feat: add autocert

README.md

@@ -2,13 +2,13 @@
 
 ## Features
 
-| Package   | Examples        | Use Case                   |
-| --------- | --------------- | -------------------------- |
-| api       | http            | build gateway servers      |
-| client    | grpc            | synchronous communication  |
-| runtime   | kubernetes      | service info               |
-| security  | jwts, nacl, TBD | tokens, secrets, and certs |
-| server    | grpc            | build backend servers      |
-| store     | cockroach       | data persistence           |
-| streams   | custom          | asynchronous communication |
-| telemetry | memory          | logs, metrics, and traces  |
+| Package   | Examples             | Use Case                   |
+| --------- | -------------------- | -------------------------- |
+| api       | http                 | build gateway servers      |
+| client    | grpc                 | synchronous communication  |
+| runtime   | kubernetes           | service info               |
+| security  | jwts, nacl, autocert | tokens, secrets, and certs |
+| server    | grpc                 | build backend servers      |
+| store     | cockroach            | data persistence           |
+| streams   | custom               | asynchronous communication |
+| telemetry | memory               | logs, metrics, and traces  |

api/httpapi/http_api.go

@@ -53,8 +53,17 @@ func (a *httpApi) String() string {
 }
 
 func (a *httpApi) start() error {
-	// TODO: tls
-	listener, err := net.Listen("tcp", a.options.Address)
+	var listener net.Listener
+
+	var err error
+
+	if a.options.EnableTLS && a.options.CertProvider != nil {
+		// should we check the address to make sure it's :443?
+		listener, err = a.options.CertProvider.Listener(a.options.Hosts...)
+	} else {
+		listener, err = net.Listen("tcp", a.options.Address)
+	}
+
 	if err != nil {
 		return err
 	}

api/options.go

@@ -1,6 +1,10 @@
 package api
 
-import "context"
+import (
+	"context"
+
+	"github.com/w-h-a/pkg/security/cert"
+)
 
 type ApiOption func(o *ApiOptions)
 
@@ -9,6 +13,9 @@ type ApiOptions struct {
 	Name            string
 	Version         string
 	Address         string
+	EnableTLS       bool
+	CertProvider    cert.CertProvider
+	Hosts           []string
 	HandlerWrappers []HandlerWrapper
 	Context         context.Context
 }
@@ -37,6 +44,24 @@ func ApiWithAddress(addr string) ApiOption {
 	}
 }
 
+func ApiWithTLS() ApiOption {
+	return func(o *ApiOptions) {
+		o.EnableTLS = true
+	}
+}
+
+func ApiWithCertProvider(p cert.CertProvider) ApiOption {
+	return func(o *ApiOptions) {
+		o.CertProvider = p
+	}
+}
+
+func ApiWithHosts(hs ...string) ApiOption {
+	return func(o *ApiOptions) {
+		o.Hosts = hs
+	}
+}
+
 func WrapHandler(w HandlerWrapper) ApiOption {
 	return func(o *ApiOptions) {
 		o.HandlerWrappers = append(o.HandlerWrappers, w)

api/utils.go

@@ -0,0 +1,11 @@
+package api
+
+import "strings"
+
+func Hosts(commaHosts string) []string {
+	hosts := []string{}
+
+	hosts = append(hosts, strings.Split(commaHosts, ",")...)
+
+	return hosts
+}

go.mod

@@ -9,6 +9,7 @@ require (
 	github.com/lib/pq v1.10.9
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.9.0
+	golang.org/x/crypto v0.21.0
 	google.golang.org/grpc v1.64.0
 	google.golang.org/protobuf v1.33.0
 )

go.sum

@@ -18,6 +18,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=

security/cert/autocert/autocert.go

@@ -0,0 +1,34 @@
+package autocert
+
+import (
+	"net"
+
+	"github.com/w-h-a/pkg/security/cert"
+	goautocert "golang.org/x/crypto/acme/autocert"
+)
+
+type autocertProvider struct {
+	options cert.CertOptions
+}
+
+func (c *autocertProvider) Options() cert.CertOptions {
+	return c.options
+}
+
+func (c *autocertProvider) Listener(hosts ...string) (net.Listener, error) {
+	return goautocert.NewListener(hosts...), nil
+}
+
+func (c *autocertProvider) String() string {
+	return "autocert"
+}
+
+func NewCertProvider(opts ...cert.CertOption) cert.CertProvider {
+	options := cert.NewCertOptions(opts...)
+
+	a := &autocertProvider{
+		options: options,
+	}
+
+	return a
+}

security/cert/cert.go

@@ -0,0 +1,9 @@
+package cert
+
+import "net"
+
+type CertProvider interface {
+	Options() CertOptions
+	Listener(domains ...string) (net.Listener, error)
+	String() string
+}

security/cert/options.go

@@ -0,0 +1,21 @@
+package cert
+
+import "context"
+
+type CertOption func(o *CertOptions)
+
+type CertOptions struct {
+	Context context.Context
+}
+
+func NewCertOptions(opts ...CertOption) CertOptions {
+	options := CertOptions{
+		Context: context.Background(),
+	}
+
+	for _, fn := range opts {
+		fn(&options)
+	}
+
+	return options
+}