Update Health Endpoint Authentication

Author: marvinbuss

code/function/fastapp/core/config.py

@@ -21,6 +21,7 @@ class Settings(BaseSettings):
     WEBSITE_AUTH_ENCRYPTION_KEY: str = Field(
         default="", alias="WEBSITE_AUTH_ENCRYPTION_KEY"
     )
+    WEBSITE_OS_TYPE: str = Field(default="test", alias="WEBSITE_OS_TYPE")
     MY_SECRET_CONFIG: str = Field(default="", alias="MY_SECRET_CONFIG")
 
 

code/function/fastapp/health/validate_request.py

@@ -10,24 +10,22 @@
 
 
 async def verify_health_auth_header(
-    x_ms_auth_internal_token: Annotated[str, Header()] = ""
+    x_ms_auth_internal_token: Annotated[str | None, Header()] = None
 ) -> bool:
     """Returns true if SHA256 of header_value matches WEBSITE_AUTH_ENCRYPTION_KEY.
+    This only works on Windows-based app services. Therefore, this feature is turned off for other OS types.
     Documentation: https://learn.microsoft.com/en-us/azure/app-service/monitor-instances-health-check?tabs=python#authentication-and-security
 
     x_ms_auth_internal_token: Value of the x-ms-auth-internal-token header.
     RETURNS (bool): Specifies whether the header matches.
     """
-    logger.info(f"Header value: '{x_ms_auth_internal_token}'")
-    logger.info(f"Encryption key: '{settings.WEBSITE_AUTH_ENCRYPTION_KEY}'")
-    website_auth_encryption_key = settings.WEBSITE_AUTH_ENCRYPTION_KEY
-    hash = base64.b64encode(
-        sha256(website_auth_encryption_key.encode('utf-8')).digest()
-    ).decode('utf-8')
-    # if hash != x_ms_auth_internal_token:
-    #     raise HTTPException(
-    #         status_code=400, detail="x-ms-auth-internal-token is invalid"
-    #     )
-    # else:
-    #     return True
+    if settings.WEBSITE_OS_TYPE.lower() == "windows":
+        website_auth_encryption_key = settings.WEBSITE_AUTH_ENCRYPTION_KEY
+        hash = base64.b64encode(
+            sha256(website_auth_encryption_key.encode("utf-8")).digest()
+        ).decode("utf-8")
+        if hash != x_ms_auth_internal_token:
+            raise HTTPException(
+                status_code=400, detail="x-ms-auth-internal-token is invalid"
+            )
     return True

code/function/fastapp/utils.py

@@ -128,7 +128,7 @@ def setup_opentelemetry(app: FastAPI):
         # Create instrumenter
         FastAPIInstrumentor.instrument_app(
             app,
-            excluded_urls=f".*.in.applicationinsights.azure.com/.*",
+            excluded_urls=f".*.in.applicationinsights.azure.com/.*,{settings.API_V1_STR}/health/heartbeat",
             tracer_provider=tracer_provider,
             meter_provider=meter_provider,
         )