Web server is running over TLS to protect imported data.

Author: clems4ever

cmd/go-graphkb/config.yml

@@ -1,4 +1,6 @@
 port: 8090
+tls_key: keys/server.key
+tls_cert: keys/server.crt
 
 mariadb:
   username: graphkb

cmd/go-graphkb/keys/server.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNDCCAbqgAwIBAgIUSmERk1D8uB791zb2aJZGwQl1okswCgYIKoZIzj0EAwIw
+UTELMAkGA1UEBhMCVVMxDTALBgNVBAgMBE9oaW8xITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAwwHZ3JhcGhrYjAeFw0yMDAxMDgyMzIw
+MzFaFw0zMDAxMDUyMzIwMzFaMFExCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARPaGlv
+MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB2dy
+YXBoa2IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATBjcX+Dcg1Ls03AHAlddFpSVIF
+d6LNo44r1baCTwd2n/6KBdjcia2UHtMf+6qVsmsq53Jb2tpaq9u7WZg+yOLSzY8x
++8Sir6XuroyDXdOrxkoDDSzseB2xzAsCodw3+Z6jUzBRMB0GA1UdDgQWBBRyX37c
+14nGLtJzIhHJsvqC4Hxr6TAfBgNVHSMEGDAWgBRyX37c14nGLtJzIhHJsvqC4Hxr
+6TAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2gAMGUCMQD/LkIPAOWaeups
+J3EEnV9e93OQ4sSze1gmWooJEDMoF/at4yjZ4RiDeQeyFPXgQeUCMGVkuIWgxQMZ
+DK8nTIDVUhczH289kLRVt7ZqCx0Zyi8yfRkUW4t6MAd00p7czQt+pw==
+-----END CERTIFICATE-----

cmd/go-graphkb/keys/server.key

@@ -0,0 +1,9 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIg==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDBaSW8z5Km2GRlJEDftOgmFMlbpOuVHJTbKMNhrgedbQUs0OrQ3Nrk+
+xDp9GENurB2gBwYFK4EEACKhZANiAATBjcX+Dcg1Ls03AHAlddFpSVIFd6LNo44r
+1baCTwd2n/6KBdjcia2UHtMf+6qVsmsq53Jb2tpaq9u7WZg+yOLSzY8x+8Sir6Xu
+royDXdOrxkoDDSzseB2xzAsCodw3+Z4=
+-----END EC PRIVATE KEY-----

cmd/importer-csv/config.yml

@@ -1,5 +1,6 @@
 graphkb:
-  url: "http://localhost:8090"
+  url: "https://localhost:8090"
   auth_token: "token_auth_for_csv_importer"
+  skip_verify: true
 
 path: "../../examples/example-data.csv"

internal/knowledge/graph_api.go

@@ -2,25 +2,36 @@ package knowledge
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"github.com/clems4ever/go-graphkb/internal/schema"
 	"io/ioutil"
 	"net/http"
+
+	"github.com/clems4ever/go-graphkb/internal/schema"
+	"github.com/spf13/viper"
 )
 
 // GraphEmitter an emitter of full source graph
 type GraphAPI struct {
 	// GraphKB URL and auth token
 	url       string
 	authToken string
+
+	client *http.Client
 }
 
 // NewGraphEmitter create an emitter of graph
 func NewGraphAPI(url string, authToken string) *GraphAPI {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: viper.GetBool("graphkb.skip_verify")},
+	}
+	client := &http.Client{Transport: tr}
+
 	return &GraphAPI{
 		url:       url,
 		authToken: authToken,
+		client:    client,
 	}
 }
 
@@ -33,7 +44,7 @@ func (gapi *GraphAPI) ReadCurrentGraph() (*Graph, error) {
 		return nil, err
 	}
 
-	res, err := http.DefaultClient.Do(req)
+	res, err := gapi.client.Do(req)
 	if err != nil {
 		return nil, err
 	}
@@ -72,7 +83,7 @@ func (gapi *GraphAPI) UpdateGraph(sg schema.SchemaGraph, updates GraphUpdatesBul
 		return err
 	}
 
-	res, err := http.DefaultClient.Do(req)
+	res, err := gapi.client.Do(req)
 	if err != nil {
 		return err
 	}

internal/server/server.go

@@ -364,7 +364,8 @@ func StartServer(database knowledge.GraphDB, schemaPersistor schema.Persistor,
 	bindInterface := fmt.Sprintf(":%d", viper.GetInt32("port"))
 	fmt.Printf("Listening on %s\n", bindInterface)
 
-	err := http.ListenAndServe(bindInterface, r)
+	err := http.ListenAndServeTLS(bindInterface, viper.GetString("tls_cert"),
+		viper.GetString("tls_key"), r)
 	if err != nil {
 		log.Fatal(err)
 	}