1# frozen_string_literal: true 2 3# This middleware provides a health check that does not hit the database. Its purpose 4# is to notify the prober that the application server is handling requests, but a 200 5# response does not signify that the database or other services are ready. 6# 7# See https://thisdata.com/blog/making-a-rails-health-check-that-doesnt-hit-the-database/ for 8# more details. 9 10module Gitlab 11 module Middleware 12 class BasicHealthCheck 13 # This can't be frozen because Rails::Rack::Logger wraps the body 14 # rubocop:disable Style/MutableConstant 15 OK_RESPONSE = [200, { 'Content-Type' => 'text/plain' }, ["GitLab OK"]] 16 EMPTY_RESPONSE = [404, { 'Content-Type' => 'text/plain' }, [""]] 17 # rubocop:enable Style/MutableConstant 18 HEALTH_PATH = '/-/health' 19 20 def initialize(app) 21 @app = app 22 end 23 24 def call(env) 25 return @app.call(env) unless env['PATH_INFO'] == HEALTH_PATH 26 27 # We should be using ActionDispatch::Request instead of 28 # Rack::Request to be consistent with Rails, but due to a Rails 29 # bug described in 30 # https://gitlab.com/gitlab-org/gitlab-foss/issues/58573#note_149799010 31 # hosts behind a load balancer will only see 127.0.0.1 for the 32 # load balancer's IP. 33 request = Rack::Request.new(env) 34 35 return OK_RESPONSE if client_ip_whitelisted?(request) 36 37 EMPTY_RESPONSE 38 end 39 40 def client_ip_whitelisted?(request) 41 ip_whitelist.any? { |e| e.include?(request.ip) } 42 end 43 44 def ip_whitelist 45 @ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new)) 46 end 47 end 48 end 49end 50