art-dag/celery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix healthcheck + external URL in silent auth middleware
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m27s
Details

Browse Source 
- Add /health endpoint, update healthcheck to use it
- Use configured base URL instead of internal Docker URL
- Add /health to skip prefixes for silent auth

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
2026-02-24 01:06:44 +00:00
parent e1f13abc7f
commit eaefdd326b
3 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/__init__.py
View File

@@ -19,11 +19,22 @@ from artdag_common.middleware.auth import get_user_from_cookie
from .config import settings from .config import settings
# Paths that should never trigger a silent auth check # Paths that should never trigger a silent auth check
_SKIP_PREFIXES = ("/auth/", "/static/", "/api/", "/ipfs/", "/download/", "/inbox") _SKIP_PREFIXES = ("/auth/", "/static/", "/api/", "/ipfs/", "/download/", "/inbox", "/health")
_SILENT_CHECK_COOLDOWN = 300 # 5 minutes _SILENT_CHECK_COOLDOWN = 300 # 5 minutes
_DEVICE_COOKIE = "artdag_did" _DEVICE_COOKIE = "artdag_did"
_DEVICE_COOKIE_MAX_AGE = 30 * 24 * 3600 # 30 days _DEVICE_COOKIE_MAX_AGE = 30 * 24 * 3600 # 30 days
# Derive external base URL from oauth_redirect_uri (e.g. https://celery-artdag.rose-ash.com)
_EXTERNAL_BASE = settings.oauth_redirect_uri.rsplit("/auth/callback", 1)[0]
def _external_url(request: Request) -> str:
"""Build external URL from request path + query, using configured base domain."""
url = f"{_EXTERNAL_BASE}{request.url.path}"
if request.url.query:
url += f"?{request.url.query}"
return url
def create_app() -> FastAPI: def create_app() -> FastAPI:
""" """
@@ -80,7 +91,7 @@ def create_app() -> FastAPI:
auth_ts = r.get(f"did_auth:{device_id}") auth_ts = r.get(f"did_auth:{device_id}")
if auth_ts and float(auth_ts) > pnone_ts: if auth_ts and float(auth_ts) > pnone_ts:
# Login happened since our last check — retry # Login happened since our last check — retry
current_url = str(request.url) current_url = _external_url(request)
return RedirectResponse( return RedirectResponse(
url=f"/auth/login?prompt=none&next={quote(current_url, safe='')}", url=f"/auth/login?prompt=none&next={quote(current_url, safe='')}",
status_code=302, status_code=302,
@@ -92,7 +103,7 @@ def create_app() -> FastAPI:
pass pass
# Redirect to silent OAuth check # Redirect to silent OAuth check
current_url = str(request.url) current_url = _external_url(request)
return RedirectResponse( return RedirectResponse(
url=f"/auth/login?prompt=none&next={quote(current_url, safe='')}", url=f"/auth/login?prompt=none&next={quote(current_url, safe='')}",
status_code=302, status_code=302,

6
app/routers/home.py
View File

@@ -16,6 +16,12 @@ from ..dependencies import get_templates, get_current_user
router = APIRouter() router = APIRouter()
@router.get("/health")
async def health():
"""Health check endpoint — always returns 200."""
return {"status": "ok"}
async def get_user_stats(actor_id: str) -> dict: async def get_user_stats(actor_id: str) -> dict:
"""Get stats for a user.""" """Get stats for a user."""
import database import database

2
docker-compose.yml
View File

@@ -76,7 +76,7 @@ services:
# DATABASE_URL, ADMIN_TOKEN, ARTDAG_CLUSTER_KEY, # DATABASE_URL, ADMIN_TOKEN, ARTDAG_CLUSTER_KEY,
# L2_SERVER, L2_DOMAIN, IPFS_GATEWAY_URL from .env file # L2_SERVER, L2_DOMAIN, IPFS_GATEWAY_URL from .env file
healthcheck: healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8100/')"] test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8100/health')"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 3 retries: 3