Merge pull request 'Permettre d'exposer le serveur API par https' (#54) from vlbeaudoin/feature/tls-api into main

Reviewed-on: #54

client_test.go

@@ -22,7 +22,15 @@ func TestAPI(t *testing.T) {
 	httpClient := http.DefaultClient
 	defer httpClient.CloseIdleConnections()
 
-	vokiClient := voki.New(httpClient, "localhost", cfg.API.Key, cfg.API.Port, "http")
+	var protocol string
+	switch cfg.API.TLS.Enabled {
+	case true:
+		protocol = "https"
+	case false:
+		protocol = "http"
+	}
+
+	vokiClient := voki.New(httpClient, "localhost", cfg.API.Key, cfg.API.Port, protocol)
 	apiClient := APIClient{vokiClient}
 
 	t.Run("get API health", func(t *testing.T) {

cmd.go

@@ -114,7 +114,22 @@ var apiCmd = &cobra.Command{
 		*/
 
 		// Execution
-		e.Logger.Fatal(e.Start(fmt.Sprintf(":%d", cfg.API.Port)))
+		switch cfg.API.TLS.Enabled {
+		case false:
+			e.Logger.Fatal(
+				e.Start(
+					fmt.Sprintf(":%d", cfg.API.Port),
+				),
+			)
+		case true:
+			e.Logger.Fatal(
+				e.StartTLS(
+					fmt.Sprintf(":%d", cfg.API.Port),
+					cfg.API.TLS.CertificateFile,
+					cfg.API.TLS.PrivateKeyFile,
+				),
+			)
+		}
 	},
 }
 

config.go

@@ -11,6 +11,21 @@ import (
 )
 
 const (
+	ViperAPITLSEnabled       string = "api.tls.enabled"
+	FlagAPITLSEnabled        string = "api-tls-enabled"
+	DefaultAPITLSEnabled     bool   = false
+	DescriptionAPITLSEnabled string = "Whether to use TLS or not. Requires certificate and private key files."
+
+	ViperAPITLSCertificateFile       string = "api.tls.certificate_file"
+	FlagAPITLSCertificateFile        string = "api-tls-certificate-file"
+	DefaultAPITLSCertificateFile     string = ""
+	DescriptionAPITLSCertificateFile string = "Path to TLS certificate file"
+
+	ViperAPITLSPrivateKeyFile       string = "api.tls.private_key_file"
+	FlagAPITLSPrivateKeyFile        string = "api-tls-private-key-file"
+	DefaultAPITLSPrivateKeyFile     string = ""
+	DescriptionAPITLSPrivateKeyFile string = "Path to TLS private key file"
+
 	ViperAPIPort       string = "api.port"
 	FlagAPIPort        string = "api-port"
 	DefaultAPIPort     int    = 1312
@@ -89,6 +104,15 @@ const (
 
 type Config struct {
 	API struct {
+		TLS struct {
+			Enabled bool `yaml:"enabled"`
+
+			// Path to file containing TLS certificate
+			CertificateFile string `yaml:"certificate_file"`
+
+			// Path to file containing TLS private key
+			PrivateKeyFile string `yaml:"private_key_file"`
+		}
 		Port int    `yaml:"port"`
 		Key  string `yaml:"key"`
 	} `yaml:"api"`
@@ -116,6 +140,9 @@ type Config struct {
 // DefaultConfig returns a Config filled with the default values from the
 // `Default*` constants defined in this file.
 func DefaultConfig() (cfg Config) {
+	cfg.API.TLS.Enabled = DefaultAPITLSEnabled
+	cfg.API.TLS.CertificateFile = DefaultAPITLSCertificateFile
+	cfg.API.TLS.PrivateKeyFile = DefaultAPITLSPrivateKeyFile
 	cfg.API.Port = DefaultAPIPort
 	cfg.API.Key = DefaultAPIKey
 	cfg.DB.Database = DefaultDBDatabase
@@ -145,6 +172,24 @@ func init() {
 
 	rootCmd.AddCommand(apiCmd)
 
+	// api.tls.enabled
+	apiCmd.Flags().Bool(FlagAPITLSEnabled, DefaultAPITLSEnabled, DescriptionAPITLSEnabled)
+	if err := viper.BindPFlag(ViperAPITLSEnabled, apiCmd.Flags().Lookup(FlagAPITLSEnabled)); err != nil {
+		log.Fatal(err)
+	}
+
+	// api.tls.certificate_file
+	apiCmd.Flags().String(FlagAPITLSCertificateFile, DefaultAPITLSCertificateFile, DescriptionAPITLSCertificateFile)
+	if err := viper.BindPFlag(ViperAPITLSCertificateFile, apiCmd.Flags().Lookup(FlagAPITLSCertificateFile)); err != nil {
+		log.Fatal(err)
+	}
+
+	// api.tls.private_key_file
+	apiCmd.Flags().String(FlagAPITLSPrivateKeyFile, DefaultAPITLSPrivateKeyFile, DescriptionAPITLSPrivateKeyFile)
+	if err := viper.BindPFlag(ViperAPITLSPrivateKeyFile, apiCmd.Flags().Lookup(FlagAPITLSPrivateKeyFile)); err != nil {
+		log.Fatal(err)
+	}
+
 	// api.key
 	apiCmd.Flags().String(FlagAPIKey, DefaultAPIKey, DescriptionAPIKey)
 	if err := viper.BindPFlag(ViperAPIKey, apiCmd.Flags().Lookup(FlagAPIKey)); err != nil {