feat: add ssl cert configuration (#1776)

Author: namchuai

engine/main.cc

@@ -219,6 +219,24 @@ void RunServer(std::optional<int> port, bool ignore_cout) {
         resp->addHeader("Access-Control-Allow-Methods", "*");
       });
 
+  // ssl
+  auto ssl_cert_path = config.sslCertPath;
+  auto ssl_key_path = config.sslKeyPath;
+
+  if (!ssl_cert_path.empty() && !ssl_key_path.empty()) {
+    CTL_INF("SSL cert path: " << ssl_cert_path);
+    CTL_INF("SSL key path: " << ssl_key_path);
+
+    if (!std::filesystem::exists(ssl_cert_path) ||
+        !std::filesystem::exists(ssl_key_path)) {
+      CTL_ERR("SSL cert or key file not exist at specified path! Ignore..");
+      return;
+    }
+
+    drogon::app().setSSLFiles(ssl_cert_path, ssl_key_path);
+    drogon::app().addListener(config.apiServerHost, 443, true);
+  }
+
   drogon::app().run();
   if (hw_service->ShouldRestart()) {
     CTL_INF("Restart to update hardware configuration");

engine/utils/config_yaml_utils.cc

@@ -47,6 +47,8 @@ cpp::result<void, std::string> CortexConfigMgr::DumpYamlConfig(
     node["noProxy"] = config.noProxy;
     node["verifyPeerSsl"] = config.verifyPeerSsl;
     node["verifyHostSsl"] = config.verifyHostSsl;
+    node["sslCertPath"] = config.sslCertPath;
+    node["sslKeyPath"] = config.sslKeyPath;
 
     out_file << node;
     out_file.close();
@@ -81,7 +83,7 @@ CortexConfig CortexConfigMgr::FromYaml(const std::string& path,
          !node["proxyUsername"] || !node["proxyPassword"] ||
          !node["verifyPeerSsl"] || !node["verifyHostSsl"] ||
          !node["verifyProxySsl"] || !node["verifyProxyHostSsl"] ||
-         !node["noProxy"]);
+         !node["sslCertPath"] || !node["sslKeyPath"] || !node["noProxy"]);
 
     CortexConfig config = {
         .logFolderPath = node["logFolderPath"]
@@ -164,6 +166,11 @@ CortexConfig CortexConfigMgr::FromYaml(const std::string& path,
         .verifyHostSsl = node["verifyHostSsl"]
                              ? node["verifyHostSsl"].as<bool>()
                              : default_cfg.verifyHostSsl,
+        .sslCertPath = node["sslCertPath"]
+                           ? node["sslCertPath"].as<std::string>()
+                           : default_cfg.sslCertPath,
+        .sslKeyPath = node["sslKeyPath"] ? node["sslKeyPath"].as<std::string>()
+                                         : default_cfg.sslKeyPath,
     };
     if (should_update_config) {
       l.unlock();
@@ -178,5 +185,4 @@ CortexConfig CortexConfigMgr::FromYaml(const std::string& path,
     throw;
   }
 }
-
 }  // namespace config_yaml_utils

engine/utils/config_yaml_utils.h

@@ -55,6 +55,8 @@ struct CortexConfig {
 
   bool verifyPeerSsl;
   bool verifyHostSsl;
+  std::string sslCertPath;
+  std::string sslKeyPath;
 };
 
 class CortexConfigMgr {

engine/utils/file_manager_utils.cc

@@ -185,6 +185,8 @@ config_yaml_utils::CortexConfig GetDefaultConfig() {
       .noProxy = config_yaml_utils::kDefaultNoProxy,
       .verifyPeerSsl = true,
       .verifyHostSsl = true,
+      .sslCertPath = "",
+      .sslKeyPath = "",
   };
 }
 
@@ -369,4 +371,4 @@ std::filesystem::path ToAbsoluteCortexDataPath(
     const std::filesystem::path& path) {
   return GetAbsolutePath(GetCortexDataPath(), path);
 }
-}  // namespace file_manager_utils
+}  // namespace file_manager_utils