Fix: Getting TLS certificate through proxy & prometheus update (#4700)

2024-11-23 14:54:05 +00:00 · 2024-04-24 14:37:17 +08:00 · 2024-04-24 14:37:17 +08:00 · 1490443618
commit 1490443618
parent add5c128ce
2 changed files with 51 additions and 31 deletions
--- a/server/model/monitor.js
+++ b/server/model/monitor.js
@ -512,10 +512,16 @@ class Monitor extends BeanModel {
                        }
                    }
-                    let tlsInfo;
+                    let tlsInfo = {};
-                    // Store tlsInfo when key material is received
+                    // Store tlsInfo when secureConnect event is emitted
-                    options.httpsAgent.on("keylog", (line, tlsSocket) => {
+                    // The keylog event listener is a workaround to access the tlsSocket
-                        tlsInfo = checkCertificate(tlsSocket);
+                    options.httpsAgent.once("keylog", async (line, tlsSocket) => {
                        tlsSocket.once("secureConnect", async () => {
                            tlsInfo = checkCertificate(tlsSocket);
                            tlsInfo.valid = tlsSocket.authorized || false;
                            await this.handleTlsInfo(tlsInfo);
                        });
                    });
                    log.debug("monitor", `[${this.name}] Axios Options: ${JSON.stringify(options)}`);
@ -527,19 +533,16 @@ class Monitor extends BeanModel {
                    bean.msg = `${res.status} - ${res.statusText}`;
                    bean.ping = dayjs().valueOf() - startTime;
-                    // Store certificate and check for expiry if https is used
+                    // fallback for if kelog event is not emitted, but we may still have tlsInfo,
-                    if (this.getUrl()?.protocol === "https:") {
+                    // e.g. if the connection is made through a proxy
-                        // No way to listen for the `secureConnection` event, so we do it here
+                    if (this.getUrl()?.protocol === "https:" && tlsInfo.valid === undefined) {
-                        const tlssocket = res.request.res.socket;
+                        const tlsSocket = res.request.res.socket;
-                        if (tlssocket) {
+                        if (tlsSocket) {
-                            tlsInfo.valid = tlssocket.authorized || false;
+                            tlsInfo = checkCertificate(tlsSocket);
-                        }
+                            tlsInfo.valid = tlsSocket.authorized || false;
-                        await this.updateTlsInfo(tlsInfo);
+                            await this.handleTlsInfo(tlsInfo);
                        if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
                            log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
                            await this.checkCertExpiryNotifications(tlsInfo);
                        }
                    }
@ -1679,6 +1682,21 @@ class Monitor extends BeanModel {
        const parentActive = await Monitor.isParentActive(parent.id);
        return parent.active && parentActive;
    }
    /**
     * Store TLS certificate information and check for expiry
     * @param {Object} tlsInfo Information about the TLS connection
     * @returns {Promise<void>}
     */
    async handleTlsInfo(tlsInfo) {
        await this.updateTlsInfo(tlsInfo);
        this.prometheus?.update(null, tlsInfo);
        if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
            log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
            await this.checkCertExpiryNotifications(tlsInfo);
        }
    }
 }
 module.exports = Monitor;
--- a/server/prometheus.js
+++ b/server/prometheus.js
@ -79,23 +79,25 @@ class Prometheus {
            }
        }
-        try {
+        if (heartbeat) {
-            monitorStatus.set(this.monitorLabelValues, heartbeat.status);
+            try {
-        } catch (e) {
+                monitorStatus.set(this.monitorLabelValues, heartbeat.status);
-            log.error("prometheus", "Caught error");
+            } catch (e) {
-            log.error("prometheus", e);
+                log.error("prometheus", "Caught error");
-        }
+                log.error("prometheus", e);
-
+            }
-        try {
+
-            if (typeof heartbeat.ping === "number") {
+            try {
-                monitorResponseTime.set(this.monitorLabelValues, heartbeat.ping);
+                if (typeof heartbeat.ping === "number") {
-            } else {
+                    monitorResponseTime.set(this.monitorLabelValues, heartbeat.ping);
-                // Is it good?
+                } else {
-                monitorResponseTime.set(this.monitorLabelValues, -1);
+                    // Is it good?
                    monitorResponseTime.set(this.monitorLabelValues, -1);
                }
            } catch (e) {
                log.error("prometheus", "Caught error");
                log.error("prometheus", e);
            }
        } catch (e) {
            log.error("prometheus", "Caught error");
            log.error("prometheus", e);
        }
    }