Add health_check access token, and enforce on the health_check endpoint

Also added a health check page to the admin section for resetting the token.

6 files changed, 79 insertions, 0 deletions

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index ec22548ddeb..7b9a88cd319 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -19,6 +19,12 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     redirect_to admin_runners_path
   end
 
+  def reset_health_check_token
+    @application_setting.reset_health_check_access_token!
+    flash[:notice] = 'New health check access token has been generated!'
+    redirect_to :back
+  end
+
   def clear_repository_check_states
     RepositoryCheck::ClearWorker.perform_async
 
diff --git a/app/controllers/admin/health_check_controller.rb b/app/controllers/admin/health_check_controller.rb
new file mode 100644
index 00000000000..3153a765e35
--- /dev/null
+++ b/app/controllers/admin/health_check_controller.rb
@@ -0,0 +1,9 @@
+class Admin::HealthCheckController < Admin::ApplicationController
+  def show
+    begin
+      @errors = HealthCheck::Utils.process_checks('standard')
+    rescue => e
+      @errors = e.message.blank? ? e.class.to_s : e.message.to_s
+    end
+  end
+end
diff --git a/app/controllers/health_check_controller.rb b/app/controllers/health_check_controller.rb
new file mode 100644
index 00000000000..b974489836f
--- /dev/null
+++ b/app/controllers/health_check_controller.rb
@@ -0,0 +1,13 @@
+class HealthCheckController < HealthCheck::HealthCheckController
+  before_action :validate_health_check_access!
+
+  protected
+
+  def validate_health_check_access!
+    return render_404 unless params[:token].presence && params[:token] == current_application_settings.health_check_access_token
+  end
+
+  def render_404
+    render file: Rails.root.join("public", "404"), layout: false, status: "404"
+  end
+end
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 7039db2d41e..bf88326c116 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -1,6 +1,7 @@
 class ApplicationSetting < ActiveRecord::Base
   include TokenAuthenticatable
   add_authentication_token_field :runners_registration_token
+  add_authentication_token_field :health_check_access_token
 
   CACHE_KEY = 'application_setting.last'
 
@@ -70,6 +71,7 @@ class ApplicationSetting < ActiveRecord::Base
   end
 
   before_save :ensure_runners_registration_token
+  before_save :ensure_health_check_access_token
 
   after_commit do
     Rails.cache.write(CACHE_KEY, self)
@@ -133,4 +135,8 @@ class ApplicationSetting < ActiveRecord::Base
   def runners_registration_token
     ensure_runners_registration_token!
   end
+
+  def health_check_access_token
+    ensure_health_check_access_token!
+  end
 end
diff --git a/app/views/admin/health_check/show.html.haml b/app/views/admin/health_check/show.html.haml
new file mode 100644
index 00000000000..70e5d04e356
--- /dev/null
+++ b/app/views/admin/health_check/show.html.haml
@@ -0,0 +1,40 @@
+- page_title "Health Check"
+
+%h3.page-title
+  Health Check
+%p.light
+  Health information can be reteived as plain text, json, or xml using:
+  %ul
+    %li
+      %code= "/health_check?token=#{current_application_settings.health_check_access_token}"
+    %li
+      %code= "/health_check.json?token=#{current_application_settings.health_check_access_token}"
+    %li
+      %code= "/health_check.xml?token=#{current_application_settings.health_check_access_token}"
+
+.bs-callout.clearfix
+  .pull-left
+    %p
+      You can reset the health check access token by pressing the button below.
+    %p
+      = button_to reset_health_check_token_admin_application_settings_path,
+        method: :put, class: 'btn btn-default',
+        data: { confirm: 'Are you sure you want to reset the health check token?' } do
+        = icon('refresh')
+        Reset health check access token
+
+%hr
+.panel.panel-default
+  .panel-heading
+    Current Status:
+    - if @errors.blank?
+      = icon('circle', class: 'cgreen')
+      Healthy
+    - else
+      = icon('warning', class: 'cred')
+      Unhealthy
+  .panel-body
+    - if @errors.blank?
+      No Health Problems Detected
+    - else
+      = @errors
diff --git a/app/views/layouts/nav/_admin.html.haml b/app/views/layouts/nav/_admin.html.haml
index 280a1b93729..f292730fe45 100644
--- a/app/views/layouts/nav/_admin.html.haml
+++ b/app/views/layouts/nav/_admin.html.haml
@@ -41,6 +41,11 @@
       = icon('file-text fw')
       %span
         Logs
+  = nav_link(controller: :health_check) do
+    = link_to admin_health_check_path, title: 'Health Check' do
+      = icon('medkit fw')
+      %span
+        Health Check
   = nav_link(controller: :broadcast_messages) do
     = link_to admin_broadcast_messages_path, title: 'Messages' do
       = icon('bullhorn fw')