Feature Adding TLS-HTTPS configuration

.env.example

@@ -1,4 +1,8 @@
 PORT: 8080
+ENABLE_TLS: false
+CERT_FILE: "/certs/server.crt"
+CERT_KEY_FILE: "/certs/server.key"
+MAX_EXECUTIONS=1000
 SOARCA_ALLOWED_ORIGINS: "*"
 GIN_MODE: "release"
 MONGODB_URI: "mongodb://localhost:27017"
@@ -19,7 +23,6 @@ MQTT_BROKER: "localhost"
 MQTT_PORT: 1883
 
 HTTP_SKIP_CERT_VALIDATION: false
-
 ### Integrations
 
 # The Hive

.gitignore

@@ -21,3 +21,4 @@ docs/package-lock.json
 docs/.hugo_build.lock
 **.hugo_build.lock
 
+certs

docker-compose.yaml

@@ -11,14 +11,34 @@ services:
     volumes:
       - mongodb_data_container:/data/db
 
+  cert-generator:
+    image: alpine
+    container_name: cert-generator
+    volumes:
+      - certs_data_containter:/certs
+    environment:
+      - DOMAIN=localhost
+    command: >
+      sh -c "
+        apk add --no-cache openssl &&
+        cd /certs &&
+        openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes -subj '/CN=${DOMAIN}' &&
+        chmod 644 server.key server.crt
+      "
+
   soarca:
     build:
       dockerfile: Dockerfile
       args:
         VERSION: "${GIT_VERSION}"
     container_name: soarca_server
+    volumes:
+      - certs_data_containter:/app/certs
     environment:
       PORT: 8080
+      ENABLE_TLS: "true"
+      CERT_FILE: "/app/certs/server.crt"
+      CERT_KEY_FILE: "/app/certs/server.key"
       SOARCA_ALLOWED_ORIGINS: "*"
       GIN_MODE: "release"
       MONGODB_URI: "mongodb://mongodb_container:27017"
@@ -36,10 +56,11 @@ services:
       - 127.0.0.1:8080:8080
     depends_on:
       - mongodb_container
+      - cert-generator
 
 networks:
   db-net:
 
-
 volumes:
   mongodb_data_container:
+  certs_data_containter:

internal/controller/controller.go

@@ -1,8 +1,10 @@
 package controller
 
 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
+	net_http "net/http"
 	"os"
 	"reflect"
 	"soarca/internal/database/memory"
@@ -178,7 +180,18 @@ func Initialize() error {
 	}
 
 	port := utils.GetEnv("PORT", "8080")
-	err = app.Run(":" + port)
+	enableTLS, _ := strconv.ParseBool(utils.GetEnv("ENABLE_TLS", "false"))
+	certFile := utils.GetEnv("CERT_FILE", "./certs/server.crt")
+	keyFile := utils.GetEnv("CERT_KEY_FILE", "./certs/server.key")
+
+	if enableTLS {
+		if certFile == "" || keyFile == "" {
+			err := fmt.Errorf("TLS enabled but certificate or key file not provided")
+			log.Error(err)
+			return err
+		}
+	}
+	err = runServer(app, port, enableTLS, certFile, keyFile)
 	if err != nil {
 		log.Error("failed to run gin")
 	}
@@ -187,6 +200,44 @@ func Initialize() error {
 	return err
 }
 
+func createHTTPServer(app *gin.Engine, port string) *net_http.Server {
+	return &net_http.Server{
+		Addr:    ":" + port,
+		Handler: app,
+		TLSConfig: &tls.Config{
+			MinVersion: tls.VersionTLS12,
+		},
+	}
+}
+
+func validateCertificates(certFile string, keyFile string) error {
+	_, err := os.Stat(certFile)
+	if os.IsNotExist(err) {
+		return fmt.Errorf("certificate file not found: %s", certFile)
+	}
+	if os.IsNotExist(err) {
+		_, err = os.Stat(keyFile)
+		return fmt.Errorf("key file not found: %s", keyFile)
+	}
+	return nil
+}
+
+func runServer(app *gin.Engine, port string, enableTlS bool, certFile string, keyFile string) error {
+	server := createHTTPServer(app, port)
+	if enableTlS {
+		err := validateCertificates(certFile, keyFile)
+		if err != nil {
+			return fmt.Errorf("TLS configuration error: %w", err)
+		}
+
+		log.Infof("Starting HTTPS server on port %s", port)
+		return server.ListenAndServeTLS(certFile, keyFile)
+	}
+
+	log.Infof("Starting HTTP server on port %s", port)
+	return server.ListenAndServe()
+}
+
 func initializeCore(app *gin.Engine) error {
 	origins := strings.Split(strings.ReplaceAll(utils.GetEnv("SOARCA_ALLOWED_ORIGINS", "*"), " ", ""), ",")
 	routes.Cors(app, origins)