update host authz to exclude health checks

- host header is not sent by e.g. AWS ELB when performing a health check - also removes domain routing constraints from health checks
keygen-sh · Aug 4, 2023 · ac616fa · ac616fa
1 parent d209271
commit ac616fa
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 Rails.application.configure do
-  # Settings specified here will take precedence over those in config/application.rb.
+  config.host_authorization = { exclude: -> req { req.path =~ %r(^/v\d+/health) } }
   config.hosts.concat(
     [ENV.fetch('KEYGEN_HOST'), *ENV.fetch('KEYGEN_HOSTS', '').split(',')].then { |host|
       host.uniq.compact_blank.map { _1.downcase.strip }

diff --git a/config/routes.rb b/config/routes.rb
@@ -433,6 +433,12 @@
 
   scope module: :api do
     namespace :v1 do
+      # Health checks
+      scope :health do
+        get '/',       to: 'health#general_health'
+        get :webhooks, to: 'health#webhook_health'
+      end
+
       constraints **domain_constraints, **subdomain_constraints do
         if Keygen.multiplayer?
           post :stripe, to: 'stripe#receive_webhook'
@@ -443,12 +449,6 @@
           end
         end
 
-        # Health checks
-        scope :health do
-          get '/',       to: 'health#general_health'
-          get :webhooks, to: 'health#webhook_health'
-        end
-
         # Recover
         scope constraints: MimeTypeConstraint.new(:jsonapi, :json, raise_on_no_match: true), defaults: { format: :jsonapi } do
           post :recover, to: 'recoveries#recover'