-added 'certificate' option

- tweaked the dashboard look

Author: kavehtehrani

src/cli.rs

@@ -80,6 +80,10 @@ pub struct Cli {
     /// Bind to a specific source IP address (e.g., 192.168.10.0)
     #[arg(long)]
     pub source: Option<String>,
+
+    /// Path to a custom TLS certificate file (PEM or DER format)
+    #[arg(long)]
+    pub certificate: Option<std::path::PathBuf>,
 }
 
 pub async fn run(args: Cli) -> Result<()> {
@@ -126,6 +130,7 @@ pub fn build_config(args: &Cli) -> RunConfig {
         experimental: args.experimental,
         interface: args.interface.clone(),
         source_ip: args.source.clone(),
+        certificate_path: args.certificate.clone(),
     }
 }
 

src/engine/cloudflare.rs

@@ -55,6 +55,43 @@ impl CloudflareClient {
             }
         }
 
+        // Load custom certificate if provided
+        if let Some(ref cert_path) = cfg.certificate_path {
+            // Check file extension
+            let ext = cert_path.extension()
+                .and_then(|e| e.to_str())
+                .map(|e| e.to_lowercase());
+            
+            let valid_extensions = ["pem", "crt", "cer", "der"];
+            if let Some(ref ext) = ext {
+                if !valid_extensions.contains(&ext.as_str()) {
+                    return Err(anyhow::anyhow!(
+                        "Invalid certificate file extension '{}'. Expected one of: {}",
+                        ext,
+                        valid_extensions.join(", ")
+                    ));
+                }
+            } else {
+                return Err(anyhow::anyhow!(
+                    "Certificate file has no extension. Expected one of: {}",
+                    valid_extensions.join(", ")
+                ));
+            }
+            
+            let cert_data = std::fs::read(cert_path)
+                .with_context(|| format!("failed to read certificate from {}", cert_path.display()))?;
+            
+            // Parse based on file extension
+            let cert = match ext.as_deref() {
+                Some("der") => reqwest::Certificate::from_der(&cert_data)
+                    .with_context(|| format!("failed to parse DER certificate from {}", cert_path.display()))?,
+                _ => reqwest::Certificate::from_pem(&cert_data)
+                    .with_context(|| format!("failed to parse PEM certificate from {}", cert_path.display()))?,
+            };
+            
+            builder = builder.add_root_certificate(cert);
+        }
+        
         let http = builder
             .build()
             .context("failed to build http client")?;

src/model.rs

@@ -20,6 +20,7 @@ pub struct RunConfig {
     pub experimental: bool,
     pub interface: Option<String>,
     pub source_ip: Option<String>,
+    pub certificate_path: Option<std::path::PathBuf>,
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]