From 6a3f65db7f4efeb2fb6096bd5696efc86bb03863 Mon Sep 17 00:00:00 2001
From: TwinProduction <twin@twinnation.org>
Date: Sun, 4 Oct 2020 17:01:10 -0400
Subject: [PATCH] Close #14: Support skipping certificate verification
 (services[].insecure)

---
 README.md                          |  1 +
 alerting/provider/custom/custom.go |  2 +-
 client/client.go                   | 28 ++++++++++++++++++++++------
 client/client_test.go              | 23 ++++++++++++++++++-----
 core/service.go                    |  5 ++++-
 5 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index e7f21f2d..10b8598a 100644
--- a/README.md
+++ b/README.md
@@ -84,6 +84,7 @@ Note that you can also add environment variables in the configuration file (i.e.
 | `services[].name`                        | Name of the service. Can be anything.                                         | Required `""`  |
 | `services[].url`                         | URL to send the request to                                                    | Required `""`  |
 | `services[].conditions`                  | Conditions used to determine the health of the service                        | `[]`           |
+| `services[].insecure`                    | Whether to skip verifying the server's certificate chain and host name        | `false`        |
 | `services[].interval`                    | Duration to wait between every status check                                   | `60s`          |
 | `services[].method`                      | Request method                                                                | `GET`          |
 | `services[].graphql`                     | Whether to wrap the body in a query param (`{"query":"$body"}`)               | `false`        |
diff --git a/alerting/provider/custom/custom.go b/alerting/provider/custom/custom.go
index 73d7e90a..7ef3fd20 100644
--- a/alerting/provider/custom/custom.go
+++ b/alerting/provider/custom/custom.go
@@ -73,7 +73,7 @@ func (provider *AlertProvider) buildRequest(serviceName, alertDescription string
 // Send a request to the alert provider and return the body
 func (provider *AlertProvider) Send(serviceName, alertDescription string, resolved bool) ([]byte, error) {
 	request := provider.buildRequest(serviceName, alertDescription, resolved)
-	response, err := client.GetHttpClient().Do(request)
+	response, err := client.GetHttpClient(false).Do(request)
 	if err != nil {
 		return nil, err
 	}
diff --git a/client/client.go b/client/client.go
index bc0b9381..ce3148d2 100644
--- a/client/client.go
+++ b/client/client.go
@@ -1,19 +1,35 @@
 package client
 
 import (
+	"crypto/tls"
 	"net/http"
 	"time"
 )
 
 var (
-	client *http.Client
+	secureHttpClient   *http.Client
+	insecureHttpClient *http.Client
 )
 
-func GetHttpClient() *http.Client {
-	if client == nil {
-		client = &http.Client{
-			Timeout: time.Second * 10,
+func GetHttpClient(insecure bool) *http.Client {
+	if insecure {
+		if insecureHttpClient == nil {
+			insecureHttpClient = &http.Client{
+				Timeout: time.Second * 10,
+				Transport: &http.Transport{
+					TLSClientConfig: &tls.Config{
+						InsecureSkipVerify: true,
+					},
+				},
+			}
 		}
+		return insecureHttpClient
+	} else {
+		if secureHttpClient == nil {
+			secureHttpClient = &http.Client{
+				Timeout: time.Second * 10,
+			}
+		}
+		return secureHttpClient
 	}
-	return client
 }
diff --git a/client/client_test.go b/client/client_test.go
index 0ab546e4..cd4d28a0 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -3,11 +3,24 @@ package client
 import "testing"
 
 func TestGetHttpClient(t *testing.T) {
-	if client != nil {
-		t.Error("client should've been nil since it hasn't been called a single time yet")
+	if secureHttpClient != nil {
+		t.Error("secureHttpClient should've been nil since it hasn't been called a single time yet")
 	}
-	_ = GetHttpClient()
-	if client == nil {
-		t.Error("client shouldn't have been nil, since it has been called once")
+	if insecureHttpClient != nil {
+		t.Error("insecureHttpClient should've been nil since it hasn't been called a single time yet")
+	}
+	_ = GetHttpClient(false)
+	if secureHttpClient == nil {
+		t.Error("secureHttpClient shouldn't have been nil, since it has been called once")
+	}
+	if insecureHttpClient != nil {
+		t.Error("insecureHttpClient should've been nil since it hasn't been called a single time yet")
+	}
+	_ = GetHttpClient(true)
+	if secureHttpClient == nil {
+		t.Error("secureHttpClient shouldn't have been nil, since it has been called once")
+	}
+	if insecureHttpClient == nil {
+		t.Error("insecureHttpClient shouldn't have been nil, since it has been called once")
 	}
 }
diff --git a/core/service.go b/core/service.go
index 03f5fb65..aa87cfbb 100644
--- a/core/service.go
+++ b/core/service.go
@@ -46,6 +46,9 @@ type Service struct {
 	// Alerts is the alerting configuration for the service in case of failure
 	Alerts []*Alert `yaml:"alerts"`
 
+	// Insecure is whether to skip verifying the server's certificate chain and host name
+	Insecure bool `yaml:"insecure,omitempty"`
+
 	NumberOfFailuresInARow  int
 	NumberOfSuccessesInARow int
 }
@@ -135,7 +138,7 @@ func (service *Service) getIp(result *Result) {
 func (service *Service) call(result *Result) {
 	request := service.buildRequest()
 	startTime := time.Now()
-	response, err := client.GetHttpClient().Do(request)
+	response, err := client.GetHttpClient(service.Insecure).Do(request)
 	if err != nil {
 		result.Duration = time.Since(startTime)
 		result.Errors = append(result.Errors, err.Error())