ico
/
pingql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: clean up cert check - only runs after successful response, no more borrow errors

This commit is contained in:
M1 2026-03-18 12:40:03 +04:00
parent de6e24e973
commit 7905a8003b
1 changed files with 5 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apps/monitor/src/runner.rs
View File

@ -91,20 +91,7 @@ async fn run_check(client: &reqwest::Client, monitor: &Monitor, scheduled_at: Op
} }
let is_https = monitor.url.starts_with("https://"); let is_https = monitor.url.starts_with("https://");
let url_clone = monitor.url.clone(); let url_for_cert = monitor.url.clone();
// Wrap request + body read in a hard timeout.
// Cert check runs as a background task with a shorter cap so it never blocks
// the main check — if the cert TLS connect hangs (e.g. site totally down),
// we still report the result from the HTTP side within the configured timeout.
let cert_handle = if is_https {
Some(tokio::spawn(tokio::time::timeout(
std::time::Duration::from_secs(10),
async move { check_cert_expiry(&url_clone).await },
)))
} else {
None
};
let timed = tokio::time::timeout(timeout, async { let timed = tokio::time::timeout(timeout, async {
let resp = req.send().await?; let resp = req.send().await?;
@ -127,10 +114,6 @@ async fn run_check(client: &reqwest::Client, monitor: &Monitor, scheduled_at: Op
Ok::<_, reqwest::Error>((status, headers, body)) Ok::<_, reqwest::Error>((status, headers, body))
}).await; }).await;
// Cert check runs after the main request completes — only if the site responded.
// This prevents a separate TCP SYN to a hung host from blocking the timeout.
let cert_expiry_days: Option<i64> = None; // populated below after successful response
let latency_ms = start.elapsed().as_millis() as u64; let latency_ms = start.elapsed().as_millis() as u64;
// Flatten timeout + reqwest errors into a single result // Flatten timeout + reqwest errors into a single result
@ -155,18 +138,18 @@ async fn run_check(client: &reqwest::Client, monitor: &Monitor, scheduled_at: Op
Ok((status_raw, headers, body)) => { Ok((status_raw, headers, body)) => {
let status = status_raw.as_u16(); let status = status_raw.as_u16();
// Only attempt cert check if the site actually responded — avoids a second // Only attempt cert check after a successful response — avoids opening
// hung TCP connect to a down host. // a second TCP connection to a host that's already timing out.
let cert_expiry_days = if is_https { let cert_expiry_days = if is_https {
match tokio::time::timeout( match tokio::time::timeout(
std::time::Duration::from_secs(5), std::time::Duration::from_secs(5),
check_cert_expiry(&url_clone), check_cert_expiry(&url_for_cert),
).await { ).await {
Ok(Ok(days)) => days, Ok(Ok(days)) => days,
_ => None, _ => None,
} }
} else { } else {
cert_expiry_days None
}; };
// Evaluate query if present // Evaluate query if present