From b62a807f89c3c9d46c199fcc6be8b41036c79e31 Mon Sep 17 00:00:00 2001
From: Julien Riou <julien@riou.xyz>
Date: Fri, 19 Sep 2025 07:12:21 +0200
Subject: [PATCH] feat: Add HTTPS support

Fixes #19.

Signed-off-by: Julien Riou <julien@riou.xyz>
---
 src/cmd/collerd/README.md |  2 ++
 src/server/config.go      |  6 ++++++
 src/server/server.go      | 13 ++++++++++---
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/cmd/collerd/README.md b/src/cmd/collerd/README.md
index d99a273..114604e 100644
--- a/src/cmd/collerd/README.md
+++ b/src/cmd/collerd/README.md
@@ -34,6 +34,8 @@ The file format is **JSON**:
 * **languages** ([]string): List of supported [languages](https://github.com/microsoft/monaco-editor/tree/main/src/basic-languages)
 * **language** (string): Default language (default "text")
 * **enable_upload_file_button** (bool): Display the upload file button in the UI (default true)
+* **tls_cert_file** (string): Path to TLS certificate file to enable HTTPS
+* **tls_key_file** (string): Path to TLS key file to enable HTTPS
 
 The configuration file is not required but the service might not be exposed to the public.
 
diff --git a/src/server/config.go b/src/server/config.go
index 8ba51ca..060f693 100644
--- a/src/server/config.go
+++ b/src/server/config.go
@@ -26,6 +26,8 @@ type Config struct {
 	Languages              []string `json:"languages"`
 	Language               string   `json:"language"`
 	EnableUploadFileButton bool     `json:"enable_upload_file_button"`
+	TLSCertFile            string   `json:"tls_cert_file"`
+	TLSKeyFile             string   `json:"tls_key_file"`
 }
 
 func NewConfig() *Config {
@@ -94,3 +96,7 @@ func (c *Config) Check() error {
 	}
 	return nil
 }
+
+func (c *Config) HasTLS() bool {
+	return c.TLSCertFile != "" && c.TLSKeyFile != ""
+}
diff --git a/src/server/server.go b/src/server/server.go
index 703714d..26f8e75 100644
--- a/src/server/server.go
+++ b/src/server/server.go
@@ -13,9 +13,10 @@ import (
 	"strconv"
 	"strings"
 
-	"git.riou.xyz/jriou/coller/internal"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+
+	"git.riou.xyz/jriou/coller/internal"
 )
 
 var passwordLength = internal.MIN_PASSWORD_LENGTH
@@ -472,6 +473,12 @@ func (s *Server) Start() error {
 	r.Path("/").Handler(&HomeHandler{Templates: templates, PageData: p}).Methods("GET")
 
 	addr := fmt.Sprintf("%s:%d", s.config.ListenAddress, s.config.ListenPort)
-	s.logger.Info(fmt.Sprintf("listening to %s:%d", s.config.ListenAddress, s.config.ListenPort))
-	return http.ListenAndServe(addr, r)
+
+	if s.config.HasTLS() {
+		s.logger.Info(fmt.Sprintf("listening to %s:%d (https)", s.config.ListenAddress, s.config.ListenPort))
+		return http.ListenAndServeTLS(addr, s.config.TLSCertFile, s.config.TLSKeyFile, r)
+	} else {
+		s.logger.Info(fmt.Sprintf("listening to %s:%d (http)", s.config.ListenAddress, s.config.ListenPort))
+		return http.ListenAndServe(addr, r)
+	}
 }