fix(path): fix the skip path

apps/notification/webapi/middleware/freeleaps_auth_middleware.py

@@ -49,6 +49,7 @@ class FreeleapsAuthMiddleware:
         try:
             # 1. Skip paths that do not need validation
             if self._should_skip_validation(request.url.path):
+                await self.module_logger.log_info(f"Path skipped validation: {request.url.path}")
                 await self.app(scope, receive, send)
                 return
             
@@ -57,23 +58,14 @@ class FreeleapsAuthMiddleware:
             # if the API_KEY field is empty, the request can be processed directly without validation.
             # for compatibility
             if not api_key or api_key == "":
-               await self.app(scope, receive, send)
-               return
+                await self.module_logger.log_info(f"API Key is empty: {request.url.path}")
+                await self.app(scope, receive, send)
+                return
             
             # 3. Call freeleaps_auth to validate API Key
             validation_result = await self.api_key_introspect_handler.api_key_introspect(api_key)
             
-            # 4. Validate API Key status
-            if not validation_result.get("active"):
-                response = Response(
-                    status_code=403,
-                    content=f'{{"error": "{validation_result.get("error")}", "message": "{validation_result.get("message")}"}}',
-                    media_type="application/json"
-                )
-                await response(scope, receive, send)
-                return
-            
-            # 5. Store validation result in contextvars for later use
+            # 4. Store validation result in contextvars for later use
             request_context = RequestContext(
                 tenant_name=validation_result.get("tenant_name"),
                 product_id=validation_result.get("product_id"),
@@ -109,6 +101,15 @@ class FreeleapsAuthMiddleware:
             if response_captured:
                 await self._log_usage(validation_result, request, response_captured, start_time)
             
+        except HTTPException as http_exc:
+            # Pass through HTTP exceptions (401, 403, etc.) from auth service
+            await self.module_logger.log_info(f"API Key validation failed: {http_exc.status_code} - {http_exc.detail}")
+            response = Response(
+                status_code=http_exc.status_code,
+                content=f'{{"error": "Authentication failed", "message": "{str(http_exc.detail)}"}}',
+                media_type="application/json"
+            )
+            await response(scope, receive, send)
         except Exception as e:
             await self.module_logger.log_error(f"Middleware error: {str(e)}")
             response = Response(
@@ -123,12 +124,20 @@ class FreeleapsAuthMiddleware:
         Check if the path should be skipped for validation
         """
         skip_paths = [
-            "/health",
-            "/metrics",
-            "/docs",
-            "/openapi.json",
-            "/favicon.ico"
+            "/api/_/healthz",   # Health check endpoint
+            "/api/_/readyz",    # Readiness check endpoint
+            "/api/_/livez",     # Liveness check endpoint
+            "/metrics",         # Metrics endpoint
+            "/docs",            # API documentation
+            "/openapi.json",    # OpenAPI specification
+            "/favicon.ico"      # Website icon
         ]
+        
+        # Check exact match for root path
+        if path == "/":
+            return True
+            
+        # Check startswith for other paths
         return any(path.startswith(skip_path) for skip_path in skip_paths)
     
     async def _log_usage(self, validation_result: Dict[str, Any], request: Request,