From 8c074dd443f5e2d43f00c4910d544d9c9738101d Mon Sep 17 00:00:00 2001
From: Victor Lacasse-Beaudoin <vlbeaudoin@agecem.org>
Date: Sun, 7 Jul 2024 03:58:15 -0400
Subject: [PATCH] =?UTF-8?q?fix:=20impl=C3=A9menter=20correctement=20tls=20?=
 =?UTF-8?q?certfile=20et=20keyfile?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

test: ne pas vérifier le certificat avant de l'accepter
---
 client_test.go | 16 ++++++++++++++--
 cmd.go         |  7 +++++--
 config.go      | 38 +++++++++++++++++++-------------------
 3 files changed, 38 insertions(+), 23 deletions(-)

diff --git a/client_test.go b/client_test.go
index 3e1f180..1593e4c 100644
--- a/client_test.go
+++ b/client_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"net/http"
 	"testing"
 
@@ -19,7 +20,18 @@ func TestAPI(t *testing.T) {
 		return
 	}
 
-	httpClient := http.DefaultClient
+	//httpClient := http.DefaultClient
+	//defer httpClient.CloseIdleConnections()
+
+	transport := http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	}
+
+	httpClient := http.Client{
+		Transport: &transport,
+	}
 	defer httpClient.CloseIdleConnections()
 
 	var protocol string
@@ -30,7 +42,7 @@ func TestAPI(t *testing.T) {
 		protocol = "http"
 	}
 
-	vokiClient := voki.New(httpClient, "localhost", cfg.API.Key, cfg.API.Port, protocol)
+	vokiClient := voki.New(&httpClient, "localhost", cfg.API.Key, cfg.API.Port, protocol)
 	apiClient := APIClient{vokiClient}
 
 	t.Run("get API health", func(t *testing.T) {
diff --git a/cmd.go b/cmd.go
index 508af62..1518476 100644
--- a/cmd.go
+++ b/cmd.go
@@ -122,11 +122,14 @@ var apiCmd = &cobra.Command{
 				),
 			)
 		case true:
+			//TODO
+			log.Printf("dbg: certfile='%s' keyfile='%s'", cfg.API.TLS.Certfile, cfg.API.TLS.Keyfile)
+
 			e.Logger.Fatal(
 				e.StartTLS(
 					fmt.Sprintf(":%d", cfg.API.Port),
-					cfg.API.TLS.CertificateFile,
-					cfg.API.TLS.PrivateKeyFile,
+					cfg.API.TLS.Certfile,
+					cfg.API.TLS.Keyfile,
 				),
 			)
 		}
diff --git a/config.go b/config.go
index 927227c..c13b5a0 100644
--- a/config.go
+++ b/config.go
@@ -16,15 +16,15 @@ const (
 	DefaultAPITLSEnabled     bool   = false
 	DescriptionAPITLSEnabled string = "Whether to use TLS or not. Requires certificate and private key files."
 
-	ViperAPITLSCertificateFile       string = "api.tls.certificate_file"
-	FlagAPITLSCertificateFile        string = "api-tls-certificate-file"
-	DefaultAPITLSCertificateFile     string = ""
-	DescriptionAPITLSCertificateFile string = "Path to TLS certificate file"
+	ViperAPITLSCertfile       string = "api.tls.certfile"
+	FlagAPITLSCertfile        string = "api-tls-certfile"
+	DefaultAPITLSCertfile     string = "/etc/bottin/cert.pem"
+	DescriptionAPITLSCertfile string = "Path to TLS certificate file"
 
-	ViperAPITLSPrivateKeyFile       string = "api.tls.private_key_file"
-	FlagAPITLSPrivateKeyFile        string = "api-tls-private-key-file"
-	DefaultAPITLSPrivateKeyFile     string = ""
-	DescriptionAPITLSPrivateKeyFile string = "Path to TLS private key file"
+	ViperAPITLSKeyfile       string = "api.tls.keyfile"
+	FlagAPITLSKeyfile        string = "api-tls-keyfile"
+	DefaultAPITLSKeyfile     string = "/etc/bottin/key.pem"
+	DescriptionAPITLSKeyFile string = "Path to TLS private key file"
 
 	ViperAPIPort       string = "api.port"
 	FlagAPIPort        string = "api-port"
@@ -108,11 +108,11 @@ type Config struct {
 			Enabled bool `yaml:"enabled"`
 
 			// Path to file containing TLS certificate
-			CertificateFile string `yaml:"certificate_file"`
+			Certfile string `yaml:"certfile"`
 
 			// Path to file containing TLS private key
-			PrivateKeyFile string `yaml:"private_key_file"`
-		}
+			Keyfile string `yaml:"keyfile"`
+		} `yaml:"tls"`
 		Port int    `yaml:"port"`
 		Key  string `yaml:"key"`
 	} `yaml:"api"`
@@ -141,8 +141,8 @@ type Config struct {
 // `Default*` constants defined in this file.
 func DefaultConfig() (cfg Config) {
 	cfg.API.TLS.Enabled = DefaultAPITLSEnabled
-	cfg.API.TLS.CertificateFile = DefaultAPITLSCertificateFile
-	cfg.API.TLS.PrivateKeyFile = DefaultAPITLSPrivateKeyFile
+	cfg.API.TLS.Certfile = DefaultAPITLSCertfile
+	cfg.API.TLS.Keyfile = DefaultAPITLSKeyfile
 	cfg.API.Port = DefaultAPIPort
 	cfg.API.Key = DefaultAPIKey
 	cfg.DB.Database = DefaultDBDatabase
@@ -178,15 +178,15 @@ func init() {
 		log.Fatal(err)
 	}
 
-	// api.tls.certificate_file
-	apiCmd.Flags().String(FlagAPITLSCertificateFile, DefaultAPITLSCertificateFile, DescriptionAPITLSCertificateFile)
-	if err := viper.BindPFlag(ViperAPITLSCertificateFile, apiCmd.Flags().Lookup(FlagAPITLSCertificateFile)); err != nil {
+	// api.tls.certfile
+	apiCmd.Flags().String(FlagAPITLSCertfile, DefaultAPITLSCertfile, DescriptionAPITLSCertfile)
+	if err := viper.BindPFlag(ViperAPITLSCertfile, apiCmd.Flags().Lookup(FlagAPITLSCertfile)); err != nil {
 		log.Fatal(err)
 	}
 
-	// api.tls.private_key_file
-	apiCmd.Flags().String(FlagAPITLSPrivateKeyFile, DefaultAPITLSPrivateKeyFile, DescriptionAPITLSPrivateKeyFile)
-	if err := viper.BindPFlag(ViperAPITLSPrivateKeyFile, apiCmd.Flags().Lookup(FlagAPITLSPrivateKeyFile)); err != nil {
+	// api.tls.keyfile
+	apiCmd.Flags().String(FlagAPITLSKeyfile, DefaultAPITLSKeyfile, DescriptionAPITLSKeyFile)
+	if err := viper.BindPFlag(ViperAPITLSKeyfile, apiCmd.Flags().Lookup(FlagAPITLSKeyfile)); err != nil {
 		log.Fatal(err)
 	}
 
-- 
2.45.2