fix: clean up cert check - only runs after successful response, no more borrow errors

2026-03-18 12:40:03 +04:00 · 2026-03-18 12:40:03 +04:00 · 7905a8003b
parent de6e24e973
commit 7905a8003b
1 changed files with 5 additions and 22 deletions
--- a/apps/monitor/src/runner.rs
+++ b/apps/monitor/src/runner.rs
@ -91,20 +91,7 @@ async fn run_check(client: &reqwest::Client, monitor: &Monitor, scheduled_at: Op
    }

    let is_https = monitor.url.starts_with("https://");
-    let url_clone = monitor.url.clone();
-
-    // Wrap request + body read in a hard timeout.
-    // Cert check runs as a background task with a shorter cap so it never blocks
-    // the main check — if the cert TLS connect hangs (e.g. site totally down),
-    // we still report the result from the HTTP side within the configured timeout.
-    let cert_handle = if is_https {
-        Some(tokio::spawn(tokio::time::timeout(
-            std::time::Duration::from_secs(10),
-            async move { check_cert_expiry(&url_clone).await },
-        )))
-    } else {
-        None
-    };
+    let url_for_cert = monitor.url.clone();

    let timed = tokio::time::timeout(timeout, async {
        let resp = req.send().await?;
@ -127,10 +114,6 @@ async fn run_check(client: &reqwest::Client, monitor: &Monitor, scheduled_at: Op
        Ok::<_, reqwest::Error>((status, headers, body))
    }).await;

-    // Cert check runs after the main request completes — only if the site responded.
-    // This prevents a separate TCP SYN to a hung host from blocking the timeout.
-    let cert_expiry_days: Option<i64> = None; // populated below after successful response
-
    let latency_ms = start.elapsed().as_millis() as u64;

    // Flatten timeout + reqwest errors into a single result
@ -155,18 +138,18 @@ async fn run_check(client: &reqwest::Client, monitor: &Monitor, scheduled_at: Op
        Ok((status_raw, headers, body)) => {
            let status = status_raw.as_u16();

-            // Only attempt cert check if the site actually responded — avoids a second
-            // hung TCP connect to a down host.
+            // Only attempt cert check after a successful response — avoids opening
+            // a second TCP connection to a host that's already timing out.
            let cert_expiry_days = if is_https {
                match tokio::time::timeout(
                    std::time::Duration::from_secs(5),
-                    check_cert_expiry(&url_clone),
+                    check_cert_expiry(&url_for_cert),
                ).await {
                    Ok(Ok(days)) => days,
                    _ => None,
                }
            } else {
-                cert_expiry_days
+                None
            };

            // Evaluate query if present