Only serve over HTTPS, optionally auto-generating certificates

Because MoneyGo requires sending passwords and session cookies, we should never serve over HTTP. While we're at it, make it more convenient for folks to test this out by adding a config option to auto-generate self-signed certificates.
2025-07-03 20:58:39 -04:00 · 2017-12-05 20:56:57 -05:00
parent 1dc57dc761
commit 147a00e429
5 changed files with 71 additions and 15 deletions
--- a/main.go
+++ b/main.go
@ -8,6 +8,7 @@ import (
 	"github.com/aclindsa/moneygo/internal/config"
 	"github.com/aclindsa/moneygo/internal/db"
 	"github.com/aclindsa/moneygo/internal/handlers"
+	"github.com/kabukky/httpscerts"
 	"log"
 	"net"
 	"net/http"
@ -89,10 +90,24 @@ func main() {
 		log.Fatal(err)
 	}

-	log.Printf("Serving on port %d out of directory: %s", cfg.MoneyGo.Port, cfg.MoneyGo.Basedir)
 	if cfg.MoneyGo.Fcgi {
+		log.Printf("Serving via FCGI on port %d out of directory: %s", cfg.MoneyGo.Port, cfg.MoneyGo.Basedir)
 		fcgi.Serve(listener, servemux)
 	} else {
-		http.Serve(listener, servemux)
+		cert := cfg.Https.CertFile
+		key := cfg.Https.KeyFile
+
+		if err := httpscerts.Check(cert, key); err != nil {
+			if !cfg.Https.GenerateCerts {
+				log.Fatalf("HTTPS certficates not found at '%s' and '%s'. If you would like for them to be auto-generated for you, specify 'generate-certs-if-absent = true' in your config file at '%s'", cert, key, configFile)
+			}
+
+			err = httpscerts.Generate(cert, key, cfg.Https.GenerateCertsHosts)
+			if err != nil {
+				log.Fatalf("Error: Generating HTTPS cert/key at '%s' and '%s' failed: %s", cert, key, err)
+			}
+		}
+		log.Printf("Serving via HTTPS on port %d out of directory: %s", cfg.MoneyGo.Port, cfg.MoneyGo.Basedir)
+		http.ServeTLS(listener, servemux, cert, key)
 	}
 }