chore: bump version to 1.10.3

feat(sentry): integrate Sentry SDK with Next.js and configure DSN
- Added Sentry client, server, and edge configurations for enhanced error monitoring. - Updated `.env.example` and `docker-compose` to include `NEXT_PUBLIC_SENTRY_DSN`. - Modified `next.config.ts` to use `withSentryConfig` for source map uploads. - Installed `@sentry/nextjs` as a dependency and updated `pnpm-lock.yaml`.
2026-02-09 14:02:25 +01:00 · 2026-02-09 14:00:28 +01:00 · 2026-02-09 13:00:26 +01:00 · 2026-02-09 12:57:31 +01:00 · 2026-02-09 11:45:50 +01:00 · 2026-02-09 11:45:12 +01:00
19 changed files with 1245 additions and 47 deletions
--- a/.env.example
+++ b/.env.example
@@ -42,6 +42,8 @@ DOMAIN_NAME=localhost
 ENABLE_CORS=false
 CORS_DOMAIN_NAME=localhost
 SENTRY_DSN=
 NEXT_PUBLIC_SENTRY_DSN=
 # Media Limits (in KB)
 MAX_IMAGE_SIZE_KB=512
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -106,3 +106,5 @@ jobs:
          MAIL_FROM: ${{ secrets.MAIL_FROM }}
          DOMAIN_NAME: ${{ secrets.DOMAIN_NAME }}
          NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
          NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }}
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@memegoat/backend",
-	"version": "1.9.7",
+	"version": "1.10.3",
 	"description": "",
 	"author": "",
 	"private": true,
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -103,10 +103,9 @@ export class AuthService {
 	}
 	async login(dto: LoginDto, userAgent?: string, ip?: string) {
-		this.logger.log(`Login attempt for email: ${dto.email}`);
+		const emailHash = await this.hashingService.hashEmail(dto.email);
-		const { email, password } = dto;
+		this.logger.log(`Login attempt for email hash: ${emailHash}`);
-
+		const { password } = dto;
 		const emailHash = await this.hashingService.hashEmail(email);
 		const user = await this.usersService.findByEmailHash(emailHash);
 		if (!user) {
--- a/backend/src/common/filters/http-exception.filter.spec.ts
+++ b/backend/src/common/filters/http-exception.filter.spec.ts
@@ -0,0 +1,90 @@
 import { ArgumentsHost, HttpException, HttpStatus } from "@nestjs/common";
 import { Test, TestingModule } from "@nestjs/testing";
 import * as Sentry from "@sentry/nestjs";
 import { AllExceptionsFilter } from "./http-exception.filter";
 jest.mock("@sentry/nestjs", () => ({
 	captureException: jest.fn(),
 	withScope: jest.fn((callback) => {
 		const scope = {
 			setUser: jest.fn(),
 			setTag: jest.fn(),
 			setExtra: jest.fn(),
 		};
 		callback(scope);
 		return scope;
 	}),
 }));
 describe("AllExceptionsFilter", () => {
 	let filter: AllExceptionsFilter;
 	beforeEach(async () => {
 		const module: TestingModule = await Test.createTestingModule({
 			providers: [AllExceptionsFilter],
 		}).compile();
 		filter = module.get<AllExceptionsFilter>(AllExceptionsFilter);
 	});
 	it("should hash the IP address and send it to Sentry for 500 errors", () => {
 		const mockResponse = {
 			status: jest.fn().mockReturnThis(),
 			json: jest.fn().mockReturnThis(),
 		};
 		const mockRequest = {
 			url: "/test",
 			method: "GET",
 			ip: "127.0.0.1",
 			user: { sub: "user-123" },
 		};
 		const mockArgumentsHost = {
 			switchToHttp: () => ({
 				getResponse: () => mockResponse,
 				getRequest: () => mockRequest,
 			}),
 		} as ArgumentsHost;
 		const exception = new Error("Internal Server Error");
 		filter.catch(exception, mockArgumentsHost);
 		expect(mockResponse.status).toHaveBeenCalledWith(
 			HttpStatus.INTERNAL_SERVER_ERROR,
 		);
 		expect(Sentry.withScope).toHaveBeenCalled();
 		// Vérifier que captureException a été appelé (via withScope)
 		expect(Sentry.captureException).toHaveBeenCalledWith(exception);
 	});
 	it("should include hashed IP in logs", () => {
 		const loggerSpy = jest.spyOn((filter as any).logger, "warn");
 		const mockResponse = {
 			status: jest.fn().mockReturnThis(),
 			json: jest.fn().mockReturnThis(),
 		};
 		const mockRequest = {
 			url: "/test",
 			method: "GET",
 			ip: "1.2.3.4",
 		};
 		const mockArgumentsHost = {
 			switchToHttp: () => ({
 				getResponse: () => mockResponse,
 				getRequest: () => mockRequest,
 			}),
 		} as ArgumentsHost;
 		const exception = new HttpException("Bad Request", HttpStatus.BAD_REQUEST);
 		filter.catch(exception, mockArgumentsHost);
 		expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.BAD_REQUEST);
 		// L'IP 1.2.3.4 hachée en SHA256 contient un hash de 64 caractères
 		const logCall = loggerSpy.mock.calls[0][0];
 		expect(logCall).toMatch(/[a-f0-9]{64}/);
 		expect(logCall).not.toContain("1.2.3.4");
 	});
 });
--- a/backend/src/common/filters/http-exception.filter.ts
+++ b/backend/src/common/filters/http-exception.filter.ts
@@ -1,3 +1,4 @@
 import { createHash } from "node:crypto";
 import {
 	ArgumentsHost,
 	Catch,
@@ -39,6 +40,11 @@ export class AllExceptionsFilter implements ExceptionFilter {
 		const userId = request.user?.sub || request.user?.id;
 		const userPart = userId ? `[User: ${userId}] ` : "";
 		const ip = request.ip || "unknown";
 		const hashedIp = createHash("sha256")
 			.update(ip as string)
 			.digest("hex");
 		const errorResponse = {
 			statusCode: status,
 			timestamp: new Date().toISOString(),
@@ -51,14 +57,20 @@ export class AllExceptionsFilter implements ExceptionFilter {
 		};
 		if (status === HttpStatus.INTERNAL_SERVER_ERROR) {
-			Sentry.captureException(exception);
+			Sentry.withScope((scope) => {
 				scope.setUser({
 					id: userId,
 					ip_address: hashedIp,
 				});
 				Sentry.captureException(exception);
 			});
 			this.logger.error(
-				`${userPart}${request.method} ${request.url} - Error: ${exception instanceof Error ? exception.message : "Unknown error"}`,
+				`${userPart}${hashedIp} ${request.method} ${request.url} - Error: ${exception instanceof Error ? exception.message : "Unknown error"}`,
 				exception instanceof Error ? exception.stack : "",
 			);
 		} else {
 			this.logger.warn(
-				`${userPart}${request.method} ${request.url} - Status: ${status} - Message: ${JSON.stringify(message)}`,
+				`${userPart}${hashedIp} ${request.method} ${request.url} - Status: ${status} - Message: ${JSON.stringify(message)}`,
 			);
 		}
--- a/backend/src/common/middlewares/crawler-detection.middleware.ts
+++ b/backend/src/common/middlewares/crawler-detection.middleware.ts
@@ -1,3 +1,4 @@
 import { createHash } from "node:crypto";
 import { CACHE_MANAGER } from "@nestjs/cache-manager";
 import { Inject, Injectable, Logger, NestMiddleware } from "@nestjs/common";
 import type { Cache } from "cache-manager";
@@ -48,11 +49,15 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
 		const { method, url, ip } = req;
 		const userAgent = req.get("user-agent") || "unknown";
 		const hashedIp = createHash("sha256")
 			.update(ip as string)
 			.digest("hex");
 		// Vérifier si l'IP est bannie
 		try {
 			const isBanned = await this.cacheManager.get(`banned_ip:${ip}`);
 			if (isBanned) {
-				this.logger.warn(`Banned IP attempt: ${ip} -> ${method} ${url}`);
+				this.logger.warn(`Banned IP attempt: ${hashedIp} -> ${method} ${url}`);
 				res.status(403).json({
 					message: "Access denied: Your IP has been temporarily banned.",
 				});
@@ -60,7 +65,7 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
 			}
 		} catch (error) {
 			this.logger.error(
-				`Error checking ban status for IP ${ip}: ${error.message}`,
+				`Error checking ban status for IP ${hashedIp}: ${error.message}`,
 			);
 			// On continue même en cas d'erreur Redis pour ne pas bloquer les utilisateurs légitimes
 		}
@@ -76,14 +81,14 @@ export class CrawlerDetectionMiddleware implements NestMiddleware {
 				if (isSuspiciousPath || isBotUserAgent) {
 					this.logger.warn(
-						`Potential crawler detected: [${ip}] ${method} ${url} - User-Agent: ${userAgent}`,
+						`Potential crawler detected: [${hashedIp}] ${method} ${url} - User-Agent: ${userAgent}`,
 					);
 					// Bannir l'IP pour 24h via Redis
 					try {
 						await this.cacheManager.set(`banned_ip:${ip}`, true, 86400000);
 					} catch (error) {
-						this.logger.error(`Error banning IP ${ip}: ${error.message}`);
+						this.logger.error(`Error banning IP ${hashedIp}: ${error.message}`);
 					}
 				}
 			}
--- a/backend/src/health.controller.spec.ts
+++ b/backend/src/health.controller.spec.ts
@@ -1,8 +1,13 @@
 import { CACHE_MANAGER } from "@nestjs/cache-manager";
 import { Test, TestingModule } from "@nestjs/testing";
 import * as Sentry from "@sentry/nestjs";
 import { DatabaseService } from "./database/database.service";
 import { HealthController } from "./health.controller";
 jest.mock("@sentry/nestjs", () => ({
 	getClient: jest.fn(),
 }));
 describe("HealthController", () => {
 	let controller: HealthController;
@@ -37,10 +42,15 @@ describe("HealthController", () => {
 	it("should return ok if database and redis are connected", async () => {
 		mockDb.execute.mockResolvedValue([]);
 		mockCacheManager.set.mockResolvedValue(undefined);
 		(Sentry.getClient as jest.Mock).mockReturnValue({
 			getOptions: () => ({ dsn: "http://dsn" }),
 		});
 		const result = await controller.check();
 		expect(result.status).toBe("ok");
 		expect(result.database).toBe("connected");
 		expect(result.redis).toBe("connected");
 		expect(result.sentry).toBe("active");
 	});
 	it("should return error if database is disconnected", async () => {
@@ -62,4 +72,19 @@ describe("HealthController", () => {
 		expect(result.redis).toBe("disconnected");
 		expect(result.redisError).toBe("Redis Error");
 	});
 	it("should return sentry disabled if client or dsn is missing", async () => {
 		mockDb.execute.mockResolvedValue([]);
 		mockCacheManager.set.mockResolvedValue(undefined);
 		(Sentry.getClient as jest.Mock).mockReturnValue(undefined);
 		const result = await controller.check();
 		expect(result.sentry).toBe("disabled");
 		(Sentry.getClient as jest.Mock).mockReturnValue({
 			getOptions: () => ({ dsn: undefined }),
 		});
 		const result2 = await controller.check();
 		expect(result2.sentry).toBe("disabled");
 	});
 });
--- a/backend/src/health.controller.ts
+++ b/backend/src/health.controller.ts
@@ -1,5 +1,6 @@
 import { CACHE_MANAGER } from "@nestjs/cache-manager";
 import { Controller, Get, Inject } from "@nestjs/common";
 import * as Sentry from "@sentry/nestjs";
 import type { Cache } from "cache-manager";
 import { sql } from "drizzle-orm";
 import { DatabaseService } from "./database/database.service";
@@ -39,6 +40,14 @@ export class HealthController {
 			health.redisError = error.message;
 		}
 		// Check Sentry status
 		const sentryClient = Sentry.getClient();
 		if (sentryClient?.getOptions().dsn) {
 			health.sentry = "active";
 		} else {
 			health.sentry = "disabled";
 		}
 		return health;
 	}
 }
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@@ -1,6 +1,8 @@
 import { createHash } from "node:crypto";
 import { Logger, ValidationPipe } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import { NestFactory } from "@nestjs/core";
 import { NestExpressApplication } from "@nestjs/platform-express";
 import * as Sentry from "@sentry/nestjs";
 import { nodeProfilingIntegration } from "@sentry/profiling-node";
 import helmet from "helmet";
@@ -8,19 +10,44 @@ import { AppModule } from "./app.module";
 import { AllExceptionsFilter } from "./common/filters/http-exception.filter";
 async function bootstrap() {
-	const app = await NestFactory.create(AppModule);
+	const app = await NestFactory.create<NestExpressApplication>(AppModule);
 	const configService = app.get(ConfigService);
 	const logger = new Logger("Bootstrap");
 	// Activer trust proxy pour récupérer l'IP réelle derrière un reverse proxy
 	app.set("trust proxy", true);
 	const sentryDsn = configService.get<string>("SENTRY_DSN");
 	if (sentryDsn) {
-		Sentry.init({
+		try {
-			dsn: sentryDsn,
+			Sentry.init({
-			integrations: [nodeProfilingIntegration()],
+				dsn: sentryDsn,
-			tracesSampleRate: 1.0,
+				integrations: [Sentry.nestIntegration(), nodeProfilingIntegration()],
-			profilesSampleRate: 1.0,
+				tracesSampleRate: 1.0,
-			sendDefaultPii: false, // RGPD
+				profilesSampleRate: 1.0,
-		});
+				sendDefaultPii: false, // RGPD
 				beforeSend(event) {
 					// Hachage de l'IP utilisateur pour Sentry si elle est présente
 					if (event.user?.ip_address) {
 						event.user.ip_address = createHash("sha256")
 							.update(event.user.ip_address)
 							.digest("hex");
 					}
 					return event;
 				},
 			});
 			const client = Sentry.getClient();
 			if (client?.getOptions().dsn) {
 				logger.log("Sentry is initialized and connection is active");
 			} else {
 				logger.warn("Sentry initialized but DSN is missing");
 			}
 		} catch (error) {
 			logger.error(`Failed to initialize Sentry: ${error.message}`);
 		}
 	} else {
 		logger.warn("Sentry is disabled (SENTRY_DSN not configured)");
 	}
 	// Sécurité
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -104,6 +104,7 @@ services:
      ENABLE_CORS: ${ENABLE_CORS:-true}
      CLAMAV_HOST: memegoat-clamav
      CLAMAV_PORT: 3310
      SENTRY_DSN: ${SENTRY_DSN}
      MAX_IMAGE_SIZE_KB: 1024
      MAX_GIF_SIZE_KB: 4096
@@ -133,6 +134,7 @@ services:
      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-https://api.memegoat.fr}
      NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-https://memegoat.fr}
      NEXT_PUBLIC_CONTACT_EMAIL: ${MAIL_FROM:-noreply@memegoat.fr}
      NEXT_PUBLIC_SENTRY_DSN: ${NEXT_PUBLIC_SENTRY_DSN}
    depends_on:
      - backend
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -98,6 +98,7 @@ services:
      ENABLE_CORS: ${ENABLE_CORS:-true}
      CLAMAV_HOST: clamav
      CLAMAV_PORT: 3310
      SENTRY_DSN: ${SENTRY_DSN}
  clamav:
    image: clamav/clamav:1.4
@@ -121,6 +122,7 @@ services:
    environment:
      NODE_ENV: production
      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3000}
      NEXT_PUBLIC_SENTRY_DSN: ${NEXT_PUBLIC_SENTRY_DSN}
    depends_on:
      - backend
--- a/frontend/next.config.ts
+++ b/frontend/next.config.ts
@@ -1,3 +1,4 @@
 import { withSentryConfig } from "@sentry/nextjs";
 import type { NextConfig } from "next";
 const appUrl = process.env.NEXT_PUBLIC_APP_URL || "https://memegoat.fr";
@@ -29,4 +30,23 @@ const nextConfig: NextConfig = {
 	output: "standalone",
 };
-export default nextConfig;
+export default withSentryConfig(nextConfig, {
 	// For all available options, see:
 	// https://github.com/getsentry/sentry-webpack-plugin#options
 	org: "yidhra",
 	project: "javascript-nextjs",
 	// Only print logs for uploading source maps in CI
 	silent: !process.env.CI,
 	// For all available options, see:
 	// https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/
 	// Upload a larger set of source maps for prettier stack traces (increases build time)
 	widenClientFileUpload: true,
 	// Route browser requests to Sentry through a Next.js rewrite to circumvent ad-blockers.
 	// This can increase your server load as well as your Sentry bill.
 	tunnelRoute: "/monitoring",
 });
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@memegoat/frontend",
-	"version": "1.9.7",
+	"version": "1.10.3",
 	"private": true,
 	"scripts": {
 		"dev": "next dev",
@@ -38,6 +38,7 @@
 		"@radix-ui/react-toggle": "^1.1.10",
 		"@radix-ui/react-toggle-group": "^1.1.11",
 		"@radix-ui/react-tooltip": "^1.2.8",
 		"@sentry/nextjs": "^10.38.0",
 		"axios": "^1.13.2",
 		"class-variance-authority": "^0.7.1",
 		"clsx": "^2.1.1",
--- a/frontend/sentry.client.config.ts
+++ b/frontend/sentry.client.config.ts
@@ -0,0 +1,22 @@
 import * as Sentry from "@sentry/nextjs";
 Sentry.init({
  dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
  // Ajustez ces valeurs en production
  tracesSampleRate: 1.0,
  // Replay est activé par défaut
  replaysSessionSampleRate: 0.1,
  replaysOnErrorSampleRate: 1.0,
  integrations: [
    Sentry.replayIntegration({
      maskAllText: true,
      blockAllMedia: true,
    }),
  ],
  // Protection PII
  sendDefaultPii: false,
 });
--- a/frontend/sentry.edge.config.ts
+++ b/frontend/sentry.edge.config.ts
@@ -0,0 +1,11 @@
 import * as Sentry from "@sentry/nextjs";
 Sentry.init({
  dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
  // Ajustez ces valeurs en production
  tracesSampleRate: 1.0,
  // Protection PII
  sendDefaultPii: false,
 });
--- a/frontend/sentry.server.config.ts
+++ b/frontend/sentry.server.config.ts
@@ -0,0 +1,22 @@
 import { createHash } from "node:crypto";
 import * as Sentry from "@sentry/nextjs";
 Sentry.init({
  dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
  // Ajustez ces valeurs en production
  tracesSampleRate: 1.0,
  // Protection PII
  sendDefaultPii: false,
  beforeSend(event) {
    // Hachage de l'IP utilisateur pour Sentry si elle est présente
    if (event.user?.ip_address) {
      event.user.ip_address = createHash("sha256")
        .update(event.user.ip_address)
        .digest("hex");
    }
    return event;
  },
 });
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@memegoat/source",
-  "version": "1.9.7",
+  "version": "1.10.3",
  "description": "",
  "scripts": {
    "version:get": "cmake -P version.cmake GET",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
Author	SHA1	Message	Date
Mathis HERRIOT	1a03384b49	chore: bump version to 1.10.3 Some checks failed CI/CD Pipeline / Valider frontend (push) Failing after 1m12s Details CI/CD Pipeline / Valider backend (push) Successful in 1m50s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m57s Details CI/CD Pipeline / Déploiement en Production (push) Has been skipped Details	2026-02-09 14:02:25 +01:00
Mathis HERRIOT	3f7e592600	feat(sentry): integrate Sentry SDK with Next.js and configure DSN - Added Sentry client, server, and edge configurations for enhanced error monitoring. - Updated `.env.example` and `docker-compose` to include `NEXT_PUBLIC_SENTRY_DSN`. - Modified `next.config.ts` to use `withSentryConfig` for source map uploads. - Installed `@sentry/nextjs` as a dependency and updated `pnpm-lock.yaml`.	2026-02-09 14:00:28 +01:00
Mathis HERRIOT	f7cd514997	chore: bump version to 1.10.2 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m47s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m52s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m55s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m48s Details	2026-02-09 13:00:26 +01:00
Mathis HERRIOT	3a4f6624fc	feat(health): add Sentry status check to health endpoint - Integrated Sentry status check functionality in the health controller. - Updated tests to validate Sentry active/disabled states. - Improved Sentry initialization with enhanced logging and error handling.	2026-02-09 12:57:31 +01:00
Mathis HERRIOT	8a146a2e1d	chore: bump version to 1.10.1 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m47s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m54s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m56s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m50s Details	2026-02-09 11:45:50 +01:00
Mathis HERRIOT	1ab6e1a969	refactor: adjust imports and streamline code for consistency - Reorganized import statements in multiple files for better readability. - Refined `auth.service` to remove unused `email` variable in `login` function. - Cleaned up whitespace and formatting in `http-exception.filter.spec.ts`.	2026-02-09 11:45:12 +01:00
Mathis HERRIOT	e27a98ca89	chore: bump version to 1.10.0 Some checks failed CI/CD Pipeline / Valider backend (push) Failing after 1m7s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m54s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m57s Details CI/CD Pipeline / Déploiement en Production (push) Has been skipped Details	2026-02-09 11:28:22 +01:00
Mathis HERRIOT	7b22fd9a4e	feat(environment): add Sentry DSN configuration to docker-compose files and .env example	2026-02-09 11:28:02 +01:00
Mathis HERRIOT	0706c47a33	feat(logging): hash IP addresses in logs and Sentry integration - Implemented IP hashing using SHA256 in logs for enhanced privacy. - Updated Sentry integration to hash IP addresses before sending events. - Enhanced `AllExceptionsFilter` and `crawler-detection.middleware` to use hashed IPs in logs and error handling. - Refined request logging in `auth.service` to include hashed email instead of plain text email.	2026-02-09 11:05:53 +01:00
Mathis HERRIOT	378c41ddb2	feat(app): enable trust proxy and update app initialization - Activated `trust proxy` setting to retrieve real IP behind reverse proxies. - Updated app initialization to use `NestExpressApplication`.	2026-02-09 10:55:11 +01:00