Add Health Check

[elzik]

This pull request introduces several improvements to authentication, authorization, health checking, and test coverage in the API. The most significant changes include enforcing a fallback authorization policy, adding a /health endpoint, updating tests to reflect new authentication behavior, and improving Docker test reliability. These updates help standardize authentication flows, provide a health check for deployments, and ensure tests accurately validate the API's behavior.

Authentication & Authorization Enhancements:

• The fallback authorization policy is now enforced using RequireAuthenticatedUser, replacing the previous default policy and custom middleware for handling unauthorized requests. This ensures all endpoints require authentication unless explicitly marked as anonymous, and responses to unauthorized requests now follow standard API key authentication challenge behavior. (AuthExtensions.cs)
• The custom middleware that returned a 401 status and "Unauthorised" message for unauthenticated requests has been removed, relying instead on framework-level handling. (AuthExtensions.cs)

Health Check Endpoint:

• A new /health endpoint was added to the API, returning a simple JSON object indicating the service status. This endpoint is accessible without authentication and is useful for deployment and monitoring purposes. (Program.cs, Elzik.Breef.Api.http) [1] [2]

Test Improvements:

• Functional tests for unauthorized requests were updated to check for the correct API key authentication challenge in the response headers, and to expect an empty response body instead of a custom message. (BreefTestsBase.cs)
• A new test suite was added to verify the /health endpoint returns the expected status and body. (HealthEndpointTests.cs)
• Docker-based tests now wait for the /health endpoint to succeed before proceeding, improving reliability of integration tests. (BreefTestsDocker.cs)

Test Suite Maintenance:

• Obsolete or redundant subreddit image URL tests were removed from the Reddit extractor test suite, streamlining unit test coverage. (SubRedditExtractorTests.cs)

Summary by CodeRabbit

• New Features

  • Added a health check endpoint (GET /health) returning status "Healthy"
  • Added API collection examples for Breefs and Health

• Improvements

  • Enforced global authorization with a fallback policy and standardized challenge responses for unauthenticated requests

• Tests

  • Added functional test for the health endpoint and updated auth-related tests and container health checks

• Bug Fixes

  • Removed inline unauthorised-response behavior so authentication flows use standard pipeline

[coderabbitai]

Walkthrough

Refactors authentication to use ASP.NET Core authorization with a fallback policy requiring authenticated users, removes custom inline 401 middleware, adds an anonymous GET /health endpoint returning { "status": "Healthy" }, and updates functional/unit tests and CI wait strategy accordingly.

Changes

Cohort / File(s)	Summary
Auth configuration src/Elzik.Breef.Api/Auth/AuthExtensions.cs	Replace services.AddAuthorization() with a configured policy named (RequireAuthenticated) set as the FallbackPolicy; remove inline middleware that returned 401 "Unauthorised".
Health endpoint src/Elzik.Breef.Api/Program.cs	Add GET /health endpoint that allows anonymous access and returns 200 with JSON { "status": "Healthy" }.
HTTP collection src/Elzik.Breef.Api/Elzik.Breef.Api.http	Add Breefs and Health request sections; update Breefs POST payload URL and add GET /health example.
Functional tests & infra tests/Elzik.Breef.Api.Tests.Functional/BreefTestsBase.cs, tests/Elzik.Breef.Api.Tests.Functional/BreefTestsDocker.cs, tests/Elzik.Breef.Api.Tests.Functional/HealthEndpointTests.cs	Update Unauthorised test to assert WWW-Authenticate challenge (Scheme ApiKey, Parameter includes BREEF-API-KEY) and expect empty body; change Docker wait strategy to HTTP health check (/health -> 200); add new health endpoint functional test.
Unit test cleanup tests/Elzik.Breef.Infrastructure.Tests.Unit/ContentExtractors/Reddit/SubRedditExtractorTests.cs	Remove test GetSubredditImageUrlAsync_ValidSubredditName_CallsCorrectAboutUrl(...).

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Pipeline as ASP.NET Core Pipeline
  participant AuthZ as AuthorizationMiddleware
  participant Policy as FallbackPolicy (RequireAuthenticated)
  participant Health as /health endpoint
  participant App as Application Endpoint

  Client->>Pipeline: HTTP request /health
  Pipeline->>AuthZ: Authenticate & Authorize
  Note right of AuthZ: FallbackPolicy allows anonymous for /health
  AuthZ-->>Health: Forward to endpoint
  Health-->>Client: 200 { "status":"Healthy" }

  Client->>Pipeline: HTTP request /breefs
  Pipeline->>AuthZ: Authenticate & Authorize
  Note right of Policy: FallbackPolicy requires authenticated user
  alt Authenticated
    AuthZ-->>App: Forward to breefs handler
    App-->>Client: 200/201 ...
  else Unauthenticated
    AuthZ-->>Client: 401 with WWW-Authenticate: ApiKey param="BREEF-API-KEY"
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay attention to AuthExtensions.cs to ensure the fallback policy doesn't inadvertently restrict intended anonymous endpoints.
• Verify WWW-Authenticate challenge formatting matches tests and authentication handler behavior.
• Confirm Docker wait-strategy change aligns with CI/container networking and test startup timing.

Possibly related PRs

• Remove useless test covered elsewhere #166 — Removes the same SubRedditExtractorTests method; likely duplicated test cleanup.
• Summarise Subreddits #71 — Related changes touching subreddit extractor/tests and Program.cs wiring; may overlap with auth/endpoint adjustments.

Poem

🐇 I hopped through code with nimble feet,
Swapped custom auth for framework neat,
A health check hums, all green and spry,
Tests updated, containers sigh —
The Breef is bright beneath the sky.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Add Health Check" is clear, concise, and directly reflects a substantial change in the codebase. The changeset includes a new /health endpoint in Program.cs, supporting HTTP test collection entries in Elzik.Breef.Api.http, comprehensive tests in HealthEndpointTests.cs, and Docker test infrastructure updates to leverage the health check. The title accurately captures this core feature addition. While the PR also modifies authorization policy handling in AuthExtensions.cs and updates related tests, the health check endpoint is a significant, concrete change that the title appropriately highlights, making it easy for a teammate scanning the history to understand the primary purpose of this change.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-health-check

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

src/Elzik.Breef.Api/Program.cs (1)

138-139: Consider using PascalCase for consistency.

The anonymous object uses lowercase status, while the test's HealthResponse model uses PascalCase Status. Although ASP.NET Core's JSON deserialization is case-insensitive by default and the test works, using PascalCase would align better with C# naming conventions.

Apply this diff for consistency:

-        app.MapGet("/health", () => Results.Ok(new { status = "Healthy" }))
+        app.MapGet("/health", () => Results.Ok(new { Status = "Healthy" }))

src/Elzik.Breef.Api/Elzik.Breef.Api.http (1)

12-15: Optional: Remove unnecessary Content-Type header.

The Content-Type: application/json header is unnecessary for a GET request without a request body. While harmless, removing it would make the request cleaner.

Apply this diff:

 ### Health
 
 Get {{Elzik.Breef.Api_HostAddress}}/health
-Content-Type: application/json

tests/Elzik.Breef.Api.Tests.Functional/HealthEndpointTests.cs (1)

8-8: Consider adding a using directive for improved readability.

The fully qualified name Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory<Elzik.Breef.Api.Program> makes the class declaration lengthy. Adding a using directive at the top would improve readability.

Add this using directive at the top of the file:

 using Shouldly;
 using System.Net;
 using System.Net.Http.Json;
 using Xunit;
+using Microsoft.AspNetCore.Mvc.Testing;

Then update the class declaration:

-    public class HealthEndpointTests : IClassFixture<Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory<Elzik.Breef.Api.Program>>
+    public class HealthEndpointTests : IClassFixture<WebApplicationFactory<Elzik.Breef.Api.Program>>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5ede5db and 724f8f1.

📒 Files selected for processing (7)

• src/Elzik.Breef.Api/Auth/AuthExtensions.cs (2 hunks)
• src/Elzik.Breef.Api/Elzik.Breef.Api.http (1 hunks)
• src/Elzik.Breef.Api/Program.cs (1 hunks)
• tests/Elzik.Breef.Api.Tests.Functional/BreefTestsBase.cs (1 hunks)
• tests/Elzik.Breef.Api.Tests.Functional/BreefTestsDocker.cs (1 hunks)
• tests/Elzik.Breef.Api.Tests.Functional/HealthEndpointTests.cs (1 hunks)
• tests/Elzik.Breef.Infrastructure.Tests.Unit/ContentExtractors/Reddit/SubRedditExtractorTests.cs (0 hunks)

💤 Files with no reviewable changes (1)

• tests/Elzik.Breef.Infrastructure.Tests.Unit/ContentExtractors/Reddit/SubRedditExtractorTests.cs

🧰 Additional context used

🧬 Code graph analysis (1)

tests/Elzik.Breef.Api.Tests.Functional/HealthEndpointTests.cs (1)

src/Elzik.Breef.Api/Program.cs (2)

• Program (19-159)
• Program (21-24)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-ubuntu
• GitHub Check: build-ubuntu
• GitHub Check: Analyze (csharp)

🔇 Additional comments (4)

tests/Elzik.Breef.Api.Tests.Functional/BreefTestsDocker.cs (1)

83-86: LGTM! Improved test reliability.

Switching to an HTTP health check wait strategy ensures the container is fully ready before tests execute, reducing flakiness.

tests/Elzik.Breef.Api.Tests.Functional/BreefTestsBase.cs (1)

76-82: LGTM! Test correctly validates framework authentication.

The test now properly validates the WWW-Authenticate challenge header and empty response body, aligning with the refactored authorization flow.

src/Elzik.Breef.Api/Auth/AuthExtensions.cs (1)

16-22: LGTM! Solid authorization pattern.

The fallback policy with RequireAuthenticatedUser() ensures secure-by-default behavior, where all endpoints require authentication unless explicitly marked with .AllowAnonymous(). This is a cleaner approach than custom middleware.

tests/Elzik.Breef.Api.Tests.Functional/HealthEndpointTests.cs (1)

17-28: LGTM! Well-structured health endpoint test.

The test properly validates the health endpoint's response status, deserialization, and content. Using WebApplicationFactory for in-memory testing is the right approach.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/Elzik.Breef.Api/Auth/AuthExtensions.cs (1)

17-23: Simplify authorization configuration by inlining the policy.

The "RequireAuthenticated" policy is not referenced anywhere else in the codebase, so it can be inlined directly into the fallback configuration rather than created as a named policy. This eliminates unnecessary indirection and simplifies the code.

-        var authBuilder = services.AddAuthorizationBuilder();
-        authBuilder.AddPolicy("RequireAuthenticated", p => p.RequireAuthenticatedUser());
-
-        services.Configure<AuthorizationOptions>(options =>
-        {
-            options.FallbackPolicy = options.GetPolicy("RequireAuthenticated");
-        });
+        services.AddAuthorization(options =>
+        {
+            options.FallbackPolicy = new AuthorizationPolicyBuilder()
+                .RequireAuthenticatedUser()
+                .Build();
+        });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 724f8f1 and 0520254.

📒 Files selected for processing (1)

• src/Elzik.Breef.Api/Auth/AuthExtensions.cs (2 hunks)

🔇 Additional comments (1)

src/Elzik.Breef.Api/Auth/AuthExtensions.cs (1)

2-2: LGTM!

The namespace import is necessary for the authorization configuration below.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud