Cleanup exception reporting, stop logging PDO exception stacks.

PDOException stacks include the MySQL password for the connection attempt and many people do not realize this when providing logs.

Author: DaneEveritt

CHANGELOG.md

@@ -12,6 +12,9 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * `[rc.1]` — Fixed a bug that would occur when attempting to reset the daemon secret for a node.
 * `[rc.1]` — Fix exception thrown when attempting to modify an existing database host.
 
+### Changed
+* Changed logger to skip reporting stack-traces on PDO exceptions due to sensitive information being contained within.
+
 ## v0.7.0-rc.1 (Derelict Dermodactylus)
 ### Fixed
 * `[beta.4]` — Fixes some bad search and replace action that happened previously and was throwing errors when validating user permissions.

app/Exceptions/Handler.php

@@ -3,6 +3,8 @@
 namespace Pterodactyl\Exceptions;
 
 use Exception;
+use PDOException;
+use Psr\Log\LoggerInterface;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Session\TokenMismatchException;
 use Illuminate\Validation\ValidationException;
@@ -43,17 +45,35 @@ class Handler extends ExceptionHandler
     ];
 
     /**
-     * Report or log an exception.
+     * Report or log an exception. Skips Laravel's internal reporter since we
+     * don't need or want the user information in our logs by default.
      *
-     * This is a great spot to send exceptions to Sentry, Bugsnag, etc.
+     * If you want to implement logging in a different format to integrate with
+     * services such as AWS Cloudwatch or other monitoring you can replace the
+     * contents of this function with a call to the parent reporter.
      *
      * @param \Exception $exception
+     * @return mixed
      *
      * @throws \Exception
      */
     public function report(Exception $exception)
     {
-        parent::report($exception);
+        if (! config('app.exceptions.report_all', false) && $this->shouldntReport($exception)) {
+            return null;
+        }
+
+        if (method_exists($exception, 'report')) {
+            return $exception->report();
+        }
+
+        try {
+            $logger = $this->container->make(LoggerInterface::class);
+        } catch (Exception $ex) {
+            throw $exception;
+        }
+
+        return $logger->error($exception instanceof PDOException ? $exception->getMessage() : $exception);
     }
 
     /**
@@ -71,6 +91,9 @@ public function render($request, Exception $exception)
     }
 
     /**
+     * Transform a validation exception into a consistent format to be returned for
+     * calls to the API.
+     *
      * @param \Illuminate\Http\Request                   $request
      * @param \Illuminate\Validation\ValidationException $exception
      * @return \Illuminate\Http\JsonResponse

config/app.php

@@ -133,6 +133,22 @@
 
     'log_level' => env('APP_LOG_LEVEL', 'info'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Exception Reporter Configuration
+    |--------------------------------------------------------------------------
+    |
+    | If you're encountering weird behavior with the Panel and no exceptions
+    | are being logged try changing the environment variable below to be true.
+    | This will override the default "don't report" behavior of the Panel and log
+    | all exceptions. This will be quite noisy.
+    |
+    */
+
+    'exceptions' => [
+        'report_all' => env('APP_REPORT_ALL_EXCEPTIONS', false),
+    ],
+
     /*
     |--------------------------------------------------------------------------
     | Autoloaded Service Providers