From 491ae13190121ead10704424ed1256d6362ba43b Mon Sep 17 00:00:00 2001
From: Roman Khimov <roman@nspcc.ru>
Date: Thu, 15 Apr 2021 17:12:24 +0300
Subject: [PATCH] app: add support for TLS key/cert options

Run in TLS mode if anything is specified.
---
 README.md   |  4 ++++
 app.go      | 13 +++++++++++--
 settings.go |  6 +++++-
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 34c04ad..5e5472d 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,8 @@ version      Show current version
       --request_timeout duration   gRPC request timeout (default 5s)
       --connect_timeout duration   gRPC connect timeout (default 30s)
       --listen_address string      HTTP gate's listen address (default "0.0.0.0:8082")
+      --tls_certificate string     TLS certificate path
+      --tls_key string             TLS key path
   -p, --peers stringArray          NeoFS nodes
 
 # Environments:
@@ -47,6 +49,8 @@ HTTP_GW_CONNECT_TIMEOUT=duration                 - Timeout for connection
 HTTP_GW_REQUEST_TIMEOUT=duration                 - Timeout for request
 HTTP_GW_REBALANCE_TIMER=duration                 - Time between connections checks
 HTTP_GW_LISTEN_ADDRESS=host:port                 - Address to listen connections
+HTTP_GW_TLS_CERTIFICATE=path                     - File with TLS certificate
+HTTP_GW_TLS_KEY=path                             - File with TLS private key
 HTTP_GW_PEERS_<X>_ADDRESS=host:port              - Address of NeoFS Node
 HTTP_GW_PEERS_<X>_WEIGHT=float                   - Weight of NeoFS Node (1 if not specified)
 HTTP_GW_PPROF=bool                               - Enable/disable pprof (/debug/pprof)
diff --git a/app.go b/app.go
index bafb90c..09d14bc 100644
--- a/app.go
+++ b/app.go
@@ -178,9 +178,18 @@ func (a *app) Serve(ctx context.Context) {
 		attachProfiler(r)
 	}
 	bind := a.cfg.GetString(cfgListenAddress)
-	a.log.Info("running web server", zap.String("address", bind))
+	tlsCertPath := a.cfg.GetString(cfgTLSCertificate)
+	tlsKeyPath := a.cfg.GetString(cfgTLSKey)
+
 	a.webServer.Handler = r.Handler
-	if err := a.webServer.ListenAndServe(bind); err != nil {
+	if tlsCertPath == "" && tlsKeyPath == "" {
+		a.log.Info("running web server", zap.String("address", bind))
+		err = a.webServer.ListenAndServe(bind)
+	} else {
+		a.log.Info("running web server (TLS-enabled)", zap.String("address", bind))
+		err = a.webServer.ListenAndServeTLS(bind, tlsCertPath, tlsKeyPath)
+	}
+	if err != nil {
 		a.log.Fatal("could not start server", zap.Error(err))
 	}
 }
diff --git a/settings.go b/settings.go
index 4e4dabb..ca27a17 100644
--- a/settings.go
+++ b/settings.go
@@ -26,7 +26,9 @@ const (
 	defaultKeepaliveTime    = 10 * time.Second
 	defaultKeepaliveTimeout = 10 * time.Second
 
-	cfgListenAddress = "listen_address"
+	cfgListenAddress  = "listen_address"
+	cfgTLSCertificate = "tls_certificate"
+	cfgTLSKey         = "tls_key"
 
 	// KeepAlive
 	cfgKeepaliveTime                = "keepalive.time"
@@ -112,6 +114,8 @@ func settings() *viper.Viper {
 	flags.Duration(cfgRebalance, defaultRebalanceTimer, "gRPC connection rebalance timer")
 
 	flags.String(cfgListenAddress, "0.0.0.0:8082", "address to listen")
+	flags.String(cfgTLSCertificate, "", "TLS certificate path")
+	flags.String(cfgTLSKey, "", "TLS key path")
 	peers := flags.StringArrayP(cfgPeers, "p", nil, "NeoFS nodes")
 
 	// set prefers: