Add certificate support for Electron

garrettmflynn · garrettmflynn · commit de202e4babba · 2025-10-09T16:13:54.000-07:00
diff --git a/packages/core/assets/services/index.ts b/packages/core/assets/services/index.ts
@@ -1,4 +1,4 @@
-import { isAbsolute, extname, join, resolve, sep } from 'node:path'
+import { isAbsolute, extname, join, resolve, sep, relative } from 'node:path'
 import { getFreePorts } from './network.js'
 
 import { spawn, fork } from 'node:child_process'
@@ -221,9 +221,25 @@ export function resolveServiceBuildInfo(service, name, opts: ServiceOptions) {
 
     // Only include SSL if both files exist
     if (existsSync(keyPath) && existsSync(certPath)) {
+      // For desktop targets being built, adjust paths for ASAR packaging
+      // Store paths that will work at runtime
+      const adjustPathForDesktop = (path: string) => {
+        if (!isDesktopTarget || !isBuildProcess) return path
+
+        // Make path relative to root for packaging
+        const relativePath = relative(root, path)
+
+        // At runtime in Electron, these will be in extraResources
+        // so we return a marker that will be resolved at runtime
+        return `__RUNTIME_SSL__/${relativePath}`
+      }
+
       resolvedSSL = {
-        key: keyPath,
-        cert: certPath
+        key: adjustPathForDesktop(keyPath),
+        cert: adjustPathForDesktop(certPath),
+        // Store original paths for build-time asset collection
+        __keySource: keyPath,
+        __certSource: certPath,
       }
     } else {
       logger.warn(`SSL configuration provided but certificate files not found:`)
@@ -393,12 +409,44 @@ export async function start(
       // Get service-specific env variables
       const serviceEnv = config.env && typeof config.env === 'object' ? config.env : {}
 
+      // Helper to resolve runtime SSL paths
+      function resolveRuntimePath(path: string): string {
+        // If path contains runtime marker, resolve it
+        if (path.startsWith('__RUNTIME_SSL__/')) {
+          const relativePath = path.replace('__RUNTIME_SSL__/', '')
+
+          // In Electron production, resolve from extraResources
+          if (typeof process !== 'undefined' && process.resourcesPath) {
+            const resolvedPath = resolve(process.resourcesPath, 'ssl', relativePath)
+            logger.debug(`[${label}] SSL path resolved from resources: ${path} -> ${resolvedPath}`)
+            return resolvedPath
+          }
+
+          // Fallback to original resolution (shouldn't happen)
+          const resolvedPath = resolve(root, relativePath)
+          logger.debug(`[${label}] SSL path resolved from root: ${path} -> ${resolvedPath}`)
+          return resolvedPath
+        }
+
+        // In dev mode, paths should already be absolute
+        logger.debug(`[${label}] SSL path used as-is: ${path}`)
+        return path
+      }
+
       // Add SSL certificate paths to environment if configured
       const sslEnv = config.ssl ? {
-        SSL_KEY_PATH: config.ssl.key,
-        SSL_CERT_PATH: config.ssl.cert,
+        SSL_KEY_PATH: resolveRuntimePath(config.ssl.key),
+        SSL_CERT_PATH: resolveRuntimePath(config.ssl.cert),
       } : {}
 
+      if (config.ssl) {
+        logger.debug(`[${label}] SSL configuration:`)
+        logger.debug(`  - SSL_KEY_PATH: ${sslEnv.SSL_KEY_PATH}`)
+        logger.debug(`  - SSL_CERT_PATH: ${sslEnv.SSL_CERT_PATH}`)
+        logger.debug(`  - Key exists: ${existsSync(sslEnv.SSL_KEY_PATH)}`)
+        logger.debug(`  - Cert exists: ${existsSync(sslEnv.SSL_CERT_PATH)}`)
+      }
+
       // Share environment variables with the child process
       const env = {
         ...userEnv,
diff --git a/packages/core/types.ts b/packages/core/types.ts
@@ -145,13 +145,15 @@ export type PackageBuildInfo = {
 
 type UserBuildCommand = string | ((info: PackageBuildInfo) => string | Promise<string>) // e.g. could respond to platform or manually build the executable
 
-type ResolvedServices = { [x: string]: ResolvedService }
-
 type SSLConfiguration = {
   key: string
   cert: string
+  __keySource?: string // Original source path for build-time asset collection
+  __certSource?: string // Original source path for build-time asset collection
 }
 
+type ResolvedServices = { [x: string]: ResolvedService }
+
 type _ExtraServiceMetadata = {
   public?: boolean
   port?: number
@@ -419,8 +421,6 @@ export type ServiceBuildOptions = {
   hooks?: HooksInterface // Hooks interface for CLI integration
 }
 
-type ResolvedServices = { [x: string]: ResolvedService }
-
 export type ResolvedConfig =Omit<BaseConfig, 'hooks'> & {
   build?: BuildOptions
   hooks: HooksInterface // Resolved hooks interface
diff --git a/packages/core/utils/assets.ts b/packages/core/utils/assets.ts
@@ -402,7 +402,27 @@ export const getServiceAssets = (
       __autobuild?: boolean
     }
 
-    const { build, base, filepath, __src, __autobuild } = resolvedService
+    const { build, base, filepath, __src, __autobuild, ssl } = resolvedService
+
+    // Include SSL certificate files as extra resources for desktop builds
+    if (ssl && !dev) {
+      if (ssl.__keySource) {
+        assets.copy.push({
+          input: ssl.__keySource,
+          // Output relative to build dir, will be placed in extraResources
+          output: join('ssl', basename(ssl.__keySource)),
+          extraResource: true,
+        })
+      }
+      if (ssl.__certSource) {
+        assets.copy.push({
+          input: ssl.__certSource,
+          // Output relative to build dir, will be placed in extraResources
+          output: join('ssl', basename(ssl.__certSource)),
+          extraResource: true,
+        })
+      }
+    }
 
     const allowCompilation = !(dev && __autobuild)
 
