From 502e146f92aa4066fe667276006c314808908c2e Mon Sep 17 00:00:00 2001
From: mikestefanello <mike.stefanello@gmail.com>
Date: Mon, 20 Dec 2021 12:33:14 -0500
Subject: [PATCH] Added HTTPS support.

---
 config/config.go |  5 +++++
 main.go          | 12 ++++++++++++
 routes/router.go | 15 +++++++++++----
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/config/config.go b/config/config.go
index 8bffad9..3077721 100644
--- a/config/config.go
+++ b/config/config.go
@@ -58,6 +58,11 @@ type (
 		ReadTimeout  time.Duration `env:"HTTP_READ_TIMEOUT,default=5s"`
 		WriteTimeout time.Duration `env:"HTTP_WRITE_TIMEOUT,default=10s"`
 		IdleTimeout  time.Duration `env:"HTTP_IDLE_TIMEOUT,default=2m"`
+		TLS          struct {
+			Enabled     bool   `env:"HTTP_TLS_ENABLED,default=false"`
+			Certificate string `env:"HTTP_TLS_CERTIFICATE"`
+			Key         string `env:"HTTP_TLS_KEY"`
+		}
 	}
 
 	// AppConfig stores application configuration
diff --git a/main.go b/main.go
index 4b385ef..0c67ef4 100644
--- a/main.go
+++ b/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"net/http"
 	"os"
@@ -34,6 +35,17 @@ func main() {
 			IdleTimeout:  c.Config.HTTP.IdleTimeout,
 		}
 
+		if c.Config.HTTP.TLS.Enabled {
+			certs, err := tls.LoadX509KeyPair(c.Config.HTTP.TLS.Certificate, c.Config.HTTP.TLS.Key)
+			if err != nil {
+				c.Web.Logger.Fatalf("cannot load TLS certificate: %v", err)
+			}
+
+			srv.TLSConfig = &tls.Config{
+				Certificates: []tls.Certificate{certs},
+			}
+		}
+
 		if err := c.Web.StartServer(&srv); err != http.ErrServerClosed {
 			c.Web.Logger.Fatalf("shutting down the server: v", err)
 		}
diff --git a/routes/router.go b/routes/router.go
index 4603d5d..c568c7f 100644
--- a/routes/router.go
+++ b/routes/router.go
@@ -37,8 +37,15 @@ func BuildRouter(c *services.Container) {
 	c.Web.Group("", middleware.CacheControl(c.Config.Cache.Expiration.StaticFile)).
 		Static(config.StaticPrefix, config.StaticDir)
 
-	// Middleware
-	g := c.Web.Group("",
+	// Non static file route group
+	g := c.Web.Group("")
+
+	// Force HTTPS, if enabled
+	if c.Config.HTTP.TLS.Enabled {
+		g.Use(echomw.HTTPSRedirect())
+	}
+
+	g.Use(
 		echomw.RemoveTrailingSlashWithConfig(echomw.TrailingSlashConfig{
 			RedirectCode: http.StatusMovedPermanently,
 		}),
@@ -51,12 +58,12 @@ func BuildRouter(c *services.Container) {
 		echomw.TimeoutWithConfig(echomw.TimeoutConfig{
 			Timeout: c.Config.App.Timeout,
 		}),
-		middleware.ServeCachedPage(c.Cache),
 		session.Middleware(sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))),
+		middleware.LoadAuthenticatedUser(c.Auth),
+		middleware.ServeCachedPage(c.Cache),
 		echomw.CSRFWithConfig(echomw.CSRFConfig{
 			TokenLookup: "form:csrf",
 		}),
-		middleware.LoadAuthenticatedUser(c.Auth),
 	)
 
 	// Base controller