From 39187f0074b66798f8e6f7f293924458b6db932e Mon Sep 17 00:00:00 2001
From: Maxim Lebedev <git@toby3d.me>
Date: Wed, 14 Feb 2024 11:47:22 +0600
Subject: [PATCH] :lock: Added TLS support

---
 internal/cmd/home/home.go |  8 ++------
 internal/domain/config.go |  2 ++
 main.go                   | 18 +++++++++++++++++-
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/internal/cmd/home/home.go b/internal/cmd/home/home.go
index bde6112..e4b5019 100644
--- a/internal/cmd/home/home.go
+++ b/internal/cmd/home/home.go
@@ -198,12 +198,8 @@ func NewApp(logger *log.Logger, config *domain.Config) (*App, error) {
 	})
 	chain := middleware.Chain{
 		middleware.LogFmt(),
-		middleware.Redirect(middleware.RedirectConfig{
-			Serverer: serverer,
-		}),
-		middleware.Header(middleware.HeaderConfig{
-			Serverer: serverer,
-		}),
+		middleware.Redirect(middleware.RedirectConfig{Serverer: serverer}),
+		middleware.Header(middleware.HeaderConfig{Serverer: serverer}),
 	}
 
 	return &App{server: &http.Server{
diff --git a/internal/domain/config.go b/internal/domain/config.go
index a44c8ec..478a529 100644
--- a/internal/domain/config.go
+++ b/internal/domain/config.go
@@ -13,6 +13,8 @@ type Config struct {
 	Host       string `env:"HOST" envDefault:"0.0.0.0"`
 	ThemeDir   string `env:"THEME_DIR" envDefault:"theme"`
 	StaticDir  string `env:"STATIC_DIR" envDefault:"static"`
+	CertKey    string `env:"CERT_KEY"`
+	CertFile   string `env:"CERT_FILE"`
 	Port       uint16 `env:"PORT" envDefault:"3000"`
 }
 
diff --git a/main.go b/main.go
index 315d861..54f26eb 100644
--- a/main.go
+++ b/main.go
@@ -6,9 +6,11 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"flag"
 	"log"
+	"net"
 	"os"
 	"os/signal"
 	"path/filepath"
@@ -40,6 +42,20 @@ func main() {
 		logger.Fatalln("cannot unmarshal configuration into domain:", err)
 	}
 
+	ln, err := net.Listen("tcp", config.AddrPort().String())
+	if err != nil {
+		logger.Fatalln("cannot listen requested address:", err)
+	}
+
+	if config.CertFile != "" && config.CertKey != "" {
+		cert, err := tls.LoadX509KeyPair(config.CertFile, config.CertKey)
+		if err != nil {
+			logger.Fatalln("cannot load certificate files from config:", err)
+		}
+
+		ln = tls.NewListener(ln, &tls.Config{Certificates: []tls.Certificate{cert}})
+	}
+
 	for _, dir := range []*string{
 		&config.ContentDir,
 		&config.ThemeDir,
@@ -90,7 +106,7 @@ func main() {
 	go func() {
 		logger.Printf("starting server on %d...", config.Port)
 
-		if err = app.Run(nil); err != nil {
+		if err = app.Run(ln); err != nil {
 			logger.Fatalln("cannot run app:", err)
 		}
 	}()