refactor: extract /health disk-space payload into shared helper

TheLastCicada · TheLastCicada · commit 5f254838c11d · 2026-05-15T14:44:44.000-07:00
Caught by Cursor Bugbot review: the peek -&gt; build-object -&gt; log -&gt;
refresh pattern was copy-pasted across /health, /v1/health, and
/v2/health. Adding a field (e.g. error, path) would have required
updating three call sites; missing one would silently produce
inconsistent API responses.

Centralise the projection in src/utils/disk-space.js:
buildHealthDiskSpacePayload(). The exposed health field list is now
declared once (HEALTH_DISK_SPACE_FIELDS) and the helper drives the
peek + transition log + async refresh internally. The three handlers
collapse to a single call.

Also unexport peekDiskSpaceStatus and refreshDiskSpaceStatus now that
buildHealthDiskSpacePayload is the only caller; same dead-export
hygiene as the BYTES_PER_MEGABYTE removal.
diff --git a/src/middleware.js b/src/middleware.js
@@ -23,9 +23,8 @@ import { sendReadOnlyError } from './utils/read-only-response.js';
 import { getRateLimitRetryAfterSeconds } from './utils/rate-limit.js';
 import {
   checkDiskSpace,
-  peekDiskSpaceStatus,
-  refreshDiskSpaceStatus,
   logDiskSpaceStatus,
+  buildHealthDiskSpacePayload,
   buildInsufficientDiskSpaceError,
   isWriteRejectedByDiskGuard,
 } from './utils/disk-space.js';
@@ -544,34 +543,14 @@ app.use(async function (req, res, next) {
 });
 
 app.get('/health', (req, res) => {
-  // Surface disk-space status so monitoring can alert before writes get
-  // blocked. Use the non-blocking peek (cached value only) and kick off
-  // an async refresh in the background — synchronously awaiting statfs
-  // here can cause k8s liveness probes (default 1 s timeout) to fail
-  // when the filesystem is slow or wedged, which is exactly when /health
-  // most needs to stay responsive.
-  let diskSpace = null;
-  try {
-    const status = peekDiskSpaceStatus();
-    if (status) {
-      diskSpace = {
-        severity: status.severity,
-        freeBytes: status.freeBytes,
-        blockBytes: status.blockBytes,
-        warnBytes: status.warnBytes,
-      };
-      // Drive the debounced log from /health too so a mostly-idle CADT
-      // (no writes in flight) still surfaces warn/block transitions.
-      logDiskSpaceStatus(status);
-    }
-    refreshDiskSpaceStatus();
-  } catch (err) {
-    logger.debug(`disk-space-guard: /health peek failed: ${err.message}`);
-  }
+  // Non-blocking: build the cached disk-space projection (helper handles
+  // peek + transition log + async refresh + safe-fail). Synchronously
+  // awaiting statfs here would risk timing out k8s liveness probes when
+  // the filesystem is slow.
   res.status(200).json({
     message: 'OK',
     timestamp: new Date().toISOString(),
-    diskSpace,
+    diskSpace: buildHealthDiskSpacePayload(),
   });
 });
 
diff --git a/src/routes/v1/index.js b/src/routes/v1/index.js
@@ -3,12 +3,7 @@
 import express from 'express';
 import { getWalletHealthResponse } from '../wallet-health.js';
 import { getConfig } from '../../utils/config-loader';
-import {
-  peekDiskSpaceStatus,
-  refreshDiskSpaceStatus,
-  logDiskSpaceStatus,
-} from '../../utils/disk-space.js';
-import { logger } from '../../config/logger.js';
+import { buildHealthDiskSpacePayload } from '../../utils/disk-space.js';
 const V1Router = express.Router();
 
 import {
@@ -25,30 +20,12 @@ import {
 } from './resources';
 
 V1Router.get('/health', (req, res) => {
-  // Non-blocking: use cached disk-space status only and trigger an async
-  // refresh. Synchronously awaiting statfs would risk timing out k8s
-  // liveness probes when the filesystem is slow. See bare /health in
-  // src/middleware.js for full rationale.
-  let diskSpace = null;
-  try {
-    const status = peekDiskSpaceStatus();
-    if (status) {
-      diskSpace = {
-        severity: status.severity,
-        freeBytes: status.freeBytes,
-        blockBytes: status.blockBytes,
-        warnBytes: status.warnBytes,
-      };
-      logDiskSpaceStatus(status);
-    }
-    refreshDiskSpaceStatus();
-  } catch (err) {
-    logger.debug(`disk-space-guard: /v1/health peek failed: ${err.message}`);
-  }
+  // Non-blocking: see bare /health in src/middleware.js. The shared
+  // helper handles peek + transition log + async refresh.
   res.status(200).json({
     message: 'V1 API is running',
     timestamp: new Date().toISOString(),
-    diskSpace,
+    diskSpace: buildHealthDiskSpacePayload(),
   });
 });
 
diff --git a/src/routes/v2/index.js b/src/routes/v2/index.js
@@ -28,40 +28,17 @@ import { OrganizationsV2Router } from './resources/organizations-v2.js';
 import { AuditV2Router } from './resources/audit-v2.js';
 import { OfferV2Router } from './resources/offer-v2.js';
 import { FilestoreV2Router } from './resources/filestore-v2.js';
-import {
-  peekDiskSpaceStatus,
-  refreshDiskSpaceStatus,
-  logDiskSpaceStatus,
-} from '../../utils/disk-space.js';
-import { logger } from '../../config/logger.js';
+import { buildHealthDiskSpacePayload } from '../../utils/disk-space.js';
 
 const V2Router = express.Router();
 
 V2Router.get('/health', (req, res) => {
-  // Non-blocking: use cached disk-space status only and trigger an async
-  // refresh. Synchronously awaiting statfs would risk timing out k8s
-  // liveness probes when the filesystem is slow. See bare /health in
-  // src/middleware.js for full rationale.
-  let diskSpace = null;
-  try {
-    const status = peekDiskSpaceStatus();
-    if (status) {
-      diskSpace = {
-        severity: status.severity,
-        freeBytes: status.freeBytes,
-        blockBytes: status.blockBytes,
-        warnBytes: status.warnBytes,
-      };
-      logDiskSpaceStatus(status);
-    }
-    refreshDiskSpaceStatus();
-  } catch (err) {
-    logger.debug(`disk-space-guard: /v2/health peek failed: ${err.message}`);
-  }
+  // Non-blocking: see bare /health in src/middleware.js. The shared
+  // helper handles peek + transition log + async refresh.
   res.status(200).json({
     message: 'V2 API is running',
     timestamp: new Date().toISOString(),
-    diskSpace,
+    diskSpace: buildHealthDiskSpacePayload(),
   });
 });
 
diff --git a/src/utils/disk-space.js b/src/utils/disk-space.js
@@ -154,36 +154,31 @@ const computeStatus = async () => {
   });
 };
 
-/**
- * Non-blocking peek at the current disk-space status. Returns the cached
- * value if one exists, otherwise null. Never triggers a statfs.
- *
- * Used by /health endpoints so liveness probes never block on a slow
- * filesystem (statfs can hang for seconds on NFS/EBS hiccups, and k8s'
- * default livenessProbe.timeoutSeconds is 1 s — a full statfs round trip
- * can trigger spurious pod restarts precisely when operators most need
- * /health to respond).
- *
- * The cache is kept fresh by checkDiskSpace() calls from the write-path
- * middleware (every 30 s of write traffic) and by the periodic refresh
- * driven from refreshDiskSpaceStatus() below. As a fallback, /health
- * handlers should also kick off an async refresh (and ignore the
- * promise) so a quiet, mostly-idle instance still gets timely updates.
- */
-export const peekDiskSpaceStatus = () => {
+// Non-blocking peek at the current disk-space status. Returns the cached
+// value if one exists, otherwise null. Never triggers a statfs.
+//
+// Used by buildHealthDiskSpacePayload so /health probes never block on
+// a slow filesystem (statfs can hang for seconds on NFS/EBS hiccups,
+// and k8s' default livenessProbe.timeoutSeconds is 1 s -- a full statfs
+// round trip can trigger spurious pod restarts precisely when /health
+// most needs to respond).
+//
+// The cache is kept fresh by checkDiskSpace() calls from the write-path
+// middleware and by the fire-and-forget refresh kicked off from
+// buildHealthDiskSpacePayload, so a quiet, mostly-idle instance still
+// sees timely updates.
+const peekDiskSpaceStatus = () => {
   if (testOverride !== null) {
     return testOverride;
   }
   return cachedStatus;
 };
 
-/**
- * Fire-and-forget refresh of the cached disk-space status. Used by
- * /health and similar non-blocking callers that want the cache to stay
- * warm without paying statfs latency on the request path. Failures are
- * swallowed (computeStatus already logs them).
- */
-export const refreshDiskSpaceStatus = () => {
+// Fire-and-forget refresh of the cached disk-space status. Used by
+// buildHealthDiskSpacePayload to keep the cache warm without paying
+// statfs latency on the request path. Failures are swallowed
+// (computeStatus already logs them).
+const refreshDiskSpaceStatus = () => {
   // Reuse the same in-flight de-dup as checkDiskSpace so callers don't
   // accidentally schedule overlapping statfs calls.
   void checkDiskSpace().catch(() => {});
@@ -280,6 +275,51 @@ export const logDiskSpaceStatus = (status) => {
   lastLoggedSeverity = status.severity;
 };
 
+// Fields exposed on /health endpoints. Centralising the projection here
+// keeps /health, /v1/health, and /v2/health byte-for-byte consistent;
+// adding a new field (e.g. `error`, `path`) only requires a change in
+// this list, not in three handlers.
+const HEALTH_DISK_SPACE_FIELDS = Object.freeze([
+  'severity',
+  'freeBytes',
+  'blockBytes',
+  'warnBytes',
+]);
+
+/**
+ * Build the standard `diskSpace` payload for /health-style endpoints
+ * and drive the same side effects every health handler should perform:
+ *   - debounced transition log line (so a mostly-idle instance still
+ *     surfaces warn/block transitions even with no writes in flight)
+ *   - fire-and-forget cache refresh (so the next probe sees up-to-date
+ *     numbers without this request paying statfs latency)
+ *
+ * Returns the projection object (or null if the cache hasn't been
+ * populated yet). Never throws - any internal failure is swallowed
+ * after a debug log so /health itself stays 200.
+ *
+ * Callers must NOT pass the returned object back to a caller that
+ * could mutate it; the live cache reference is frozen so attempts to
+ * mutate the projection's shared keys are silent no-ops anyway, but a
+ * fresh object is returned here for safety.
+ */
+export const buildHealthDiskSpacePayload = () => {
+  try {
+    const status = peekDiskSpaceStatus();
+    refreshDiskSpaceStatus();
+    if (!status) return null;
+    logDiskSpaceStatus(status);
+    const payload = {};
+    for (const field of HEALTH_DISK_SPACE_FIELDS) {
+      payload[field] = status[field] ?? null;
+    }
+    return payload;
+  } catch (err) {
+    logger.debug(`disk-space-guard: health payload failed: ${err.message}`);
+    return null;
+  }
+};
+
 /**
  * Build the 507 Insufficient Storage response body. Shape mirrors
  * READ_ONLY_ERROR in src/utils/read-only-response.js so clients can
