[Feat] Add rate-limited /health endpoint reporting DB and Redis connectivity with app version#23
Draft
roomote-roomote-v1[bot] wants to merge 1 commit into
Conversation
…ectivity with app version
Author
|
No code issues found. See task |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
The API app now serves
GET /healthas an alias of the existing DB + Redis readiness handler (the same one behind/and/health/api), with three behavior additions:SELECT 1and RedisPINGchecks now run in parallel, so a 503 response always reflects the state of both dependencies (and worst-case latency is bounded by the slower check instead of the sum).versionfield resolvesRELEASE_VERSION→VERCEL_GIT_COMMIT_SHA→GITHUB_SHA→development(release-first variant of the API's Sentry release chain). Unauthenticated callers still receive only the redacted{ server, ok, timestamp }payload./healthis rate limited per client IP. A new in-memory fixed-window limiter (healthRateLimitMiddleware) allows 60 requests/minute by default via the newAPI_HEALTH_RATE_LIMIT_PER_MINUTEenv var (0disables) and returns429with aRetry-Afterheader when exceeded. It is keyed by the firstx-forwarded-forhop with a conninfo fallback, caps tracked clients at 10k with expired-window sweeping plus earliest-tracked eviction, and applies only to the bare/healthpath —/,/health/api, and/health/livenessstay unlimited for Better Stack monitoring and deployment healthchecks.Supporting changes:
/healthjoined the request-metrics exclusion list, the env schema and.env.production.exampledocument the new variable, and the.agent-guidancemonitoring and API-app docs were updated to match.Why this change was made
Operators asked for a conventional
/healthpath that reports Redis and database connectivity, with basic abuse dampening and version visibility for diagnostics. Reusing the existing handler keeps one owning health surface perapps/apiguidance instead of adding an overlapping endpoint. The limiter is deliberately not Redis-backed: a health check that verifies Redis must not depend on Redis, and per-replica budgets are acceptable at this scope.Impact
GET /healthresponds200/503with the standard redacted public payload; bearer-token callers get the full diagnostics plusversion./,/health/api, and/healthnow also report Redis state instead of short-circuiting (same status codes; the responseerrorstill prefers the DB failure)./health/liveness.Covered by new/updated Vitest suites: handler tests (parallel checks, redis-only failure, version redaction and fallback), limiter tests (budget,
Retry-After, window rollover, per-IP isolation, multi-hop XFF, disable switch, cap eviction, unlimited sibling routes), and a live-HTTP integration test exercising/healthand the 429 path end to end.pnpm lint,pnpm check-types, andpnpm knippass.