feat: add metrics to tls encrypter (#3025)

Adds metrics for events and errors

Author: achingbrain

packages/connection-encrypter-tls/src/index.ts

@@ -19,13 +19,14 @@
  */
 
 import { TLS } from './tls.js'
-import type { ComponentLogger, ConnectionEncrypter, PrivateKey } from '@libp2p/interface'
+import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey } from '@libp2p/interface'
 
 export const PROTOCOL = '/tls/1.0.0'
 
 export interface TLSComponents {
   privateKey: PrivateKey
   logger: ComponentLogger
+  metrics?: Metrics
 }
 
 export function tls (): (components: TLSComponents) => ConnectionEncrypter {

packages/connection-encrypter-tls/src/tls.ts

@@ -24,18 +24,50 @@ import { HandshakeTimeoutError } from './errors.js'
 import { generateCertificate, verifyPeerCertificate, itToStream, streamToIt } from './utils.js'
 import { PROTOCOL } from './index.js'
 import type { TLSComponents } from './index.js'
-import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, Logger, SecureConnectionOptions, PrivateKey } from '@libp2p/interface'
+import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, Logger, SecureConnectionOptions, CounterGroup } from '@libp2p/interface'
 import type { Duplex } from 'it-stream-types'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 export class TLS implements ConnectionEncrypter {
   public protocol: string = PROTOCOL
   private readonly log: Logger
-  private readonly privateKey: PrivateKey
+  private readonly components: TLSComponents
+  private readonly metrics: {
+    server: {
+      events?: CounterGroup
+      errors?: CounterGroup
+    }
+    client: {
+      events?: CounterGroup
+      errors?: CounterGroup
+    }
+  }
 
   constructor (components: TLSComponents) {
     this.log = components.logger.forComponent('libp2p:tls')
-    this.privateKey = components.privateKey
+    this.components = components
+    this.metrics = {
+      server: {
+        events: components.metrics?.registerCounterGroup('libp2p_tls_server_events_total', {
+          label: 'event',
+          help: 'Total count of TLS connection encryption events by type'
+        }),
+        errors: components.metrics?.registerCounterGroup('libp2p_tls_server_errors_total', {
+          label: 'event',
+          help: 'Total count of TLS connection encryption errors by type'
+        })
+      },
+      client: {
+        events: components.metrics?.registerCounterGroup('libp2p_tls_server_events_total', {
+          label: 'event',
+          help: 'Total count of TLS connection encryption events by type'
+        }),
+        errors: components.metrics?.registerCounterGroup('libp2p_tls_server_errors_total', {
+          label: 'event',
+          help: 'Total count of TLS connection encryption errors by type'
+        })
+      }
+    }
   }
 
   readonly [Symbol.toStringTag] = '@libp2p/tls'
@@ -57,7 +89,7 @@ export class TLS implements ConnectionEncrypter {
    */
   async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, isServer: boolean, options?: SecureConnectionOptions): Promise<SecuredConnection<Stream>> {
     const opts: TLSSocketOptions = {
-      ...await generateCertificate(this.privateKey),
+      ...await generateCertificate(this.components.privateKey),
       isServer,
       // require TLS 1.3 or later
       minVersion: 'TLSv1.3',
@@ -83,9 +115,13 @@ export class TLS implements ConnectionEncrypter {
 
     return new Promise<SecuredConnection<Stream>>((resolve, reject) => {
       options?.signal?.addEventListener('abort', () => {
-        const err = new HandshakeTimeoutError()
-        socket.destroy(err)
-        reject(err)
+        this.metrics[isServer ? 'server' : 'client'].events?.increment({
+          abort: true
+        })
+        this.metrics[isServer ? 'server' : 'client'].errors?.increment({
+          encrypt_abort: true
+        })
+        socket.emit('error', new HandshakeTimeoutError())
       })
 
       const verifyRemote = (): void => {
@@ -104,21 +140,42 @@ export class TLS implements ConnectionEncrypter {
             })
           })
           .catch((err: Error) => {
-            reject(err)
+            this.metrics[isServer ? 'server' : 'client'].errors?.increment({
+              verify_peer_certificate: true
+            })
+            socket.emit('error', err)
           })
       }
 
       socket.on('error', (err: Error) => {
+        this.log.error('error encrypting %s connection - %e', isServer ? 'server' : 'client', err)
+
+        if (err.name !== 'HandshakeTimeoutError') {
+          this.metrics[isServer ? 'server' : 'client'].events?.increment({
+            error: true
+          })
+        }
+
+        socket.destroy(err)
         reject(err)
       })
       socket.once('secure', () => {
         this.log('verifying remote certificate')
+        this.metrics[isServer ? 'server' : 'client'].events?.increment({
+          secure: true
+        })
         verifyRemote()
       })
-    })
-      .catch(err => {
-        socket.destroy(err)
-        throw err
+      socket.on('connect', () => {
+        this.metrics[isServer ? 'server' : 'client'].events?.increment({
+          connect: true
+        })
       })
+      socket.on('close', () => {
+        this.metrics[isServer ? 'server' : 'client'].events?.increment({
+          close: true
+        })
+      })
+    })
   }
 }