refactor: use better ignore paths in context middleware

[steveiliop56]

Summary by CodeRabbit

• Bug Fixes
  • Updated middleware request handling to skip processing for additional endpoints, including health checks, OAuth endpoints, and authentication-related paths.
  • Adjusted health check endpoint logging configuration for improved consistency.

[coderabbitai]

📝 Walkthrough

Walkthrough

The context middleware now uses prefix-based path matching to skip processing for multiple endpoints (health checks, OAuth, JWKS) instead of exact-match logic on two OIDC paths. The zerolog middleware updates its skip list to use the /api/healthz endpoint instead of /api/health.

Changes

Cohort / File(s)	Summary
Context Middleware Path Skipping internal/middleware/context_middleware.go	Refactored ignore logic from exact-match slices check to prefix-based matching via new isIgnorePath() method. Expanded skip list from 2 OIDC paths to multiple HTTP method/URL combinations including health checks, OAuth endpoints, and JWKS discovery paths.
Zerolog Middleware Health Endpoint internal/middleware/zerolog_middleware.go	Updated logging skip list to use /api/healthz endpoint instead of /api/health for both GET and HEAD methods.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Hops through the pathways, skipping with care,
Prefix-matched endpoints floating in air,
From health to JWKS, the rabbit now knows,
Which roads to pass by as the request flow goes! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: refactoring the ignore paths logic in context middleware from exact-match to prefix-based matching with an expanded endpoint set.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/context

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 0% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.85%. Comparing base (08e6b84) to head (dfd6e8e).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/middleware/context_middleware.go	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #743      +/-   ##
==========================================
- Coverage   18.89%   18.85%   -0.04%     
==========================================
  Files          50       50              
  Lines        3853     4906    +1053     
==========================================
+ Hits          728      925     +197     
- Misses       3053     3909     +856     
  Partials       72       72              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

🧹 Nitpick comments (1)

internal/middleware/context_middleware.go (1)

242-245: Prefer exact-match for static routes and prefix-match only for dynamic ones.

HasPrefix here can unintentionally ignore similarly named future routes. Consider splitting exact vs prefix rules.

♻️ Suggested direction

-var (
-	contextSkipPathsPrefix = []string{
+var (
+	contextSkipPathsExact = map[string]struct{}{
 		"GET /api/context/app",
 		"GET /api/healthz",
 		"HEAD /api/healthz",
 		"GET /api/oauth/url",
 		"GET /api/oauth/callback",
-		"GET /api/oidc/clients",
-		"POST /api/oidc/token",
-		"GET /api/oidc/userinfo",
-		"GET /resources",
+		"POST /api/oidc/token",
+		"GET /api/oidc/userinfo",
 		"POST /api/user/login",
 		"GET /.well-known/openid-configuration",
 		"GET /.well-known/jwks.json",
+		"GET /resources",
 	}
+	contextSkipPathsPrefix = []string{
+		"GET /api/oidc/clients/",
+		"GET /resources/",
+	}
 )
@@
 func (m *ContextMiddleware) isIgnorePath(path string) bool {
+	if _, ok := contextSkipPathsExact[path]; ok {
+		return true
+	}
 	for _, prefix := range contextSkipPathsPrefix {
 		if strings.HasPrefix(path, prefix) {
 			return true
 		}
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/middleware/context_middleware.go` around lines 242 - 245, The
isIgnorePath behavior on ContextMiddleware currently uses strings.HasPrefix
against contextSkipPathsPrefix which can accidentally match future static
routes; change it to use two rule sets: one for exact matches (e.g.,
contextSkipPathsExact) checked with path == rule, and one for prefix/dynamic
matches (e.g., contextSkipPathsPrefix) checked with strings.HasPrefix; update
the ContextMiddleware.isIgnorePath implementation to first check exact matches,
then prefix matches, and adjust any references to the old contextSkipPathsPrefix
variable names accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@internal/middleware/context_middleware.go`:
- Around line 242-245: The isIgnorePath behavior on ContextMiddleware currently
uses strings.HasPrefix against contextSkipPathsPrefix which can accidentally
match future static routes; change it to use two rule sets: one for exact
matches (e.g., contextSkipPathsExact) checked with path == rule, and one for
prefix/dynamic matches (e.g., contextSkipPathsPrefix) checked with
strings.HasPrefix; update the ContextMiddleware.isIgnorePath implementation to
first check exact matches, then prefix matches, and adjust any references to the
old contextSkipPathsPrefix variable names accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9f88ebe0-703c-4543-a16e-13d7231a678f

📥 Commits

Reviewing files that changed from the base of the PR and between 08e6b84 and dfd6e8e.

📒 Files selected for processing (2)

• internal/middleware/context_middleware.go
• internal/middleware/zerolog_middleware.go