Skip to content

lib/api: Add /rest/noauth/health health-check (fixes #8430) #8585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
calmh merged 4 commits into from
Oct 6, 2022
Merged

lib/api: Add /rest/noauth/health health-check (fixes #8430) #8585

calmh merged 4 commits into from
Oct 6, 2022

Conversation

@er-pa
Copy link
Member

@er-pa er-pa commented Oct 6, 2022

Purpose

Added a status page to the REST API which can act as a health-check, this allows third-party services and devices to check the status of Syncthing without having to use an API-key or plain-texted credentials.

To accomplish this two things were adjusted:

  • Exception for /rest/status to the CSRF-token-requirement
  • Exception for /rest/status to the otherwise required authentication

And obviously the /rest/status functionality was added, which is a simple return of a JSON object. Since, if you reach that point - it all goes well anyways. If not, you'll get another kind of error before reaching this point.

Testing

Two parts:
1.) Functional; visit the url and call the url in several ways, browser/curl/wget/...
2.) Security: Since we made an exception in the security-layer; hack-and-slash the URL a little to see if we don't unexpectedly reach other pages from this status-page while being unauthenticated.

Documentation

The API documentation will have to be updated to cover this addition.

er-pa added 2 commits October 6, 2022 11:03
@er-pa
lib/api: Add Status-page (syncthing#8430)
169bed2 
Added /rest/status as exception to the CSRF-token requirement and added a simple function to return a simple JSON object. The HTTP status gets send with per default
@er-pa
Made an authentication-exception for /rest/status
5f46452
@er-pa er-pa requested a review from calmh October 6, 2022 09:56
calmh
calmh reviewed Oct 6, 2022
View reviewed changes
@calmh calmh merged commit 7a40240 into syncthing:main Oct 6, 2022
@acolomb
Copy link
Member

acolomb commented Oct 6, 2022

Please do provide an appropriate documentation PR for the API endpoint. We put in quite some work to get caught up and have them all documented, let's try to keep it complete.

@acolomb acolomb changed the title lib/api: Add /rest/status health-check (#8430) lib/api: Add /rest/noauth/health health-check (fixes #8430) Oct 6, 2022
@acolomb acolomb mentioned this pull request Oct 6, 2022
Closed
11 tasks
@er-pa
Copy link
Member Author

er-pa commented Oct 6, 2022

Please do provide an appropriate documentation PR for the API endpoint. We put in quite some work to get caught up and have them all documented, let's try to keep it complete.

I will adjust the documentation and file a PR accordingly tomorrow.

@acolomb acolomb mentioned this pull request Oct 7, 2022
Merged
@calmh calmh added this to the v1.22.1 milestone Oct 17, 2022
@bt90 bt90 mentioned this pull request Nov 3, 2022
Closed
@bt90
Copy link
Contributor

bt90 commented Nov 3, 2022

Our docker healthcheck is now using this endpoint #8640

emlun added a commit to emlun/syncthing that referenced this pull request Jan 7, 2023
@emlun
Revert mux changes and moving static assets under /static/
f147065 
With the no-auth API exception added in commit 7a40240 (PR syncthing#8585), we can
extend that with a few more exceptions instead of restructuring the routing
muxes and moving the static assets.
@er-pa er-pa deleted the dev/healthcheck branch March 10, 2023 19:09
@emlun emlun mentioned this pull request Aug 19, 2023
Merged
@st-review st-review added the frozen-due-to-age Issues closed and untouched for a long time, together with being locked for discussion label Oct 12, 2023
@syncthing syncthing locked and limited conversation to collaborators Oct 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@calmh calmh calmh approved these changes

Assignees

No one assigned

Labels

frozen-due-to-age Issues closed and untouched for a long time, together with being locked for discussion

Projects

None yet

Milestone

v1.22.1

Development

Successfully merging this pull request may close these issues.

5 participants

@er-pa @acolomb @bt90 @calmh @st-review