From f7a9ed7f0d5b5d1b1805c456c7320ad1689e026d Mon Sep 17 00:00:00 2001
From: petruki <31597636+petruki@users.noreply.github.com>
Date: Tue, 1 Oct 2024 21:30:27 -0700
Subject: [PATCH] Added TLS server support

---
 .env.test                |  4 +++
 Makefile                 |  8 +++---
 sonar-project.properties |  2 +-
 src/controller/api.go    |  2 +-
 src/server/app.go        | 56 +++++++++++++++++++++++++++++++++-------
 5 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/.env.test b/.env.test
index 327a0ce..8153da4 100644
--- a/.env.test
+++ b/.env.test
@@ -1,5 +1,9 @@
 PORT=8000
 LOG_LEVEL=DEBUG
+SSL_ENABLED=false
+SSL_CERT_FILE=
+SSL_KEY_FILE=
+
 MONGO_URI=mongodb://localhost:27017
 MONGO_DB=switcher-gitops-test
 GIT_TOKEN_PRIVATE_KEY=SecretSecretSecretSecretSecretSe
diff --git a/Makefile b/Makefile
index 8050416..89c1c50 100644
--- a/Makefile
+++ b/Makefile
@@ -1,15 +1,17 @@
+.PHONY: build run test cover
+
 build:
 	go build -o ./bin/app ./src/cmd/app/main.go
 
 run:
 ifeq ($(OS),Windows_NT)
-    $env:GO_ENV="test"; go run ./src/cmd/app/main.go
+	$env:GO_ENV="test"; go run ./src/cmd/app/main.go
 else
-    GO_ENV=test go run ./src/cmd/app/main.go
+	GO_ENV=test go run ./src/cmd/app/main.go
 endif
 	
 test:
-	go test -p 1 -coverpkg=./... -v
+	go test -p 1 -v ./...
 
 cover:
 	go test -p 1 -coverprofile="coverage.out" ./...
diff --git a/sonar-project.properties b/sonar-project.properties
index 3b253dc..d68944d 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,7 +1,7 @@
 sonar.projectKey=switcherapi_switcher-gitops
 sonar.projectName=switcher-gitops
 sonar.organization=switcherapi
-sonar.projectVersion=1.0.0
+sonar.projectVersion=1.0.1
 sonar.links.homepage=https://github.com/switcherapi/switcher-gitops
 
 sonar.sources=src
diff --git a/src/controller/api.go b/src/controller/api.go
index 463b0f4..5b4af19 100644
--- a/src/controller/api.go
+++ b/src/controller/api.go
@@ -46,7 +46,7 @@ func (controller *ApiController) RegisterRoutes(r *mux.Router) http.Handler {
 func (controller *ApiController) CheckApiHandler(w http.ResponseWriter, r *http.Request) {
 	utils.ResponseJSON(w, ApiCheckResponse{
 		Status:      "All good",
-		Version:     "1.0.0",
+		Version:     "1.0.1",
 		ReleaseTime: config.GetEnv("RELEASE_TIME"),
 		ApiSettings: ApiSettingsResponse{
 			SwitcherURL:       config.GetEnv("SWITCHER_API_URL"),
diff --git a/src/server/app.go b/src/server/app.go
index b9fd9c2..5ba3587 100644
--- a/src/server/app.go
+++ b/src/server/app.go
@@ -2,6 +2,7 @@ package server
 
 import (
 	"context"
+	"crypto/tls"
 	"net/http"
 	"os"
 	"os/signal"
@@ -34,30 +35,65 @@ func NewApp() *App {
 }
 
 func (app *App) Start() error {
+	if config.GetEnv("SSL_ENABLED") == "true" {
+		app.httpServer = startServerWithSsl(app.routerHandlers)
+	} else {
+		app.httpServer = startServer(app.routerHandlers)
+	}
+
+	quit := make(chan os.Signal, 1)
+	signal.Notify(quit, os.Interrupt, os.Interrupt)
+
+	<-quit
+
+	ctx, shutdown := context.WithTimeout(context.Background(), 5*time.Second)
+	defer shutdown()
+
+	return app.httpServer.Shutdown(ctx)
+}
+
+func startServer(routerHandlers *mux.Router) *http.Server {
 	port := config.GetEnv("PORT")
-	app.httpServer = &http.Server{
+	server := &http.Server{
 		Addr:    ":" + port,
-		Handler: app.routerHandlers,
+		Handler: routerHandlers,
 	}
 
 	go func() {
-		if err := app.httpServer.ListenAndServe(); err != nil {
+		if err := server.ListenAndServe(); err != nil {
 			utils.LogError("Failed to listen and serve: %s", err.Error())
 			os.Exit(1)
 		}
 	}()
 
-	utils.LogInfo("Server started on port %s", port)
+	utils.LogInfo("[no-SSL] Server started on port %s", port)
 
-	quit := make(chan os.Signal, 1)
-	signal.Notify(quit, os.Interrupt, os.Interrupt)
+	return server
+}
 
-	<-quit
+func startServerWithSsl(routerHandlers *mux.Router) *http.Server {
+	port := config.GetEnv("PORT")
+	certFile := config.GetEnv("SSL_CERT_FILE")
+	keyFile := config.GetEnv("SSL_KEY_FILE")
 
-	ctx, shutdown := context.WithTimeout(context.Background(), 5*time.Second)
-	defer shutdown()
+	server := &http.Server{
+		Addr:    ":" + port,
+		Handler: routerHandlers,
+		TLSConfig: &tls.Config{
+			MinVersion: tls.VersionTLS12,
+		},
+	}
 
-	return app.httpServer.Shutdown(ctx)
+	go func() {
+		if err := server.ListenAndServeTLS(certFile, keyFile); err != nil {
+			utils.LogError("Failed to listen and serve: %s", err.Error())
+			os.Exit(1)
+		}
+	}()
+
+	utils.LogInfo("[SSL] Server started on port %s", port)
+
+	return server
 }
 
 func initRoutes(db *mongo.Database, coreHandler *core.CoreHandler) *mux.Router {