From fe4303c0af047add8b413e8cb8b4f980e58b7e8c Mon Sep 17 00:00:00 2001
From: Jose Celano <josecelano@gmail.com>
Date: Wed, 4 Jan 2023 17:21:18 +0000
Subject: [PATCH] feat(api): [#143] SSL support for the new Axum API

---
 cSpell.json              |  1 +
 src/apis/server.rs       | 24 ++++++++++++++++--------
 src/jobs/tracker_apis.rs | 23 +++++++++++++++++------
 3 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/cSpell.json b/cSpell.json
index 801d35db..bb15b6d9 100644
--- a/cSpell.json
+++ b/cSpell.json
@@ -49,6 +49,7 @@
         "rngs",
         "rusqlite",
         "rustfmt",
+        "Rustls",
         "Seedable",
         "Shareaza",
         "sharktorrent",
diff --git a/src/apis/server.rs b/src/apis/server.rs
index 9ddf4a8d..668959cd 100644
--- a/src/apis/server.rs
+++ b/src/apis/server.rs
@@ -3,7 +3,10 @@ use std::sync::Arc;
 
 use axum::routing::get;
 use axum::{middleware, Router};
+use axum_server::tls_rustls::RustlsConfig;
+use axum_server::Handle;
 use futures::Future;
+use log::info;
 use warp::hyper;
 
 use super::middlewares::auth::auth;
@@ -19,24 +22,29 @@ pub fn start(socket_addr: SocketAddr, tracker: &Arc<tracker::Tracker>) -> impl F
 
     server.with_graceful_shutdown(async move {
         tokio::signal::ctrl_c().await.expect("Failed to listen to shutdown signal.");
+        info!("Stopping Torrust APIs server on http://{} ...", socket_addr);
     })
 }
 
 pub fn start_tls(
     socket_addr: SocketAddr,
-    _ssl_cert_path: &str,
-    _ssl_key_path: &str,
+    ssl_config: RustlsConfig,
     tracker: &Arc<tracker::Tracker>,
-) -> impl Future<Output = hyper::Result<()>> {
-    // todo: for the time being, it's just a copy & paste from start(...).
-
+) -> impl Future<Output = Result<(), std::io::Error>> {
     let app = Router::new()
         .route("/stats", get(get_stats).with_state(tracker.clone()))
         .layer(middleware::from_fn_with_state(tracker.config.clone(), auth));
 
-    let server = axum::Server::bind(&socket_addr).serve(app.into_make_service());
+    let handle = Handle::new();
+    let shutdown_handle = handle.clone();
 
-    server.with_graceful_shutdown(async move {
+    tokio::spawn(async move {
         tokio::signal::ctrl_c().await.expect("Failed to listen to shutdown signal.");
-    })
+        info!("Stopping Torrust APIs server on https://{} ...", socket_addr);
+        shutdown_handle.shutdown();
+    });
+
+    axum_server::bind_rustls(socket_addr, ssl_config)
+        .handle(handle)
+        .serve(app.into_make_service())
 }
diff --git a/src/jobs/tracker_apis.rs b/src/jobs/tracker_apis.rs
index b696c923..00e39eeb 100644
--- a/src/jobs/tracker_apis.rs
+++ b/src/jobs/tracker_apis.rs
@@ -1,5 +1,6 @@
 use std::sync::Arc;
 
+use axum_server::tls_rustls::RustlsConfig;
 use log::info;
 use tokio::sync::oneshot;
 use tokio::task::JoinHandle;
@@ -29,17 +30,27 @@ pub async fn start_job(config: &HttpApi, tracker: Arc<tracker::Tracker>) -> Join
     let join_handle = tokio::spawn(async move {
         if !ssl_enabled {
             info!("Starting Torrust APIs server on: http://{}", bind_addr);
+
             let handle = server::start(bind_addr, &tracker);
-            tx.send(ApiServerJobStarted()).expect("the start job dropped");
+
+            tx.send(ApiServerJobStarted()).expect("the API server should not be dropped");
+
             if let Ok(()) = handle.await {
-                info!("Stopping Torrust APIs server on {} ...", bind_addr);
+                info!("Torrust APIs server on http://{} stopped", bind_addr);
             }
         } else if ssl_enabled && ssl_cert_path.is_some() && ssl_key_path.is_some() {
             info!("Starting Torrust APIs server on: https://{}", bind_addr);
-            let handle = server::start_tls(bind_addr, &ssl_cert_path.unwrap(), &ssl_key_path.unwrap(), &tracker);
-            tx.send(ApiServerJobStarted()).expect("the start job dropped");
+
+            let ssl_config = RustlsConfig::from_pem_file(ssl_cert_path.unwrap(), ssl_key_path.unwrap())
+                .await
+                .unwrap();
+
+            let handle = server::start_tls(bind_addr, ssl_config, &tracker);
+
+            tx.send(ApiServerJobStarted()).expect("the API server should not be dropped");
+
             if let Ok(()) = handle.await {
-                info!("Stopping Torrust APIs server on {} ...", bind_addr);
+                info!("Torrust APIs server on https://{} stopped", bind_addr);
             }
         }
     });
@@ -47,7 +58,7 @@ pub async fn start_job(config: &HttpApi, tracker: Arc<tracker::Tracker>) -> Join
     // Wait until the APIs server job is running
     match rx.await {
         Ok(_msg) => info!("Torrust APIs server started"),
-        Err(e) => panic!("the apis server was dropped: {e}"),
+        Err(e) => panic!("the API server was dropped: {e}"),
     }
 
     join_handle