From c511823ba68af4a6fa2b53c054e01f10df734851 Mon Sep 17 00:00:00 2001
From: bt <bt@rctt.net>
Date: Sun, 24 May 2026 16:54:28 +0200
Subject: [client] Add TLS support

---
 client/client.go   | 49 ++++++++++++++++++++++++++++++++-----------------
 cmd/client/main.go | 19 +++++++++++--------
 tools/run-tls.sh   |  6 +++---
 3 files changed, 46 insertions(+), 28 deletions(-)

diff --git a/client/client.go b/client/client.go
index b07bc27..ac8ef67 100644
--- a/client/client.go
+++ b/client/client.go
@@ -1,6 +1,7 @@
 package client
 
 import (
+	"crypto/tls"
 	"errors"
 	"io"
 	"net"
@@ -14,38 +15,52 @@ type Handler interface {
 	HandleError(err error)
 }
 
+type Config struct {
+	Addr        string
+	User        string
+	Pass        string
+	Tls         bool
+	TlsInsecure bool
+}
+
 type Client struct {
 	h    Handler
+	cfg  Config
 	conn net.Conn
-
-	addr  string
-	uname string
-	pass  string
 }
 
-func NewClient(handler Handler, addr, uname, pass string) *Client {
+func NewClient(handler Handler, cfg Config) *Client {
 	return &Client{
-		h:     handler,
-		addr:  addr,
-		uname: uname,
-		pass:  pass,
+		h:   handler,
+		cfg: cfg,
 	}
 }
 
 func (c *Client) Connect() error {
 	var err error
-	c.conn, err = net.Dial("tcp", c.addr)
-	if err != nil {
-		return err
+
+	if c.cfg.Tls {
+		c.conn, err = tls.Dial("tcp", c.cfg.Addr, &tls.Config{
+			InsecureSkipVerify: c.cfg.TlsInsecure,
+		})
+		if err != nil {
+			return err
+		}
+		defer c.conn.Close()
+	} else {
+		c.conn, err = net.Dial("tcp", c.cfg.Addr)
+		if err != nil {
+			return err
+		}
+		defer c.conn.Close()
 	}
-	defer c.conn.Close()
 
 	hs := core.Handshake{0, 1, core.ConnTypeUser}
 	if err := core.Send(c.conn, hs); err != nil {
 		return err
 	}
 
-	auth := core.UserAuth{c.uname, c.pass}
+	auth := core.UserAuth{Name: c.cfg.User, Pass: c.cfg.Pass}
 	if err := core.Send(c.conn, auth); err != nil {
 		return err
 	}
@@ -56,7 +71,7 @@ func (c *Client) Connect() error {
 
 func (c *Client) SendMessage(target, content string) error {
 	msg := core.Message{
-		Source:  c.uname + "@" + c.addr,
+		Source:  c.cfg.User + "@" + c.cfg.Addr,
 		Target:  target,
 		Content: content,
 	}
@@ -66,7 +81,7 @@ func (c *Client) SendMessage(target, content string) error {
 
 func (c *Client) Join(channel string) error {
 	umod := core.Usermode{
-		UserAddr:    c.uname + "@" + c.addr,
+		UserAddr:    c.cfg.User + "@" + c.cfg.Addr,
 		ChannelName: channel,
 		Mode:        core.UsermodeInChannel,
 	}
@@ -76,7 +91,7 @@ func (c *Client) Join(channel string) error {
 
 func (c *Client) Leave(channel string) error {
 	umod := core.Usermode{
-		UserAddr:    c.uname + "@" + c.addr,
+		UserAddr:    c.cfg.User + "@" + c.cfg.Addr,
 		ChannelName: channel,
 		Mode:        core.UsermodeNone,
 	}
diff --git a/cmd/client/main.go b/cmd/client/main.go
index bc9f4ff..15033ab 100644
--- a/cmd/client/main.go
+++ b/cmd/client/main.go
@@ -13,10 +13,8 @@ import (
 )
 
 var (
-	serverAddr string
-	user       string
-	conn       net.Conn
-	c          *client.Client
+	conn net.Conn
+	c    *client.Client
 )
 
 type Handler struct{}
@@ -35,13 +33,18 @@ func main() {
 	prompt.Commands["leave"] = leave
 	prompt.Commands["history"] = history
 
-	flag.StringVar(&serverAddr, "a", "localhost:9999", "Server address:port")
-	flag.StringVar(&user, "u", "user", "username")
+	var cfg client.Config
+
+	flag.StringVar(&cfg.Addr, "a", "localhost:9999", "Server address:port")
+	flag.StringVar(&cfg.User, "u", "user", "username")
+	flag.StringVar(&cfg.Pass, "p", "valid", "password")
+	flag.BoolVar(&cfg.Tls, "tls", false, "Enable TLS")
+	flag.BoolVar(&cfg.TlsInsecure, "tls-insecure", false, "Allow insecure TLS certificate")
 	flag.Parse()
 
-	log.Println("connecting to " + serverAddr + " as " + user)
+	log.Println("connecting to " + cfg.Addr + " as " + cfg.User)
 
-	c = client.NewClient(&Handler{}, serverAddr, user, "valid")
+	c = client.NewClient(&Handler{}, cfg)
 	go prompt.Read()
 
 	if err := c.Connect(); err != nil {
diff --git a/tools/run-tls.sh b/tools/run-tls.sh
index be668f5..894a9f7 100755
--- a/tools/run-tls.sh
+++ b/tools/run-tls.sh
@@ -2,7 +2,7 @@
 
 tmux \
 	new-session  "go run cmd/daemon/main.go -tls -tls-cert cert.pem -tls-key key.pem; read" \; \
-	split-window "sleep 0.5; go run cmd/client/main.go -tls -tls-debug -u user1; read" \; \
-	split-window "sleep 0.5; go run cmd/client/main.go -tls -tls-debug -u user2; read" \; \
-	split-window "sleep 0.5; go run cmd/client/main.go -tls -tls-debug -u user3; read" \; \
+	split-window "sleep 0.5; go run cmd/client/main.go -tls -tls-insecure -u user1; read" \; \
+	split-window "sleep 0.5; go run cmd/client/main.go -tls -tls-insecure -u user2; read" \; \
+	split-window "sleep 0.5; go run cmd/client/main.go -tls -tls-insecure -u user3; read" \; \
 	select-layout tiled;
\ No newline at end of file
-- 
cgit v1.2.3