Exclude health check endpoint from rate-limiting

Jaskanwal Pawar · Jaskanwal Pawar · commit 8ab6e354a5b6 · 2020-05-06T14:11:29.000-07:00
- Would previously be rate-limited which would cause health checks to
incorrectly fail =&gt; downtime of API server

[#171468535]

Authored-by: Jaskanwal Pawar &lt;jpawar@pivotal.io&gt;
diff --git a/middleware/rate_limiter.rb b/middleware/rate_limiter.rb
@@ -52,7 +52,7 @@ def skip_rate_limiting?(env, request)
       end
 
       def root_api?(request)
-        request.fullpath.match(%r{\A(?:/v2/info|/v3|/)\z})
+        request.fullpath.match(%r{\A(?:/v2/info|/v3|/|/healthz)\z})
       end
 
       def internal_api?(request)
diff --git a/spec/unit/middleware/rate_limiter_spec.rb b/spec/unit/middleware/rate_limiter_spec.rb
@@ -181,7 +181,7 @@ module Middleware
             end
           end
 
-          context 'when the user is hitting a root path /v2/info"' do
+          context 'when the user is hitting a root path /v2/info' do
             let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: '/v2/info') }
 
             it 'exempts them from rate limiting' do
@@ -193,7 +193,7 @@ module Middleware
             end
           end
 
-          context 'when the user is hitting a root path /v3"' do
+          context 'when the user is hitting a root path /v3' do
             let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: '/v3') }
 
             it 'exempts them from rate limiting' do
@@ -204,6 +204,18 @@ module Middleware
               expect(response_headers['X-RateLimit-Reset']).to be_nil
             end
           end
+
+          context 'when the user is hitting a root path /healthz' do
+            let(:fake_request) { instance_double(ActionDispatch::Request, fullpath: '/healthz') }
+
+            it 'exempts them from rate limiting' do
+              allow(ActionDispatch::Request).to receive(:new).and_return(fake_request)
+              _, response_headers, _ = middleware.call(unauthenticated_env)
+              expect(response_headers['X-RateLimit-Limit']).to be_nil
+              expect(response_headers['X-RateLimit-Remaining']).to be_nil
+              expect(response_headers['X-RateLimit-Reset']).to be_nil
+            end
+          end
         end
 
         describe 'when the user has a "HTTP_X_FORWARDED_FOR" header from proxy' do
