Skip to content

Commit ca2db3b

Browse files
Mahmoud-EmadMahmoud-Emad
committed
feat: Enhance health check API for improved security and clarity
- Remove sensitive information from health check responses: The API now avoids exposing database connection details, Redis host/port, Celery broker URL, and email server credentials to enhance security. This prevents potential vulnerabilities. - Improve the structure and readability of health check responses: The responses are now more concise and informative, providing clear status messages and relevant details about each service without compromising security. This enhances the usability of the API.
1 parent 1f01f49 commit ca2db3b

File tree

1 file changed

+33
-23
lines changed

1 file changed

+33
-23
lines changed

server/views.py

Lines changed: 33 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,16 @@ def _check_database(self):
5757
try:
5858
# Try to connect to the database
5959
connections['default'].ensure_connection()
60-
# Get database info
60+
# Get database info (only non-sensitive information)
6161
db_info = {
6262
"engine": settings.DATABASES['default']['ENGINE'].split('.')[-1],
63-
"name": str(settings.DATABASES['default']['NAME']) # Convert PosixPath to string
6463
}
65-
if 'postgresql' in settings.DATABASES['default']['ENGINE']:
66-
db_info["host"] = settings.DATABASES['default']['HOST']
67-
db_info["port"] = settings.DATABASES['default']['PORT']
64+
65+
# For security, we don't expose the full database path or connection details
66+
if 'sqlite3' in settings.DATABASES['default']['ENGINE']:
67+
db_info["type"] = "SQLite"
68+
elif 'postgresql' in settings.DATABASES['default']['ENGINE']:
69+
db_info["type"] = "PostgreSQL"
6870

6971
return {
7072
"status": True,
@@ -89,19 +91,23 @@ def _check_redis(self):
8991
r = redis.Redis(host=host, port=port, socket_connect_timeout=2)
9092
r.ping()
9193

94+
# For security, we don't expose the actual host and port
9295
return {
9396
"status": True,
9497
"message": "Redis connection successful",
9598
"info": {
96-
"host": host,
97-
"port": port
99+
"service": "Redis",
100+
"connected": True
98101
}
99102
}
100103
except Exception as e:
101104
return {
102105
"status": False,
103106
"message": f"Redis connection failed: {str(e)}",
104-
"info": {}
107+
"info": {
108+
"service": "Redis",
109+
"connected": False
110+
}
105111
}
106112

107113
def _check_celery(self):
@@ -114,26 +120,26 @@ def _check_celery(self):
114120

115121
if stats:
116122
# If we get stats, Celery is running
117-
worker_names = list(stats.keys())
123+
worker_count = len(stats.keys())
118124
return {
119125
"status": True,
120126
"message": "Celery workers are running",
121127
"info": {
122-
"workers": worker_names,
123-
"broker": celery_app.conf.broker_url
128+
"worker_count": worker_count,
129+
"service": "Celery"
124130
}
125131
}
126132
else:
127133
# Try an alternative approach - check scheduled tasks
128134
scheduled = inspector.scheduled()
129135
if scheduled:
130-
worker_names = list(scheduled.keys())
136+
worker_count = len(scheduled.keys())
131137
return {
132138
"status": True,
133139
"message": "Celery workers are running",
134140
"info": {
135-
"workers": worker_names,
136-
"broker": celery_app.conf.broker_url
141+
"worker_count": worker_count,
142+
"service": "Celery"
137143
}
138144
}
139145

@@ -142,7 +148,7 @@ def _check_celery(self):
142148
"status": False,
143149
"message": "No Celery workers are running",
144150
"info": {
145-
"broker": celery_app.conf.broker_url
151+
"service": "Celery"
146152
}
147153
}
148154
except Exception as e:
@@ -152,8 +158,8 @@ def _check_celery(self):
152158
"status": True,
153159
"message": "Celery appears to be running, but connection check failed",
154160
"info": {
155-
"broker": celery_app.conf.broker_url if hasattr(celery_app.conf, 'broker_url') else "unknown",
156-
"error": str(e)
161+
"service": "Celery",
162+
"error_type": type(e).__name__
157163
}
158164
}
159165

@@ -171,25 +177,29 @@ def _check_email(self):
171177
"status": False,
172178
"message": "Email service is not fully configured",
173179
"info": {
174-
"host": settings.EMAIL_HOST,
175-
"port": settings.EMAIL_PORT
180+
"service": "Email",
181+
"configured": False
176182
}
177183
}
178184

179185
# We don't actually connect to the SMTP server to avoid potential issues
180186
# Just check if the configuration exists
187+
# For security, we don't expose the actual email credentials
181188
return {
182189
"status": True,
183190
"message": "Email service is configured",
184191
"info": {
185-
"host": settings.EMAIL_HOST,
186-
"port": settings.EMAIL_PORT,
187-
"user": settings.EMAIL_HOST_USER
192+
"service": "Email",
193+
"configured": True,
194+
"provider": settings.EMAIL_HOST.split('.')[0] if '.' in settings.EMAIL_HOST else settings.EMAIL_HOST
188195
}
189196
}
190197
except Exception as e:
191198
return {
192199
"status": False,
193200
"message": f"Email service check failed: {str(e)}",
194-
"info": {}
201+
"info": {
202+
"service": "Email",
203+
"configured": False
204+
}
195205
}

0 commit comments

Comments
 (0)