From 3aeae984045b94c46487b068b6ad9f05aef02033 Mon Sep 17 00:00:00 2001 From: Pijus Kamandulis Date: Tue, 27 Feb 2024 21:58:57 +0200 Subject: [PATCH] Added pre-generated TLS certificate --- README.md | 6 ++-- api/config/config.go | 2 ++ api/config/constants.go | 78 +++++++++++++++++++++++++++++++++++++++++ api/config/models.go | 1 + api/router.go | 40 +++++++++++++++++++++ main.go | 12 +------ 6 files changed, 125 insertions(+), 14 deletions(-) create mode 100644 api/config/constants.go diff --git a/README.md b/README.md index 808c797..05024bd 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,6 @@ Once downloaded, you can launch Cosmium using the following command: ```sh ./cosmium-linux-amd64 \ - -Cert "cert.crt" \ - -CertKey "cert.key" \ -Persist "./save.json" \ -InitialData "./save.json" ``` @@ -43,7 +41,9 @@ Once running, the explorer can be reached by navigating following URL: `https:// ### SSL Certificate -By default, Cosmium runs on HTTP. However, if you provide an SSL certificate, it will use HTTPS. Most applications will require HTTPS, so you can specify paths to the SSL certificate and key (PEM format) using the `-Cert` and `-CertKey` arguments, respectively. +By default, Cosmium uses a pre-generated SSL certificate. You can provide your own certificates by specifying paths to the SSL certificate and key (PEM format) using the `-Cert` and `-CertKey` arguments, respectively. + +To disable SSL and run Cosmium on HTTP instead, you can use the `-DisableTls` flag. However most applications will require HTTPS. ### Other Available Arguments diff --git a/api/config/config.go b/api/config/config.go index 32fc7d6..86ebd92 100644 --- a/api/config/config.go +++ b/api/config/config.go @@ -20,6 +20,7 @@ func ParseFlags() { initialDataPath := flag.String("InitialData", "", "Path to JSON containing initial state") accountKey := flag.String("AccountKey", DefaultAccountKey, "Account key for authentication") disableAuthentication := flag.Bool("DisableAuth", false, "Disable authentication") + disableTls := flag.Bool("DisableTls", false, "Disable TLS, serve over HTTP") persistDataPath := flag.String("Persist", "", "Saves data to given path on application exit") flag.Parse() @@ -32,6 +33,7 @@ func ParseFlags() { Config.InitialDataFilePath = *initialDataPath Config.PersistDataFilePath = *persistDataPath Config.DisableAuth = *disableAuthentication + Config.DisableTls = *disableTls Config.DatabaseAccount = Config.Host Config.DatabaseDomain = Config.Host diff --git a/api/config/constants.go b/api/config/constants.go new file mode 100644 index 0000000..c436a78 --- /dev/null +++ b/api/config/constants.go @@ -0,0 +1,78 @@ +package config + +import ( + "crypto/tls" + "fmt" +) + +const certificate = ` +-----BEGIN CERTIFICATE----- +MIIEaDCCAlCgAwIBAgIUAY7ito1IQfbIi52C0evhqHWgEvQwDQYJKoZIhvcNAQEL +BQAwMzELMAkGA1UEBhMCTFQxEjAQBgNVBAgMCUxpdGh1YW5pYTEQMA4GA1UECgwH +Q29zbWl1bTAeFw0yNDAyMjcxOTE4NThaFw0zNDAyMjYxOTE4NThaMD8xCzAJBgNV +BAYTAkxUMRIwEAYDVQQIDAlMaXRodWFuaWExEDAOBgNVBAoMB0Nvc21pdW0xCjAI +BgNVBAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZxGz5clcf +fvE6wS9Q2xPsUjeKdwotRCfKRu9kT7o1cZOSRBp7DgdeLvZ7BzqU1tk5wiLLiZwB +gI6amQAd6z6EwUcUH0mHtFiWU0y/FROz0QUojbbYp0PMUhWjlPAxAGaiwgF/82z7 +/lmgMjf5v32XsMfa4U+FaaNYs7gu7aCQBQTAHmOIPnEAeFk9xQ2VzntRUWwzDYOV +SimtPZk2O2X18V8KTgTLMQF1KErIyznIwEPB/BLi+ihLkh/8BaaxoIeOPIhRLNFr +ecZrc/8+S4dUSUQDfmV3JFYFFheG0XIPEwXIaXiDAphpkCGhMIC2pDL8r14sntvn +juHFZxmSP4V5AgMBAAGjaDBmMB8GA1UdIwQYMBaAFEbQ/7hV4FWrptdOk540R2lF +SB1BMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMAwGA1UdEQQFMAOCASowHQYDVR0O +BBYEFGv5XvoFFzrG54GQ+WMFm6UO36BJMA0GCSqGSIb3DQEBCwUAA4ICAQBZh/vZ +PBamebTEpiQz6cgf8+GcTi++ebYUGQ3YJj82pqVBdipOhYQOZJ0fOlT1qRGNglut ++m5zn0iuXsNucP/32xdf1aJBnsU/aGrlf5ohJpGNxYfNPsewxeqQI23Yj22ec1gy +WL2pFDYNyTZMM7Wgys7m3i9lb6TYOF2lNO3WbNuuuETsDAPa0rD0R8QsQOfYOSNJ +YuWE4qZu+ySvTWsMZwlcqs7QL3Sd91UjItIS/AgqbnLvgt4z5ckGCIvickUfAZuQ +6x592hTz4OZ+WIYDejtb5MMXRaKEXgfF6o1idrD7YgVutm+2+mYpN1v9aLbCs7QW +9RkJoTXFQRNGq6j/cO0ZrCKFkttduziMWRz5X9QWADME1NsL53DfDkaxp9Nh+CCu +0S9OF9nVLJVigdXe4O1cQ0Qh633O6k+F/xWYcmMyVt3V2bs7FPfygGUx60tfIbpi +cBK3BsuzUrId3ozvYPsmfxYlzmyspyS6G+f7zLFOakm3fuqDJpnFNXmRY2Ljd3Cp +punuMT6zSctHAxpgJm1g9R6PcaGr+b/n6zkbxyK9+SFzwN3Lb18WFj5OcslNM/g5 +ERE5Ws+Vae6MleSmsxSytgH4qn0ormPWuouBLaW0Rv2ZHdkt3myq8kTqtqdw3LRR +ogcLQ3cL6I5FKGjm2TOF72DQHvOol8ck0uMz/w== +-----END CERTIFICATE----- +` + +const certificateKey = ` +-----BEGIN PRIVATE KEY----- +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCZxGz5clcffvE6 +wS9Q2xPsUjeKdwotRCfKRu9kT7o1cZOSRBp7DgdeLvZ7BzqU1tk5wiLLiZwBgI6a +mQAd6z6EwUcUH0mHtFiWU0y/FROz0QUojbbYp0PMUhWjlPAxAGaiwgF/82z7/lmg +Mjf5v32XsMfa4U+FaaNYs7gu7aCQBQTAHmOIPnEAeFk9xQ2VzntRUWwzDYOVSimt +PZk2O2X18V8KTgTLMQF1KErIyznIwEPB/BLi+ihLkh/8BaaxoIeOPIhRLNFrecZr +c/8+S4dUSUQDfmV3JFYFFheG0XIPEwXIaXiDAphpkCGhMIC2pDL8r14sntvnjuHF +ZxmSP4V5AgMBAAECgf89wcgjpZnzoWoiM3Z6QDJnkiUdXQumHQracBnRFXnMy8p9 +wCd4ecnu9ptd8OArXgVMiaILWZeGXlqtW872m6Lej6DrJkpOt3NG9CvscdaHdthW +9dzv8d7IEtuRN4/WWOm7Tke7eD7763ta9i9/niR2q7DazPVw8vYhkyoNe864qVrq +Vw6+MMetz3TDHZ68p17yJJ9FJ0z0vHj3KJFrxnJonMe+/LcQX490y4zZw+zeyCkh +y/bsgvFGhnUhJ+mOz+qv0KL7HyUR69p9/+mjQH+AQH+j24xgd1IL0Dror9Cy1kxY +uKmi8pN1y288GmjkWosGMb0p3Pse1OkOyYFIbxECgYEA2ED3PSPoHWLHfKhg2BFw +yMPtern06rjKuwMNlD+mKS66Z+OsQi2EBsqomGnr1HGvYgQik0jwMcx0+Sup9/Zp +az8ebH6S4Tdxmnlwn34lhTIAF1KJS19AYvbhOydV+M+hq7Y7QxTqYsJAgEYwsozQ +0XeAzRBIiRxdcMFHP40zZIkCgYEAtgdiwo5d5iyvXEqx/5+NdM4b/ImrbaFIAb0v +MqiPpOA/+7EKlx72gJKVKh2iv4jvEUfduNEUXt77Yqo66HhfiTBVYxYwThK8E0Mq +TSKKdJsdPSThLS3qjeARpzQpWLiBZH90GxbfFL3ogIOa/UcgwRrqPc5a/yq8adSs +KGrfvXECgYEAmSMAMbqgn1aY32y5D6jiDjm4jMTsa98qKN5TmlysRNODSxhNnptu +uASA+VVgnBNZV/aHqXboKMuZNe22shI7uqd62ueTCYtiljpTB46j8TtkFx/qe4Zb +KPmcq3ACkGwwF1G3i5xfEkputKd/yqCvKvYOLqjORNHiVXt5Acby0skCgYBYkZ9s +KvllVbi9n1qclnWtr9vONO5EmYT/051zeLDr+HEpditA/L/UL36Ez4awy2AHeIBZ +vOG8h6Kpj0q6cleJ2Qqy+8jlNBhvBu8+OOBFfHPtnFQ0N3M5NR1hze+QS7YpwBou +VCKXZRAL9/0h38oAK6huCkocfh7PH7vkrpvPAQKBgCFDDtk7aBJsNcOW+aq4IEvf +nZ5hhhdelNLeN29RrJ71GwJrCG3NbhopWlCDqZ/Dd6QoEUpebqvlMGvQJBuz/QKb +ilcZlmaCS9pqIXAFK9GQ89V/xa8OibOuJUiBgShnfSQqAwQrfX1vYjtKErnjoRFs +9+zaWugLCC47Hw6QlMDa +-----END PRIVATE KEY----- +` + +func GetDefaultTlsConfig() *tls.Config { + cert, err := tls.X509KeyPair([]byte(certificate), []byte(certificateKey)) + if err != nil { + fmt.Println("Failed to parse certificate and key:", err) + return &tls.Config{} + } + + return &tls.Config{ + Certificates: []tls.Certificate{cert}, + } +} diff --git a/api/config/models.go b/api/config/models.go index fe5d661..b8098e1 100644 --- a/api/config/models.go +++ b/api/config/models.go @@ -14,4 +14,5 @@ type ServerConfig struct { InitialDataFilePath string PersistDataFilePath string DisableAuth bool + DisableTls bool } diff --git a/api/router.go b/api/router.go index 9cfc3a3..64aa6bf 100644 --- a/api/router.go +++ b/api/router.go @@ -1,7 +1,11 @@ package api import ( + "fmt" + "net/http" + "github.com/gin-gonic/gin" + "github.com/pikami/cosmium/api/config" "github.com/pikami/cosmium/api/handlers" "github.com/pikami/cosmium/api/handlers/middleware" ) @@ -43,3 +47,39 @@ func CreateRouter() *gin.Engine { return router } + +func StartAPI() { + router := CreateRouter() + listenAddress := fmt.Sprintf(":%d", config.Config.Port) + + if config.Config.TLS_CertificatePath != "" && config.Config.TLS_CertificateKey != "" { + err := router.RunTLS( + listenAddress, + config.Config.TLS_CertificatePath, + config.Config.TLS_CertificateKey) + if err != nil { + fmt.Println("Failed to start HTTPS server:", err) + } + + return + } + + if config.Config.DisableTls { + router.Run(listenAddress) + } + + tlsConfig := config.GetDefaultTlsConfig() + server := &http.Server{ + Addr: listenAddress, + Handler: router.Handler(), + TLSConfig: tlsConfig, + } + + fmt.Printf("Listening and serving HTTPS on %s\n", server.Addr) + err := server.ListenAndServeTLS("", "") + if err != nil { + fmt.Println("Failed to start HTTPS server:", err) + } + + router.Run() +} diff --git a/main.go b/main.go index 10afb83..1274fd7 100644 --- a/main.go +++ b/main.go @@ -1,7 +1,6 @@ package main import ( - "fmt" "os" "os/signal" "syscall" @@ -18,16 +17,7 @@ func main() { repositories.LoadStateFS(config.Config.InitialDataFilePath) } - router := api.CreateRouter() - if config.Config.TLS_CertificatePath == "" || - config.Config.TLS_CertificateKey == "" { - go router.Run(fmt.Sprintf(":%d", config.Config.Port)) - } else { - go router.RunTLS( - fmt.Sprintf(":%d", config.Config.Port), - config.Config.TLS_CertificatePath, - config.Config.TLS_CertificateKey) - } + go api.StartAPI() waitForExit() }