From e95a1b684037bf428f23143769636e6e728d6421 Mon Sep 17 00:00:00 2001 From: Thomas Miceli Date: Wed, 15 Mar 2023 10:37:17 +0100 Subject: [PATCH] Added TLS support --- config.yml | 9 +++++++++ internal/config/config.go | 13 +++++++++---- internal/web/run.go | 23 +++++++++++++++-------- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/config.yml b/config.yml index 4cb4eae..06d8321 100644 --- a/config.yml +++ b/config.yml @@ -25,6 +25,15 @@ http: # Enable or disable git operations (clone, pull, push) via HTTP (either `true` or `false`). Default: true git-enabled: true + # Enable or disable TLS (either `true` or `false`). Default: false + tls-enabled: false + + # Path to the TLS certificate file if TLS is enabled + cert-file: + + # Path to the TLS key file if TLS is enabled + key-file: + # SSH built-in server configuration # Note: it is not using the SSH daemon from your machine (yet) ssh: diff --git a/internal/config/config.go b/internal/config/config.go index feac8ea..443988a 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -19,10 +19,13 @@ type config struct { LogLevel string `yaml:"log-level"` HTTP struct { - Host string `yaml:"host"` - Port string `yaml:"port"` - Domain string `yaml:"domain"` - Git bool `yaml:"git-enabled"` + Host string `yaml:"host"` + Port string `yaml:"port"` + Domain string `yaml:"domain"` + Git bool `yaml:"git-enabled"` + TLSEnabled bool `yaml:"tls-enabled"` + CertFile string `yaml:"cert-file"` + KeyFile string `yaml:"key-file"` } `yaml:"http"` SSH struct { @@ -51,6 +54,8 @@ func configWithDefaults() (*config, error) { c.HTTP.Domain = "localhost" c.HTTP.Git = true + c.HTTP.TLSEnabled = false + c.SSH.Enabled = true c.SSH.Host = "0.0.0.0" c.SSH.Port = "2222" diff --git a/internal/web/run.go b/internal/web/run.go index dfa6045..68f6e78 100644 --- a/internal/web/run.go +++ b/internal/web/run.go @@ -102,7 +102,7 @@ func Start() { } } - e.Use(basicInit) + e.Use(sessionInit) e.Validator = NewValidator() @@ -168,16 +168,23 @@ func Start() { // Git HTTP routes if config.C.HTTP.Git { e.Any("/:user/:gistname/*", gitHttp, gistInit) - debugStr = " (with Git HTTP support)" + debugStr = " (with Git over HTTP)" } e.Any("/*", noRouteFound) addr := config.C.HTTP.Host + ":" + config.C.HTTP.Port - log.Info().Msg("Starting HTTP server on http://" + addr + debugStr) - if err := e.Start(addr); err != nil { - log.Fatal().Err(err).Msg("Failed to start HTTP server") + if config.C.HTTP.TLSEnabled { + log.Info().Msg("Starting HTTPS server on https://" + addr + debugStr) + if err := e.StartTLS(addr, config.C.HTTP.CertFile, config.C.HTTP.KeyFile); err != nil { + log.Fatal().Err(err).Msg("Failed to start HTTPS server") + } + } else { + log.Info().Msg("Starting HTTP server on http://" + addr + debugStr) + if err := e.Start(addr); err != nil { + log.Fatal().Err(err).Msg("Failed to start HTTP server") + } } } @@ -186,14 +193,14 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc { ctxValue := context.WithValue(ctx.Request().Context(), "data", echo.Map{}) ctx.SetRequest(ctx.Request().WithContext(ctxValue)) setData(ctx, "loadStartTime", time.Now()) + setData(ctx, "signupDisabled", config.C.DisableSignup) + return next(ctx) } } -func basicInit(next echo.HandlerFunc) echo.HandlerFunc { +func sessionInit(next echo.HandlerFunc) echo.HandlerFunc { return func(ctx echo.Context) error { - setData(ctx, "signupDisabled", config.C.DisableSignup) - sess := getSession(ctx) if sess.Values["user"] != nil { user := &models.User{ID: sess.Values["user"].(uint)}