Catching panics in Core API and returning HTTP 500 (#554)

A continuation of #550 but
for Core API.

The implementation: use the `tower-http`'s `CatchPanic` layer to
transform panics into error responses.

Author: dhedey

core-rust/Cargo.lock

@@ -32,5 +32,6 @@ chrono = { version = "0.4.23", default-features = false, features = ["std"] }
 hex = { version = "0.4.3", default-features = false }
 futures = { version = "0.3" }
 axum = { version = "0.6.6", features = ["http1", "json"] }
+tower-http = { version = "0.4.0", features = ["catch-panic"] }
 hyper = { version = "0.14.20", features = ["server", "http1"] }
 paste = { version = "1.0.12", default-features = false }

core-rust/core-api-server/Cargo.toml

@@ -1,10 +1,13 @@
+use axum::body::BoxBody;
 use axum::{
     response::{IntoResponse, Response},
     Json,
 };
+use std::any::Any;
 
 use hyper::StatusCode;
 use radix_engine_interface::network::NetworkDefinition;
+use tower_http::catch_panic::ResponseForPanic;
 
 use super::models;
 use models::{
@@ -69,6 +72,23 @@ impl ErrorDetails for LtsTransactionSubmitErrorDetails {
     }
 }
 
+#[derive(Debug, Clone)]
+pub(crate) struct InternalServerErrorResponseForPanic;
+
+impl ResponseForPanic for InternalServerErrorResponseForPanic {
+    type ResponseBody = BoxBody;
+
+    fn response_for_panic(
+        &mut self,
+        _panic_payload: Box<dyn Any + Send + 'static>,
+    ) -> Response<Self::ResponseBody> {
+        // Please note that we deliberately do *not*:
+        // - log the panic payload (since the default panic handler already does this);
+        // - include the panic payload in the response (it may contain sensitive details).
+        server_error::<()>("Unexpected server error").into_response()
+    }
+}
+
 #[derive(Debug, Clone)]
 pub(crate) struct ResponseError<E: ErrorDetails> {
     status_code: StatusCode,

core-rust/core-api-server/src/core_api/errors.rs

@@ -76,13 +76,15 @@ use axum::{
 use parking_lot::RwLock;
 use radix_engine::types::{Categorize, Decode, Encode};
 use radix_engine_common::network::NetworkDefinition;
+use tower_http::catch_panic::CatchPanicLayer;
 use tracing::{debug, error, info, trace, warn, Level};
 
 use state_manager::jni::state_manager::ActualStateManager;
 
 use super::{constants::LARGE_REQUEST_MAX_BYTES, handlers::*, not_found_error, ResponseError};
 
 use crate::core_api::models::ErrorResponse;
+use crate::core_api::InternalServerErrorResponseForPanic;
 use handle_status_network_configuration as handle_provide_info_at_root_path;
 use state_manager::mempool::priority_mempool::PriorityMempool;
 use state_manager::mempool_manager::MempoolManager;
@@ -189,6 +191,7 @@ where
     let prefixed_router = Router::new()
         .nest("/core", router)
         .route("/", get(handle_no_core_path))
+        .layer(CatchPanicLayer::custom(InternalServerErrorResponseForPanic))
         .layer(map_response(emit_error_response_event));
 
     let bind_addr = bind_addr.parse().expect("Failed to parse bind address");
@@ -215,7 +218,7 @@ async fn emit_error_response_event(uri: Uri, response: Response) -> Response {
     let error_response = response.extensions().get::<ErrorResponse>();
     if let Some(error_response) = error_response {
         let level = resolve_level(response.status());
-        // the `event!(level, ...)` macro does not accept non-costant levels, hence we unroll:
+        // the `event!(level, ...)` macro does not accept non-constant levels, hence we unroll:
         match level {
             Level::TRACE => trace!(path = uri.path(), error = debug(error_response)),
             Level::DEBUG => debug!(path = uri.path(), error = debug(error_response)),