feat: add ssl support

.env.dev

@@ -1,4 +1,5 @@
-APP_HOST=http://localhost
+APP_HOST=https://localhost
+APP_DOMAIN=localhost
 
 DATABASE_HOST=redis
 DATABASE_PORT=6379

.gitignore

@@ -24,3 +24,6 @@ go.work.sum
 
 # env file
 .env.prod
+
+# SSL certs
+certs/

Makefile

@@ -0,0 +1,2 @@
+cert:
+	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout certs/localhost.key -out certs/localhost.crt -subj "/C=CA/ST=Newfoundland/L=St. John\'s/O=Dorian Neto/OU=Development/CN=localhost/emailAddress=doriansampaioneto@gmail.com"

docker-compose.yaml

@@ -7,6 +7,7 @@ services:
       - APP_ENV=dev
     ports:
       - 80:80
+      - 443:443
     volumes:
       - ./:/app
   redis:

go.mod

@@ -13,4 +13,6 @@ require (
 require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 )

go.sum

@@ -16,3 +16,7 @@ github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0
 github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
 golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
 golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=

main.go

@@ -1,15 +1,36 @@
 package main
 
 import (
+	"crypto/tls"
+	"fmt"
 	"log/slog"
 	"net/http"
 	"os"
+	"path/filepath"
 
 	"github.com/dorianneto/burn-secret/cmd/api"
 	"github.com/dorianneto/burn-secret/internal"
 	"github.com/joho/godotenv"
+	"golang.org/x/crypto/acme/autocert"
 )
 
+func getSelfSignedOrLetsEncryptCert(certManager *autocert.Manager) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+		dirCache, ok := certManager.Cache.(autocert.DirCache)
+		if !ok {
+			dirCache = "certs"
+		}
+
+		keyFile := filepath.Join(string(dirCache), hello.ServerName+".key")
+		crtFile := filepath.Join(string(dirCache), hello.ServerName+".crt")
+		certificate, err := tls.LoadX509KeyPair(crtFile, keyFile)
+		if err != nil {
+			return certManager.GetCertificate(hello)
+		}
+		return &certificate, err
+	}
+}
+
 func main() {
 	godotenv.Load(".env." + os.Getenv("APP_ENV"))
 
@@ -21,9 +42,26 @@ func main() {
 
 	app := api.NewApp(logger, database)
 
-	logger.Info("server running on port :80")
+	certManager := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist(os.Getenv("APP_DOMAIN")),
+		Cache:      autocert.DirCache("certs"),
+	}
+
+	tlsConfig := certManager.TLSConfig()
+	tlsConfig.GetCertificate = getSelfSignedOrLetsEncryptCert(&certManager)
+
+	server := http.Server{
+		Addr:      ":443",
+		Handler:   app.Routes(),
+		TLSConfig: tlsConfig,
+	}
+
+	logger.Info(fmt.Sprintf("server running on port :%s", server.Addr))
+
+	go http.ListenAndServe(":80", certManager.HTTPHandler(nil))
 
-	if err := http.ListenAndServe(":80", app.Routes()); err != nil {
+	if err := server.ListenAndServeTLS("certs/localhost.crt", "certs/localhost.key"); err != nil {
 		logger.Error(err.Error())
 		os.Exit(1)
 	}