Only serve over HTTPS, optionally auto-generating certificates

Because MoneyGo requires sending passwords and session cookies, we should never serve over HTTP. While we're at it, make it more convenient for folks to test this out by adding a config option to auto-generate self-signed certificates.
2025-11-03 18:13:27 -05:00 · 2017-12-05 20:56:57 -05:00
parent 1dc57dc761
commit 147a00e429
5 changed files with 71 additions and 15 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -55,8 +55,16 @@ type MoneyGo struct {
 	DSN     string `gcfg:"db-dsn"`         // 'Data Source Name' for database connection
 }

+type Https struct {
+	CertFile           string `gcfg:"cert-file"`
+	KeyFile            string `gcfg:"key-file"`
+	GenerateCerts      bool   `gcfg:"generate-certs-if-absent"` // Generate certificates if missing
+	GenerateCertsHosts string `gcfg:"generate-certs-hosts"`     // Hostnames to generate certificates for if missing and GenerateCerts==true
+}
+
 type Config struct {
 	MoneyGo MoneyGo
+	Https   Https
 }

 func ReadConfig(filename string) (*Config, error) {
@@ -68,6 +76,12 @@ func ReadConfig(filename string) (*Config, error) {
 			DBType:  SQLite,
 			DSN:     "file:moneygo.sqlite?cache=shared&mode=rwc",
 		},
+		Https: Https{
+			CertFile:           "./cert.pem",
+			KeyFile:            "./key.pem",
+			GenerateCerts:      false,
+			GenerateCertsHosts: "localhost",
+		},
 	}

 	err := gcfg.ReadFileInto(&cfg, filename)