built-in https now

r2dev2 · r2dev2 · commit 822f6169559b · 2024-07-10T22:11:38.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,6 @@ Cargo.lock
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
+
+# HTTPS creds
+keys/
diff --git a/Cargo.toml b/Cargo.toml
@@ -6,7 +6,9 @@ edition = "2018"
 
 [dependencies]
 actix-rt = "1.0.0"
-actix-web = "2.0.0"
+actix-web = { version = "2.0.0", features = ["openssl"] }
+openssl = { version = "0.10", features = ["vendored"] }
+chrono = { version = "= 0.4.29" }
 env_logger = "0.7"
 futures = "0.3.1"
 tokio = { version="0.2", features=["full"] }
diff --git a/src/main.rs b/src/main.rs
@@ -19,6 +19,7 @@ use actix_web::web::{Bytes, Data, Path};
 use actix_web::{get, post, web, App, Error, HttpResponse, HttpServer, Responder};
 use clap::{crate_version, clap_app};
 use futures::Stream;
+use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
 use serde::{Deserialize, Serialize};
 use tokio::sync::broadcast::{channel, Receiver, Sender};
 use tokio::time::{interval_at, Instant};
@@ -34,25 +35,42 @@ async fn main() -> std::io::Result<()> {
         (about: "A sse-based pubsub with different channels")
         (@arg HOST: --host +takes_value "Address to host on")
         (@arg PORT: --port +takes_value "Port to host on")
+        (@arg KEY: --key +takes_value "SSL Private Key file")
+        (@arg CERT: --cert +takes_value "Certificate file")
     ).get_matches();
 
     let data = BroadcasterMap::create();
 
 
-    HttpServer::new(move || {
+    let server = HttpServer::new(move || {
         App::new()
             .wrap(Cors::new().finish())
             .app_data(data.clone())
             .service(index)
             .service(new_client)
             .service(broadcast)
-    })
-    .bind(format!("{}:{}",
+    });
+    let host = format!("{}:{}",
             matches.value_of("HOST").unwrap_or("127.0.0.1"),
-            matches.value_of("PORT").unwrap_or("8080")))?
-    .maxconn(500000)
-    .run()
-    .await
+            matches.value_of("PORT").unwrap_or("8080"));
+
+    let server = match (matches.value_of("KEY"), matches.value_of("CERT")) {
+        (Some(keyfile), Some(certfile)) => {
+            let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+            builder
+                .set_private_key_file(keyfile, SslFiletype::PEM)
+                .expect("Invalid private key provided");
+            builder.set_certificate_chain_file(certfile).expect("Invalid certificate provided");
+            server.bind_openssl(host, builder)
+        },
+        _ => server.bind(host)
+    };
+
+    server
+        .expect("Failed to bind")
+        .maxconn(500000)
+        .run()
+        .await
 }
 
 #[get("/")]
