Refactor gitignore and Makefile, add HTTPS certificate generation and cleanup scripts

- Refactor gitignore to include /certificates directory
- Update Makefile to add targets for generating and cleaning HTTPS certificates
- Add generate-ssl-cert target to generate self-signed HTTPS certificates
- Add clean-ssl-cert target to remove HTTPS certificates
- Add show-cert-info target to display information about the HTTPS certificate

Author: tacxou

.gitignore

@@ -1,6 +1,7 @@
 # compiled output
 /dist
 /node_modules
+/certificates
 .env
 docker-compose.yml
 # Logs

Makefile

@@ -5,6 +5,13 @@ APP_NAME = "sesame-orchestrator"
 PLATFORM = "linux/amd64"
 include .env
 
+CERT_DIR = ./certificates
+COMMON_NAME = localhost
+DAYS_VALID = 365
+
+$(shell mkdir -p $(CERT_DIR))
+
+
 .DEFAULT_GOAL := help
 help:
 	@printf "\033[33mUsage:\033[0m\n  make [target] [arg=\"val\"...]\n\n\033[33mTargets:\033[0m\n"
@@ -126,3 +133,23 @@ ncu: ## Check latest versions of all project dependencies
 
 ncu-upgrade: ## Upgrade all project dependencies to the latest versions
 	@npx npm-check-updates -u
+
+generate-ssl-cert: ## Générer les certificats HTTPS auto-signés
+	@echo "Génération des certificats HTTPS auto-signés..."
+	@openssl req -x509 \
+		-newkey rsa:4096 \
+		-keyout $(CERT_DIR)/server.key \
+		-out $(CERT_DIR)/server.crt \
+		-days $(DAYS_VALID) \
+		-nodes \
+		-subj "/CN=$(COMMON_NAME)"
+	@chmod 600 $(CERT_DIR)/server.key
+	@chmod 644 $(CERT_DIR)/server.crt
+	@echo "Certificats générés avec succès dans $(CERT_DIR)"
+
+clean-ssl-cert: ## Nettoyer les certificats HTTPS
+	@rm -rf $(CERT_DIR)
+	@echo "Certificats supprimés"
+
+show-cert-info: ## Afficher les informations du certificat
+	@openssl x509 -in $(CERT_DIR)/server.crt -text -noout

src/config.ts

@@ -6,6 +6,7 @@ import { IAuthModuleOptions } from '@nestjs/passport';
 import { JwtModuleOptions } from '@nestjs/jwt';
 import { StorageManagerConfig } from '@the-software-compagny/nestjs_module_factorydrive';
 import { AmazonWebServicesS3StorageConfig } from '@the-software-compagny/nestjs_module_factorydrive-s3';
+import { parse } from 'path';
 
 export interface MongoosePlugin {
   package: string;
@@ -19,6 +20,11 @@ export interface ConfigInstance {
     bodyParser: {
       limit: string;
     };
+    https: {
+      enabled: boolean;
+      key: string;
+      cert: string;
+    }
   };
   helmet: HelmetOptions;
   mongoose: {
@@ -79,6 +85,11 @@ export default (): ConfigInstance => ({
     bodyParser: {
       limit: '500mb',
     },
+    https: {
+      enabled: !!parseInt(process.env['SESAME_HTTPS_ENABLED']) || false,
+      key: process.env['SESAME_HTTPS_PATH_KEY'] || '',
+      cert: process.env['SESAME_HTTPS_PATH_CERT'] || '',
+    },
   },
   helmet: {
     contentSecurityPolicy: {

src/main.ts

@@ -8,6 +8,7 @@ import { getLogLevel } from './_common/functions/get-log-level';
 import { AppModule } from './app.module';
 import configInstance from './config';
 import { InternalLogger } from './core/logger/internal.logger';
+import { readFileSync } from 'fs';
 
 declare const module: any;
 (async (): Promise<void> => {
@@ -17,11 +18,25 @@ declare const module: any;
     mongoose: cfg?.mongoose,
   });
   await logger.initialize();
+
+  let httpsOptions = {};
+  if (cfg.application?.https?.enabled) {
+    try {
+      httpsOptions = {
+        key: readFileSync(cfg.application?.https?.key),
+        cert: readFileSync(cfg.application?.https?.cert),
+      };
+    } catch (error) {
+      logger.error('Error while reading https key and cert', error);
+    }
+  }
+
   const app = await NestFactory.create<NestExpressApplication>(AppModule, {
     bodyParser: false,
     rawBody: true,
     cors: true,
     logger,
+    httpsOptions,
   });
   app.use((_: any, res: Response, next: () => void) => {
     res.removeHeader('x-powered-by');