rx-healthcheck 0.1.3 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 547dbd721c4caff313db4e3c9e48669de9f036e83b78432e3b691eef100ca0a6
-  data.tar.gz: dbed45238f4b0c4a9026ae1b0575ed00c904035640ed17b3b1c295fd5f56ab7f
+  metadata.gz: 83bc5957f3ce3f426b416b53e7d2e24782da340da998a030cd5f15c04d6b9dde
+  data.tar.gz: 5d6d75b3be95189399d743c234d0303d17183f43482a51ef20a1bed15d59e482
 SHA512:
-  metadata.gz: 03fb63ab206a49a852b650bf8f0e80db431fb29ad4b778d804d6fe5f0a93abeae2a3ffe6985c5742818328ebae82ce7f5a23670781d5c695fb9794f8aee69586
-  data.tar.gz: 05f26b6f89bbf8dcfde70ae563f7e7edaee52e72e57113872e4c6082fc952f791b7b9dbc26bdb7c7c28418fcb3973b8896f330d29ac034027832a386ad4f87a3
+  metadata.gz: 182ab4e67e807f373b4148f492e4cfc62d1f7af7176d187edc86a2282fd65813436b1fc65d71313c2bcebc6a559c2d28fe9140ffe4fb277922e2a4a610805dd1
+  data.tar.gz: e1e7bbeb1240b5994433b8e27775cb5ca5a9dab74fd3159b69ef1c5d93a76468a8c74068f65776b052b0ca1b219d1b4caf1bd50b1982f844f7b726101b0ed9e0

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rx-healthcheck (0.1.1)
+    rx-healthcheck (0.1.4)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -59,14 +59,30 @@ deep_secondary: []
 
 Each collection must contain 0 or more `Rx::Check` objects. Those checks will be performed when the health check is queried. Deep checks will always also run the readiness checks.
 
+### Deep end-point authorization
+
+It is considered as a good practice to protect the deep checks with a GUID to mitigate DDOS attacks. Hence you have 2 options to enable this. One is to use the `default_authorization` by passing the token to the authorization inside options hash, which you can use in a request with the authorization_token in the header of it. The other option would be to pass a lambda with an env argument (this gives you access to hash of request data) and have your own `custom_authorization`:
+
+```ruby
+options: {
+  #default
+  authorization: <token>
+
+  #custom
+  authorization: -> (env) {
+    #your code goes here
+  }
+ }
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/zachpendleton/rx.
 
 Some tips for developing the gem locally:
 
-* Tests can be run by calling `rake`
-* You can point your Rails app to a local gem by adding a `path` option to your Gemfile, a la `gem "rx", path: "path/to/rx" (though you _will_ need to restart Rails whenever you change the gem).
+- Tests can be run by calling `rake`
+- You can point your Rails app to a local gem by adding a `path` option to your Gemfile, a la `gem "rx", path: "path/to/rx" (though you _will_ need to restart Rails whenever you change the gem).
 
 ## License
 

data/lib/rx/check/file_system_check.rb

@@ -3,17 +3,20 @@ module Rx
     class FileSystemCheck
       FILENAME = "rx".freeze
 
-      attr_reader :name
+      attr_reader :name, :timeout
 
-      def initialize(name = "fs")
+      def initialize(name = "fs", timeout = 0)
         @name = name
+        @timeout = 0
       end
 
       def check
         Result.from(name) do
-          !!Tempfile.open(FILENAME) do |f|
-            f.write("ok")
-            f.flush
+          Timeout::timeout(timeout) do
+            !!Tempfile.open(FILENAME) do |f|
+              f.write("ok")
+              f.flush
+            end
           end
         end
       end

data/lib/rx/check/generic_check.rb

@@ -1,16 +1,19 @@
+require "timeout"
+
 module Rx
   module Check
     class GenericCheck
-      attr_reader :name
+      attr_reader :name, :timeout
 
-      def initialize(callable, name = "generic")
+      def initialize(callable, name = "generic", timeout = 0)
         @callable = callable
         @name = name
+        @timeout = timeout
       end
 
       def check
         Result.from(name) do
-          callable.call
+          Timeout::timeout(timeout) { callable.call }
         end
       end
 

data/lib/rx/check/http_check.rb

@@ -3,17 +3,18 @@ require "uri"
 module Rx
   module Check
     class HttpCheck
-      attr_reader :name
+      attr_reader :name, :timeout
 
-      def initialize(url, name = "http")
+      def initialize(url, name = "http", timeout: 1)
         @url = URI(url)
         @name = name
+        @timeout = timeout
       end
 
       def check
         Result.from(name) do
           http = Net::HTTP.new(url.host, url.port)
-          http.read_timeout = 1
+          http.read_timeout = timeout
           http.use_ssl = url.scheme == "https"
 
           response = http.request(Net::HTTP::Get.new(path))

data/lib/rx/concurrent/future.rb

@@ -14,6 +14,10 @@ module Rx
         Future.new(&block).execute
       end
 
+      def self.thread_pool
+        @@pool
+      end
+
       def initialize(&block)
         @channel = Queue.new
         @state = :pending

data/lib/rx/concurrent/thread_pool.rb

@@ -6,6 +6,7 @@ module Rx
       def initialize(size = Etc.nprocessors)
         @pool = []
         @size = size
+        @pid = Process.pid
       end
 
       def shutdown
@@ -25,17 +26,33 @@ module Rx
         self
       end
 
+      def restart
+        shutdown
+        start
+      end
+
       def started?
         pool.map(&:alive?).any?
       end
 
       def submit(&block)
+        restart_on_fork if forked?
+
         return unless started?
         queue << block
       end
 
       private
-      attr_reader :pool, :queue, :size
+      attr_reader :pid, :pool, :queue, :size
+
+      def forked?
+        Process.pid != pid
+      end
+
+      def restart_on_fork
+        restart
+        @pid = Process.pid
+      end
 
       def worker
         -> {

data/lib/rx/middleware.rb

@@ -3,7 +3,8 @@ require "json"
 module Rx
   class Middleware
     DEFAULT_OPTIONS = {
-      cache: true
+      cache: true,
+      authorization: nil
     }.freeze
 
     def initialize(app,
@@ -23,23 +24,27 @@ module Rx
     end
 
     def call(env)
-      unless health_check_request?(env)
+      unless health_check_request?(path(env))
         return app.call(env)
       end
 
-      case env["REQUEST_PATH"]
+      case path(env)
       when "/liveness"
         ok = check_to_component(liveness_checks).map { |x| x[:status] == 200 }.all?
         liveness_response(ok)
       when "/readiness"
         readiness_response(check_to_component(readiness_checks))
       when "/deep"
-        @cache.cache("deep") do
-          readiness = check_to_component(readiness_checks)
-          critical  = check_to_component(deep_critical_checks)
-          secondary = check_to_component(deep_secondary_checks)
-
-          deep_response(readiness, critical, secondary)
+        if !Rx::Util::HealthCheckAuthorization.new(env, @options[:authorization]).ok?
+          deep_response_authorization_failed
+        else
+          @cache.cache("deep") do
+            readiness = check_to_component(readiness_checks)
+            critical  = check_to_component(deep_critical_checks)
+            secondary = check_to_component(deep_secondary_checks)
+
+            deep_response(readiness, critical, secondary)
+          end
         end
       end
     end
@@ -57,14 +62,18 @@ module Rx
       Rx::Cache::InMemoryCache.new
     end
 
-    def health_check_request?(env)
-      %w[/liveness /readiness /deep].include?(env["REQUEST_PATH"])
+    def health_check_request?(path)
+      %w[/liveness /readiness /deep].include?(path)
     end
 
     def liveness_response(is_ok)
       [is_ok ? 200 : 503, {}, []]
     end
 
+    def path(env)
+      env["PATH_INFO"] || env["REQUEST_PATH"] || env["REQUEST_URI"]
+    end
+
     def readiness_response(components)
       status = components.map { |x| x[:status] == 200 }.all? ? 200 : 503
 
@@ -75,6 +84,14 @@ module Rx
       ]
     end
 
+    def deep_response_authorization_failed
+      [
+        403,
+        {"content-type" => "application/json"},
+        [JSON.dump({ message: "authorization failed" })]
+      ]
+    end
+
     def deep_response(readiness, critical, secondary)
       status = (readiness.map { |x| x[:status] == 200 } + critical.map { |x| x[:status] == 200 }).all? ? 200 : 503
 

data/lib/rx/util/health_check_authorization.rb

@@ -0,0 +1,25 @@
+module Rx
+  module Util
+    class HealthCheckAuthorization
+      HTTP_HEADER = "HTTP_AUTHORIZATION"
+
+      def initialize(env, authorization)
+        @authorization = authorization
+        @env = env
+      end
+
+      def ok?
+        case @authorization
+          when NilClass
+            true
+          when Proc
+            @authorization.call(@env)
+          when String
+            @authorization == @env[HTTP_HEADER]
+          else
+            raise StandardError.new("Authorization is not configured properly")
+        end
+      end
+    end
+  end
+end

data/lib/rx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rx
-  VERSION = "0.1.3"
+  VERSION = "0.1.7"
 end

data/lib/rx.rb

@@ -12,6 +12,7 @@ require_relative "rx/check/result"
 require_relative "rx/concurrent/future"
 require_relative "rx/concurrent/thread_pool"
 require_relative "rx/util/heap"
+require_relative "rx/util/health_check_authorization"
 
 module Rx
   class Error < StandardError; end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: rx-healthcheck
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.7
 platform: ruby
 authors:
 - Zach Pendleton
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-05-26 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies: []
-description: 
+description:
 email:
 - zachpendleton@gmail.com
 executables: []
@@ -36,6 +36,7 @@ files:
 - lib/rx/concurrent/future.rb
 - lib/rx/concurrent/thread_pool.rb
 - lib/rx/middleware.rb
+- lib/rx/util/health_check_authorization.rb
 - lib/rx/util/heap.rb
 - lib/rx/version.rb
 - rx.gemspec
@@ -45,7 +46,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/zachpendleton/rx
   source_code_uri: https://github.com/zachpendleton/rx
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -60,8 +61,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Standard health checks for Rails and Rack applications
 test_files: []