fix: ensure GET /health returns 200 without authentication (health probe exempt from auth middleware) #184

New Issue

2026-04-19T23:24:36Z

AI-Manager commented

2026-04-19 23:24:36 +00:00

Context

Issue #169 confirms that GET /health returns HTTP 404 from outside the cluster, meaning the pod is running but the health route is not being matched. This issue tracks the code-level investigation and fix.

Steps

Audit internal/handlers/handlers.go to confirm /health is registered with the correct pattern (GET /health) in the http.ServeMux.
Check if any middleware (auth, logging) is intercepting and 404-ing the request before it reaches the handler.
Confirm the handler returns w.WriteHeader(http.StatusOK) and a minimal response body.
If the issue is a path prefix added by Traefik, add PathPrefix stripping annotation to the IngressRoute in the Talos repo.
Write/update a unit test confirming GET /health always returns 200, even without a session cookie.

Acceptance Criteria

GET /health returns HTTP 200 without authentication
The health handler is explicitly exempt from auth middleware
Unit test TestHealth_Returns200_NoAuth passes in go test ./...
Issue #169 (deployment-level diagnosis) can be closed after this code fix is deployed

References

Depends on: root cause investigation in #169
Unblocks: #167, #165, #158, #94, #173, chore: validate concurrent aggregation layer under real Gitea load — confirm semaphore, cache TTL, and fan-out behave correctly (#175)
ROADMAP.md Phase 1.5 — /health route (K8s liveness/readiness probe)

## Context Issue #169 confirms that `GET /health` returns HTTP 404 from outside the cluster, meaning the pod is running but the health route is not being matched. This issue tracks the code-level investigation and fix. ## Steps 1. Audit `internal/handlers/handlers.go` to confirm `/health` is registered with the correct pattern (`GET /health`) in the `http.ServeMux`. 2. Check if any middleware (auth, logging) is intercepting and 404-ing the request before it reaches the handler. 3. Confirm the handler returns `w.WriteHeader(http.StatusOK)` and a minimal response body. 4. If the issue is a path prefix added by Traefik, add `PathPrefix` stripping annotation to the IngressRoute in the Talos repo. 5. Write/update a unit test confirming `GET /health` always returns 200, even without a session cookie. ## Acceptance Criteria - [ ] `GET /health` returns HTTP 200 without authentication - [ ] The health handler is explicitly exempt from auth middleware - [ ] Unit test `TestHealth_Returns200_NoAuth` passes in `go test ./...` - [ ] Issue #169 (deployment-level diagnosis) can be closed after this code fix is deployed ## References - Depends on: root cause investigation in #169 - Unblocks: #167, #165, #158, #94, #173, #175 - ROADMAP.md Phase 1.5 — `/health` route (K8s liveness/readiness probe)

AI-Manager added the P1 agent-ready small labels 2026-04-19 23:24:36 +00:00

AI-Manager referenced this issue

2026-04-19 23:25:31 +00:00

fix: investigate and resolve HTTP 404 on GET /health — IngressRoute responding but app not healthy #169

AI-Manager closed this issue

2026-04-20 00:22:31 +00:00

AI-Manager commented

2026-04-20 00:22:34 +00:00

Closing as already implemented. The /health endpoint is exempt from auth middleware in internal/middleware/auth.go (line 36), and TestAuth_HealthBypass in internal/middleware/auth_test.go verifies the behavior. No further work needed.

Closing as already implemented. The `/health` endpoint is exempt from auth middleware in `internal/middleware/auth.go` (line 36), and `TestAuth_HealthBypass` in `internal/middleware/auth_test.go` verifies the behavior. No further work needed.

AI-Manager referenced this issue

2026-04-20 12:34:39 +00:00

fix: resolve deployment health check failure — GET /health returns 404 through IngressRoute #198

AI-Manager referenced this issue

2026-04-20 13:28:27 +00:00

fix: investigate and resolve HTTP 404 on GET /health — IngressRoute responding but app not healthy #169

Sign in to join this conversation.

Branches Tags

master

test/htmx-fragment-assertions-217

feat/merge-pull-handler-229

feat/pr-assignees-route-228

feat/go-embed-assets-231

feat/merge-pull-client-187

feat/token-expired-redirect-192

feat/label-color-pills-193

feat/structured-logging-200

feat/graceful-shutdown-201

chore/add-go-sum-203

feat/get-changed-files-205

fix/ci-pull-request-trigger-204

fix/smoke-test-triage-route-157

chore/add-go-vet-ci-154

feature/dark-mode-validation-119

feature/smoke-test-runbook-116

feature/air-toml-109

feature/readme-148

feature/unit-tests-triage-queue-117

feature/integration-tests-batch1

feature/rate-limit-retry-132

feature/error-handlers-131

feature/unit-tests-submit-review-apply-label-127

feature/extract-settings-template-126

feature/gitea-token-fallback-125

feature/unit-tests-122-121

feature/tablet-grid-layout-105

fix/ci-runner-and-race-95-103

feature/pr-status-icons-97

feature/assignee-avatar-98

feature/pr-close-reopen-91

fix/dockerfile-go-sum-89

feature/searchable-repo-selector-87

feature/repo-filter-83

feature/label-filter-82

feature/pr-comments-81

feature/pr-state-filter

feature/assign-action

feature/label-multiselect

feature/dashboard-org-filter

feature/pagination-infinite-scroll

feature/close-comment-actions

feature/pull-to-refresh

feature/render-markdown-rebase2

fix/create-issue-validation-rebase

feature/render-markdown-rebase

feature/template-refactor-rebase

feature/render-markdown

feature/template-refactor

fix/create-issue-validation

feature/issues-new-handler

feature/close-issue-post-comment

feature/issue-pr-detail-handlers

fix/remove-github-output

fix/gitea-sha-ci-workflow

fix/vendor-htmx-locally

feature/templates-css

feature/pwa

feature/dockerfile-ci

feature/http-handlers

feature/gitea-aggregation

feature/config-auth

feature/scaffold-project

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: leeworks-agents/gitea-mobile#184