adding tls flag to establish secure connection

rarimo · Feb 20, 2024 · d84230a · d84230a
1 parent 072c7df
commit d84230a
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/config-example.yaml b/config-example.yaml
@@ -13,6 +13,7 @@ core:
 
 cosmos:
   addr: 127.0.0.1:9090
+  enable_tls: false
 
 evm:
   chains:

diff --git a/internal/config/cosmos.go b/internal/config/cosmos.go
@@ -1,12 +1,14 @@
 package config
 
 import (
+	"crypto/tls"
 	"time"
 
 	"gitlab.com/distributed_lab/figure/v3"
 	"gitlab.com/distributed_lab/kit/comfig"
 	"gitlab.com/distributed_lab/kit/kv"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/keepalive"
 )
 
@@ -29,20 +31,34 @@ func (c *cosmoser) Cosmos() *grpc.ClientConn {
 	return c.once.Do(func() interface{} {
 		var config struct {
 			Addr string `fig:"addr"`
+			TLS  bool   `fig:"enable_tls"`
 		}
 
 		if err := figure.Out(&config).From(kv.MustGetStringMap(c.getter, "cosmos")).Please(); err != nil {
 			panic(err)
 		}
 
-		con, err := grpc.Dial(config.Addr, grpc.WithInsecure(), grpc.WithKeepaliveParams(keepalive.ClientParameters{
+		var client *grpc.ClientConn
+		var err error
+
+		connectSecurityOptions := grpc.WithInsecure()
+
+		if config.TLS {
+			tlsConfig := &tls.Config{
+				MinVersion: tls.VersionTLS13,
+			}
+
+			connectSecurityOptions = grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))
+		}
+
+		client, err = grpc.Dial(config.Addr, connectSecurityOptions, grpc.WithKeepaliveParams(keepalive.ClientParameters{
 			Time:    10 * time.Second, // wait time before ping if no activity
 			Timeout: 20 * time.Second, // ping timeout
 		}))
 		if err != nil {
 			panic(err)
 		}
 
-		return con
+		return client
 	}).(*grpc.ClientConn)
 }