Added pre-generated TLS certificate

2024-02-27 21:58:57 +02:00 · 2024-02-27 21:58:57 +02:00 · 3aeae98404
parent 5ff923ce2c
commit 3aeae98404
6 changed files with 125 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -24,8 +24,6 @@ Once downloaded, you can launch Cosmium using the following command:

 ```sh
 ./cosmium-linux-amd64 \
-  -Cert "cert.crt" \
-  -CertKey "cert.key" \
  -Persist "./save.json" \
  -InitialData "./save.json"
 ```
@ -43,7 +41,9 @@ Once running, the explorer can be reached by navigating following URL: `https://

 ### SSL Certificate

-By default, Cosmium runs on HTTP. However, if you provide an SSL certificate, it will use HTTPS. Most applications will require HTTPS, so you can specify paths to the SSL certificate and key (PEM format) using the `-Cert` and `-CertKey` arguments, respectively.
+By default, Cosmium uses a pre-generated SSL certificate. You can provide your own certificates by specifying paths to the SSL certificate and key (PEM format) using the `-Cert` and `-CertKey` arguments, respectively.
+
+To disable SSL and run Cosmium on HTTP instead, you can use the `-DisableTls` flag. However most applications will require HTTPS.

 ### Other Available Arguments

--- a/api/config/config.go
+++ b/api/config/config.go
@ -20,6 +20,7 @@ func ParseFlags() {
 	initialDataPath := flag.String("InitialData", "", "Path to JSON containing initial state")
 	accountKey := flag.String("AccountKey", DefaultAccountKey, "Account key for authentication")
 	disableAuthentication := flag.Bool("DisableAuth", false, "Disable authentication")
+	disableTls := flag.Bool("DisableTls", false, "Disable TLS, serve over HTTP")
 	persistDataPath := flag.String("Persist", "", "Saves data to given path on application exit")

 	flag.Parse()
@ -32,6 +33,7 @@ func ParseFlags() {
 	Config.InitialDataFilePath = *initialDataPath
 	Config.PersistDataFilePath = *persistDataPath
 	Config.DisableAuth = *disableAuthentication
+	Config.DisableTls = *disableTls

 	Config.DatabaseAccount = Config.Host
 	Config.DatabaseDomain = Config.Host
--- a/api/config/constants.go
+++ b/api/config/constants.go
@ -0,0 +1,78 @@
+package config
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+const certificate = `
+-----BEGIN CERTIFICATE-----
+MIIEaDCCAlCgAwIBAgIUAY7ito1IQfbIi52C0evhqHWgEvQwDQYJKoZIhvcNAQEL
+BQAwMzELMAkGA1UEBhMCTFQxEjAQBgNVBAgMCUxpdGh1YW5pYTEQMA4GA1UECgwH
+Q29zbWl1bTAeFw0yNDAyMjcxOTE4NThaFw0zNDAyMjYxOTE4NThaMD8xCzAJBgNV
+BAYTAkxUMRIwEAYDVQQIDAlMaXRodWFuaWExEDAOBgNVBAoMB0Nvc21pdW0xCjAI
+BgNVBAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZxGz5clcf
+fvE6wS9Q2xPsUjeKdwotRCfKRu9kT7o1cZOSRBp7DgdeLvZ7BzqU1tk5wiLLiZwB
+gI6amQAd6z6EwUcUH0mHtFiWU0y/FROz0QUojbbYp0PMUhWjlPAxAGaiwgF/82z7
+/lmgMjf5v32XsMfa4U+FaaNYs7gu7aCQBQTAHmOIPnEAeFk9xQ2VzntRUWwzDYOV
+SimtPZk2O2X18V8KTgTLMQF1KErIyznIwEPB/BLi+ihLkh/8BaaxoIeOPIhRLNFr
+ecZrc/8+S4dUSUQDfmV3JFYFFheG0XIPEwXIaXiDAphpkCGhMIC2pDL8r14sntvn
+juHFZxmSP4V5AgMBAAGjaDBmMB8GA1UdIwQYMBaAFEbQ/7hV4FWrptdOk540R2lF
+SB1BMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMAwGA1UdEQQFMAOCASowHQYDVR0O
+BBYEFGv5XvoFFzrG54GQ+WMFm6UO36BJMA0GCSqGSIb3DQEBCwUAA4ICAQBZh/vZ
+PBamebTEpiQz6cgf8+GcTi++ebYUGQ3YJj82pqVBdipOhYQOZJ0fOlT1qRGNglut
+m5zn0iuXsNucP/32xdf1aJBnsU/aGrlf5ohJpGNxYfNPsewxeqQI23Yj22ec1gy
+WL2pFDYNyTZMM7Wgys7m3i9lb6TYOF2lNO3WbNuuuETsDAPa0rD0R8QsQOfYOSNJ
+YuWE4qZu+ySvTWsMZwlcqs7QL3Sd91UjItIS/AgqbnLvgt4z5ckGCIvickUfAZuQ
+6x592hTz4OZ+WIYDejtb5MMXRaKEXgfF6o1idrD7YgVutm+2+mYpN1v9aLbCs7QW
+9RkJoTXFQRNGq6j/cO0ZrCKFkttduziMWRz5X9QWADME1NsL53DfDkaxp9Nh+CCu
+0S9OF9nVLJVigdXe4O1cQ0Qh633O6k+F/xWYcmMyVt3V2bs7FPfygGUx60tfIbpi
+cBK3BsuzUrId3ozvYPsmfxYlzmyspyS6G+f7zLFOakm3fuqDJpnFNXmRY2Ljd3Cp
+punuMT6zSctHAxpgJm1g9R6PcaGr+b/n6zkbxyK9+SFzwN3Lb18WFj5OcslNM/g5
+ERE5Ws+Vae6MleSmsxSytgH4qn0ormPWuouBLaW0Rv2ZHdkt3myq8kTqtqdw3LRR
+ogcLQ3cL6I5FKGjm2TOF72DQHvOol8ck0uMz/w==
+-----END CERTIFICATE-----
+`
+
+const certificateKey = `
+-----BEGIN PRIVATE KEY-----
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCZxGz5clcffvE6
+wS9Q2xPsUjeKdwotRCfKRu9kT7o1cZOSRBp7DgdeLvZ7BzqU1tk5wiLLiZwBgI6a
+mQAd6z6EwUcUH0mHtFiWU0y/FROz0QUojbbYp0PMUhWjlPAxAGaiwgF/82z7/lmg
+Mjf5v32XsMfa4U+FaaNYs7gu7aCQBQTAHmOIPnEAeFk9xQ2VzntRUWwzDYOVSimt
+PZk2O2X18V8KTgTLMQF1KErIyznIwEPB/BLi+ihLkh/8BaaxoIeOPIhRLNFrecZr
+c/8+S4dUSUQDfmV3JFYFFheG0XIPEwXIaXiDAphpkCGhMIC2pDL8r14sntvnjuHF
+ZxmSP4V5AgMBAAECgf89wcgjpZnzoWoiM3Z6QDJnkiUdXQumHQracBnRFXnMy8p9
+wCd4ecnu9ptd8OArXgVMiaILWZeGXlqtW872m6Lej6DrJkpOt3NG9CvscdaHdthW
+9dzv8d7IEtuRN4/WWOm7Tke7eD7763ta9i9/niR2q7DazPVw8vYhkyoNe864qVrq
+Vw6+MMetz3TDHZ68p17yJJ9FJ0z0vHj3KJFrxnJonMe+/LcQX490y4zZw+zeyCkh
+y/bsgvFGhnUhJ+mOz+qv0KL7HyUR69p9/+mjQH+AQH+j24xgd1IL0Dror9Cy1kxY
+uKmi8pN1y288GmjkWosGMb0p3Pse1OkOyYFIbxECgYEA2ED3PSPoHWLHfKhg2BFw
+yMPtern06rjKuwMNlD+mKS66Z+OsQi2EBsqomGnr1HGvYgQik0jwMcx0+Sup9/Zp
+az8ebH6S4Tdxmnlwn34lhTIAF1KJS19AYvbhOydV+M+hq7Y7QxTqYsJAgEYwsozQ
+0XeAzRBIiRxdcMFHP40zZIkCgYEAtgdiwo5d5iyvXEqx/5+NdM4b/ImrbaFIAb0v
+MqiPpOA/+7EKlx72gJKVKh2iv4jvEUfduNEUXt77Yqo66HhfiTBVYxYwThK8E0Mq
+TSKKdJsdPSThLS3qjeARpzQpWLiBZH90GxbfFL3ogIOa/UcgwRrqPc5a/yq8adSs
+KGrfvXECgYEAmSMAMbqgn1aY32y5D6jiDjm4jMTsa98qKN5TmlysRNODSxhNnptu
+uASA+VVgnBNZV/aHqXboKMuZNe22shI7uqd62ueTCYtiljpTB46j8TtkFx/qe4Zb
+KPmcq3ACkGwwF1G3i5xfEkputKd/yqCvKvYOLqjORNHiVXt5Acby0skCgYBYkZ9s
+KvllVbi9n1qclnWtr9vONO5EmYT/051zeLDr+HEpditA/L/UL36Ez4awy2AHeIBZ
+vOG8h6Kpj0q6cleJ2Qqy+8jlNBhvBu8+OOBFfHPtnFQ0N3M5NR1hze+QS7YpwBou
+VCKXZRAL9/0h38oAK6huCkocfh7PH7vkrpvPAQKBgCFDDtk7aBJsNcOW+aq4IEvf
+nZ5hhhdelNLeN29RrJ71GwJrCG3NbhopWlCDqZ/Dd6QoEUpebqvlMGvQJBuz/QKb
+ilcZlmaCS9pqIXAFK9GQ89V/xa8OibOuJUiBgShnfSQqAwQrfX1vYjtKErnjoRFs
+9+zaWugLCC47Hw6QlMDa
+-----END PRIVATE KEY-----
+`
+
+func GetDefaultTlsConfig() *tls.Config {
+	cert, err := tls.X509KeyPair([]byte(certificate), []byte(certificateKey))
+	if err != nil {
+		fmt.Println("Failed to parse certificate and key:", err)
+		return &tls.Config{}
+	}
+
+	return &tls.Config{
+		Certificates: []tls.Certificate{cert},
+	}
+}
--- a/api/config/models.go
+++ b/api/config/models.go
@ -14,4 +14,5 @@ type ServerConfig struct {
 	InitialDataFilePath string
 	PersistDataFilePath string
 	DisableAuth         bool
+	DisableTls          bool
 }
--- a/api/router.go
+++ b/api/router.go
@ -1,7 +1,11 @@
 package api

 import (
+	"fmt"
+	"net/http"
+
 	"github.com/gin-gonic/gin"
+	"github.com/pikami/cosmium/api/config"
 	"github.com/pikami/cosmium/api/handlers"
 	"github.com/pikami/cosmium/api/handlers/middleware"
 )
@ -43,3 +47,39 @@ func CreateRouter() *gin.Engine {

 	return router
 }
+
+func StartAPI() {
+	router := CreateRouter()
+	listenAddress := fmt.Sprintf(":%d", config.Config.Port)
+
+	if config.Config.TLS_CertificatePath != "" && config.Config.TLS_CertificateKey != "" {
+		err := router.RunTLS(
+			listenAddress,
+			config.Config.TLS_CertificatePath,
+			config.Config.TLS_CertificateKey)
+		if err != nil {
+			fmt.Println("Failed to start HTTPS server:", err)
+		}
+
+		return
+	}
+
+	if config.Config.DisableTls {
+		router.Run(listenAddress)
+	}
+
+	tlsConfig := config.GetDefaultTlsConfig()
+	server := &http.Server{
+		Addr:      listenAddress,
+		Handler:   router.Handler(),
+		TLSConfig: tlsConfig,
+	}
+
+	fmt.Printf("Listening and serving HTTPS on %s\n", server.Addr)
+	err := server.ListenAndServeTLS("", "")
+	if err != nil {
+		fmt.Println("Failed to start HTTPS server:", err)
+	}
+
+	router.Run()
+}
--- a/main.go
+++ b/main.go
@ -1,7 +1,6 @@
 package main

 import (
-	"fmt"
 	"os"
 	"os/signal"
 	"syscall"
@ -18,16 +17,7 @@ func main() {
 		repositories.LoadStateFS(config.Config.InitialDataFilePath)
 	}

-	router := api.CreateRouter()
-	if config.Config.TLS_CertificatePath == "" ||
-		config.Config.TLS_CertificateKey == "" {
-		go router.Run(fmt.Sprintf(":%d", config.Config.Port))
-	} else {
-		go router.RunTLS(
-			fmt.Sprintf(":%d", config.Config.Port),
-			config.Config.TLS_CertificatePath,
-			config.Config.TLS_CertificateKey)
-	}
+	go api.StartAPI()

 	waitForExit()
 }