Proxy without API Key
markalroberts
Posted on
Nov 19 2015
Hello,
We are just starting a trial of RayGun with a view to migrating our application over to use it.
It seems really good, except there is potentially one show stopper for us.
The product we produce is installed by customers (it is a .Net service/Web application hybrid) and we don't want to leak the API key - i.e. a malicious hacker could then download our software and use the API key to flood exceptions.
We don't want to rely on obfuscation. I think that what we would like to do is proxy the payload via our own servers without the need for the API key to be on the client
We already do something a but like this with MixPanel where we package up our own message and then resend it to MixPanel behind our firewall.
If RayGun allowed us to get the message and send it to a custom endpoint where we could augment it with the API key and bounce it on to Raygun, that would be helpful.
Can this be done?
Thank you, Mark.
markalroberts
Posted on
Nov 19 2015
Ok, worked out how to get the message so I can forward on server-side:
using System;
using System.IO;
using System.Net;
using Mindscape.Raygun4Net;
using Mindscape.Raygun4Net.Messages;
using Newtonsoft.Json;
using Newtonsoft.Json.Serialization;
using NUnit.Framework;
namespace RayGunWrapperTest
{
[TestFixture]
public class RayGunTests
{
private class RayGunWrapper
{
private readonly RaygunClient m_RaygunClient;
public RayGunWrapper()
{
m_RaygunClient = new RaygunClient("EP+aZz7ZDPuovdhPXLYWXA=="); // Not a valid API key!
m_RaygunClient.SendingMessage += RaygunClientOnSendingMessage;
}
private void RaygunClientOnSendingMessage(object sender, RaygunSendingMessageEventArgs raygunSendingMessageEventArgs)
{
raygunSendingMessageEventArgs.Cancel = true; // Override the default
WrapAndSendMessage(raygunSendingMessageEventArgs.Message);
}
private static void WrapAndSendMessage(RaygunMessage raygunMessage)
{
var wrappedMessage = new {Type = "RayGun", raygunMessage};
var json = JsonConvert.SerializeObject(wrappedMessage, Formatting.Indented, new JsonSerializerSettings {ContractResolver = new CamelCasePropertyNamesContractResolver()});
SendMessage(json);
}
private static void SendMessage(string json)
{
var request = (HttpWebRequest)WebRequest.Create("http://our-endpoint.com");
request.ContentType = "text/json";
request.Method = "POST";
using (var streamWriter = new StreamWriter(request.GetRequestStream()))
{
streamWriter.Write(json);
}
var response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode != HttpStatusCode.OK)
{
// Probably log this locally
}
}
public void Send(Exception exception)
{
m_RaygunClient.Send(exception);
}
}
[Test]
public void Test()
{
var raygunWrapper = new RayGunWrapper();
try
{
throw new Exception("Blah");
}
catch (Exception e)
{
raygunWrapper.Send(e);
}
}
}
}
Jamie Penney
Posted on
Nov 20 2015
Hey Mark,
You can redirect errors to your own endpoint by setting the endpoint attribute on <RaygunSettings />
. It defaults to endpoint="https://api.raygun.io/entries"
, but it doesn't matter what you set that to. You'll still need to set an API key as there is a check in the library to make sure it's been specified, but you could set it to a nonsense value since your proxy won't be checking it.
Cheers, Jamie