JavaScript in the browser), they require the GET variables public_key
       and project_id, as well as an HTTP_REFERER to be set from a trusted
       domain.

    3. Implicit trusted requests

       Used by the Sentry core, they are only available from same-domain requests
       and do not require any authentication information. They only require that
       the user be authenticated, and a project_id be sent in the GET variables.

    """
    logger.debug('Inbound %r request from %r', request.method,
                 request.META['REMOTE_ADDR'])
    client = '<unknown client>'
    try:
        if request.method == 'POST':
            auth_vars = extract_auth_vars(request)
            data = request.raw_post_data

            if auth_vars:
                server_version = auth_vars.get('sentry_version', '1.0')
                client = auth_vars.get('sentry_client')
            else:
                server_version = request.GET.get('version', '1.0')
                client = request.META.get('HTTP_USER_AGENT',
                                          request.GET.get('client'))

            if server_version not in ('1.0', '2.0'):
                raise APIError(
                    'Client/server version mismatch: Unsupported version: %r' %
                    server_version)

            if server_version != '1.0' and not client:
                raise APIError(
                    'Client request error: Missing client version identifier.')

            referrer = request.META.get('HTTP_REFERER')

            if auth_vars:
                project = project_from_auth_vars(auth_vars, data)
            elif request.GET.get('api_key') and request.GET.get('project_id'):
                # public requests only need referrer validation for CSRF
                project = project_from_api_key_and_id(
                    request.GET['api_key'], request.GET['project_id'])
                if not ProjectDomain.test(project, referrer):
                    raise APIUnauthorized()
            elif request.GET.get('project_id') and request.user.is_authenticated() and \
                 is_same_domain(request.build_absolute_uri(), referrer):
                # authenticated users are simply trusted to provide the right id
                project = project_from_id(request)
            else:
                raise APIUnauthorized()

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            try:
                validate_data(project, data, client)
            except InvalidData, e:
                raise APIError(unicode(e))

            insert_data_to_database(data)
    except APIError, error:
        logging.error('Client %r raised API error: %s' % (client, error),
                      exc_info=True)
        response = HttpResponse(unicode(error.msg), status=error.http_status)
Example #39
0
def test_safely_load_json_string_valid_payload():
    data = safely_load_json_string('{"foo": "bar"}')
    assert data == {'foo': 'bar'}
Example #40
0
    def process(self, request, project, auth, data, **kwargs):
        event_received.send_robust(ip=request.META['REMOTE_ADDR'],
                                   sender=type(self))

        # TODO: improve this API (e.g. make RateLimit act on __ne__)
        rate_limit = safe_execute(app.quotas.is_rate_limited,
                                  project=project,
                                  _with_transaction=False)
        if isinstance(rate_limit, bool):
            rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)

        if rate_limit is not None and rate_limit.is_limited:
            app.tsdb.incr_multi([
                (app.tsdb.models.project_total_received, project.id),
                (app.tsdb.models.project_total_rejected, project.id),
                (app.tsdb.models.organization_total_received,
                 project.organization_id),
                (app.tsdb.models.organization_total_rejected,
                 project.organization_id),
            ])
            raise APIRateLimited(rate_limit.retry_after)
        else:
            app.tsdb.incr_multi([
                (app.tsdb.models.project_total_received, project.id),
                (app.tsdb.models.organization_total_received,
                 project.organization_id),
            ])

        result = plugins.first('has_perm',
                               request.user,
                               'create_event',
                               project,
                               version=1)
        if result is False:
            raise APIForbidden('Creation of this event was blocked')

        content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')

        if content_encoding == 'gzip':
            data = decompress_gzip(data)
        elif content_encoding == 'deflate':
            data = decompress_deflate(data)
        elif not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' %
                           (six.text_type(e), type(e)))

        # mutates data
        manager = EventManager(data, version=auth.version)
        data = manager.normalize()

        scrub_ip_address = project.get_option('sentry:scrub_ip_address', False)

        # insert IP address if not available
        if auth.is_public and not scrub_ip_address:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # TODO(dcramer): ideally we'd only validate this if the event_id was
        # supplied by the user
        cache_key = 'ev:%s:%s' % (
            project.id,
            event_id,
        )

        if cache.get(cache_key) is not None:
            logger.warning(
                'Discarded recent duplicate event from project %s/%s (id=%s)',
                project.organization.slug, project.slug, event_id)
            raise InvalidRequest('An event with the same ID already exists.')

        if project.get_option('sentry:scrub_data', True):
            # We filter data immediately before it ever gets into the queue
            inst = SensitiveDataFilter()
            inst.apply(data)

        if scrub_ip_address:
            # We filter data immediately before it ever gets into the queue
            ensure_does_not_have_ip(data)

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        cache.set(cache_key, '', 60 * 5)

        logger.debug('New event from project %s/%s (id=%s)',
                     project.organization.slug, project.slug, event_id)

        return event_id
Example #41
0
File: api.py Project: dgholz/sentry
def store(request):
    """
    The primary endpoint for storing new events.

    This will validate the client's authentication and data, and if
    successfull pass on the payload to the internal database handler.

    Authentication works in three flavors:

    1. Explicit signed requests

       These are implemented using the documented signed request protocol, and
       require an authentication header which is signed using with the project
       member's secret key.

    2. Explicit trusted requests

       Generally used for communications with client-side platforms (such as
       JavaScript in the browser), they require the GET variables public_key
       and project_id, as well as an HTTP_REFERER to be set from a trusted
       domain.

    3. Implicit trusted requests

       Used by the Sentry core, they are only available from same-domain requests
       and do not require any authentication information. They only require that
       the user be authenticated, and a project_id be sent in the GET variables.

    """
    logger.debug('Inbound %r request from %r', request.method, request.META['REMOTE_ADDR'])
    client = '<unknown client>'
    try:
        if request.method == 'POST':
            auth_vars = extract_auth_vars(request)
            data = request.raw_post_data

            if auth_vars:
                server_version = auth_vars.get('sentry_version', '1.0')
                client = auth_vars.get('sentry_client')
            else:
                server_version = request.GET.get('version', '1.0')
                client = request.META.get('HTTP_USER_AGENT', request.GET.get('client'))

            if server_version not in ('1.0', '2.0'):
                raise APIError('Client/server version mismatch: Unsupported version: %r' % server_version)

            if server_version != '1.0' and not client:
                raise APIError('Client request error: Missing client version identifier.')

            referrer = request.META.get('HTTP_REFERER')

            if auth_vars:
                project = project_from_auth_vars(auth_vars, data)
            elif request.GET.get('api_key') and request.GET.get('project_id'):
                # public requests only need referrer validation for CSRF
                project = project_from_api_key_and_id(request.GET['api_key'], request.GET['project_id'])
                if not ProjectDomain.test(project, referrer):
                    raise APIUnauthorized()
            elif request.GET.get('project_id') and request.user.is_authenticated() and \
                 is_same_domain(request.build_absolute_uri(), referrer):
                # authenticated users are simply trusted to provide the right id
                project = project_from_id(request)
            else:
                raise APIUnauthorized()

            if not data.startswith('{'):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            try:
                validate_data(project, data)
            except InvalidTimestamp:
                # Log the error, remove the timestamp, and revalidate
                error_logger.error('Client %r passed an invalid value for timestamp %r' % (
                    data['timestamp'],
                    client or '<unknown client>',
                ))
                del data['timestamp']
                validate_data(project, data)

            insert_data_to_database(data)
    except APIError, error:
        logging.error('Client %r raised API error: %s' % (client, error), exc_info=True)
        response = HttpResponse(unicode(error.msg), status=error.http_status)
Example #42
0
def test_safely_load_json_string_invalid_json():
    with pytest.raises(APIError):
        safely_load_json_string('{')
Example #43
0
    def process(self, request, project, auth, data, **kwargs):
        metrics.incr('events.total', 1)

        event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self))

        # TODO: improve this API (e.g. make RateLimit act on __ne__)
        rate_limit = safe_execute(app.quotas.is_rate_limited, project=project,
                                  _with_transaction=False)
        if isinstance(rate_limit, bool):
            rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)

        if rate_limit is not None and rate_limit.is_limited:
            app.tsdb.incr_multi([
                (app.tsdb.models.project_total_received, project.id),
                (app.tsdb.models.project_total_rejected, project.id),
                (app.tsdb.models.organization_total_received, project.organization_id),
                (app.tsdb.models.organization_total_rejected, project.organization_id),
            ])
            metrics.incr('events.dropped', 1)
            raise APIRateLimited(rate_limit.retry_after)
        else:
            app.tsdb.incr_multi([
                (app.tsdb.models.project_total_received, project.id),
                (app.tsdb.models.organization_total_received, project.organization_id),
            ])

        result = plugins.first('has_perm', request.user, 'create_event', project,
                               version=1)
        if result is False:
            metrics.incr('events.dropped', 1)
            raise APIForbidden('Creation of this event was blocked')

        content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')

        if content_encoding == 'gzip':
            data = decompress_gzip(data)
        elif content_encoding == 'deflate':
            data = decompress_deflate(data)
        elif not data.startswith('{'):
            data = decode_and_decompress_data(data)
        data = safely_load_json_string(data)

        try:
            # mutates data
            validate_data(project, data, auth.client)
        except InvalidData as e:
            raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e)))

        # mutates data
        manager = EventManager(data, version=auth.version)
        data = manager.normalize()

        scrub_ip_address = project.get_option('sentry:scrub_ip_address', False)

        # insert IP address if not available
        if auth.is_public and not scrub_ip_address:
            ensure_has_ip(data, request.META['REMOTE_ADDR'])

        event_id = data['event_id']

        # TODO(dcramer): ideally we'd only validate this if the event_id was
        # supplied by the user
        cache_key = 'ev:%s:%s' % (project.id, event_id,)

        if cache.get(cache_key) is not None:
            logger.warning('Discarded recent duplicate event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id)
            raise InvalidRequest('An event with the same ID already exists.')

        if project.get_option('sentry:scrub_data', True):
            # We filter data immediately before it ever gets into the queue
            inst = SensitiveDataFilter(project.get_option('sentry:sensitive_fields', None))
            inst.apply(data)

        if scrub_ip_address:
            # We filter data immediately before it ever gets into the queue
            ensure_does_not_have_ip(data)

        # mutates data (strips a lot of context if not queued)
        insert_data_to_database(data)

        cache.set(cache_key, '', 60 * 5)

        logger.debug('New event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id)

        return event_id
Example #44
0
File: api.py Project: nkabir/sentry
def store(request, project=None):
    """
    The primary endpoint for storing new events.

    This will validate the client's authentication and data, and if
    successfull pass on the payload to the internal database handler.

    Authentication works in three flavors:

    1. Explicit signed requests

       These are implemented using the documented signed request protocol, and
       require an authentication header which is signed using with the project
       member's secret key.

    2. CORS Secured Requests

       Generally used for communications with client-side platforms (such as
       JavaScript in the browser), they require a standard header, excluding
       the signature and timestamp requirements, and must be listed in the
       origins for the given project (or the global origins).

    3. Implicit trusted requests

       Used by the Sentry core, they are only available from same-domain requests
       and do not require any authentication information. They only require that
       the user be authenticated, and a project_id be sent in the GET variables.

    """
    logger.debug(
        "Inbound %r request from %r (%s)",
        request.method,
        request.META["REMOTE_ADDR"],
        request.META.get("HTTP_USER_AGENT"),
    )
    client = "<unknown client>"

    response = HttpResponse()

    if request.method == "POST":
        try:
            auth_vars = extract_auth_vars(request)
            data = request.raw_post_data

            if auth_vars:
                server_version = auth_vars.get("sentry_version", "1.0")
                client = auth_vars.get("sentry_client", request.META.get("HTTP_USER_AGENT"))
            else:
                server_version = request.GET.get("version", "1.0")
                client = request.META.get("HTTP_USER_AGENT", request.GET.get("client"))

            if server_version not in ("1.0", "2.0"):
                raise APIError("Client/server version mismatch: Unsupported version: %r" % server_version)

            if server_version != "1.0" and not client:
                raise APIError("Client request error: Missing client version identifier.")

            referrer = request.META.get("HTTP_REFERER")

            if auth_vars:
                # We only require a signature if a referrer was not set
                # (this is restricted via the CORS headers)
                project_ = project_from_auth_vars(auth_vars, data, require_signature=False)

                if not project:
                    project = project_
                elif project_ != project:
                    raise APIError("Project ID mismatch")

            elif request.user.is_authenticated() and is_same_domain(request.build_absolute_uri(), referrer):
                # authenticated users are simply trusted to provide the right id
                project_ = project_from_id(request)

                if not project:
                    project = project_
                elif project_ != project:
                    raise APIError("Project ID mismatch")

            else:
                raise APIUnauthorized()

            if not data.startswith("{"):
                data = decode_and_decompress_data(data)
            data = safely_load_json_string(data)

            try:
                validate_data(project, data, client)
            except InvalidData, e:
                raise APIError(u"Invalid data: %s" % unicode(e))

            insert_data_to_database(data)
        except APIError, error:
            logger.error("Client %r raised API error: %s", client, error, extra={"request": request}, exc_info=True)
            response = HttpResponse(unicode(error.msg), status=error.http_status)