large payload container tls

Signed-off-by: simvalery <[email protected]> Signed-off-by: simvalery <[email protected]>
hashgraph · Oct 9, 2024 · dbb657e · dbb657e
1 parent f46e3bb
commit dbb657e
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/common/src/mq/large-payload-container.ts b/common/src/mq/large-payload-container.ts
@@ -1,4 +1,6 @@
 import express from 'express'
+import http from 'http'
+import https from 'https'
 import { hostname } from 'os';
 import { GenerateUUIDv4 } from '@guardian/interfaces';
 import { Singleton } from '../decorators/singleton.js';
@@ -51,7 +53,39 @@ export class LargePayloadContainer {
  */
  private readonly DOMAIN: string;
 
+ /**
+ * Enable TLS
+ * @private
+ */
+ public enableTLS: boolean;
+
+ /**
+ * TLS cert
+ * @private
+ */
+ private readonly tlsCert: string;
+
+ /**
+ * TLS key
+ */
+ private readonly tlsKey: string;
+
+ /**
+ * TLS CA
+ * @private
+ */
+ private readonly tlsCA: string;
+
  constructor() {
+ this.enableTLS = false;
+
+ if (process.env.TLS_SERVER_CERT && process.env.TLS_SERVER_KEY) {
+ this.enableTLS = true;
+ this.tlsCert = process.env.TLS_SERVER_CERT;
+ this.tlsKey = process.env.TLS_SERVER_KEY;
+ this.tlsCA = process.env.TLS_SERVER_CA
+ }
+
  if (process.env.DIRECT_MESSAGE_PORT) {
  this.PORT = parseInt(process.env.DIRECT_MESSAGE_PORT, 10);
  this._portGenerated = false;
@@ -60,7 +94,8 @@ export class LargePayloadContainer {
  this.PORT = this.generateRandom(50000, 59999);
  }
  this.DOMAIN = (process.env.DIRECT_MESSAGE_HOST) ? process.env.DIRECT_MESSAGE_HOST : hostname();
- this.PROTOCOL = (process.env.DIRECT_MESSAGE_PROTOCOL) ? process.env.DIRECT_MESSAGE_PROTOCOL as any : 'http';
+ const defaultProtocol = this.enableTLS ? 'https' : 'http';
+ this.PROTOCOL = (process.env.DIRECT_MESSAGE_PROTOCOL) ? process.env.DIRECT_MESSAGE_PROTOCOL as any : defaultProtocol;
 
  this.objectsMap = new Map();
  this._started = false;
@@ -85,7 +120,19 @@ export class LargePayloadContainer {
  res.send(buf);
  })
 
- const server = app.listen(this.PORT, () => {
+ let s: http.Server | https.Server;
+
+ if (this.enableTLS) {
+ s = https.createServer({
+ key: this.tlsKey,
+ cert: this.tlsCert,
+ ca: this.tlsCA
+ }, app);
+ } else {
+ s = http.createServer(app);
+ }
+
+ const server = s.listen(this.PORT, () => {
  this._started = true;
  try {
  // this.logger.info(`Large objects server starts on ${this.PORT} port`, [process.env.SERVICE_CHANNEL?.toUpperCase()]);

diff --git a/common/src/mq/zip-codec.ts b/common/src/mq/zip-codec.ts
@@ -3,6 +3,7 @@ import { ErrorCode, JSONCodec, NatsError } from 'nats';
 // import { gzip, unzip } from 'zlib';
 import { LargePayloadContainer } from './large-payload-container.js';
 import axios from 'axios';
+import https from 'https';
 
 /**
  * Zip Codec
@@ -42,6 +43,14 @@ export function ZipCodec() {
  // const parsed = JSON.parse(decompressed.toString());
  if (parsed?.hasOwnProperty('directLink')) {
  const directLink = parsed.directLink;
+ if (process.env.TLS_CERT && process.env.TLS_KEY) {
+ const httpsAgent = new https.Agent({
+ cert: process.env.TLS_CERT,
+ key: process.env.TLS_KEY,
+ ca: process.env.TLS_CA
+ });
+ axios.defaults.httpsAgent = httpsAgent;
+ }
  const response = await axios.get(directLink, {
  responseType: 'arraybuffer'
  });