Feat: Add warning for cert. hostname mismatch

2025-03-05 17:04:46 +00:00 · 2023-10-26 10:30:10 +08:00 · 2023-10-26 10:30:10 +08:00 · d33b9d68d6
commit d33b9d68d6
parent 87b2e45fbf
4 changed files with 20 additions and 0 deletions
--- a/server/model/monitor.js
+++ b/server/model/monitor.js
@ -22,6 +22,7 @@ const Gamedig = require("gamedig");
 const jsonata = require("jsonata");
 const jwt = require("jsonwebtoken");
 const { UptimeCalculator } = require("../uptime-calculator");
+const { X509Certificate } = require("node:crypto");

 /**
 * status:
@ -507,6 +508,12 @@ class Monitor extends BeanModel {
                        log.debug("monitor", `[${this.name}] Check cert`);
                        try {
                            let tlsInfoObject = checkCertificate(res);
+
+                            // Check if the certificate obtained matches the hostname set for the monitor (if redirected)
+                            let certObject = new X509Certificate(tlsInfoObject.certInfo.raw);
+                            let hostnameMatch = certObject.checkHost(this.getUrl()?.hostname) !== undefined;
+                            tlsInfoObject.hostnameMatchMonitorUrl = hostnameMatch;
+
                            tlsInfo = await this.updateTlsInfo(tlsInfoObject);

                            if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
--- a/src/icon.js
+++ b/src/icon.js
@ -10,6 +10,7 @@ import {
    faArrowAltCircleUp,
    faCog,
    faEdit,
+    faExclamationTriangle,
    faEye,
    faEyeSlash,
    faList,
@ -56,6 +57,7 @@ library.add(
    faArrowAltCircleUp,
    faCog,
    faEdit,
+    faExclamationTriangle,
    faEye,
    faEyeSlash,
    faList,
--- a/src/lang/en.json
+++ b/src/lang/en.json
@ -380,6 +380,7 @@
    "Query": "Query",
    "settingsCertificateExpiry": "TLS Certificate Expiry",
    "certificationExpiryDescription": "HTTPS Monitors trigger notification when TLS certificate expires in:",
+    "certHostnameMismatch": "Certificate hostname is not valid for this monitor url.",
    "Setup Docker Host": "Setup Docker Host",
    "Connection Type": "Connection Type",
    "Docker Daemon": "Docker Daemon",
--- a/src/pages/Details.vue
+++ b/src/pages/Details.vue
@ -156,6 +156,7 @@
                        <p class="col-4 col-sm-12 mb-0 mb-sm-2">(<Datetime :value="tlsInfo.certInfo.validTo" date-only />)</p>
                        <span class="col-4 col-sm-12 num">
                            <a href="#" @click.prevent="toggleCertInfoBox = !toggleCertInfoBox">{{ tlsInfo.certInfo.daysRemaining }} {{ $tc("day", tlsInfo.certInfo.daysRemaining) }}</a>
+                            <font-awesome-icon v-if="tlsInfo.hostnameMatchMonitorUrl === false" class="cert-info-warn" icon="exclamation-triangle" :title="$t('certHostnameMismatch')" />
                        </span>
                    </div>
                </div>
@ -791,4 +792,13 @@ table {
    margin-left: 0 !important;
 }

+.cert-info-warn {
+    margin-left: 4px;
+    opacity: 0.5;
+
+    .dark & {
+        opacity: 0.7;
+    }
+}
+
 </style>