From 10eff7aea8a25f31a91c57706d639d41ad635c5d Mon Sep 17 00:00:00 2001
From: caoyingjunz <cao.yingjunz@gmail.com>
Date: Mon, 16 Dec 2024 21:34:00 +0800
Subject: [PATCH] Add tls completed (#560)

---
 cmd/app/config/config.go | 25 +++++++++++++++++++++++++
 cmd/app/server.go        | 11 +++++++++--
 config.yaml              |  4 ++++
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/cmd/app/config/config.go b/cmd/app/config/config.go
index e9c6d00a..61623469 100644
--- a/cmd/app/config/config.go
+++ b/cmd/app/config/config.go
@@ -17,6 +17,8 @@ limitations under the License.
 package config
 
 import (
+	"fmt"
+
 	"github.com/caoyingjunz/pixiu/pkg/jobmanager"
 	logutil "github.com/caoyingjunz/pixiu/pkg/util/log"
 )
@@ -37,6 +39,7 @@ type Config struct {
 	Mysql   MysqlOptions            `yaml:"mysql"`
 	Worker  WorkerOptions           `yaml:"worker"`
 	Audit   jobmanager.AuditOptions `yaml:"audit"`
+	TLS     *TLS                    `yaml:"tls"`
 }
 
 type DefaultOptions struct {
@@ -86,6 +89,25 @@ func (w WorkerOptions) Valid() error {
 	return nil
 }
 
+type TLS struct {
+	CertFile string `yaml:"cert_file"`
+	KeyFile  string `yaml:"key_file"`
+}
+
+func (t *TLS) Valid() error {
+	if t != nil {
+		if len(t.CertFile) == 0 {
+			return fmt.Errorf("listen on tls, no cert_file found")
+		}
+
+		if len(t.KeyFile) == 0 {
+			return fmt.Errorf("listen on tls, no key_file found")
+		}
+	}
+
+	return nil
+}
+
 func (c *Config) Valid() (err error) {
 	if err = c.Default.Valid(); err != nil {
 		return
@@ -96,6 +118,9 @@ func (c *Config) Valid() (err error) {
 	if err = c.Worker.Valid(); err != nil {
 		return
 	}
+	if err = c.TLS.Valid(); err != nil {
+		return err
+	}
 
 	return
 }
diff --git a/cmd/app/server.go b/cmd/app/server.go
index 50cf0ec9..08c17dfc 100644
--- a/cmd/app/server.go
+++ b/cmd/app/server.go
@@ -101,8 +101,15 @@ func Run(opt *options.Options) error {
 
 	// Initializing the server in a goroutine so that it won't block the graceful shutdown handling below
 	go func() {
-		klog.Info("starting pixiu server")
-		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		var err error
+		if opt.ComponentConfig.TLS != nil {
+			klog.Info("starting pixiu server with TLS")
+			err = srv.ListenAndServeTLS(opt.ComponentConfig.TLS.CertFile, opt.ComponentConfig.TLS.KeyFile)
+		} else {
+			klog.Info("starting pixiu server with no TLS")
+			err = srv.ListenAndServe()
+		}
+		if err != nil && err != http.ErrServerClosed {
 			klog.Fatal("failed to listen pixiu server: ", err)
 		}
 	}()
diff --git a/config.yaml b/config.yaml
index ab9aacc5..fa921d45 100644
--- a/config.yaml
+++ b/config.yaml
@@ -11,6 +11,10 @@ default:
   log_format: json
   log_level: info
 
+#tls:
+#  cert_file: test.pem
+#  key_file: test.key
+
 # 数据库地址信息
 mysql:
   host: peng