From a3d8fb8efb13ca80f38dcdc6ef80bd5cf9cffe7f Mon Sep 17 00:00:00 2001
From: Beth Skurrie <beth@bethesque.com>
Date: Mon, 12 Mar 2018 20:16:31 +1100
Subject: [PATCH] feat: allow public access to the heartbeat URL to be
 configured via an environment variable

---
 container/etc/nginx/main.d/pactbroker-env.conf |  1 +
 pact_broker/basic_auth.rb                      | 18 ++++++++++++++----
 pact_broker/config.ru                          |  3 ++-
 script/test.sh                                 |  9 +++++++++
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/container/etc/nginx/main.d/pactbroker-env.conf b/container/etc/nginx/main.d/pactbroker-env.conf
index aaad977..4cc4a27 100644
--- a/container/etc/nginx/main.d/pactbroker-env.conf
+++ b/container/etc/nginx/main.d/pactbroker-env.conf
@@ -6,6 +6,7 @@ env PACT_BROKER_DATABASE_NAME;
 env PACT_BROKER_DATABASE_PORT;
 env PACT_BROKER_BASIC_AUTH_USERNAME;
 env PACT_BROKER_BASIC_AUTH_PASSWORD;
+env PACT_BROKER_PUBLIC_HEARTBEAT;
 env PACT_BROKER_LOG_LEVEL;
 env http_proxy;
 env https_proxy;
diff --git a/pact_broker/basic_auth.rb b/pact_broker/basic_auth.rb
index c8bfc49..672bbca 100644
--- a/pact_broker/basic_auth.rb
+++ b/pact_broker/basic_auth.rb
@@ -1,11 +1,13 @@
 class BasicAuth
-  PATH_INFO = 'PATH_INFO'
-  BADGE_PATH = %r{^/pacts/provider/[^/]+/consumer/.*/badge(?:\.[A-Za-z]+)?$}
+  PATH_INFO = 'PATH_INFO'.freeze
+  BADGE_PATH = %r{^/pacts/provider/[^/]+/consumer/.*/badge(?:\.[A-Za-z]+)?$}.freeze
+  HEARTBEAT_PATH = "/diagnostic/status/heartbeat".freeze
 
-  def initialize(app, username, password)
+  def initialize(app, username, password, allow_public_access_to_heartbeat)
     @app = app
     @expected_username = username
     @expected_password = password
+    @allow_public_access_to_heartbeat = allow_public_access_to_heartbeat
 
     @app_with_auth = Rack::Auth::Basic.new(app, "Restricted area") do |username, password|
       username == @expected_username && password == @expected_password
@@ -21,6 +23,14 @@ def call(env)
   end
 
   def use_basic_auth?(env)
-    !(env[PATH_INFO] =~ BADGE_PATH)
+    !(is_badge_path?(env) || is_heartbeat_and_public_access_allowed(env))
+  end
+
+  def is_badge_path?(env)
+    env[PATH_INFO] =~ BADGE_PATH
+  end
+
+  def is_heartbeat_and_public_access_allowed?
+    @allow_public_access_to_heartbeat && env[PATH_INFO] == BADGE_PATH
   end
 end
diff --git a/pact_broker/config.ru b/pact_broker/config.ru
index f667428..950fbcf 100644
--- a/pact_broker/config.ru
+++ b/pact_broker/config.ru
@@ -16,9 +16,10 @@ PactBroker.configuration.load_from_database!
 basic_auth_username = ENV.fetch('PACT_BROKER_BASIC_AUTH_USERNAME','')
 basic_auth_password = ENV.fetch('PACT_BROKER_BASIC_AUTH_PASSWORD', '')
 use_basic_auth = basic_auth_username != '' && basic_auth_password != ''
+allow_public_access_to_heartbeat = ENV.fetch('PACT_BROKER_PUBLIC_HEARTBEAT', '') == 'true'
 
 if use_basic_auth
-  app = BasicAuth.new(app, basic_auth_username, basic_auth_password)
+  app = BasicAuth.new(app, basic_auth_username, basic_auth_password, allow_public_access_to_heartbeat)
 end
 
 run app
diff --git a/script/test.sh b/script/test.sh
index f90a6af..e35d8b3 100755
--- a/script/test.sh
+++ b/script/test.sh
@@ -59,6 +59,7 @@ fi
 [ -z "${PACT_CONT_NAME}" ]               && PACT_CONT_NAME="broker-app"
 [ -z "${PSQL_CONT_NAME}" ]               && PSQL_CONT_NAME="postgres"
 [ -z "${PACT_BROKER_DATABASE_ADAPTER}" ] && PACT_BROKER_DATABASE_ADAPTER="postgres"
+[ -z "${PACT_BROKER_PUBLIC_HEARTBEAT}" ] && PACT_BROKER_PUBLIC_HEARTBEAT="true"
 
 echo "Will build the pact broker"
 docker build -t=dius/pact_broker .
@@ -159,6 +160,7 @@ docker run --privileged --name=${PACT_CONT_NAME} -d -p ${PORT_BIND} \
   -e PACT_BROKER_DATABASE_PORT=${PACT_BROKER_DATABASE_PORT} \
   -e PACT_BROKER_BASIC_AUTH_USERNAME=${PACT_BROKER_BASIC_AUTH_USERNAME} \
   -e PACT_BROKER_BASIC_AUTH_PASSWORD=${PACT_BROKER_BASIC_AUTH_PASSWORD} \
+  -e PACT_BROKER_PUBLIC_HEARTBEAT=${PACT_BROKER_PUBLIC_HEARTBEAT} \
   -e PACT_BROKER_LOG_LEVEL=INFO \
   dius/pact_broker
 sleep 1 && docker logs ${PACT_CONT_NAME}
@@ -223,4 +225,11 @@ if [[ "${response_code}" -ne '200' ]]; then
   die "Expected response code to be 200, but was ${response_code}"
 fi
 
+echo "Checking that the heartbeat URL can be accessed without basic auth"
+response_code=$(curl -s -o /dev/null -w "%{http_code}" http://${test_ip}:${EXTERN_BROKER_PORT}/diagnostic/status/heartbeat)
+
+if [[ "${response_code}" -ne '200' ]]; then
+  die "Expected response code to be 200, but was ${response_code}"
+fi
+
 echo "SUCCESS: All tests passed!"
\ No newline at end of file