2e756557ff
Sergent renameSync() rotates reports/ -> reports/archive/ at 07:30 UTC daily, so for ~22h per day the only copy of a fresh scan lives in archive/. The handler now scans both directories and concatenates with top-level priority on filename collision. archive/ missing is a silent skip. Tests : 17/17 in test-curl.sh (11 existing + 6 new for archive coverage). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
256 lines
8.6 KiB
JavaScript
256 lines
8.6 KiB
JavaScript
const http = require("node:http");
|
|
const os = require("node:os");
|
|
const { execSync } = require("node:child_process");
|
|
const { readFileSync, readdirSync, existsSync } = require("node:fs");
|
|
const path = require("node:path");
|
|
const { setTimeout: delay } = require("node:timers/promises");
|
|
|
|
const PORT = parseInt(process.env.PORT || "3001", 10);
|
|
const TOKEN = process.env.HEALTH_TOKEN;
|
|
const REPORTS_DIR = process.env.REPORTS_DIR || "/data/defenseurs/reports";
|
|
const LOGTO_HEALTH_URL =
|
|
process.env.LOGTO_HEALTH_URL ||
|
|
"https://auth.lacompagniemaximus.com/oidc/.well-known/openid-configuration";
|
|
const LOGTO_TIMEOUT_MS = 3000;
|
|
const SCAN_DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
|
|
|
|
if (!TOKEN) {
|
|
console.warn("WARNING: HEALTH_TOKEN is not set. All requests will be rejected (fail-closed).");
|
|
}
|
|
|
|
function readProcStat() {
|
|
try {
|
|
const line = execSync("head -1 /proc/stat", { encoding: "utf-8" }).trim();
|
|
const parts = line.split(/\s+/).slice(1).map(Number);
|
|
const idle = parts[3] + parts[4];
|
|
const total = parts.reduce((a, b) => a + b, 0);
|
|
return { idle, total };
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
async function getCpuPercent() {
|
|
const t1 = readProcStat();
|
|
if (!t1) return 0;
|
|
const { idle: idle1, total: total1 } = t1;
|
|
|
|
// Sample over 500ms without blocking the event loop, so other async work
|
|
// (e.g. the Logto healthcheck) can run concurrently.
|
|
await delay(500);
|
|
|
|
const t2 = readProcStat();
|
|
if (!t2) return 0;
|
|
const dIdle = t2.idle - idle1;
|
|
const dTotal = t2.total - total1;
|
|
if (dTotal === 0) return 0;
|
|
return Math.round((1 - dIdle / dTotal) * 100);
|
|
}
|
|
|
|
async function getLogtoHealth() {
|
|
const ac = new AbortController();
|
|
const timer = setTimeout(() => ac.abort(), LOGTO_TIMEOUT_MS);
|
|
const start = performance.now();
|
|
try {
|
|
const res = await fetch(LOGTO_HEALTH_URL, { signal: ac.signal });
|
|
const responseTimeMs = Math.round(performance.now() - start);
|
|
if (res.ok) return { status: "up", responseTimeMs };
|
|
return { status: "down", responseTimeMs, error: `HTTP ${res.status}` };
|
|
} catch (err) {
|
|
const responseTimeMs = Math.round(performance.now() - start);
|
|
const error = err.name === "AbortError" ? "timeout" : err.message || "network error";
|
|
return { status: "down", responseTimeMs, error };
|
|
} finally {
|
|
clearTimeout(timer);
|
|
}
|
|
}
|
|
|
|
function getDisk() {
|
|
try {
|
|
// Alpine df doesn't support --output, use standard POSIX format
|
|
const out = execSync("df -k /", { encoding: "utf-8" });
|
|
const parts = out.trim().split("\n")[1].trim().split(/\s+/);
|
|
// df -k columns: Filesystem, 1K-blocks, Used, Available, Use%, Mounted
|
|
const totalGB = +(parseInt(parts[1], 10) / 1e6).toFixed(1);
|
|
const usedGB = +(parseInt(parts[2], 10) / 1e6).toFixed(1);
|
|
const freeGB = +(parseInt(parts[3], 10) / 1e6).toFixed(1);
|
|
const usagePercent = totalGB > 0 ? Math.round((usedGB / totalGB) * 100) : 0;
|
|
return { totalGB, usedGB, freeGB, usagePercent };
|
|
} catch {
|
|
return { totalGB: 0, usedGB: 0, freeGB: 0, usagePercent: 0 };
|
|
}
|
|
}
|
|
|
|
// Reproduce the isScanReport guard from defenseurs/src/report.ts. The
|
|
// defenseur-auto run report has shape { actions[], skipped[] } with no
|
|
// findings[] — it must be filtered out so it never reaches the auto pipeline
|
|
// (which expects scan-shaped reports only).
|
|
function isScanReport(value) {
|
|
return (
|
|
typeof value === "object" &&
|
|
value !== null &&
|
|
Array.isArray(value.findings) &&
|
|
typeof value.agent === "string" &&
|
|
typeof value.timestamp === "string"
|
|
);
|
|
}
|
|
|
|
// Read all `defenseur-<agent>_<date>*.json` files under `dir` matching the
|
|
// given UTC date. Returns parsed scan reports keyed by filename so the caller
|
|
// can dedupe across REPORTS_DIR + REPORTS_DIR/archive.
|
|
function collectScanReportsFromDir(dir, date) {
|
|
const collected = new Map();
|
|
if (!existsSync(dir)) return collected;
|
|
|
|
const files = readdirSync(dir).filter(
|
|
(f) => f.startsWith("defenseur-") && f.includes(`_${date}`) && f.endsWith(".json"),
|
|
);
|
|
|
|
for (const file of files) {
|
|
try {
|
|
const raw = readFileSync(path.join(dir, file), "utf-8");
|
|
const parsed = JSON.parse(raw);
|
|
if (!isScanReport(parsed)) continue;
|
|
if (!parsed.timestamp.startsWith(date)) continue;
|
|
collected.set(file, parsed);
|
|
} catch (err) {
|
|
console.error(`[reports/scans] failed to parse ${file}:`, err.message);
|
|
}
|
|
}
|
|
|
|
return collected;
|
|
}
|
|
|
|
// Read all `defenseur-<agent>_<date>*.json` files under REPORTS_DIR for the
|
|
// given UTC date. The scan reports use an ISO timestamp with `:` and `.`
|
|
// rewritten as `-` in the filename (e.g. defenseur-booking_2026-05-06T05-30-11-249Z.json).
|
|
// We match `_<date>` then re-confirm via parsed.timestamp.startsWith(date).
|
|
//
|
|
// The Sergent rotates fresh reports out of REPORTS_DIR into REPORTS_DIR/archive
|
|
// at 07:30 UTC daily (cf. defenseurs/src/sergent.ts renameSync). For ~22h/day
|
|
// the only copy lives in archive/ — so we scan both and concatenate. Top-level
|
|
// files take precedence on filename collision (more recent by definition).
|
|
function readScanReportsForDate(date) {
|
|
const topLevel = collectScanReportsFromDir(REPORTS_DIR, date);
|
|
const archive = collectScanReportsFromDir(path.join(REPORTS_DIR, "archive"), date);
|
|
|
|
// Merge with top-level priority — only insert archive entries whose filename
|
|
// is not already present at the top level.
|
|
for (const [file, report] of archive) {
|
|
if (!topLevel.has(file)) topLevel.set(file, report);
|
|
}
|
|
|
|
// Stable sort by timestamp asc — same convention as readReports() in
|
|
// defenseurs/src/report.ts.
|
|
return [...topLevel.values()].sort(
|
|
(a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime(),
|
|
);
|
|
}
|
|
|
|
async function getHealth() {
|
|
const cpus = os.cpus();
|
|
const totalMem = os.totalmem();
|
|
const freeMem = os.freemem();
|
|
const usedMem = totalMem - freeMem;
|
|
|
|
const [cpuUsagePercent, logto] = await Promise.all([
|
|
getCpuPercent(),
|
|
getLogtoHealth(),
|
|
]);
|
|
|
|
return {
|
|
timestamp: new Date().toISOString(),
|
|
hostname: os.hostname(),
|
|
uptime: Math.floor(os.uptime()),
|
|
cpu: {
|
|
model: cpus[0]?.model?.trim() || "unknown",
|
|
cores: cpus.length,
|
|
loadAvg: os.loadavg().map((l) => +l.toFixed(2)),
|
|
usagePercent: cpuUsagePercent,
|
|
},
|
|
memory: {
|
|
totalGB: +(totalMem / 1e9).toFixed(1),
|
|
usedGB: +(usedMem / 1e9).toFixed(1),
|
|
freeGB: +(freeMem / 1e9).toFixed(1),
|
|
usagePercent: Math.round((usedMem / totalMem) * 100),
|
|
},
|
|
disk: getDisk(),
|
|
logto,
|
|
};
|
|
}
|
|
|
|
const server = http.createServer(async (req, res) => {
|
|
res.setHeader("Content-Type", "application/json");
|
|
|
|
// Parse the URL so /reports/scans can carry a `?date=` query string. The
|
|
// placeholder host is required because URL() needs an absolute URL.
|
|
const parsedUrl = new URL(req.url, "http://localhost");
|
|
const pathname = parsedUrl.pathname;
|
|
|
|
const validRoutes = ["/health", "/defenseurs", "/reports/scans"];
|
|
if (req.method !== "GET" || !validRoutes.includes(pathname)) {
|
|
res.writeHead(404);
|
|
res.end(JSON.stringify({ error: "Not found" }));
|
|
return;
|
|
}
|
|
|
|
if (!TOKEN) {
|
|
res.writeHead(401);
|
|
res.end(JSON.stringify({ error: "HEALTH_TOKEN not configured" }));
|
|
return;
|
|
}
|
|
|
|
const auth = req.headers["authorization"];
|
|
if (auth !== `Bearer ${TOKEN}`) {
|
|
res.writeHead(401);
|
|
res.end(JSON.stringify({ error: "Unauthorized" }));
|
|
return;
|
|
}
|
|
|
|
if (pathname === "/defenseurs") {
|
|
const statusPath = process.env.DEFENSEURS_STATUS_PATH || "/data/defenseurs/status.json";
|
|
try {
|
|
const status = readFileSync(statusPath, "utf-8");
|
|
res.writeHead(200);
|
|
res.end(status);
|
|
} catch {
|
|
res.writeHead(200);
|
|
res.end(JSON.stringify({ status: "no_data" }));
|
|
}
|
|
return;
|
|
}
|
|
|
|
if (pathname === "/reports/scans") {
|
|
const date = parsedUrl.searchParams.get("date");
|
|
// Regex short-circuit before any filesystem access — blocks path
|
|
// traversal (`../../etc/passwd` -> 400) and bogus inputs.
|
|
if (!date || !SCAN_DATE_RE.test(date)) {
|
|
res.writeHead(400);
|
|
res.end(JSON.stringify({ error: "Bad request: date=YYYY-MM-DD required" }));
|
|
return;
|
|
}
|
|
|
|
try {
|
|
const reports = readScanReportsForDate(date);
|
|
res.writeHead(200);
|
|
res.end(JSON.stringify({ date, count: reports.length, reports }));
|
|
} catch (err) {
|
|
res.writeHead(500);
|
|
res.end(JSON.stringify({ error: "Internal error", message: err.message }));
|
|
}
|
|
return;
|
|
}
|
|
|
|
try {
|
|
const data = await getHealth();
|
|
res.writeHead(200);
|
|
res.end(JSON.stringify(data));
|
|
} catch (err) {
|
|
res.writeHead(500);
|
|
res.end(JSON.stringify({ error: "Internal error", message: err.message }));
|
|
}
|
|
});
|
|
|
|
server.listen(PORT, () => {
|
|
console.log(`vps-health-api listening on :${PORT}`);
|
|
});
|