Add healthz endpoint and CORS tests

Author: MaximIgitov

backend/app/main.py

@@ -20,6 +20,11 @@ def custom_generate_unique_id(route: APIRoute) -> str:
     generate_unique_id_function=custom_generate_unique_id,
 )
 
+@app.get("/healthz", include_in_schema=False)
+def healthz() -> dict[str, str]:
+    return {"status": "ok"}
+
+
 # Set all CORS enabled origins
 if settings.all_cors_origins:
     app.add_middleware(

backend/tests/api/routes/test_healthz.py

@@ -0,0 +1,19 @@
+from fastapi.testclient import TestClient
+
+from app.core.config import settings
+
+
+def test_healthz(client: TestClient) -> None:
+    response = client.get("/healthz")
+    assert response.status_code == 200
+    assert response.json() == {"status": "ok"}
+
+
+def test_cors_allows_configured_origin(client: TestClient) -> None:
+    response = client.get("/healthz", headers={"Origin": settings.FRONTEND_HOST})
+    assert response.headers.get("access-control-allow-origin") == settings.FRONTEND_HOST
+
+
+def test_cors_blocks_unknown_origin(client: TestClient) -> None:
+    response = client.get("/healthz", headers={"Origin": "https://unknown.example"})
+    assert "access-control-allow-origin" not in response.headers