fix(api): add timeouts for OIDC discovery fetch and DB connection

- OIDC discovery fetch in initAuth() now has a 5s AbortSignal.timeout to fail fast instead of hanging indefinitely when the auth server is unreachable. This was identified as a root cause of startup ECONNRESET crashes on UAT where ztunnel drops TCP connections before headers arrive. - DB postgres client now sets connect_timeout: 5 so failed connection attempts fail fast rather than hanging the startup sequence. - Graceful shutdown timeout tightened to 8s (from 10s) to avoid getting killed by Kubernetes liveness-probe deadline while draining. Fixes GRO-1678. Co-Authored-By: Paperclip <noreply@paperclip.ing>
Merge pull request 'fix(GRO-1544): register health endpoint at /api/health not /health' (#52 ) from fix/gro-1544-api-health-endpoint into dev
2026-05-24 19:46:23 +00:00 · 2026-05-22 21:49:55 +00:00 · 2026-05-22 15:20:50 +00:00 · 2026-05-22 13:49:15 +00:00 · 2026-05-22 13:49:15 +00:00
4 changed files with 20 additions and 8 deletions
@@ -21,6 +21,14 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet

 ## Test Cases

+### 4.0 Health Check
+
+| # | Scenario | Steps | Expected |
+|---|----------|-------|----------|
+| TC-API-0.1 | Unauthenticated health check | GET /api/health | 200 OK, `{"status":"ok"}` |
+
+> **Note (GRO-1544):** Health endpoint registered on `api` basePath before auth middleware at `/api/health`. The old path `/health` was incorrect (routed to web pod via HTTPRoute `/*` rule).
+
 ### 4.1 Authentication

 | # | Scenario | Steps | Expected |
@@ -12,7 +12,7 @@ export function getDb() {
  if (_db) return _db;
  const url = process.env.DATABASE_URL;
  if (!url) throw new Error("DATABASE_URL is not set");
-  const client = postgres(url, { max: 10 });
+  const client = postgres(url, { max: 10, connect_timeout: 5 });
  _db = drizzle(client, { schema });
  return _db;
 }
@@ -58,8 +58,8 @@ app.use(
  })
 );

-// Health check (no auth required)
-app.get("/health", (c) => c.json({ status: "ok" }));
+// Health check — no auth required, registered on app at full path before auth middleware
+app.get("/api/health", (c) => c.json({ status: "ok" }));

 // Public booking routes — no auth required, must be registered before auth middleware
 app.route("/api/book", bookRouter);
@@ -282,14 +282,16 @@ startReminderScheduler();

 function shutdown() {
  console.log("Shutting down gracefully...");
+  // SIGTERM/SIGINT → server.close() → callback → process.exit(0)
+  // If graceful close takes >8s, force-exit to avoid being killed undrained
+  setTimeout(() => {
+    console.error("Graceful close timeout — forcing exit");
+    process.exit(1);
+  }, 8_000);
  server.close(() => {
    console.log("HTTP server closed");
    process.exit(0);
  });
-  setTimeout(() => {
-    console.error("Forced shutdown after timeout");
-    process.exit(1);
-  }, 10_000);
 }

 process.on("SIGTERM", shutdown);
@@ -186,7 +186,9 @@ export async function initAuth(): Promise<void> {
    const discoveryUrlStr = `${providerConfig.issuerUrl}/.well-known/openid-configuration`;
    let oidcConfig: Record<string, string> = {};
    try {
-      const discoveryRes = await fetch(discoveryUrlStr);
+      const discoveryRes = await fetch(discoveryUrlStr, {
+        signal: AbortSignal.timeout(5000),
+      });
      if (discoveryRes.ok) {
        const discovery = await discoveryRes.json() as {
          authorization_endpoint?: string;
Author	SHA1	Message	Date
Flea Flicker	dc3c23055a	fix(api): add timeouts for OIDC discovery fetch and DB connection CI / Test (pull_request) Successful in 16s Details CI / Lint & Typecheck (pull_request) Successful in 19s Details CI / Build & Push Docker Images (pull_request) Successful in 52s Details - OIDC discovery fetch in initAuth() now has a 5s AbortSignal.timeout to fail fast instead of hanging indefinitely when the auth server is unreachable. This was identified as a root cause of startup ECONNRESET crashes on UAT where ztunnel drops TCP connections before headers arrive. - DB postgres client now sets connect_timeout: 5 so failed connection attempts fail fast rather than hanging the startup sequence. - Graceful shutdown timeout tightened to 8s (from 10s) to avoid getting killed by Kubernetes liveness-probe deadline while draining. Fixes GRO-1678. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-24 19:46:23 +00:00
The Dogfather	62dfc7776b	Merge pull request 'fix(GRO-1544): register health endpoint at /api/health not /health' (#52 ) from fix/gro-1544-api-health-endpoint into dev CI / Lint & Typecheck (push) Failing after 1m29s Details CI / Test (push) Failing after 1m29s Details CI / Build & Push Docker Images (push) Has been skipped Details fix(GRO-1544): register health endpoint at /api/health not /health Merge PR #52 to dev. Unblocks GRO-1485 UAT regression chain.	2026-05-22 21:49:55 +00:00
The Dogfather	68df697cf3	Merge pull request 'fix(GRO-1533): fix migration 0031 for empty databases' (#57 ) from fix/gro-1533-migration-0031-coat-type into dev CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 30s Details fix(GRO-1533): fix migration 0031 for empty databases (#57) Adds ADD COLUMN IF NOT EXISTS for coat_type and pet_size_category before ALTER TYPE casts, making migration safe for both fresh and existing databases. Reviewed-by: gb_lint (QA) Approved-by: CTO	2026-05-22 15:20:50 +00:00
Flea Flicker	7b2b533c16	docs(api): update UAT_PLAYBOOK.md §4.0 — new health endpoint path CI / Test (pull_request) Successful in 9s Details CI / Lint & Typecheck (pull_request) Successful in 10s Details CI / Build & Push Docker Images (pull_request) Failing after 46s Details Added TC-API-0.1 for GET /api/health (unauthenticated). Corrected path from /health to /api/health (GRO-1544). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 13:49:15 +00:00
Flea Flicker	55894c6ff2	fix(GRO-1544): register health endpoint at /api/health not /health The health check was registered on `app` at `/health`, but the HTTPRoute routes `/api/*` to the API pod. Since auth middleware protects the /api basePath, GET /api/health fell through to authMiddleware → 401. Now registered on `api` before auth middleware at /api/health. Updated UAT_PLAYBOOK.md §GRO-1485 — new health endpoint path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 13:49:15 +00:00