From c9c7a085c744d5023f932b2a0a6dba08153d2ba7 Mon Sep 17 00:00:00 2001
From: bt <bt@rctt.net>
Date: Sun, 24 May 2026 16:29:03 +0200
Subject: [daemon] Add TLS support

---
 server/server.go | 70 ++++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 53 insertions(+), 17 deletions(-)

(limited to 'server/server.go')

diff --git a/server/server.go b/server/server.go
index 58714c5..b5840df 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"crypto/tls"
 	"errors"
 	"log"
 	"net"
@@ -10,8 +11,7 @@ import (
 )
 
 type Server struct {
-	listenAddr string
-	name       string
+	cfg        Config
 	users      map[string]User // TODO: Use full address instead of just name
 	servers    map[string]RemoteServer
 	channels   map[string]*Channel
@@ -21,23 +21,66 @@ type Server struct {
 	Storage    Storage
 }
 
-func NewServer(listenAddr string, name string, storage Storage) *Server {
+type Config struct {
+	ListenAddr string
+	Name       string
+	Tls        bool
+	CertPem    []byte
+	KeyPem     []byte
+}
+
+func NewServer(cfg Config, storage Storage) *Server {
 	return &Server{
-		listenAddr: listenAddr,
-		name:       name,
-		users:      make(map[string]User),
-		servers:    make(map[string]RemoteServer),
-		channels:   make(map[string]*Channel),
-		Storage:    storage,
+		cfg:      cfg,
+		Storage:  storage,
+		users:    make(map[string]User),
+		servers:  make(map[string]RemoteServer),
+		channels: make(map[string]*Channel),
 	}
 }
 
 func (s *Server) Start() error {
-	ln, err := net.Listen("tcp", s.listenAddr)
+	if s.cfg.Tls {
+		return s.listenTls()
+	}
+
+	return s.listenPlain()
+}
+
+func (s *Server) AddChannel(name string) {
+	s.channelsMu.Lock()
+	defer s.channelsMu.Unlock()
+	s.channels[name] = NewChannel(name)
+	log.Println("created channel", name)
+}
+
+func (s *Server) listenPlain() error {
+	ln, err := net.Listen("tcp", s.cfg.ListenAddr)
+	if err != nil {
+		return err
+	}
+
+	s.listen(ln)
+	return nil
+}
+
+func (s *Server) listenTls() error {
+	cert, err := tls.X509KeyPair(s.cfg.CertPem, s.cfg.KeyPem)
+	if err != nil {
+		return err
+	}
+
+	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
+	ln, err := tls.Listen("tcp", s.cfg.ListenAddr, cfg)
 	if err != nil {
 		return err
 	}
 
+	s.listen(ln)
+	return nil
+}
+
+func (s *Server) listen(ln net.Listener) {
 	for {
 		conn, err := ln.Accept()
 		if err != nil {
@@ -50,13 +93,6 @@ func (s *Server) Start() error {
 	}
 }
 
-func (s *Server) AddChannel(name string) {
-	s.channelsMu.Lock()
-	defer s.channelsMu.Unlock()
-	s.channels[name] = NewChannel(name)
-	log.Println("created channel", name)
-}
-
 func (s *Server) handleConn(conn net.Conn) {
 	defer conn.Close()
 
-- 
cgit v1.2.3