Show TLS certificate validity details

Include healthy TLS certificate validity in website check messages and show latest website check results in the UI.

frontend/src/api/client.ts

@@ -1,5 +1,6 @@
 import type {
   Asset,
+  CheckResult,
   Incident,
   Monitor,
   MonitorUpdate,
@@ -82,6 +83,8 @@ export const api = {
     request<void>(`/monitors/${monitorId}`, token, {
       method: "DELETE",
     }),
+  monitorResults: (token: string, monitorId: number, limit = 1) =>
+    request<CheckResult[]>(`/monitors/${monitorId}/results?limit=${limit}`, token),
   incidents: (token: string) => request<Incident[]>("/incidents", token),
   acknowledgeIncident: (token: string, incidentId: number) =>
     request<Incident>(`/incidents/${incidentId}/acknowledge`, token, {

frontend/src/pages/WebsitesPage.tsx

@@ -1,9 +1,9 @@
-import { FormEvent, useState } from "react";
+import { FormEvent, useEffect, useState } from "react";
 import { Edit3, Globe2, Plus, RefreshCw, Trash2, X } from "lucide-react";
 
 import { api } from "../api/client";
 import { Button } from "../components/Button";
-import type { Monitor } from "../types/api";
+import type { CheckResult, Monitor } from "../types/api";
 
 interface WebsitesPageProps {
   token: string;
@@ -27,6 +27,32 @@ export function WebsitesPage({ token, monitors, onCreated }: WebsitesPageProps)
   const [submitting, setSubmitting] = useState(false);
   const [deletingId, setDeletingId] = useState<number | null>(null);
   const [error, setError] = useState<string | null>(null);
+  const [latestResults, setLatestResults] = useState<Record<number, CheckResult>>({});
+
+  useEffect(() => {
+    let cancelled = false;
+    async function loadLatestResults() {
+      const resultEntries = await Promise.all(
+        websites.map(async (monitor) => {
+          const results = await api.monitorResults(token, monitor.id, 1);
+          return [monitor.id, results[0]] as const;
+        })
+      );
+      if (!cancelled) {
+        setLatestResults(Object.fromEntries(resultEntries.filter(([, result]) => Boolean(result))));
+      }
+    }
+    if (websites.length) {
+      loadLatestResults().catch(() => {
+        if (!cancelled) setLatestResults({});
+      });
+    } else {
+      setLatestResults({});
+    }
+    return () => {
+      cancelled = true;
+    };
+  }, [token, monitors]);
 
   async function handleSubmit(event: FormEvent) {
     event.preventDefault();
@@ -211,6 +237,7 @@ export function WebsitesPage({ token, monitors, onCreated }: WebsitesPageProps)
                   <div>
                     <div className="font-medium">{monitor.name}</div>
                     <div className="truncate text-sm text-slate-400">{monitor.target}</div>
+                    {latestResults[monitor.id]?.message ? <div className="text-xs text-slate-500">{latestResults[monitor.id].message}</div> : null}
                     {monitor.config?.check_tls_expiry ? <div className="text-xs text-slate-500">TLS warning at {String(monitor.config.tls_warning_days ?? 30)} days</div> : null}
                   </div>
                   <Status status={monitor.status} />

frontend/src/types/api.ts

@@ -33,6 +33,15 @@ export interface MonitorUpdate {
   interval_seconds?: number;
 }
 
+export interface CheckResult {
+  id: number;
+  monitor_id: number;
+  status: string;
+  response_time_ms?: number | null;
+  message?: string | null;
+  observed_at: string;
+}
+
 export interface Incident {
   id: number;
   asset_id?: number | null;

worker/app/collectors/website.py

@@ -28,13 +28,22 @@ class WebsiteCheckResult:
     message: str
 
 
+@dataclass(frozen=True)
+class TlsExpiryResult:
+    status: str
+    response_time_ms: int
+    message: str
+
+
 async def run_website_check(config: WebsiteCheckConfig) -> WebsiteCheckResult:
     started = perf_counter()
+    tls_message: str | None = None
 
     if config.check_tls_expiry:
         tls_result = await check_tls_expiry(config.url, config.tls_warning_days, config.timeout_seconds)
-        if tls_result is not None:
+        if tls_result.status != "up":
             return tls_result
+        tls_message = tls_result.message
 
     try:
         async with httpx.AsyncClient(follow_redirects=True, timeout=config.timeout_seconds) as client:
@@ -61,38 +70,46 @@ async def run_website_check(config: WebsiteCheckConfig) -> WebsiteCheckResult:
             response_time_ms=response_time_ms,
             message="Unexpected text was present",
         )
-    return WebsiteCheckResult(status="up", response_time_ms=response_time_ms, message="Website check passed")
+    message = "Website check passed"
+    if tls_message:
+        message = f"{message}; {tls_message}"
+    return WebsiteCheckResult(status="up", response_time_ms=response_time_ms, message=message)
 
 
-async def check_tls_expiry(url: str, warning_days: int, timeout_seconds: float) -> WebsiteCheckResult | None:
+async def check_tls_expiry(url: str, warning_days: int, timeout_seconds: float) -> TlsExpiryResult:
     parsed_url = urlparse(url)
     if parsed_url.scheme != "https":
-        return None
+        return TlsExpiryResult(status="up", response_time_ms=0, message="TLS expiry check skipped for non-HTTPS target")
     if not parsed_url.hostname:
-        return WebsiteCheckResult(status="down", response_time_ms=None, message="TLS check could not determine the hostname")
+        return TlsExpiryResult(status="down", response_time_ms=0, message="TLS check could not determine the hostname")
 
     started = perf_counter()
     try:
         expires_at = await _get_certificate_expiry(parsed_url.hostname, parsed_url.port or 443, timeout_seconds)
     except (OSError, ssl.SSLError, ValueError) as exc:
-        return WebsiteCheckResult(status="down", response_time_ms=None, message=f"TLS certificate check failed: {exc}")
+        return TlsExpiryResult(status="down", response_time_ms=int((perf_counter() - started) * 1000), message=f"TLS certificate check failed: {exc}")
 
     response_time_ms = int((perf_counter() - started) * 1000)
     now = datetime.now(UTC)
     days_remaining = (expires_at - now).total_seconds() / 86400
+    days_remaining_text = str(max(0, int(days_remaining)))
     if days_remaining < 0:
-        return WebsiteCheckResult(
+        return TlsExpiryResult(
             status="down",
             response_time_ms=response_time_ms,
             message=f"TLS certificate expired on {expires_at.date().isoformat()}",
         )
     if days_remaining <= warning_days:
-        return WebsiteCheckResult(
+        return TlsExpiryResult(
             status="warning",
             response_time_ms=response_time_ms,
-            message=f"TLS certificate expires in {int(days_remaining)} days on {expires_at.date().isoformat()}",
+            message=f"TLS certificate expires in {days_remaining_text} days on {expires_at.date().isoformat()}",
         )
-    return None
+    return TlsExpiryResult(
+        status="up",
+        response_time_ms=response_time_ms,
+        message=f"TLS certificate valid for {days_remaining_text} days until {expires_at.date().isoformat()}",
+    )
 
 
 async def _get_certificate_expiry(hostname: str, port: int, timeout_seconds: float) -> datetime: