From 150782c42f39f2063d999772ce968cc0e6dc491b Mon Sep 17 00:00:00 2001
From: Victor Lacasse-Beaudoin <vlbeaudoin@agecem.org>
Date: Wed, 3 Jul 2024 20:51:43 -0400
Subject: [PATCH 1/3] feature(config): ajouter options TLS

---
 config.go | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/config.go b/config.go
index 3096960..927227c 100644
--- a/config.go
+++ b/config.go
@@ -11,6 +11,21 @@ import (
 )
 
 const (
+	ViperAPITLSEnabled       string = "api.tls.enabled"
+	FlagAPITLSEnabled        string = "api-tls-enabled"
+	DefaultAPITLSEnabled     bool   = false
+	DescriptionAPITLSEnabled string = "Whether to use TLS or not. Requires certificate and private key files."
+
+	ViperAPITLSCertificateFile       string = "api.tls.certificate_file"
+	FlagAPITLSCertificateFile        string = "api-tls-certificate-file"
+	DefaultAPITLSCertificateFile     string = ""
+	DescriptionAPITLSCertificateFile string = "Path to TLS certificate file"
+
+	ViperAPITLSPrivateKeyFile       string = "api.tls.private_key_file"
+	FlagAPITLSPrivateKeyFile        string = "api-tls-private-key-file"
+	DefaultAPITLSPrivateKeyFile     string = ""
+	DescriptionAPITLSPrivateKeyFile string = "Path to TLS private key file"
+
 	ViperAPIPort       string = "api.port"
 	FlagAPIPort        string = "api-port"
 	DefaultAPIPort     int    = 1312
@@ -89,6 +104,15 @@ const (
 
 type Config struct {
 	API struct {
+		TLS struct {
+			Enabled bool `yaml:"enabled"`
+
+			// Path to file containing TLS certificate
+			CertificateFile string `yaml:"certificate_file"`
+
+			// Path to file containing TLS private key
+			PrivateKeyFile string `yaml:"private_key_file"`
+		}
 		Port int    `yaml:"port"`
 		Key  string `yaml:"key"`
 	} `yaml:"api"`
@@ -116,6 +140,9 @@ type Config struct {
 // DefaultConfig returns a Config filled with the default values from the
 // `Default*` constants defined in this file.
 func DefaultConfig() (cfg Config) {
+	cfg.API.TLS.Enabled = DefaultAPITLSEnabled
+	cfg.API.TLS.CertificateFile = DefaultAPITLSCertificateFile
+	cfg.API.TLS.PrivateKeyFile = DefaultAPITLSPrivateKeyFile
 	cfg.API.Port = DefaultAPIPort
 	cfg.API.Key = DefaultAPIKey
 	cfg.DB.Database = DefaultDBDatabase
@@ -145,6 +172,24 @@ func init() {
 
 	rootCmd.AddCommand(apiCmd)
 
+	// api.tls.enabled
+	apiCmd.Flags().Bool(FlagAPITLSEnabled, DefaultAPITLSEnabled, DescriptionAPITLSEnabled)
+	if err := viper.BindPFlag(ViperAPITLSEnabled, apiCmd.Flags().Lookup(FlagAPITLSEnabled)); err != nil {
+		log.Fatal(err)
+	}
+
+	// api.tls.certificate_file
+	apiCmd.Flags().String(FlagAPITLSCertificateFile, DefaultAPITLSCertificateFile, DescriptionAPITLSCertificateFile)
+	if err := viper.BindPFlag(ViperAPITLSCertificateFile, apiCmd.Flags().Lookup(FlagAPITLSCertificateFile)); err != nil {
+		log.Fatal(err)
+	}
+
+	// api.tls.private_key_file
+	apiCmd.Flags().String(FlagAPITLSPrivateKeyFile, DefaultAPITLSPrivateKeyFile, DescriptionAPITLSPrivateKeyFile)
+	if err := viper.BindPFlag(ViperAPITLSPrivateKeyFile, apiCmd.Flags().Lookup(FlagAPITLSPrivateKeyFile)); err != nil {
+		log.Fatal(err)
+	}
+
 	// api.key
 	apiCmd.Flags().String(FlagAPIKey, DefaultAPIKey, DescriptionAPIKey)
 	if err := viper.BindPFlag(ViperAPIKey, apiCmd.Flags().Lookup(FlagAPIKey)); err != nil {
-- 
2.45.2


From 4ce3d9f60bc3770d40def89d931e81a47682be7a Mon Sep 17 00:00:00 2001
From: Victor Lacasse-Beaudoin <vlbeaudoin@agecem.org>
Date: Wed, 3 Jul 2024 20:51:57 -0400
Subject: [PATCH 2/3] feature(api): permettre d'exposer le serveur API par
 https

Requiert `cfg.API.TLS.Enabled = true` et des fichiers valides pour
`cfg.API.TLS.{CertificateFile,PrivateKeyFile}`
---
 cmd.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/cmd.go b/cmd.go
index 8c5571d..508af62 100644
--- a/cmd.go
+++ b/cmd.go
@@ -114,7 +114,22 @@ var apiCmd = &cobra.Command{
 		*/
 
 		// Execution
-		e.Logger.Fatal(e.Start(fmt.Sprintf(":%d", cfg.API.Port)))
+		switch cfg.API.TLS.Enabled {
+		case false:
+			e.Logger.Fatal(
+				e.Start(
+					fmt.Sprintf(":%d", cfg.API.Port),
+				),
+			)
+		case true:
+			e.Logger.Fatal(
+				e.StartTLS(
+					fmt.Sprintf(":%d", cfg.API.Port),
+					cfg.API.TLS.CertificateFile,
+					cfg.API.TLS.PrivateKeyFile,
+				),
+			)
+		}
 	},
 }
 
-- 
2.45.2


From a9f16826349aaea3eff018dcb5ca0bc8e2fd0c3f Mon Sep 17 00:00:00 2001
From: Victor Lacasse-Beaudoin <vlbeaudoin@agecem.org>
Date: Wed, 3 Jul 2024 20:53:17 -0400
Subject: [PATCH 3/3] fix(test): ajuster TLS client voki selon config

---
 client_test.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/client_test.go b/client_test.go
index a2aea93..3e1f180 100644
--- a/client_test.go
+++ b/client_test.go
@@ -22,7 +22,15 @@ func TestAPI(t *testing.T) {
 	httpClient := http.DefaultClient
 	defer httpClient.CloseIdleConnections()
 
-	vokiClient := voki.New(httpClient, "localhost", cfg.API.Key, cfg.API.Port, "http")
+	var protocol string
+	switch cfg.API.TLS.Enabled {
+	case true:
+		protocol = "https"
+	case false:
+		protocol = "http"
+	}
+
+	vokiClient := voki.New(httpClient, "localhost", cfg.API.Key, cfg.API.Port, protocol)
 	apiClient := APIClient{vokiClient}
 
 	t.Run("get API health", func(t *testing.T) {
-- 
2.45.2