This PR introduces a health-check module to monitor the application's status via two new endpoints: /health/live and /health/readiness. These endpoints are protected by a security middleware that verifies the presence and correctness of a custom header (x-monitoring-secret). Access to these endpoints is granted only when the header matches the application's secret key (APP_KEY).
Changes Made
Added: /health/live and /health/readiness endpoints for live and readiness checks.
Implemented: A middleware that ensures requests to the health-check endpoints include the correct x-monitoring-secret header.
Response: Unauthorized access attempts are responded to with a 401 status and a clear error message.
Tests
Implemented a series of tests to ensure:
The health-check endpoints return the correct status codes and response bodies when accessed with and without the correct secret.
The middleware correctly handles access authorization based on the provided header.
Unauthorized access attempts are handled and logged appropriately.
Security Considerations
Ensured that the health-check endpoints are not accessible without the correct secret, thus protecting potentially sensitive information about the application's state.
This PR introduces a health-check module to monitor the application's status via two new endpoints:
/health/liveand/health/readiness. These endpoints are protected by a security middleware that verifies the presence and correctness of a custom header (x-monitoring-secret). Access to these endpoints is granted only when the header matches the application's secret key (APP_KEY).Changes Made
x-monitoring-secretheader.Tests
Security Considerations
Ensured that the health-check endpoints are not accessible without the correct secret, thus protecting potentially sensitive information about the application's state.