feat(core): ingress server listen on https and uds http

Author: bzp2010

apps/cli/src/command/helper.ts

@@ -88,12 +88,6 @@ export class BackendCommand<
   }
 
   private addBackendOptions() {
-    const processCertificateFile = (value: string, err: string) => {
-      const path = resolve(value);
-      if (!existsSync(path)) throw new Error(err);
-      return path;
-    };
-
     const parseResourceTypeFilter = (
       cv: ADCSDK.ResourceType,
       pv: Array<string> = [],
@@ -217,6 +211,11 @@ export class BackendCommand<
   }
 }
 
+export const processCertificateFile = (value: string, err: string) => {
+  const path = resolve(value);
+  if (!existsSync(path)) throw new InvalidArgumentError(err);
+  return path;
+};
 export const NoLintOption = new Option('--no-lint', 'disable lint check');
 export const RequestConcurrentOption = new Option(
   '--request-concurrent <integer>',

apps/cli/src/command/ingress-server.command.ts

@@ -1,10 +1,15 @@
-import commander from 'commander';
+import chalk from 'chalk';
+import commander, { Option } from 'commander';
+import { readFileSync } from 'node:fs';
 
 import { ADCServer } from '../server';
-import { BaseCommand, BaseOptions } from './helper';
+import { BaseCommand, BaseOptions, processCertificateFile } from './helper';
 
 type IngressServerOptions = {
   listen?: URL;
+  caCertFile?: string;
+  tlsCertFile?: string;
+  tlsKeyFile?: string;
 } & BaseOptions;
 
 export const IngressServerCommand = new BaseCommand<IngressServerOptions>(
@@ -22,9 +27,61 @@ export const IngressServerCommand = new BaseCommand<IngressServerOptions>(
     },
     new URL('http://127.0.0.1:3000'),
   )
-  .handle(async ({ listen }) => {
-    await new ADCServer({
+  .addOption(
+    new Option(
+      '--ca-cert-file <string>',
+      'path to the CA certificate to verify the client',
+    ).argParser((value) =>
+      processCertificateFile(
+        value,
+        'The specified CA certificate file does not exist',
+      ),
+    ),
+  )
+  .addOption(
+    new Option(
+      '--tls-cert-file <string>',
+      'path to the TLS server certificate',
+    ).argParser((value) =>
+      processCertificateFile(
+        value,
+        'The specified TLS server certificate file does not exist',
+      ),
+    ),
+  )
+  .addOption(
+    new Option(
+      '--tls-key-file <string>',
+      'path to the TLS server key',
+    ).argParser((value) =>
+      processCertificateFile(
+        value,
+        'The specified TLS server key file does not exist',
+      ),
+    ),
+  )
+  .handle(async ({ listen, tlsCertFile, tlsKeyFile, caCertFile }) => {
+    if (listen.protocol === 'https:' && (!tlsCertFile || !tlsKeyFile)) {
+      console.error(
+        chalk.red(
+          'Error: When using HTTPS, both --tls-cert-file and --tls-key-file must be provided',
+        ),
+      );
+      return;
+    }
+
+    const server = new ADCServer({
       listen,
-    }).start();
-    console.log(`ADC server is running on: ${listen.origin}`);
+      tlsCert: readFileSync(tlsCertFile, 'utf-8'),
+      tlsKey: readFileSync(tlsKeyFile, 'utf-8'),
+      tlsCACert: caCertFile ? readFileSync(caCertFile, 'utf-8') : undefined,
+    });
+    await server.start();
+    console.log(
+      `ADC server is running on: ${listen.protocol === 'unix:' ? listen.pathname : listen.origin}`,
+    );
+    process.on('SIGINT', () => {
+      console.log('Stopping, see you next time!');
+      server.stop();
+    });
   });

apps/cli/src/server/index.ts

@@ -1,32 +1,68 @@
 import express from 'express';
 import type { Express } from 'express';
-import type { Server } from 'node:http';
+import * as fs from 'node:fs';
+import * as http from 'node:http';
+import * as https from 'node:https';
 
 import { syncHandler } from './sync';
 
 interface ADCServerOptions {
   listen: URL;
+  tlsCert?: string;
+  tlsKey?: string;
+  tlsCACert?: string;
 }
 export class ADCServer {
+  private readonly opts: ADCServerOptions;
   private readonly express: Express;
-  private listen: URL;
-  private server?: Server;
+  //private listen: URL;
+  private server?: http.Server | https.Server;
 
   constructor(opts: ADCServerOptions) {
-    this.listen = opts.listen;
+    this.opts = opts;
     this.express = express();
     this.express.disable('x-powered-by');
     this.express.use(express.json({ limit: '100mb' }));
     this.express.put('/sync', syncHandler);
   }
 
   public async start() {
+    switch (this.opts.listen.protocol) {
+      case 'https:':
+        this.server = https.createServer(
+          {
+            cert: this.opts.tlsCert,
+            key: this.opts.tlsKey,
+            ...(this.opts.tlsCACert
+              ? {
+                  ca: this.opts.tlsCACert,
+                  requestCert: true,
+                  rejectUnauthorized: true,
+                }
+              : {}),
+          },
+          this.express,
+        );
+        break;
+      case 'http:':
+      case 'unix:':
+      default:
+        this.server = http.createServer(this.express);
+        break;
+    }
     return new Promise<void>((resolve) => {
-      this.server = this.express.listen(
-        parseInt(this.listen.port),
-        this.listen.hostname,
-        () => resolve(),
-      );
+      const listen = this.opts.listen;
+      if (listen.protocol === 'unix:') {
+        if (fs.existsSync(listen.pathname)) fs.unlinkSync(listen.pathname);
+        this.server.listen(listen.pathname, () => {
+          fs.chmodSync(listen.pathname, 0o660);
+          resolve();
+        });
+      } else {
+        this.server.listen(parseInt(listen.port), listen.hostname, () =>
+          resolve(),
+        );
+      }
     });
   }