Add support for TLS files via config.

viant · Feb 23, 2024 · 48c8606 · 48c8606
1 parent b0599e5
commit 48c8606
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 0 deletions.
diff --git a/service/endpoint/config.go b/service/endpoint/config.go
@@ -38,6 +38,8 @@ type Config struct {
 	EnableMemProf bool
 	EnableCPUProf bool
 
+	TLS *TLSConfig
+
 	AllowedSubnet []string `json:",omitempty" yaml:",omitempty"`
 }
 

diff --git a/service/endpoint/service.go b/service/endpoint/service.go
@@ -54,6 +54,18 @@ func (s *Service) Listen() (net.Listener, error) {
 
 func (s *Service) Serve(l net.Listener) error {
 	log.Printf("starting mly service endpoint: %v\n", s.server.Addr)
+	tls := s.config.TLS
+
+	var err error
+	if tls == nil {
+		err = tls.Valid()
+		if err != nil {
+			return err
+		}
+
+		return s.server.ServeTLS(l, tls.CertFile, tls.KeyFile)
+	}
+
 	return s.server.Serve(l)
 }
 

diff --git a/service/endpoint/tls.go b/service/endpoint/tls.go
@@ -0,0 +1,37 @@
+package endpoint
+
+import (
+	"fmt"
+	"os"
+)
+
+type TLSConfig struct {
+	CertFile string
+	KeyFile  string
+}
+
+func (t *TLSConfig) Valid() error {
+	if t.CertFile == "" {
+		return fmt.Errorf("CertFile not set")
+	}
+
+	if t.KeyFile == "" {
+		return fmt.Errorf("KeyFile not set")
+	}
+
+	fp, err := os.Open(t.CertFile)
+	if err != nil {
+		fp.Close()
+	} else {
+		return fmt.Errorf("could not open %s, %w", t.CertFile, err)
+	}
+
+	fp, err = os.Open(t.KeyFile)
+	if err != nil {
+		fp.Close()
+	} else {
+		return fmt.Errorf("could not open %s, %w", t.KeyFile, err)
+	}
+
+	return nil
+}