Added TLS support

2025-01-03 16:22:40 +00:00 · 2023-03-15 10:37:17 +01:00 · 2023-03-15 10:37:17 +01:00 · e95a1b6840
commit e95a1b6840
parent 2c40060a60
3 changed files with 33 additions and 12 deletions
--- a/config.yml
+++ b/config.yml
@ -25,6 +25,15 @@ http:
  # Enable or disable git operations (clone, pull, push) via HTTP (either `true` or `false`). Default: true
  git-enabled: true

+  # Enable or disable TLS (either `true` or `false`). Default: false
+  tls-enabled: false
+
+  # Path to the TLS certificate file if TLS is enabled
+  cert-file:
+
+  # Path to the TLS key file if TLS is enabled
+  key-file:
+
 # SSH built-in server configuration
 # Note: it is not using the SSH daemon from your machine (yet)
 ssh:
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -19,10 +19,13 @@ type config struct {
 	LogLevel      string `yaml:"log-level"`

 	HTTP struct {
-		Host   string `yaml:"host"`
-		Port   string `yaml:"port"`
-		Domain string `yaml:"domain"`
-		Git    bool   `yaml:"git-enabled"`
+		Host       string `yaml:"host"`
+		Port       string `yaml:"port"`
+		Domain     string `yaml:"domain"`
+		Git        bool   `yaml:"git-enabled"`
+		TLSEnabled bool   `yaml:"tls-enabled"`
+		CertFile   string `yaml:"cert-file"`
+		KeyFile    string `yaml:"key-file"`
 	} `yaml:"http"`

 	SSH struct {
@ -51,6 +54,8 @@ func configWithDefaults() (*config, error) {
 	c.HTTP.Domain = "localhost"
 	c.HTTP.Git = true

+	c.HTTP.TLSEnabled = false
+
 	c.SSH.Enabled = true
 	c.SSH.Host = "0.0.0.0"
 	c.SSH.Port = "2222"
--- a/internal/web/run.go
+++ b/internal/web/run.go
@ -102,7 +102,7 @@ func Start() {
 		}
 	}

-	e.Use(basicInit)
+	e.Use(sessionInit)

 	e.Validator = NewValidator()

@ -168,16 +168,23 @@ func Start() {
 	// Git HTTP routes
 	if config.C.HTTP.Git {
 		e.Any("/:user/:gistname/*", gitHttp, gistInit)
-		debugStr = " (with Git HTTP support)"
+		debugStr = " (with Git over HTTP)"
 	}

 	e.Any("/*", noRouteFound)

 	addr := config.C.HTTP.Host + ":" + config.C.HTTP.Port
-	log.Info().Msg("Starting HTTP server on http://" + addr + debugStr)

-	if err := e.Start(addr); err != nil {
-		log.Fatal().Err(err).Msg("Failed to start HTTP server")
+	if config.C.HTTP.TLSEnabled {
+		log.Info().Msg("Starting HTTPS server on https://" + addr + debugStr)
+		if err := e.StartTLS(addr, config.C.HTTP.CertFile, config.C.HTTP.KeyFile); err != nil {
+			log.Fatal().Err(err).Msg("Failed to start HTTPS server")
+		}
+	} else {
+		log.Info().Msg("Starting HTTP server on http://" + addr + debugStr)
+		if err := e.Start(addr); err != nil {
+			log.Fatal().Err(err).Msg("Failed to start HTTP server")
+		}
 	}
 }

@ -186,14 +193,14 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc {
 		ctxValue := context.WithValue(ctx.Request().Context(), "data", echo.Map{})
 		ctx.SetRequest(ctx.Request().WithContext(ctxValue))
 		setData(ctx, "loadStartTime", time.Now())
+		setData(ctx, "signupDisabled", config.C.DisableSignup)
+
 		return next(ctx)
 	}
 }

-func basicInit(next echo.HandlerFunc) echo.HandlerFunc {
+func sessionInit(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(ctx echo.Context) error {
-		setData(ctx, "signupDisabled", config.C.DisableSignup)
-
 		sess := getSession(ctx)
 		if sess.Values["user"] != nil {
 			user := &models.User{ID: sess.Values["user"].(uint)}