Skip to content

feat: API monitoring #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wylited wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: API monitoring #43

wylited wants to merge 7 commits into from
+200 −3

Conversation

@wylited
Copy link

@wylited wylited commented Jan 7, 2026
edited
Loading

How this monitoring system will work is that each API service will expose a fastify-metrics endpoint at /metrics.
this is a Prometheus scrapable endpoint for our monitoring platform.

Furthermore, if provided, it will fastify will log automatically to a Loki logging server using pino-loki.

The rest of the setup for monitoring will be done on the server.

@wylited wylited self-assigned this Jan 7, 2026
@wylited wylited added the enhancement New feature or request label Jan 7, 2026
@wylited wylited requested a review from Copilot January 7, 2026 16:15
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds comprehensive API monitoring capabilities to the Fastify-based template service by integrating Prometheus metrics collection and optional Loki logging.

Key Changes:

  • Adds fastify-metrics plugin to expose a /metrics endpoint for Prometheus scraping with default metrics enabled
  • Integrates pino-loki transport for optional centralized logging to a Loki server
  • Introduces optional LOKI_HOST environment variable for conditional logging configuration

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 5 comments.

File Description
yarn.lock Adds dependency resolutions for fastify-metrics (v12.1.0), pino-loki (v3.0.0), prom-client (v15.1.3), and their transitive dependencies
package.json Adds fastify-metrics and pino-loki as runtime dependencies
src/app.ts Configures metrics endpoint registration and conditional Loki logging transport based on LOKI_HOST environment variable
.env.example Documents the optional LOKI_HOST environment variable with example configuration

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wylited wylited added this to the 26-early-spring milestone Jan 7, 2026
@wylited wylited marked this pull request as draft January 10, 2026 09:11
@wylited wylited marked this pull request as ready for review January 10, 2026 17:50
@wylited wylited requested a review from Copilot January 10, 2026 17:50
Copilot AI reviewed Jan 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 8 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wylited wylited requested a review from Copilot January 11, 2026 15:30
Copilot AI reviewed Jan 11, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated 10 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/app.ts
Comment on lines +116 to +118
if (
request.headers.authorization !== `Bearer ${opts.prometheusKey}`
) {
Copy link

Copilot AI Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The authentication check is vulnerable to timing attacks. Consider using a constant-time comparison function to compare the authorization header with the expected value to prevent attackers from determining the correct key through timing analysis.

Copilot uses AI. Check for mistakes.
Copy link
Member

@FlandiaYingman FlandiaYingman Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is okay... I guess.

src/app.ts
// MongoDB URI (Optional)
// mongoUri: string;
lokiHost?: string;
prometheusKey?: string;
Copy link

Copilot AI Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable name "prometheusKey" is misleading as it's actually used as an authentication secret/token. Consider renaming to "prometheusAuthToken" or "prometheusSecret" to better reflect its purpose and security implications.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FlandiaYingman FlandiaYingman FlandiaYingman left review comments

Copilot code review Copilot Copilot left review comments

Assignees

@wylited wylited

Labels

enhancement New feature or request

Projects

None yet

Milestone

26-early-spring

Development

Successfully merging this pull request may close these issues.

3 participants

@wylited @FlandiaYingman