Merge remote-tracking branch 'origin/master' into config-maximum-numb…

…er-results-events

# Conflicts:
#	storage/store/store_test.go
#	web/static/css/app.css

client/client.go

@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"golang.org/x/net/websocket"
 	"net"
 	"net/http"
 	"net/smtp"
@@ -142,14 +143,20 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
 
 // CanPerformTLS checks whether a connection can be established to an address using the TLS protocol
 func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) {
-	connection, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, nil)
+	connection, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, &tls.Config{
+		InsecureSkipVerify: config.Insecure,
+	})
 	if err != nil {
 		return
 	}
 	defer connection.Close()
 	verifiedChains := connection.ConnectionState().VerifiedChains
+	// If config.Insecure is set to true, verifiedChains will be an empty list []
+	// We should get the parsed certificates from PeerCertificates, it can't be empty on the client side
+	// Reference: https://pkg.go.dev/crypto/tls#PeerCertificates
 	if len(verifiedChains) == 0 || len(verifiedChains[0]) == 0 {
-		return
+		peerCertificates := connection.ConnectionState().PeerCertificates
+		return true, peerCertificates[0], nil
 	}
 	return true, verifiedChains[0][0], nil
 }
@@ -184,6 +191,37 @@ func Ping(address string, config *Config) (bool, time.Duration) {
 	return true, 0
 }
 
+// Open a websocket connection, write `body` and return a message from the server
+func QueryWebSocket(address string, config *Config, body string) (bool, []byte, error) {
+	const (
+		Origin             = "http://localhost/"
+		MaximumMessageSize = 1024 // in bytes
+	)
+
+	wsConfig, err := websocket.NewConfig(address, Origin)
+	if err != nil {
+		return false, nil, fmt.Errorf("error configuring websocket connection: %w", err)
+	}
+	// Dial URL
+	ws, err := websocket.DialConfig(wsConfig)
+	if err != nil {
+		return false, nil, fmt.Errorf("error dialing websocket: %w", err)
+	}
+	defer ws.Close()
+	connected := true
+	// Write message
+	if _, err := ws.Write([]byte(body)); err != nil {
+		return false, nil, fmt.Errorf("error writing websocket body: %w", err)
+	}
+	// Read message
+	var n int
+	msg := make([]byte, MaximumMessageSize)
+	if n, err = ws.Read(msg); err != nil {
+		return false, nil, fmt.Errorf("error reading websocket message: %w", err)
+	}
+	return connected, msg[:n], nil
+}
+
 // InjectHTTPClient is used to inject a custom HTTP client for testing purposes
 func InjectHTTPClient(httpClient *http.Client) {
 	injectedHTTPClient = httpClient

config/web/web.go

@@ -34,8 +34,6 @@ type TLSConfig struct {
 
 	// PrivateKeyFile is the private key file for TLS in PEM format.
 	PrivateKeyFile string `yaml:"private-key-file,omitempty"`
-
-	tlsConfig *tls.Config
 }
 
 // GetDefaultConfig returns a Config struct with the default values
@@ -57,33 +55,29 @@ func (web *Config) ValidateAndSetDefaults() error {
 	}
 	// Try to load the TLS certificates
 	if web.TLS != nil {
-		if err := web.TLS.loadConfig(); err != nil {
+		if err := web.TLS.isValid(); err != nil {
 			return fmt.Errorf("invalid tls config: %w", err)
 		}
 	}
 	return nil
 }
 
+func (web *Config) HasTLS() bool {
+	return web.TLS != nil && len(web.TLS.CertificateFile) > 0 && len(web.TLS.PrivateKeyFile) > 0
+}
+
 // SocketAddress returns the combination of the Address and the Port
 func (web *Config) SocketAddress() string {
 	return fmt.Sprintf("%s:%d", web.Address, web.Port)
 }
 
-func (t *TLSConfig) loadConfig() error {
+func (t *TLSConfig) isValid() error {
 	if len(t.CertificateFile) > 0 && len(t.PrivateKeyFile) > 0 {
-		certificate, err := tls.LoadX509KeyPair(t.CertificateFile, t.PrivateKeyFile)
+		_, err := tls.LoadX509KeyPair(t.CertificateFile, t.PrivateKeyFile)
 		if err != nil {
 			return err
 		}
-		t.tlsConfig = &tls.Config{Certificates: []tls.Certificate{certificate}}
 		return nil
 	}
 	return errors.New("certificate-file and private-key-file must be specified")
 }
-
-func (web *Config) TLSConfig() *tls.Config {
-	if web.TLS != nil {
-		return web.TLS.tlsConfig
-	}
-	return nil
-}

config/web/web_test.go

@@ -37,6 +37,27 @@ func TestConfig_ValidateAndSetDefaults(t *testing.T) {
 			cfg:         &Config{Port: 100000000},
 			expectedErr: true,
 		},
+		{
+			name:            "with-good-tls-config",
+			cfg:             &Config{Port: 443, TLS: &TLSConfig{CertificateFile: "../../testdata/cert.pem", PrivateKeyFile: "../../testdata/cert.key"}},
+			expectedAddress: "0.0.0.0",
+			expectedPort:    443,
+			expectedErr:     false,
+		},
+		{
+			name:            "with-bad-tls-config",
+			cfg:             &Config{Port: 443, TLS: &TLSConfig{CertificateFile: "../../testdata/badcert.pem", PrivateKeyFile: "../../testdata/cert.key"}},
+			expectedAddress: "0.0.0.0",
+			expectedPort:    443,
+			expectedErr:     true,
+		},
+		{
+			name:            "with-partial-tls-config",
+			cfg:             &Config{Port: 443, TLS: &TLSConfig{CertificateFile: "", PrivateKeyFile: "../../testdata/cert.key"}},
+			expectedAddress: "0.0.0.0",
+			expectedPort:    443,
+			expectedErr:     true,
+		},
 	}
 	for _, scenario := range scenarios {
 		t.Run(scenario.name, func(t *testing.T) {
@@ -67,7 +88,7 @@ func TestConfig_SocketAddress(t *testing.T) {
 	}
 }
 
-func TestConfig_TLSConfig(t *testing.T) {
+func TestConfig_isValid(t *testing.T) {
 	scenarios := []struct {
 		name        string
 		cfg         *Config
@@ -79,27 +100,37 @@ func TestConfig_TLSConfig(t *testing.T) {
 			expectedErr: false,
 		},
 		{
-			name:        "missing-crt-file",
+			name:        "missing-certificate-file",
 			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "doesnotexist", PrivateKeyFile: "../../testdata/cert.key"}},
 			expectedErr: true,
 		},
 		{
-			name:        "bad-crt-file",
+			name:        "bad-certificate-file",
 			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "../../testdata/badcert.pem", PrivateKeyFile: "../../testdata/cert.key"}},
 			expectedErr: true,
 		},
+		{
+			name:        "no-certificate-file",
+			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "", PrivateKeyFile: "../../testdata/cert.key"}},
+			expectedErr: true,
+		},
 		{
 			name:        "missing-private-key-file",
 			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "../../testdata/cert.pem", PrivateKeyFile: "doesnotexist"}},
 			expectedErr: true,
 		},
+		{
+			name:        "no-private-key-file",
+			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "../../testdata/cert.pem", PrivateKeyFile: ""}},
+			expectedErr: true,
+		},
 		{
 			name:        "bad-private-key-file",
 			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "../../testdata/cert.pem", PrivateKeyFile: "../../testdata/badcert.key"}},
 			expectedErr: true,
 		},
 		{
-			name:        "bad-cert-and-private-key-file",
+			name:        "bad-certificate-and-private-key-file",
 			cfg:         &Config{TLS: &TLSConfig{CertificateFile: "../../testdata/badcert.pem", PrivateKeyFile: "../../testdata/badcert.key"}},
 			expectedErr: true,
 		},
@@ -112,8 +143,8 @@ func TestConfig_TLSConfig(t *testing.T) {
 				return
 			}
 			if !scenario.expectedErr {
-				if scenario.cfg.TLS.tlsConfig == nil {
-					t.Error("TLS configuration was not correctly loaded although no error was returned")
+				if scenario.cfg.TLS.isValid() != nil {
+					t.Error("cfg.TLS.isValid() returned an error even though no error was expected")
 				}
 			}
 		})

controller/controller.go

@@ -22,16 +22,22 @@ func Handle(cfg *config.Config) {
 	server.ReadTimeout = 15 * time.Second
 	server.WriteTimeout = 15 * time.Second
 	server.IdleTimeout = 15 * time.Second
-	server.TLSConfig = cfg.Web.TLSConfig()
 	if os.Getenv("ROUTER_TEST") == "true" {
 		return
 	}
 	log.Println("[controller][Handle] Listening on " + cfg.Web.SocketAddress())
-	if server.TLSConfig != nil {
-		log.Println("[controller][Handle]", app.ListenTLS(cfg.Web.SocketAddress(), "", ""))
+	if cfg.Web.HasTLS() {
+		err := app.ListenTLS(cfg.Web.SocketAddress(), cfg.Web.TLS.CertificateFile, cfg.Web.TLS.PrivateKeyFile)
+		if err != nil {
+			log.Fatal("[controller][Handle]", err)
+		}
 	} else {
-		log.Println("[controller][Handle]", app.Listen(cfg.Web.SocketAddress()))
+		err := app.Listen(cfg.Web.SocketAddress())
+		if err != nil {
+			log.Fatal("[controller][Handle]", err)
+		}
 	}
+	log.Println("[controller][Handle] Server has shut down successfully")
 }
 
 // Shutdown stops the server

core/endpoint.go

@@ -42,6 +42,7 @@ const (
 	EndpointTypeSTARTTLS EndpointType = "STARTTLS"
 	EndpointTypeTLS      EndpointType = "TLS"
 	EndpointTypeHTTP     EndpointType = "HTTP"
+	EndpointTypeWS       EndpointType = "WEBSOCKET"
 	EndpointTypeUNKNOWN  EndpointType = "UNKNOWN"
 )
 
@@ -149,6 +150,8 @@ func (endpoint Endpoint) Type() EndpointType {
 		return EndpointTypeTLS
 	case strings.HasPrefix(endpoint.URL, "http://") || strings.HasPrefix(endpoint.URL, "https://"):
 		return EndpointTypeHTTP
+	case strings.HasPrefix(endpoint.URL, "ws://") || strings.HasPrefix(endpoint.URL, "wss://"):
+		return EndpointTypeWS
 	default:
 		return EndpointTypeUNKNOWN
 	}
@@ -340,6 +343,9 @@ func (endpoint *Endpoint) call(result *Result) {
 		result.Duration = time.Since(startTime)
 	} else if endpointType == EndpointTypeICMP {
 		result.Connected, result.Duration = client.Ping(strings.TrimPrefix(endpoint.URL, "icmp://"), endpoint.ClientConfig)
+	} else if endpointType == EndpointTypeWS {
+		result.Connected, result.Body, err = client.QueryWebSocket(endpoint.URL, endpoint.ClientConfig, endpoint.Body)
+		result.Duration = time.Since(startTime)
 	} else {
 		response, err = client.GetHTTPClient(endpoint.ClientConfig).Do(request)
 		result.Duration = time.Since(startTime)
@@ -364,6 +370,15 @@ func (endpoint *Endpoint) call(result *Result) {
 	}
 }
 
+// Close HTTP connections between watchdog and endpoints to avoid dangling socket file descriptors
+// on configuration reload.
+// More context on https://github.com/TwiN/gatus/issues/536
+func (endpoint *Endpoint) Close() {
+	if endpoint.Type() == EndpointTypeHTTP {
+		client.GetHTTPClient(endpoint.ClientConfig).CloseIdleConnections()
+	}
+}
+
 func (endpoint *Endpoint) buildHTTPRequest() *http.Request {
 	var bodyBuffer *bytes.Buffer
 	if endpoint.GraphQL {

core/endpoint_test.go

@@ -313,6 +313,18 @@ func TestEndpoint_Type(t *testing.T) {
 			},
 			want: EndpointTypeHTTP,
 		},
+		{
+			args: args{
+				URL: "wss://example.com/",
+			},
+			want: EndpointTypeWS,
+		},
+		{
+			args: args{
+				URL: "ws://example.com/",
+			},
+			want: EndpointTypeWS,
+		},
 		{
 			args: args{
 				URL: "invalid://example.org",

go.mod

@@ -7,60 +7,62 @@ require (
 	github.com/TwiN/g8/v2 v2.0.0
 	github.com/TwiN/gocache/v2 v2.2.0
 	github.com/TwiN/health v1.6.0
-	github.com/TwiN/whois v1.1.2
+	github.com/TwiN/whois v1.1.3
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/gofiber/fiber/v2 v2.46.0
 	github.com/google/go-github/v48 v48.2.0
 	github.com/google/uuid v1.3.0
 	github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062
-	github.com/lib/pq v1.10.7
+	github.com/lib/pq v1.10.9
 	github.com/miekg/dns v1.1.54
-	github.com/prometheus-community/pro-bing v0.2.0
-	github.com/prometheus/client_golang v1.14.0
-	github.com/valyala/fasthttp v1.47.0
+	github.com/prometheus-community/pro-bing v0.3.0
+	github.com/prometheus/client_golang v1.16.0
+	github.com/valyala/fasthttp v1.48.0
 	github.com/wcharczuk/go-chart/v2 v2.1.0
-	golang.org/x/crypto v0.10.0
+	golang.org/x/crypto v0.11.0
+	golang.org/x/net v0.11.0
 	golang.org/x/oauth2 v0.8.0
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/yaml.v3 v3.0.1
-	modernc.org/sqlite v1.23.1
+	modernc.org/sqlite v1.24.0
 )
 
 require (
 	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/savsgio/dictpool v0.0.0-20221023140959-7bf2e61cea94 // indirect
 	github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
 	golang.org/x/image v0.5.0 // indirect
-	golang.org/x/mod v0.7.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/mod v0.9.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
 	golang.org/x/tools v0.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	lukechampine.com/uint128 v1.2.0 // indirect
 	modernc.org/cc/v3 v3.40.0 // indirect