Added basic TLS support

Using -key and -cert CLI optins. Signed-off-by: Andrea Barberio <[email protected]>
insomniacslk · May 5, 2020 · 299611e · 299611e
1 parent e38b1e9
commit 299611e
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 7 deletions.
diff --git a/irc_context.go b/irc_context.go
@@ -20,7 +20,7 @@ type SlackPostMessage struct {
 
 // IrcContext holds the client context information
 type IrcContext struct {
-	Conn *net.TCPConn
+	Conn net.Conn
 	User *slack.User
 	// TODO make RealName a function
 	RealName          string

diff --git a/main.go b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"io/ioutil"
@@ -32,6 +33,8 @@ var (
 	logLevel             = flag.String("L", "info", fmt.Sprintf("Log level. One of %v", getLogLevels()))
 	flagSlackDebug       = flag.Bool("D", false, "Enable debug logging of the Slack API")
 	flagPagination       = flag.Int("P", 0, "Pagination value for API calls. If 0 or unspecified, use the recommended default (currently 200). Larger values can help on large Slack teams")
+	flagKey              = flag.String("key", "", "TLS key for HTTPS server. Requires -cert")
+	flagCert             = flag.String("cert", "", "TLS certificate for HTTPS server. Requires -key")
 )
 
 var log = logger.GetLogger("main")
@@ -81,6 +84,21 @@ func main() {
 			log.Fatalf("Missing or invalid download directory: %s", *fileDownloadLocation)
 		}
 	}
+	doTLS := false
+	if *flagKey != "" && *flagCert != "" {
+		doTLS = true
+	}
+	var tlsConfig *tls.Config
+	if doTLS {
+		if *flagKey == "" || *flagCert == "" {
+			log.Fatalf("-key and -cert must be specified together")
+		}
+		cert, err := tls.LoadX509KeyPair(*flagCert, *flagKey)
+		if err != nil {
+			log.Fatalf("Failed to load TLS key/cert: %v", err)
+		}
+		tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}}
+	}
 	server := Server{
 		LocalAddr:            &localAddr,
 		Name:                 sName,
@@ -89,6 +107,7 @@ func main() {
 		FileProxyPrefix:      *fileProxyPrefix,
 		SlackDebug:           *flagSlackDebug,
 		Pagination:           *flagPagination,
+		TLSConfig:            tlsConfig,
 	}
 	if err := server.Start(); err != nil {
 		log.Fatal(err)

diff --git a/server.go b/server.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"bufio"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
@@ -14,35 +15,40 @@ import (
 type Server struct {
 	Name                 string
 	LocalAddr            net.Addr
-	Listener             *net.TCPListener
+	Listener             net.Listener
 	SlackAPIKey          string
 	SlackDebug           bool
 	ChunkSize            int
 	FileDownloadLocation string
 	FileProxyPrefix      string
 	Pagination           int
+	TLSConfig            *tls.Config
 }
 
 // Start runs the IRC server
 func (s Server) Start() error {
-	listener, err := net.Listen("tcp", s.LocalAddr.String())
+	var err error
+	if s.TLSConfig != nil {
+		s.Listener, err = tls.Listen("tcp", s.LocalAddr.String(), s.TLSConfig)
+	} else {
+		s.Listener, err = net.Listen("tcp", s.LocalAddr.String())
+	}
 	if err != nil {
 		return err
 	}
-	s.Listener = listener.(*net.TCPListener)
 	defer s.Listener.Close()
 	log.Infof("Listening on %v", s.LocalAddr)
 	for {
 		conn, err := s.Listener.Accept()
 		if err != nil {
 			return fmt.Errorf("Error accepting: %v", err)
 		}
-		go s.HandleRequest(conn.(*net.TCPConn))
+		go s.HandleRequest(conn)
 	}
 }
 
 // HandleRequest handle IRC client connections
-func (s Server) HandleRequest(conn *net.TCPConn) {
+func (s Server) HandleRequest(conn net.Conn) {
 	defer conn.Close()
 	reader := bufio.NewReader(conn)
 	for {
@@ -62,7 +68,7 @@ func (s Server) HandleRequest(conn *net.TCPConn) {
 }
 
 // HandleMsg handles raw IRC messages
-func (s *Server) HandleMsg(conn *net.TCPConn, msg string) {
+func (s *Server) HandleMsg(conn net.Conn, msg string) {
 	if strings.HasPrefix(msg, "PASS ") {
 		log.Debugf("%v: PASS ***** (redacted for privacy)", conn.RemoteAddr())
 	} else {