perf: improve TLS chain fetch way, to make sure can get tls info correct

msgbyte · May 1, 2024 · cc910b7 · cc910b7
1 parent 51675f6
commit cc910b7
Showing 1 changed file with 19 additions and 14 deletions.
diff --git a/src/server/model/monitor/provider/http.ts b/src/server/model/monitor/provider/http.ts
@@ -69,23 +69,28 @@ export const http: MonitorProvider<{
       rejectUnauthorized: !ignoreTLS,
     };
 
-    config.httpsAgent = new https.Agent(httpsAgentOptions);
-
-    try {
-      const startTime = dayjs();
-      const res = await axios({ ...config });
-
-      const diff = dayjs().diff(startTime, 'ms');
-
-      if (url.startsWith('https:')) {
+    const httpsAgent = (config.httpsAgent = new https.Agent(httpsAgentOptions));
+    httpsAgent.once('keylog', (line, tlsSocket) => {
+      tlsSocket.once('secureConnect', async () => {
         try {
-          const { valid, certInfo } = checkCertificate(res);
+          const { valid, certInfo } = checkCertificate(tlsSocket);
 
           await saveMonitorStatus(monitor.id, 'tls', {
             valid,
             certInfo,
           });
         } catch (err) {}
+      });
+    });
+
+    try {
+      const startTime = dayjs();
+      const res = await axios({ ...config });
+
+      const diff = dayjs().diff(startTime, 'ms');
+
+      if (res.status >= 400) {
+        return -1;
       }
 
       return diff;
@@ -96,13 +101,13 @@ export const http: MonitorProvider<{
   },
 };
 
-function checkCertificate(res: AxiosResponse<any, any>) {
-  if (!res.request.res.socket) {
+function checkCertificate(tlsSocket: any) {
+  if (!tlsSocket) {
     throw new Error('No socket found');
   }
 
-  const info = res.request.res.socket.getPeerCertificate(true);
-  const valid = res.request.res.socket.authorized || false;
+  const info = tlsSocket.getPeerCertificate(true);
+  const valid = tlsSocket.authorized || false;
 
   logger.debug('cert', 'Parsing Certificate Info', info);