health_check_rb 4.0.0

data/lib/health_check_rb/health_check_controller.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+module HealthCheckRb
+  class HealthCheckController < ActionController::Base
+    layout false if respond_to? :layout
+    before_action :check_origin_ip
+    before_action :authenticate
+
+    def index
+      last_modified = Time.now.utc
+      max_age = HealthCheckRb.max_age
+      last_modified = Time.at((last_modified.to_f / max_age).floor * max_age).utc if max_age > 1
+      is_public = (max_age > 1) && !HealthCheckRb.basic_auth_username
+      return unless stale? last_modified: last_modified, public: is_public
+
+      checks = params[:checks] ? params[:checks].split('_') : ['standard']
+      checks -= HealthCheckRb.middleware_checks if HealthCheckRb.installed_as_middleware
+      begin
+        errors = HealthCheckRb::Utils.process_checks checks
+      rescue StandardError => e
+        errors = e.message.blank? ? e.class.to_s : e.message.to_s
+      end
+      response.headers['Cache-Control'] = "must-revalidate, max-age=#{max_age}"
+      if errors.blank?
+        send_response true, nil, :ok, :ok
+        HealthCheckRb.success_callbacks&.each do |callback|
+          callback.call checks
+        end
+      else
+        msg = HealthCheckRb.include_error_in_response_body ? "#{HealthCheckRb.failure}: #{errors}" : nil
+        send_response false, msg, HealthCheckRb.http_status_for_error_text, HealthCheckRb.http_status_for_error_object
+
+        # Log a single line as some uptime checkers only record that it failed, not the text returned
+        msg = "#{HealthCheckRb.failure}: #{errors}"
+        logger.send HealthCheckRb.log_level, msg if logger && HealthCheckRb.log_level
+        HealthCheckRb.failure_callbacks&.each do |callback|
+          callback.call checks, msg
+        end
+      end
+    end
+
+    protected
+
+    def send_response(healthy, msg, text_status, obj_status)
+      msg ||= healthy ? HealthCheckRb.success : HealthCheckRb.failure
+      obj = { healthy: healthy, message: msg }
+      respond_to do |format|
+        format.html { render plain: msg, status: text_status, content_type: 'text/plain' }
+        format.json { render json: obj, status: obj_status }
+        format.xml { render xml: obj, status: obj_status }
+        format.any { render plain: msg, status: text_status, content_type: 'text/plain' }
+      end
+    end
+
+    def authenticate
+      return unless HealthCheckRb.basic_auth_username && HealthCheckRb.basic_auth_password
+
+      authenticate_or_request_with_http_basic 'Health Check' do |username, password|
+        username == HealthCheckRb.basic_auth_username && password == HealthCheckRb.basic_auth_password
+      end
+    end
+
+    def check_origin_ip
+      request_ipaddr = IPAddr.new(HealthCheckRb.accept_proxied_requests ? request.remote_ip : request.ip)
+      unless HealthCheckRb.origin_ip_whitelist.blank? ||
+             HealthCheckRb.origin_ip_whitelist.any? { |addr| IPAddr.new(addr).include? request_ipaddr }
+        render plain: 'Health check is not allowed for the requesting IP',
+               status: HealthCheckRb.http_status_for_ip_whitelist_error,
+               content_type: 'text/plain'
+      end
+    end
+
+    # turn cookies for CSRF off
+    def protect_against_forgery?
+      false
+    end
+  end
+end

data/lib/health_check_rb/health_check_routes.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  module Routing
+    class Mapper
+      def health_check_rb_routes(prefix = nil)
+        HealthCheckRb::Engine.routes_explicitly_defined = true
+        add_health_check_rb_routes prefix
+      end
+
+      def add_health_check_rb_routes(prefix = nil)
+        HealthCheckRb.uri = prefix if prefix
+        match "#{HealthCheckRb.uri}(/:checks)(.:format)", controller: 'health_check_rb/health_check', action: :index, via: %i[get post],
+                                                          defaults: { format: 'txt' }
+      end
+    end
+  end
+end

data/lib/health_check_rb/middleware_health_check.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+module HealthCheckRb
+  class MiddlewareHealthcheck
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      (response_type, middleware_checks, full_stack_checks) = parse_env env
+      if response_type
+        if (error_response = ip_blocked(env) || not_authenticated(env))
+          return error_response
+        end
+
+        HealthCheckRb.installed_as_middleware = true
+        errors = ''
+        begin
+          # Process the checks to be run from middleware
+          errors = HealthCheckRb::Utils.process_checks middleware_checks,
+                                                       called_from_middleware: true
+          # Process remaining checks through the full stack if there are any
+          return @app.call env unless full_stack_checks.empty?
+        rescue StandardError => e
+          errors = e.message.blank? ? e.class.to_s : e.message.to_s
+        end
+        healthy = errors.blank?
+        msg = healthy ? HealthCheckRb.success : "health_check failed: #{errors}"
+        if response_type == 'xml'
+          content_type = 'text/xml'
+          msg = { healthy: healthy, message: msg }.to_xml
+          error_code = HealthCheckRb.http_status_for_error_object
+        elsif response_type == 'json'
+          content_type = 'application/json'
+          msg = { healthy: healthy, message: msg }.to_json
+          error_code = HealthCheckRb.http_status_for_error_object
+        else
+          content_type = 'text/plain'
+          error_code = HealthCheckRb.http_status_for_error_text
+        end
+        [(healthy ? 200 : error_code), { 'Content-Type' => content_type }, [msg]]
+      else
+        @app.call env
+      end
+    end
+
+    protected
+
+    def parse_env(env)
+      uri = env['PATH_INFO']
+      return unless uri =~ %r{^/#{Regexp.escape HealthCheckRb.uri}(/([-_0-9a-zA-Z]*))?(\.(\w*))?$}
+
+      checks = ::Regexp.last_match(2).to_s == '' ? ['standard'] : ::Regexp.last_match(2).split('_')
+      response_type = ::Regexp.last_match(4).to_s
+      middleware_checks = checks & HealthCheckRb.middleware_checks
+      full_stack_checks = (checks - HealthCheckRb.middleware_checks) - ['and']
+      [response_type, middleware_checks, full_stack_checks]
+    end
+
+    def ip_blocked(env)
+      return false if HealthCheckRb.origin_ip_whitelist.blank?
+
+      req = Rack::Request.new env
+      request_ipaddr = IPAddr.new req.ip
+      return if HealthCheckRb.origin_ip_whitelist.any? { |addr| IPAddr.new(addr).include? request_ipaddr }
+
+      [HealthCheckRb.http_status_for_ip_whitelist_error,
+       { 'Content-Type' => 'text/plain' },
+       ['Health check is not allowed for the requesting IP']]
+    end
+
+    def not_authenticated(env)
+      return false unless HealthCheckRb.basic_auth_username && HealthCheckRb.basic_auth_password
+
+      auth = MiddlewareHealthcheck::Request.new env
+      if auth.provided? && auth.basic? && Rack::Utils.secure_compare(HealthCheckRb.basic_auth_username,
+                                                                     auth.username) && Rack::Utils.secure_compare(
+                                                                       HealthCheckRb.basic_auth_password, auth.password
+                                                                     )
+        env['REMOTE_USER'] = auth.username
+        return false
+      end
+      [401,
+       { 'Content-Type' => 'text/plain', 'WWW-Authenticate' => 'Basic realm="Health Check"' },
+       []]
+    end
+
+    class Request < Rack::Auth::AbstractRequest
+      def basic?
+        scheme == 'basic'
+      end
+
+      def credentials
+        @credentials ||= params.unpack1('m*').split(':', 2)
+      end
+
+      def username
+        credentials.first
+      end
+
+      def password
+        credentials.last
+      end
+    end
+  end
+end

data/lib/health_check_rb/utils.rb

@@ -0,0 +1,194 @@
+# frozen_string_literal: true
+
+module HealthCheckRb
+  class Utils
+    # TODO: convert class variables to better solution
+    # rubocop: disable Style/ClassVars
+    @@default_smtp_settings =
+      {
+        address: 'localhost',
+        port: 25,
+        domain: 'localhost.localdomain',
+        user_name: nil,
+        password: nil,
+        authentication: nil,
+        enable_starttls_auto: true
+      }
+    # rubocop: enable Style/ClassVars
+
+    cattr_writer :db_migrate_path
+    cattr_accessor :default_smtp_settings
+
+    class << self
+      # process an array containing a list of checks
+      def process_checks(checks, called_from_middleware: false)
+        errors = +''
+        checks.each do |check|
+          case check
+          when 'and', 'site'
+          # do nothing
+          when 'database'
+            HealthCheckRb::Utils.database_version
+          when 'email'
+            errors << HealthCheckRb::Utils.check_email
+          when 'emailconf'
+            errors << HealthCheckRb::Utils.check_email if HealthCheckRb::Utils.mailer_configured?
+          when 'migrations', 'migration'
+            if defined?(ActiveRecord::Migration) && ActiveRecord::Migration.respond_to?(:check_all_pending!)
+              # Rails 7.2+
+              begin
+                ActiveRecord::Migration.check_all_pending!
+              rescue ActiveRecord::PendingMigrationError => e
+                errors << e.message
+              end
+            else
+              database_version  = HealthCheckRb::Utils.database_version
+              migration_version = HealthCheckRb::Utils.migration_version
+              if database_version.to_i != migration_version.to_i
+                errors << "Current database version (#{database_version}) does not match latest migration (#{migration_version}). "
+              end
+            end
+          when 'cache'
+            errors << HealthCheckRb::Utils.check_cache
+          when 'resque-redis-if-present'
+            errors << HealthCheckRb::Check::Resque.check if defined?(::Resque)
+          when 'sidekiq-redis-if-present'
+            errors << HealthCheckRb::Check::Sidekiq.check if defined?(::Sidekiq)
+          when 'redis-if-present'
+            errors << HealthCheckRb::CheckRedis.check if defined?(::Redis)
+          when 's3-if-present'
+            errors << HealthCheckRb::Check::S3.check if defined?(::Aws)
+          when 'elasticsearch-if-present'
+            errors << HealthCheckRb::Check::Elasticsearch.check if defined?(::Elasticsearch)
+          when 'resque-redis'
+            errors << HealthCheckRb::Check::Resque.check
+          when 'sidekiq-redis'
+            errors << HealthCheckRb::Check::Sidekiq.check
+          when 'redis'
+            errors << HealthCheckRb::Check::Redis.check
+          when 's3'
+            errors << HealthCheckRb::Check::S3.check
+          when 'elasticsearch'
+            errors << HealthCheckRb::Check::Elasticsearch.check
+          when 'rabbitmq'
+            errors << HealthCheckRb::Check::RabbitMQ.check
+          when 'standard'
+            errors << HealthCheckRb::Utils.process_checks(HealthCheckRb.standard_checks, called_from_middleware:)
+          when 'middleware'
+            errors << 'Health check not called from middleware - probably not installed as middleware.' unless called_from_middleware
+          when 'custom'
+            HealthCheckRb.custom_checks.each_value do |list|
+              list.each do |custom_check|
+                errors << custom_check.call(self)
+              end
+            end
+          when 'all', 'full'
+            errors << HealthCheckRb::Utils.process_checks(HealthCheckRb.full_checks, called_from_middleware:)
+          else
+            return 'invalid argument to health_test.' unless HealthCheckRb.custom_checks.include? check
+
+            HealthCheckRb.custom_checks[check].each do |custom_check|
+              errors << custom_check.call(self)
+            end
+
+          end
+          errors << '. ' unless errors == '' || errors.end_with?('. ')
+        end
+        errors.strip
+      rescue StandardError => e
+        e.message
+      end
+
+      def db_migrate_path
+        # Lazy initialisation so Rails.root will be defined
+        @db_migrate_path ||= Rails.root.join 'db', 'migrate'.to_s
+      end
+
+      def mailer_configured?
+        defined?(ActionMailer::Base) &&
+          (ActionMailer::Base.delivery_method != :smtp ||
+          HealthCheckRb::Utils.default_smtp_settings != ActionMailer::Base.smtp_settings)
+      end
+
+      def database_version
+        ActiveRecord::Migrator.current_version if defined?(ActiveRecord)
+      end
+
+      def migration_version(dir = db_migrate_path)
+        latest_migration = nil
+        Dir[File.join(dir, '[0-9]*_*.rb')].each do |f|
+          l = begin
+            f.scan(/0*([0-9]+)_[_.a-zA-Z0-9]*.rb/).first.first
+          rescue StandardError
+            -1
+          end
+          latest_migration = l if !latest_migration || l.to_i > latest_migration.to_i
+        end
+        latest_migration
+      end
+
+      def check_email
+        case ActionMailer::Base.delivery_method
+        when :smtp
+          HealthCheckRb::Utils.check_smtp(ActionMailer::Base.smtp_settings, HealthCheckRb.smtp_timeout)
+        when :sendmail
+          HealthCheckRb::Utils.check_sendmail(ActionMailer::Base.sendmail_settings)
+        else
+          ''
+        end
+      end
+
+      def check_sendmail(settings)
+        File.executable?(settings[:location]) ? '' : 'no sendmail executable found. '
+      end
+
+      def check_smtp(settings, timeout)
+        begin
+          if @skip_external_checks
+            status = '250'
+          else
+            smtp = Net::SMTP.new settings[:address], settings[:port]
+            openssl_verify_mode = settings[:openssl_verify_mode]
+
+            openssl_verify_mode = OpenSSL::SSL.const_get("VERIFY_#{openssl_verify_mode.upcase}") if openssl_verify_mode.is_a? String
+
+            ssl_context = Net::SMTP.default_ssl_context
+            ssl_context.verify_mode = openssl_verify_mode if openssl_verify_mode
+            smtp.enable_starttls ssl_context if settings[:enable_starttls_auto]
+            smtp.open_timeout = timeout
+            smtp.read_timeout = timeout
+            smtp.start settings[:domain], settings[:user_name], settings[:password], settings[:authentication] do
+              status = smtp.helo(settings[:domain]).status
+            end
+          end
+        rescue StandardError => e
+          status = e.to_s
+        end
+        /^250/.match?(status) ? '' : "SMTP: #{status || 'unexpected error'}. "
+      end
+
+      def check_cache
+        t = Time.now.to_i
+        value = "ok #{t}"
+        ret = ::Rails.cache.read '__health_check_cache_test__'
+        if ret.to_s =~ /^ok (\d+)$/
+          diff = (::Regexp.last_match(1).to_i - t).abs
+          return('Cache expiry is broken. ') if diff > 30
+        elsif ret
+          return 'Cache is returning garbage. '
+        end
+        if ::Rails.cache.write '__health_check_cache_test__', value, expires_in: 2.seconds
+          ret = ::Rails.cache.read '__health_check_cache_test__'
+          if ret =~ /^ok (\d+)$/
+            diff = (::Regexp.last_match(1).to_i - t).abs
+            (diff < 2 ? '' : 'Out of date cache or time is skewed. ')
+          else
+            'Unable to read from cache. '
+          end
+        else
+          'Unable to write to cache. '
+        end
+      end
+    end
+  end
+end

data/lib/health_check_rb/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module HealthCheckRb
+  VERSION = '4.0.0'
+end

data/lib/health_check_rb.rb

@@ -0,0 +1,129 @@
+# frozen_string_literal: true
+
+module HealthCheckRb
+  class Engine < ::Rails::Engine
+    cattr_accessor :routes_explicitly_defined
+  end
+
+  # Log level
+  mattr_accessor :log_level
+  self.log_level = 'info'
+
+  # Text output upon success
+  mattr_accessor :success
+  self.success = 'success'
+
+  # Text output upon failure
+  mattr_accessor :failure
+  self.failure = 'health_check failed'
+
+  # Timeout in seconds used when checking smtp server
+  mattr_accessor :smtp_timeout
+  self.smtp_timeout = 30.0
+
+  # http status code used when plain text error message is output
+  mattr_accessor :http_status_for_error_text
+  self.http_status_for_error_text = 500
+
+  # http status code used when an error object is output (json or xml)
+  mattr_accessor :http_status_for_error_object
+  self.http_status_for_error_object = 500
+
+  # http status code used when the ip is not allowed for the request
+  mattr_accessor :http_status_for_ip_whitelist_error
+  self.http_status_for_ip_whitelist_error = 403
+
+  # check remote_ip rather than ip for ip whitelist
+  mattr_accessor :accept_proxied_requests
+  self.accept_proxied_requests = false
+
+  # ips allowed to perform requests
+  mattr_accessor :origin_ip_whitelist
+  self.origin_ip_whitelist = []
+
+  # max-age of response in seconds
+  # cache-control is public when max_age > 1 and basic authentication is used
+  mattr_accessor :max_age
+  self.max_age = 1
+
+  # s3 buckets
+  mattr_accessor :buckets
+  self.buckets = {}
+
+  # rabbitmq
+  mattr_accessor :rabbitmq_config
+  self.rabbitmq_config = {}
+
+  # health check uri path
+  mattr_accessor :uri
+  self.uri = 'health_check'
+
+  # Basic Authentication
+  mattr_accessor :basic_auth_username, :basic_auth_password
+  self.basic_auth_username = nil
+  self.basic_auth_password = nil
+
+  # Array of custom check blocks
+  mattr_accessor :custom_checks
+  mattr_accessor :full_checks
+  mattr_accessor :standard_checks
+  self.custom_checks = {}
+  self.full_checks = %w[database migrations custom email cache redis-if-present sidekiq-redis-if-present
+                        resque-redis-if-present s3-if-present elasticsearch-if-present]
+  self.standard_checks = %w[database migrations custom emailconf]
+
+  # Middleware based checks
+  mattr_accessor :middleware_checks
+  self.middleware_checks = ['middleware']
+
+  mattr_accessor :installed_as_middleware
+
+  # Allow non-standard redis url and password
+  mattr_accessor :redis_url
+  self.redis_url = ENV.fetch 'REDIS_URL', nil
+
+  mattr_accessor :redis_password
+  self.redis_password = ENV.fetch 'REDIS_PASSWORD', nil
+
+  # Include the error in the response body.
+  # You should only do this where your /health_check endpoint is NOT open to the public internet
+  mattr_accessor :include_error_in_response_body
+  self.include_error_in_response_body = false
+
+  # used for on_failure and on_success
+  mattr_accessor :success_callbacks
+  mattr_accessor :failure_callbacks
+
+  def self.add_custom_check(name = 'custom', &block)
+    custom_checks[name] ||= []
+    custom_checks[name] << block
+  end
+
+  def self.on_success(&block)
+    success_callbacks ||= []
+    success_callbacks << block
+  end
+
+  def self.on_failure(&block)
+    failure_callbacks ||= []
+    failure_callbacks << block
+  end
+
+  def self.setup
+    yield self
+  end
+end
+
+require 'health_check_rb/version'
+require 'health_check_rb/base_health_check'
+require 'health_check_rb/utils'
+require 'health_check_rb/health_check_controller'
+require 'health_check_rb/health_check_routes'
+require 'health_check_rb/middleware_health_check'
+
+require 'health_check_rb/check/resque'
+require 'health_check_rb/check/s3'
+require 'health_check_rb/check/redis'
+require 'health_check_rb/check/elasticsearch'
+require 'health_check_rb/check/sidekiq'
+require 'health_check_rb/check/rabbitmq'

data/spec/dummy/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('./fake_app', __dir__)
+
+Rails.application.load_tasks

data/spec/dummy/app/assets/config/manifest.js

@@ -0,0 +1 @@
+

data/spec/dummy/app/controllers/example_controller.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ExampleController < ActionController::Base
+  def index
+    render plain: 'OK'
+  end
+end

data/spec/dummy/config/database.yml

@@ -0,0 +1,10 @@
+default: &default
+  adapter: sqlite3
+
+development:
+  <<: *default
+  database: db/development.sqlite3
+
+test:
+  <<: *default
+  database: db/test.sqlite3

data/spec/dummy/config/initializers/health_check.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+CUSTOM_CHECK_FILE_PATH = 'spec/dummy/tmp/custom_file'
+
+HealthCheckRb.setup do |config|
+  config.success = 'custom_success_message'
+  config.http_status_for_error_text = 550
+  config.http_status_for_error_object = 555
+  config.uri = 'custom_route_prefix'
+
+  config.add_custom_check do
+    File.exist?(CUSTOM_CHECK_FILE_PATH) ? '' : 'custom_file is missing!'
+  end
+
+  config.add_custom_check 'pass' do
+    ''
+  end
+end

data/spec/dummy/config/initializers/middleware.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+FakeApp.config.middleware.insert_after Rails::Rack::Logger, HealthCheckRb::MiddlewareHealthcheck if ENV['MIDDLEWARE'] == 'true'

data/spec/dummy/config/routes.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+Rails.application.routes.draw do
+  get 'example' => 'example#index'
+end

data/spec/dummy/fake_app.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+Bundler.setup
+require 'rails'
+require 'rails/all'
+require 'health_check_rb'
+Bundler.require
+
+FakeApp = Class.new Rails::Application
+ENV['RAILS_ENV'] ||= 'test'
+FakeApp.config.eager_load = false
+FakeApp.config.session_store :cookie_store, key: '_myapp_session'
+FakeApp.config.root = File.dirname __FILE__
+FakeApp.config.action_mailer.delivery_method = :smtp
+FakeApp.config.action_mailer.smtp_settings = { address: 'localhost', port: 3555, openssl_verify_mode: OpenSSL::SSL::VERIFY_NONE,
+                                               enable_starttls_auto: true }
+FakeApp.config.secret_key_base = SecureRandom.hex 64
+FakeApp.initialize!

data/spec/fixtures/migrate/9_create_countries.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class CreateCountries < ActiveRecord::Migration::Current
+  def change
+    create_table :countries do |t|
+      t.column :name, :string
+    end
+  end
+end