feat: tls support (#244)

Signed-off-by: Chris Gianelloni <[email protected]>

Author: wolf31o2

cmd/tx-submit-api/main.go

@@ -98,11 +98,6 @@ func main() {
 	}
 
 	// Start API listener
-	logger.Infof(
-		"starting API listener on %s:%d",
-		cfg.Api.ListenAddress,
-		cfg.Api.ListenPort,
-	)
 	if err := api.Start(cfg); err != nil {
 		logger.Fatalf("failed to start API: %s", err)
 	}

internal/api/api.go

@@ -52,6 +52,21 @@ var staticFS embed.FS
 // @license.name	Apache 2.0
 // @license.url	http://www.apache.org/licenses/LICENSE-2.0.html
 func Start(cfg *config.Config) error {
+	// Standard logging
+	logger := logging.GetLogger()
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		logger.Infof(
+			"starting API TLS listener on %s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort,
+		)
+	} else {
+		logger.Infof(
+			"starting API listener on %s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort,
+		)
+	}
 	// Disable gin debug and color output
 	gin.SetMode(gin.ReleaseMode)
 	gin.DisableConsoleColor()
@@ -60,8 +75,6 @@ func Start(cfg *config.Config) error {
 	router := gin.New()
 	// Catch panics and return a 500
 	router.Use(gin.Recovery())
-	// Standard logging
-	logger := logging.GetLogger()
 	// Access logging
 	accessLogger := logging.GetAccessLogger()
 	skipPaths := []string{}
@@ -138,9 +151,17 @@ func Start(cfg *config.Config) error {
 	router.GET("/api/hastx/:tx_hash", handleHasTx)
 
 	// Start API listener
-	return router.Run(fmt.Sprintf("%s:%d",
-		cfg.Api.ListenAddress,
-		cfg.Api.ListenPort))
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		return router.RunTLS(
+			fmt.Sprintf("%s:%d", cfg.Api.ListenAddress, cfg.Api.ListenPort),
+			cfg.Tls.CertFilePath,
+			cfg.Tls.KeyFilePath,
+		)
+	} else {
+		return router.Run(fmt.Sprintf("%s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort))
+	}
 }
 
 func handleHealthcheck(c *gin.Context) {

internal/config/config.go

@@ -28,6 +28,7 @@ type Config struct {
 	Metrics MetricsConfig `yaml:"metrics"`
 	Debug   DebugConfig   `yaml:"debug"`
 	Node    NodeConfig    `yaml:"node"`
+	Tls     TlsConfig     `yaml:"tls"`
 }
 
 type LoggingConfig struct {
@@ -60,14 +61,19 @@ type NodeConfig struct {
 	Timeout      uint   `yaml:"timeout"      envconfig:"CARDANO_NODE_SOCKET_TIMEOUT"`
 }
 
+type TlsConfig struct {
+	CertFilePath string `yaml:"certFilePath" envconfig:"TLS_CERT_FILE_PATH"`
+	KeyFilePath  string `yaml:"keyFilePath"  envconfig:"TLS_KEY_FILE_PATH"`
+}
+
 // Singleton config instance with default values
 var globalConfig = &Config{
 	Logging: LoggingConfig{
 		Level:        "info",
 		Healthchecks: false,
 	},
 	Api: ApiConfig{
-		ListenAddress: "",
+		ListenAddress: "0.0.0.0",
 		ListenPort:    8090,
 	},
 	Debug: DebugConfig{