Skip to content

fix: fail closed on instance health endpoint when token unset#194

Open
dan2k3k4 wants to merge 1 commit into
devfrom
advisor/004-health-endpoint-fail-closed
Open

fix: fail closed on instance health endpoint when token unset#194
dan2k3k4 wants to merge 1 commit into
devfrom
advisor/004-health-endpoint-fail-closed

Conversation

@dan2k3k4

@dan2k3k4 dan2k3k4 commented Jul 1, 2026

Copy link
Copy Markdown
Member

Makes the instance health endpoint reject requests when no health token is configured, instead of processing them unauthenticated.

Greptile Summary

This PR hardens the instance health endpoint to fail closed when POLYDOCK_HEALTH_TOKEN is not configured, replacing the previous behaviour that allowed unauthenticated requests through with only a warning log. The fix is a targeted, single-file security change with a corresponding test update.

  • Controller (PolydockInstanceHealthController.php): Replaces the if ($expectedToken) guard (which allowed unconfigured deployments to accept health updates silently) with an explicit ! is_string($expectedToken) || $expectedToken === '' check, returning 503 with a log error instead of passing the request through. The comment explains why is_string() is used — it also covers the false boolean that Laravel's env parser can produce.
  • Test (InstanceHealthApiTest.php): Renames and rewrites the "no token configured" test to assert a 503 response and verify the instance status is not mutated, with the instance pre-set to a different status so the assertion is non-vacuous.

Confidence Score: 5/5

Safe to merge — the change correctly closes an unauthenticated access path and all previous review concerns are addressed in the current code.

The auth guard now correctly rejects every request when the token is absent or non-string (null, boolean false, empty string), returning 503 before any instance lookup or status mutation occurs. The test update makes the 'status not mutated' assertion meaningful by starting from a distinct state. No regression risk on the authenticated path — existing tests for valid and invalid tokens remain unchanged and still pass.

No files require special attention.

Important Files Changed

Filename Overview
app/Http/Controllers/Api/PolydockInstanceHealthController.php Fail-closed guard replaces the old open-by-default path; correctly handles null, false, empty string, and "0" token values via is_string() + strict empty-string check.
tests/Feature/Api/InstanceHealthApiTest.php No-token test updated to expect 503 and assert status immutability; instance now starts in RUNNING_UNHEALTHY so the unchanged-status assertion is non-vacuous.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Health Request] --> B{is_string\nexpectedToken\nAND not empty?}
    B -- No\nnull / false / '' --> C[Log::error\n'not configured']
    C --> D[503 Service Unavailable\nfail-closed]
    B -- Yes\ntoken is set --> E{is_string\nsuppliedToken\nAND hash_equals?}
    E -- No --> F[401 Unauthorized]
    E -- Yes --> G[Find instance\nvalidate status]
    G --> H{Instance found\nand status valid?}
    H -- No --> I[400 / 404]
    H -- Yes --> J[Update instance status\n200 OK]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Health Request] --> B{is_string\nexpectedToken\nAND not empty?}
    B -- No\nnull / false / '' --> C[Log::error\n'not configured']
    C --> D[503 Service Unavailable\nfail-closed]
    B -- Yes\ntoken is set --> E{is_string\nsuppliedToken\nAND hash_equals?}
    E -- No --> F[401 Unauthorized]
    E -- Yes --> G[Find instance\nvalidate status]
    G --> H{Instance found\nand status valid?}
    H -- No --> I[400 / 404]
    H -- Yes --> J[Update instance status\n200 OK]
Loading

Reviews (3): Last reviewed commit: "fix: fail closed on instance health endp..." | Re-trigger Greptile

Comment thread tests/Feature/Api/InstanceHealthApiTest.php Outdated
Comment thread app/Http/Controllers/Api/PolydockInstanceHealthController.php Outdated
Comment thread app/Http/Controllers/Api/PolydockInstanceHealthController.php Outdated
@dan2k3k4 dan2k3k4 force-pushed the advisor/004-health-endpoint-fail-closed branch 2 times, most recently from 1d36175 to cf5f398 Compare July 2, 2026 09:02
@dan2k3k4 dan2k3k4 force-pushed the advisor/004-health-endpoint-fail-closed branch from cf5f398 to bd479cc Compare July 2, 2026 09:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant