fix: fail closed on instance health endpoint when token unset#194
Open
dan2k3k4 wants to merge 1 commit into
Open
fix: fail closed on instance health endpoint when token unset#194dan2k3k4 wants to merge 1 commit into
dan2k3k4 wants to merge 1 commit into
Conversation
1d36175 to
cf5f398
Compare
cf5f398 to
bd479cc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes the instance health endpoint reject requests when no health token is configured, instead of processing them unauthenticated.
Greptile Summary
This PR hardens the instance health endpoint to fail closed when
POLYDOCK_HEALTH_TOKENis not configured, replacing the previous behaviour that allowed unauthenticated requests through with only a warning log. The fix is a targeted, single-file security change with a corresponding test update.PolydockInstanceHealthController.php): Replaces theif ($expectedToken)guard (which allowed unconfigured deployments to accept health updates silently) with an explicit! is_string($expectedToken) || $expectedToken === ''check, returning 503 with a log error instead of passing the request through. The comment explains whyis_string()is used — it also covers thefalseboolean that Laravel's env parser can produce.InstanceHealthApiTest.php): Renames and rewrites the "no token configured" test to assert a 503 response and verify the instance status is not mutated, with the instance pre-set to a different status so the assertion is non-vacuous.Confidence Score: 5/5
Safe to merge — the change correctly closes an unauthenticated access path and all previous review concerns are addressed in the current code.
The auth guard now correctly rejects every request when the token is absent or non-string (null, boolean false, empty string), returning 503 before any instance lookup or status mutation occurs. The test update makes the 'status not mutated' assertion meaningful by starting from a distinct state. No regression risk on the authenticated path — existing tests for valid and invalid tokens remain unchanged and still pass.
No files require special attention.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Health Request] --> B{is_string\nexpectedToken\nAND not empty?} B -- No\nnull / false / '' --> C[Log::error\n'not configured'] C --> D[503 Service Unavailable\nfail-closed] B -- Yes\ntoken is set --> E{is_string\nsuppliedToken\nAND hash_equals?} E -- No --> F[401 Unauthorized] E -- Yes --> G[Find instance\nvalidate status] G --> H{Instance found\nand status valid?} H -- No --> I[400 / 404] H -- Yes --> J[Update instance status\n200 OK]%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A[Health Request] --> B{is_string\nexpectedToken\nAND not empty?} B -- No\nnull / false / '' --> C[Log::error\n'not configured'] C --> D[503 Service Unavailable\nfail-closed] B -- Yes\ntoken is set --> E{is_string\nsuppliedToken\nAND hash_equals?} E -- No --> F[401 Unauthorized] E -- Yes --> G[Find instance\nvalidate status] G --> H{Instance found\nand status valid?} H -- No --> I[400 / 404] H -- Yes --> J[Update instance status\n200 OK]Reviews (3): Last reviewed commit: "fix: fail closed on instance health endp..." | Re-trigger Greptile