From 70d92c2d5ee06c221fdaa3c1df44e03530322b8b Mon Sep 17 00:00:00 2001
From: Marc Di Luzio <marc.diluzio@gmail.com>
Date: Sun, 26 Jul 2020 23:10:39 +0100
Subject: [PATCH] Add TLS to gRPC

---
 cmd/rove-server/internal/server.go      | 20 +++++++++++++++++++-
 cmd/rove-server/internal/server_test.go |  3 +++
 docker-compose-test.yml                 |  1 +
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/cmd/rove-server/internal/server.go b/cmd/rove-server/internal/server.go
index e32f64a..4969687 100644
--- a/cmd/rove-server/internal/server.go
+++ b/cmd/rove-server/internal/server.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"os"
+	"path"
 	"sync"
 
 	"github.com/mdiluz/rove/pkg/persistence"
@@ -11,9 +13,12 @@ import (
 	"github.com/mdiluz/rove/proto/roveapi"
 	"github.com/robfig/cron"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/reflection"
 )
 
+var cert = os.Getenv("CERT_NAME")
+
 const (
 	// PersistentData will allow the server to load and save it's state
 	PersistentData = iota
@@ -104,7 +109,20 @@ func (s *Server) Initialise(fillWorld bool) (err error) {
 	if err != nil {
 		log.Fatalf("failed to listen: %v", err)
 	}
-	s.grpcServ = grpc.NewServer()
+
+	// Load TLS
+	var opts []grpc.ServerOption
+	if len(os.Getenv("NO_TLS")) == 0 {
+		pem := path.Join("/etc/letsencrypt/live/", cert, "cert.pem")
+		key := path.Join("/etc/letsencrypt/live/", cert, "privkey.pem")
+		creds, err := credentials.NewServerTLSFromFile(pem, key)
+		if err != nil {
+			log.Fatalf("failed to setup TLS: %v", err)
+		}
+		opts = append(opts, grpc.Creds(creds))
+	}
+
+	s.grpcServ = grpc.NewServer(opts...)
 	roveapi.RegisterRoveServer(s.grpcServ, s)
 	reflection.Register(s.grpcServ)
 
diff --git a/cmd/rove-server/internal/server_test.go b/cmd/rove-server/internal/server_test.go
index 36db679..40d4b80 100644
--- a/cmd/rove-server/internal/server_test.go
+++ b/cmd/rove-server/internal/server_test.go
@@ -1,6 +1,7 @@
 package internal
 
 import (
+	"os"
 	"testing"
 )
 
@@ -30,6 +31,7 @@ func TestNewServer_OptionPersistentData(t *testing.T) {
 }
 
 func TestServer_Run(t *testing.T) {
+	os.Setenv("NO_TLS", "1")
 	server := NewServer()
 	if server == nil {
 		t.Error("Failed to create server")
@@ -45,6 +47,7 @@ func TestServer_Run(t *testing.T) {
 }
 
 func TestServer_RunPersistentData(t *testing.T) {
+	os.Setenv("NO_TLS", "1")
 	server := NewServer(OptionPersistentData())
 	if server == nil {
 		t.Error("Failed to create server")
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 64a71a8..aec8cee 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -13,6 +13,7 @@ services:
       - DATA_PATH=/tmp/
       - WORDS_FILE=data/words_alpha.txt
       - TICK_RATE=10
+      - NO_TLS=1
     command: [ "./rove-server"]
 
   rove-tests: