security: harden proxy IP trust, token flow, health and sessions

routes/health.py

@@ -14,6 +14,18 @@ from services.time_utils import get_beijing_now
 
 health_bp = Blueprint("health", __name__)
 _PROCESS_START_TS = time.time()
+_INCLUDE_HEALTH_METRICS = str(os.environ.get("HEALTH_INCLUDE_METRICS", "0")).strip().lower() in {
+    "1",
+    "true",
+    "yes",
+    "on",
+}
+_EXPOSE_HEALTH_ERRORS = str(os.environ.get("HEALTH_EXPOSE_ERRORS", "0")).strip().lower() in {
+    "1",
+    "true",
+    "yes",
+    "on",
+}
 
 
 def _build_runtime_metrics() -> dict:
@@ -75,13 +87,18 @@ def health_check():
         database.get_system_config()
     except Exception as e:
         db_ok = False
-        db_error = f"{type(e).__name__}: {e}"
+        if _EXPOSE_HEALTH_ERRORS:
+            db_error = f"{type(e).__name__}: {e}"
+        else:
+            db_error = "db_unavailable"
 
     payload = {
         "ok": db_ok,
         "time": get_beijing_now().strftime("%Y-%m-%d %H:%M:%S"),
         "db_ok": db_ok,
         "db_error": db_error,
-        "metrics": _build_runtime_metrics(),
     }
+    if _INCLUDE_HEALTH_METRICS:
+        payload["metrics"] = _build_runtime_metrics()
+
     return jsonify(payload), (200 if db_ok else 500)