From 72f74c81464834fdb7605efbbdfdd0d92988091c Mon Sep 17 00:00:00 2001 From: Chris Gianelloni Date: Fri, 4 Oct 2024 11:40:54 -0400 Subject: [PATCH] feat: tls support (#244) Signed-off-by: Chris Gianelloni --- cmd/tx-submit-api/main.go | 5 ----- internal/api/api.go | 31 ++++++++++++++++++++++++++----- internal/config/config.go | 8 +++++++- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/cmd/tx-submit-api/main.go b/cmd/tx-submit-api/main.go index 7ed6068..f92c657 100644 --- a/cmd/tx-submit-api/main.go +++ b/cmd/tx-submit-api/main.go @@ -98,11 +98,6 @@ func main() { } // Start API listener - logger.Infof( - "starting API listener on %s:%d", - cfg.Api.ListenAddress, - cfg.Api.ListenPort, - ) if err := api.Start(cfg); err != nil { logger.Fatalf("failed to start API: %s", err) } diff --git a/internal/api/api.go b/internal/api/api.go index 39da78d..3f4289d 100644 --- a/internal/api/api.go +++ b/internal/api/api.go @@ -52,6 +52,21 @@ var staticFS embed.FS // @license.name Apache 2.0 // @license.url http://www.apache.org/licenses/LICENSE-2.0.html func Start(cfg *config.Config) error { + // Standard logging + logger := logging.GetLogger() + if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" { + logger.Infof( + "starting API TLS listener on %s:%d", + cfg.Api.ListenAddress, + cfg.Api.ListenPort, + ) + } else { + logger.Infof( + "starting API listener on %s:%d", + cfg.Api.ListenAddress, + cfg.Api.ListenPort, + ) + } // Disable gin debug and color output gin.SetMode(gin.ReleaseMode) gin.DisableConsoleColor() @@ -60,8 +75,6 @@ func Start(cfg *config.Config) error { router := gin.New() // Catch panics and return a 500 router.Use(gin.Recovery()) - // Standard logging - logger := logging.GetLogger() // Access logging accessLogger := logging.GetAccessLogger() skipPaths := []string{} @@ -138,9 +151,17 @@ func Start(cfg *config.Config) error { router.GET("/api/hastx/:tx_hash", handleHasTx) // Start API listener - return router.Run(fmt.Sprintf("%s:%d", - cfg.Api.ListenAddress, - cfg.Api.ListenPort)) + if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" { + return router.RunTLS( + fmt.Sprintf("%s:%d", cfg.Api.ListenAddress, cfg.Api.ListenPort), + cfg.Tls.CertFilePath, + cfg.Tls.KeyFilePath, + ) + } else { + return router.Run(fmt.Sprintf("%s:%d", + cfg.Api.ListenAddress, + cfg.Api.ListenPort)) + } } func handleHealthcheck(c *gin.Context) { diff --git a/internal/config/config.go b/internal/config/config.go index 1d8da65..a79a6e5 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -28,6 +28,7 @@ type Config struct { Metrics MetricsConfig `yaml:"metrics"` Debug DebugConfig `yaml:"debug"` Node NodeConfig `yaml:"node"` + Tls TlsConfig `yaml:"tls"` } type LoggingConfig struct { @@ -60,6 +61,11 @@ type NodeConfig struct { Timeout uint `yaml:"timeout" envconfig:"CARDANO_NODE_SOCKET_TIMEOUT"` } +type TlsConfig struct { + CertFilePath string `yaml:"certFilePath" envconfig:"TLS_CERT_FILE_PATH"` + KeyFilePath string `yaml:"keyFilePath" envconfig:"TLS_KEY_FILE_PATH"` +} + // Singleton config instance with default values var globalConfig = &Config{ Logging: LoggingConfig{ @@ -67,7 +73,7 @@ var globalConfig = &Config{ Healthchecks: false, }, Api: ApiConfig{ - ListenAddress: "", + ListenAddress: "0.0.0.0", ListenPort: 8090, }, Debug: DebugConfig{