Feature Adding TLS-HTTPS configuration

.env.example

@@ -1,4 +1,8 @@
 PORT: 8080
+ENABLE_TLS: false
+CERT_FILE: "/certs/server.crt"
+CERT_KEY_FILE: "/certs/server.key"
+MAX_EXECUTIONS=1000
 SOARCA_ALLOWED_ORIGINS: "*"
 GIN_MODE: "release"
 MONGODB_URI: "mongodb://localhost:27017"
@@ -19,7 +23,6 @@ MQTT_BROKER: "localhost"
 MQTT_PORT: 1883
 
 HTTP_SKIP_CERT_VALIDATION: false
-
 ### Integrations
 
 # The Hive

.gitignore

@@ -21,3 +21,4 @@ docs/package-lock.json
 docs/.hugo_build.lock
 **.hugo_build.lock
 
+certs

docker-compose.yaml

@@ -11,14 +11,34 @@ services:
     volumes:
       - mongodb_data_container:/data/db
 
+  cert-generator:
+    image: alpine
+    container_name: cert-generator
+    volumes:
+      - certs_data_containter:/certs
+    environment:
+      - DOMAIN=localhost
+    command: >
+      sh -c "
+        apk add --no-cache openssl &&
+        cd /certs &&
+        openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes -subj '/CN=${DOMAIN}' &&
+        chmod 644 server.key server.crt
+      "
+
   soarca:
     build:
       dockerfile: Dockerfile
       args:
         VERSION: "${GIT_VERSION}"
     container_name: soarca_server
+    volumes:
+      - certs_data_containter:/app/certs
     environment:
       PORT: 8080
+      ENABLE_TLS: "true"
+      CERT_FILE: "/app/certs/server.crt"
+      CERT_KEY_FILE: "/app/certs/server.key"
       SOARCA_ALLOWED_ORIGINS: "*"
       GIN_MODE: "release"
       MONGODB_URI: "mongodb://mongodb_container:27017"
@@ -36,10 +56,11 @@ services:
       - 127.0.0.1:8080:8080
     depends_on:
       - mongodb_container
+      - cert-generator
 
 networks:
   db-net:
 
-
 volumes:
   mongodb_data_container:
+  certs_data_containter:

internal/controller/controller.go

@@ -177,16 +177,48 @@ func Initialize() error {
 		return err
 	}
 
-	port := utils.GetEnv("PORT", "8080")
-	err = app.Run(":" + port)
+	err = run(app)
 	if err != nil {
 		log.Error("failed to run gin")
 	}
 	log.Info("exit")
-
 	return err
 }
 
+func validateCertificates(certFile string, keyFile string) error {
+	_, err := os.Stat(certFile)
+	if os.IsNotExist(err) {
+		return fmt.Errorf("certificate file not found: %s", certFile)
+	}
+
+	_, err = os.Stat(keyFile)
+	if os.IsNotExist(err) {
+		return fmt.Errorf("key file not found: %s", keyFile)
+	}
+	return nil
+}
+
+func run(app *gin.Engine) error {
+	port := utils.GetEnv("PORT", "8080")
+	port = ":" + port
+	enableTLS, _ := strconv.ParseBool(utils.GetEnv("ENABLE_TLS", "false"))
+	certFile := utils.GetEnv("CERT_FILE", "./certs/server.crt")
+	keyFile := utils.GetEnv("CERT_KEY_FILE", "./certs/server.key")
+
+	if enableTLS {
+		err := validateCertificates(certFile, keyFile)
+		if err != nil {
+			return fmt.Errorf("TLS configuration error: %w", err)
+		}
+		log.Infof("Starting HTTPS server on port %s", port)
+		return app.RunTLS(port, certFile, keyFile)
+
+	}
+
+	log.Infof("Starting HTTP server on port %s", port)
+	return app.Run(port)
+}
+
 func initializeCore(app *gin.Engine) error {
 	origins := strings.Split(strings.ReplaceAll(utils.GetEnv("SOARCA_ALLOWED_ORIGINS", "*"), " ", ""), ",")
 	routes.Cors(app, origins)