feat(api): add explicit insecure field for api over http

unkn0wn-root · Dec 21, 2024 · 2087cf8 · 2087cf8
1 parent 0689b55
commit 2087cf8
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/api.config.yaml b/api.config.yaml
@@ -2,6 +2,7 @@ api:
   enabled: true
   host: admin.domain.com
   port: 8085
+  insecure: true # this have to be enabled if you want to run api on HTTP (NOT RECOMMENDED)
 
 database:
   path: "./auth.db"

diff --git a/internal/config/api.config.go b/internal/config/api.config.go
@@ -12,6 +12,7 @@ type APIConfig struct {
 	AdminAPI      API            `yaml:"api"`
 	AdminDatabase DatabaseConfig `yaml:"database"`
 	AdminAuth     AuthConfig     `yaml:"auth"`
+	Insecure      bool           `yaml:"insecure"`
 }
 
 type API struct {

diff --git a/internal/server/server.go b/internal/server/server.go
@@ -283,6 +283,10 @@ func (s *Server) startAdminServer() error {
 			cert = &c
 		}
 
+	} else if !s.apiConfig.Insecure {
+		return errors.New(
+			"TLS not configured and Insecure mode is disabled. If you want to run api on HTTP, set 'insecure' to true",
+		)
 	}
 
 	adminAddr := fmt.Sprintf(":%d", s.servicePort(s.apiConfig.AdminAPI.Port))