rx-healthcheck 0.1.4 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a275e460e929db3791b73f3acd52d036641d4128212ee4803dc9a16788d49ea4
-  data.tar.gz: 0cebd0272eb7b8d03c443deec4f77a4e771f24c40e5536f01ff438af2d392a23
+  metadata.gz: 3ca68e3e5241e5baf4b9b2454ece5f8cc87889f018ac31dfdb8e2243d58107da
+  data.tar.gz: eda14ecb4304cb18e4b95f2f0431d23b14c119c1b95e25622711cf5aa193019a
 SHA512:
-  metadata.gz: e47bfd076e689fd4f35f9b5f8f1e9e25545d9a89092628507f2d0bebf00fd594d12d797460015f4c94dd32df589100beca9ed3184966a9778480c73f24d52640
-  data.tar.gz: 5f30e6b1da95f03200f0d0ab83e27cd48b1557a1446dccb5567490af7d951654b7294e31b4a622134e8fbd20e752c07836b4bdb1267775180cc03ffc462c5884
+  metadata.gz: f59ce880cd0cba664a0705b76393bdefa84a7b91e595c001b9d59bc0161be13b32d5736ffd57db204c495f2537045cc23932c0bebb51c13b94081664111fbd7b
+  data.tar.gz: d333264758d8233c45b397cda440528a24474a2000b0ddb9950dbf87feb81444c464015e1d7aa27f241efabec21b37b231518b57fb1f3fe0fc05fc53b6c8cb12

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rx-healthcheck (0.1.4)
+    rx-healthcheck (0.1.8)
 
 GEM
   remote: https://rubygems.org/
@@ -26,4 +26,4 @@ DEPENDENCIES
   simplecov (= 0.21.2)
 
 BUNDLED WITH
-   2.2.11
+   2.2.29

data/README.md

@@ -59,14 +59,30 @@ deep_secondary: []
 
 Each collection must contain 0 or more `Rx::Check` objects. Those checks will be performed when the health check is queried. Deep checks will always also run the readiness checks.
 
+### Deep end-point authorization
+
+It is considered as a good practice to protect the deep checks with a GUID to mitigate DDOS attacks. Hence you have 2 options to enable this. One is to use the `default_authorization` by passing the token to the authorization inside options hash, which you can use in a request with the authorization_token in the header of it. The other option would be to pass a lambda with an env argument (this gives you access to hash of request data) and have your own `custom_authorization`:
+
+```ruby
+options: {
+  #default
+  authorization: <token>
+
+  #custom
+  authorization: -> (env) {
+    #your code goes here
+  }
+ }
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/zachpendleton/rx.
 
 Some tips for developing the gem locally:
 
-* Tests can be run by calling `rake`
-* You can point your Rails app to a local gem by adding a `path` option to your Gemfile, a la `gem "rx", path: "path/to/rx" (though you _will_ need to restart Rails whenever you change the gem).
+- Tests can be run by calling `rake`
+- You can point your Rails app to a local gem by adding a `path` option to your Gemfile, a la `gem "rx", path: "path/to/rx" (though you _will_ need to restart Rails whenever you change the gem).
 
 ## License
 

data/lib/rx/check/file_system_check.rb

@@ -3,17 +3,20 @@ module Rx
     class FileSystemCheck
       FILENAME = "rx".freeze
 
-      attr_reader :name
+      attr_reader :name, :timeout
 
-      def initialize(name = "fs")
+      def initialize(name = "fs", timeout = 0)
         @name = name
+        @timeout = 0
       end
 
       def check
         Result.from(name) do
-          !!Tempfile.open(FILENAME) do |f|
-            f.write("ok")
-            f.flush
+          Timeout::timeout(timeout) do
+            !!Tempfile.open(FILENAME) do |f|
+              f.write("ok")
+              f.flush
+            end
           end
         end
       end

data/lib/rx/check/generic_check.rb

@@ -1,16 +1,19 @@
+require "timeout"
+
 module Rx
   module Check
     class GenericCheck
-      attr_reader :name
+      attr_reader :name, :timeout
 
-      def initialize(callable, name = "generic")
+      def initialize(callable, name = "generic", timeout = 0)
         @callable = callable
         @name = name
+        @timeout = timeout
       end
 
       def check
         Result.from(name) do
-          callable.call
+          Timeout::timeout(timeout) { callable.call }
         end
       end
 

data/lib/rx/check/http_check.rb

@@ -3,17 +3,18 @@ require "uri"
 module Rx
   module Check
     class HttpCheck
-      attr_reader :name
+      attr_reader :name, :timeout
 
-      def initialize(url, name = "http")
+      def initialize(url, name = "http", timeout: 1)
         @url = URI(url)
         @name = name
+        @timeout = timeout
       end
 
       def check
         Result.from(name) do
           http = Net::HTTP.new(url.host, url.port)
-          http.read_timeout = 1
+          http.read_timeout = timeout
           http.use_ssl = url.scheme == "https"
 
           response = http.request(Net::HTTP::Get.new(path))

data/lib/rx/concurrent/future.rb

@@ -14,6 +14,10 @@ module Rx
         Future.new(&block).execute
       end
 
+      def self.thread_pool
+        @@pool
+      end
+
       def initialize(&block)
         @channel = Queue.new
         @state = :pending
@@ -28,7 +32,7 @@ module Rx
         @state = :in_progress
         pool.submit do
           begin
-            channel << work.call
+            channel << execute_work(&work)
             @state = :completed
           rescue StandardError => ex
             @error = ex
@@ -66,6 +70,10 @@ module Rx
       def pool
         @@pool
       end
+
+      def execute_work(&block)
+        defined?(Rails) ? Rails.application.executor.wrap(&block) : block.call
+      end
     end
   end
 end

data/lib/rx/concurrent/thread_pool.rb

@@ -6,6 +6,7 @@ module Rx
       def initialize(size = Etc.nprocessors)
         @pool = []
         @size = size
+        @pid = Process.pid
       end
 
       def shutdown
@@ -25,17 +26,33 @@ module Rx
         self
       end
 
+      def restart
+        shutdown
+        start
+      end
+
       def started?
         pool.map(&:alive?).any?
       end
 
       def submit(&block)
+        restart_on_fork if forked?
+
         return unless started?
         queue << block
       end
 
       private
-      attr_reader :pool, :queue, :size
+      attr_reader :pid, :pool, :queue, :size
+
+      def forked?
+        Process.pid != pid
+      end
+
+      def restart_on_fork
+        restart
+        @pid = Process.pid
+      end
 
       def worker
         -> {

data/lib/rx/middleware.rb

@@ -3,7 +3,8 @@ require "json"
 module Rx
   class Middleware
     DEFAULT_OPTIONS = {
-      cache: true
+      cache: true,
+      authorization: nil
     }.freeze
 
     def initialize(app,
@@ -34,12 +35,16 @@ module Rx
       when "/readiness"
         readiness_response(check_to_component(readiness_checks))
       when "/deep"
-        @cache.cache("deep") do
-          readiness = check_to_component(readiness_checks)
-          critical  = check_to_component(deep_critical_checks)
-          secondary = check_to_component(deep_secondary_checks)
-
-          deep_response(readiness, critical, secondary)
+        if !Rx::Util::HealthCheckAuthorization.new(env, @options[:authorization]).ok?
+          deep_response_authorization_failed
+        else
+          @cache.cache("deep") do
+            readiness = check_to_component(readiness_checks)
+            critical  = check_to_component(deep_critical_checks)
+            secondary = check_to_component(deep_secondary_checks)
+
+            deep_response(readiness, critical, secondary)
+          end
         end
       end
     end
@@ -79,6 +84,14 @@ module Rx
       ]
     end
 
+    def deep_response_authorization_failed
+      [
+        403,
+        {"content-type" => "application/json"},
+        [JSON.dump({ message: "authorization failed" })]
+      ]
+    end
+
     def deep_response(readiness, critical, secondary)
       status = (readiness.map { |x| x[:status] == 200 } + critical.map { |x| x[:status] == 200 }).all? ? 200 : 503
 

data/lib/rx/util/health_check_authorization.rb

@@ -0,0 +1,25 @@
+module Rx
+  module Util
+    class HealthCheckAuthorization
+      HTTP_HEADER = "HTTP_AUTHORIZATION"
+
+      def initialize(env, authorization)
+        @authorization = authorization
+        @env = env
+      end
+
+      def ok?
+        case @authorization
+          when NilClass
+            true
+          when Proc
+            @authorization.call(@env)
+          when String
+            @authorization == @env[HTTP_HEADER]
+          else
+            raise StandardError.new("Authorization is not configured properly")
+        end
+      end
+    end
+  end
+end

data/lib/rx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rx
-  VERSION = "0.1.4"
+  VERSION = "0.1.8"
 end

data/lib/rx.rb

@@ -12,6 +12,7 @@ require_relative "rx/check/result"
 require_relative "rx/concurrent/future"
 require_relative "rx/concurrent/thread_pool"
 require_relative "rx/util/heap"
+require_relative "rx/util/health_check_authorization"
 
 module Rx
   class Error < StandardError; end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: rx-healthcheck
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.8
 platform: ruby
 authors:
 - Zach Pendleton
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-07-07 00:00:00.000000000 Z
+date: 2022-01-31 00:00:00.000000000 Z
 dependencies: []
-description: 
+description:
 email:
 - zachpendleton@gmail.com
 executables: []
@@ -36,6 +36,7 @@ files:
 - lib/rx/concurrent/future.rb
 - lib/rx/concurrent/thread_pool.rb
 - lib/rx/middleware.rb
+- lib/rx/util/health_check_authorization.rb
 - lib/rx/util/heap.rb
 - lib/rx/version.rb
 - rx.gemspec
@@ -45,7 +46,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/zachpendleton/rx
   source_code_uri: https://github.com/zachpendleton/rx
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -60,8 +61,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Standard health checks for Rails and Rack applications
 test_files: []