Skip to content

Commit

Permalink
cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
metachris committed Nov 25, 2024
1 parent 3d3a29b commit d5ee413
Show file tree
Hide file tree
Showing 6 changed files with 68 additions and 11 deletions.
1 change: 0 additions & 1 deletion cmd/system-api/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,6 @@ func runCli(cCtx *cli.Context) (err error) {
// Setup and start the server (in the background)
server, err := systemapi.NewServer(log, config)
if err != nil {
log.Error("Error creating server", "err", err)
return err
}
go server.Start()
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ toolchain go1.23.1

require (
github.com/ethereum/go-ethereum v1.14.9
github.com/flashbots/go-utils v0.8.2
github.com/go-chi/chi/v5 v5.1.0
github.com/go-chi/httplog/v2 v2.1.1
github.com/pelletier/go-toml/v2 v2.2.3
Expand All @@ -18,7 +19,6 @@ require (
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/flashbots/go-utils v0.8.2 // indirect
github.com/holiman/uint256 v1.3.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
Expand Down
3 changes: 2 additions & 1 deletion systemapi-config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,10 @@ basic_auth_secret_salt = "D;%yL9TS:5PalS/d" # use a random string for the s

# TLS configuration
tls_enabled = true
tls_create_if_missing = true
tls_cert_path = "cert.pem"
tls_key_path = "key.pem"
tls_create_if_missing = true
tls_hosts = ["localhost", ""]

[actions]
echo_test = "echo test"
Expand Down
9 changes: 5 additions & 4 deletions systemapi/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,11 @@ type systemAPIConfigGeneral struct {
HTTPReadTimeoutMillis int `toml:"http_read_timeout_ms"`
HTTPWriteTimeoutMillis int `toml:"http_write_timeout_ms"`

TLSEnabled bool `toml:"tls_enabled"`
TLSCertPath string `toml:"tls_cert_path"`
TLSKeyPath string `toml:"tls_key_path"`
TLSCreateIfMissing bool `toml:"tls_create_if_missing"`
TLSEnabled bool `toml:"tls_enabled"`
TLSCertPath string `toml:"tls_cert_path"`
TLSKeyPath string `toml:"tls_key_path"`
TLSCreateIfMissing bool `toml:"tls_create_if_missing"`
TLSHosts []string `toml:"tls_hosts"`
}

type SystemAPIConfig struct {
Expand Down
12 changes: 11 additions & 1 deletion systemapi/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,9 @@ func NewServer(log *httplog.Logger, cfg *SystemAPIConfig) (server *Server, err e

// Load or create TLS certificate
if cfg.General.TLSEnabled {
err = server.loadOrCreateTLSCert()
err = server.createTLSCertIfNotExists()
if err != nil {
server.log.Error("Failed to create TLS certificate", "err", err)
return nil, err
}
}
Expand Down Expand Up @@ -190,6 +191,15 @@ func (s *Server) readPipeInBackground() {

func (s *Server) Start() {
s.log.Info("Starting HTTP server", "listenAddress", s.cfg.General.ListenAddr)

if s.cfg.General.TLSEnabled {
s.log.Info("TLS enabled", "cert", s.cfg.General.TLSCertPath, "key", s.cfg.General.TLSKeyPath)
if err := s.srv.ListenAndServeTLS(s.cfg.General.TLSCertPath, s.cfg.General.TLSKeyPath); err != nil && !errors.Is(err, http.ErrServerClosed) {
s.log.Error("HTTP server failed", "err", err)
}
return
}

if err := s.srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
s.log.Error("HTTP server failed", "err", err)
}
Expand Down
52 changes: 49 additions & 3 deletions systemapi/tls.go
Original file line number Diff line number Diff line change
@@ -1,12 +1,58 @@
package systemapi

import (
"errors"
"os"
"time"

"github.com/flashbots/go-utils/tls"
)

func (s *Server) loadOrCreateTLSCert() error {
_, _, err := tls.GenerateTLS(time.Hour*24*365, []string{})
return err
// createTLSCertIfNotExists created a cert and key file if it doesn't exist yet
func (s *Server) createTLSCertIfNotExists() error {
log := s.log.With("cert", s.cfg.General.TLSCertPath, "key", s.cfg.General.TLSKeyPath)
_, err1 := os.Stat(s.cfg.General.TLSCertPath)
if err1 != nil && !os.IsNotExist(err1) {
return err1
}

_, err2 := os.Stat(s.cfg.General.TLSKeyPath)
if err2 != nil && !os.IsNotExist(err2) {
return err2
}

certFileExists := err1 == nil
keyFileExists := err2 == nil
if certFileExists && keyFileExists {
// Files exist, use them
log.Info("TLS cert and key found, using them")
return nil
} else if certFileExists || keyFileExists {
// Only one of the files exist, should not happen
return errors.New("both TLS cert and key files are required, but only one exists")
}

// Files do not exist, should create them
if !s.cfg.General.TLSCreateIfMissing {
return errors.New("TLS cert and key files do not exist, but config is set to not create them")
}

// Create them
cert, key, err := tls.GenerateTLS(time.Hour*24*365, s.cfg.General.TLSHosts)
if err != nil {
return err
}

err = os.WriteFile(s.cfg.General.TLSCertPath, cert, 0o600)
if err != nil {
return err
}

err = os.WriteFile(s.cfg.General.TLSKeyPath, key, 0o600)
if err != nil {
return err
}

log.With("hosts", s.cfg.General.TLSHosts).Info("TLS cert and key files created")
return nil
}

0 comments on commit d5ee413

Please sign in to comment.