Hide extended health check information behind superuser permission or a session property
Also adds an endpoint that (when specified with the proper secret), sets the session property
This commit is contained in:
Joseph Schorr
parent
4ad3682b9c
commit
b7d6bb12fa
3 changed files with 37 additions and 6 deletions
|
|
@ -6,7 +6,7 @@ from datetime import timedelta, datetime
|
|||
|
||||
from cachetools import lru_cache
|
||||
from flask import (abort, redirect, request, url_for, make_response, Response, render_template,
|
||||
Blueprint, jsonify, send_file)
|
||||
Blueprint, jsonify, send_file, session)
|
||||
from flask_login import current_user
|
||||
|
||||
import features
|
||||
|
|
@ -260,6 +260,7 @@ def privacy():
|
|||
# TODO(jschorr): Remove this mirrored endpoint once we migrate ELB.
|
||||
@web.route('/health', methods=['GET'])
|
||||
@web.route('/health/instance', methods=['GET'])
|
||||
@process_auth_or_cookie
|
||||
@no_cache
|
||||
def instance_health():
|
||||
checker = get_healthchecker(app, config_provider, instance_keys)
|
||||
|
|
@ -272,6 +273,7 @@ def instance_health():
|
|||
# TODO(jschorr): Remove this mirrored endpoint once we migrate pingdom.
|
||||
@web.route('/status', methods=['GET'])
|
||||
@web.route('/health/endtoend', methods=['GET'])
|
||||
@process_auth_or_cookie
|
||||
@no_cache
|
||||
def endtoend_health():
|
||||
checker = get_healthchecker(app, config_provider, instance_keys)
|
||||
|
|
@ -283,6 +285,7 @@ def endtoend_health():
|
|||
|
||||
@web.route('/health/dbrevision', methods=['GET'])
|
||||
@route_show_if(features.BILLING) # Since this is only used in production.
|
||||
@process_auth_or_cookie
|
||||
@no_cache
|
||||
def dbrevision_health():
|
||||
# Find the revision from the database.
|
||||
|
|
@ -305,6 +308,23 @@ def dbrevision_health():
|
|||
return response
|
||||
|
||||
|
||||
@web.route('/health/enabledebug/<secret>', methods=['GET'])
|
||||
@no_cache
|
||||
def enable_health_debug(secret):
|
||||
if not secret:
|
||||
abort(404)
|
||||
|
||||
if not app.config.get('ENABLE_HEALTH_DEBUG_SECRET'):
|
||||
abort(404)
|
||||
|
||||
if app.config.get('ENABLE_HEALTH_DEBUG_SECRET') != secret:
|
||||
abort(404)
|
||||
|
||||
session['health_debug'] = True
|
||||
return make_response('Health check debug information enabled')
|
||||
|
||||
|
||||
|
||||
@web.route('/robots.txt', methods=['GET'])
|
||||
def robots():
|
||||
robots_txt = make_response(render_template('robots.txt', baseurl=get_app_url()))
|
||||
|
|
|
|||
Reference in a new issue