From 1f490362365db30b509a6cbfbf1a60fb2715917b Mon Sep 17 00:00:00 2001
From: Chris Gianelloni <wolf31o2@blinklabs.io>
Date: Mon, 2 Sep 2024 22:47:36 -0400
Subject: [PATCH] feat: listen with tls when configured

Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>
---
 internal/api/api.go       | 16 ++++++++++++----
 internal/config/config.go |  6 ++++++
 internal/utxorpc/api.go   | 21 +++++++++++++++------
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/internal/api/api.go b/internal/api/api.go
index 7da7607..b39f250 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -104,10 +104,18 @@ func Start(cfg *config.Config) error {
 	}()
 
 	// Start API listener
-	err := router.Run(fmt.Sprintf("%s:%d",
-		cfg.Api.ListenAddress,
-		cfg.Api.ListenPort))
-	return err
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		err := router.RunTLS(fmt.Sprintf("%s:%d", cfg.Api.ListenAddress, cfg.Api.ListenPort),
+			cfg.Tls.CertFilePath,
+			cfg.Tls.KeyFilePath,
+		)
+		return err
+	} else {
+		err := router.Run(fmt.Sprintf("%s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort))
+		return err
+	}
 }
 
 type responseApiError struct {
diff --git a/internal/config/config.go b/internal/config/config.go
index 36c52db..ad0f374 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -29,6 +29,7 @@ type Config struct {
 	Metrics MetricsConfig `yaml:"metrics"`
 	Debug   DebugConfig   `yaml:"debug"`
 	Node    NodeConfig    `yaml:"node"`
+	Tls     TlsConfig     `yaml:"tls"`
 	Utxorpc UtxorpcConfig `yaml:"utxorpc"`
 }
 
@@ -67,6 +68,11 @@ type UtxorpcConfig struct {
 	ListenPort    uint   `yaml:"port"    envconfig:"GRPC_LISTEN_PORT"`
 }
 
+type TlsConfig struct {
+	CertFilePath string `yaml:"certFilePath" envconfig:"TLS_CERT_FILE_PATH"`
+	KeyFilePath  string `yaml:"keyFilePath"  envconfig:"TLS_KEY_FILE_PATH"`
+}
+
 // Singleton config instance with default values
 var globalConfig = &Config{
 	Logging: LoggingConfig{
diff --git a/internal/utxorpc/api.go b/internal/utxorpc/api.go
index 58eb74b..8cdc52a 100644
--- a/internal/utxorpc/api.go
+++ b/internal/utxorpc/api.go
@@ -46,10 +46,19 @@ func Start(cfg *config.Config) error {
 	mux.Handle(submitPath, submitHandler)
 	mux.Handle(syncPath, syncHandler)
 	mux.Handle(watchPath, watchHandler)
-	err := http.ListenAndServe(
-		fmt.Sprintf("%s:%d", cfg.Utxorpc.ListenAddress, cfg.Utxorpc.ListenPort),
-		// Use h2c so we can serve HTTP/2 without TLS
-		h2c.NewHandler(mux, &http2.Server{}),
-	)
-	return err
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		err := http.ListenAndServeTLS(fmt.Sprintf("%s:%d", cfg.Utxorpc.ListenAddress, cfg.Utxorpc.ListenPort),
+			cfg.Tls.CertFilePath,
+			cfg.Tls.KeyFilePath,
+			nil,
+		)
+		return err
+	} else {
+		err := http.ListenAndServe(
+			fmt.Sprintf("%s:%d", cfg.Utxorpc.ListenAddress, cfg.Utxorpc.ListenPort),
+			// Use h2c so we can serve HTTP/2 without TLS
+			h2c.NewHandler(mux, &http2.Server{}),
+		)
+		return err
+	}
 }