fix: return HTTP 503 on bootstrap error for /health endpoint (#1961)

* fix: return HTTP 503 on fatal bootstrap error in index.php

Uncaught exceptions thrown during bootstrap (before Symfony starts)
produced a PHP fatal error page with HTTP 200. Narrow the try-catch
to only the env validation block so monitoring systems receive a 503
JSON response consistent with the monitor-bundle DOWN format, without
interfering with response sending or kernel termination.

Closes #1936

* fix: return 503 JSON from FallbackExceptionListener for health/info routes

The fallback exception listener redirected all unhandled exceptions to
the feedback page, which would return a 301 instead of an error status
for the health and info endpoints. Return a JSON 503 response instead
for these paths, consistent with the monitor-bundle DOWN format.

* fix: expand try-catch to include kernel boot and request creation

Include all pre-output bootstrap steps in the try-catch so that
kernel boot failures (e.g. misconfigured bundles) also return 503
instead of a PHP error page with HTTP 200.

Author: kayjoosten

public/index.php

@@ -6,34 +6,47 @@
 
 require dirname(__DIR__).'/vendor/autoload.php';
 
-// Validate required envs
-if (!isset($_ENV['APP_ENV'])) {
-    throw new RuntimeException('APP_ENV environment variable is not defined.');
+try {
+    // Validate required envs
+    if (!isset($_ENV['APP_ENV'])) {
+        throw new RuntimeException('APP_ENV environment variable is not defined.');
+    }
+    if (!isset($_ENV['APP_SECRET']) || trim($_ENV['APP_SECRET']) === '') {
+        throw new \RuntimeException('APP_SECRET is missing or empty. Set it in your environment configuration.');
+    }
+    if ($_ENV['APP_ENV'] === 'prod' && strlen($_ENV['APP_SECRET']) < 32) {
+        throw new \RuntimeException('APP_SECRET must be at least 32 characters long in production.');
+    }
+
+    $debug = filter_var($_ENV['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN);
+
+    if ($debug) {
+        umask(0000);
+
+        Debug::enable();
+    }
+
+    if ($trustedProxies = $_ENV['TRUSTED_PROXIES'] ?? false) {
+        Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
+    }
+
+    if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? false) {
+        Request::setTrustedHosts(explode(',', $trustedHosts));
+    }
+
+    $kernel = new Kernel($_ENV['APP_ENV'], $debug);
+    $request = Request::createFromGlobals();
+} catch (\Throwable $e) {
+    http_response_code(503);
+    header('Content-Type: application/json');
+    $body = ['status' => 'DOWN'];
+    if (trim($e->getMessage()) !== '') {
+        $body['message'] = $e->getMessage();
+    }
+    error_log($e->getMessage());
+    echo json_encode($body) ?: '{"status":"DOWN"}';
+    exit;
 }
-if (!isset($_ENV['APP_SECRET']) || trim($_ENV['APP_SECRET']) === '') {
-    throw new \RuntimeException('APP_SECRET is missing or empty. Set it in your environment configuration.');
-}
-if ($_ENV['APP_ENV'] === 'prod' && strlen($_ENV['APP_SECRET']) < 32) {
-    throw new \RuntimeException('APP_SECRET must be at least 32 characters long in production.');
-}
-$debug = filter_var($_ENV['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN);
-
-if ($debug) {
-    umask(0000);
-
-    Debug::enable();
-}
-
-if ($trustedProxies = $_ENV['TRUSTED_PROXIES'] ?? false) {
-    Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
-}
-
-if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? false) {
-    Request::setTrustedHosts(explode(',', $trustedHosts));
-}
-
-$kernel = new Kernel($_ENV['APP_ENV'], $debug);
-$request = Request::createFromGlobals();
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);

src/OpenConext/EngineBlockBundle/EventListener/FallbackExceptionListener.php

@@ -21,6 +21,7 @@
 use EngineBlock_Exception;
 use OpenConext\EngineBlockBridge\ErrorReporter;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpKernel\Event\ExceptionEvent;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@@ -76,6 +77,15 @@ public function onKernelException(ExceptionEvent $event)
             $exception->getMessage()
         ));
 
+        $path = $event->getRequest()->getPathInfo();
+        if (in_array($path, ['/health', '/internal/health', '/info', '/internal/info'], true)) {
+            $event->setResponse(new JsonResponse(
+                ['status' => 'DOWN'],
+                JsonResponse::HTTP_SERVICE_UNAVAILABLE
+            ));
+            return;
+        }
+
         if ($exception instanceof EngineBlock_Exception) {
             $this->errorReporter->reportError($exception, 'Caught Unhandled EngineBlock_Exception');
         } else {

tests/functional/OpenConext/EngineBlockBundle/Controller/MonitorControllerTest.php

@@ -50,4 +50,19 @@ public function internal_health_returns_json()
         $json = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
         $this->assertSame(['status' => 'UP'], $json);
     }
+
+    #[Test]
+    #[Group('Monitor')]
+    public function health_returns_json(): void
+    {
+        $client = self::createClient();
+        $client->request('GET', 'https://engine.dev.openconext.local/health');
+
+        $response = $client->getResponse();
+        $this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
+        $this->assertJson($response->getContent());
+
+        $json = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+        $this->assertSame(['status' => 'UP'], $json);
+    }
 }