From fddc6359571acedf43cda62420170b67c31a8552 Mon Sep 17 00:00:00 2001
From: Simon Quigley <simon@tsimonq2.net>
Date: Sun, 26 Jan 2025 01:16:58 -0600
Subject: [PATCH] Enable SSL and HTTP/2

---
 cpp/web_server.cpp | 29 +++++++++++++++++++++++++----
 cpp/web_server.h   |  4 ++--
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/cpp/web_server.cpp b/cpp/web_server.cpp
index d9823f2..3110f0b 100644
--- a/cpp/web_server.cpp
+++ b/cpp/web_server.cpp
@@ -23,16 +23,18 @@
 #include <QtHttpServer/QHttpServer>
 #include <QtHttpServer/QHttpServerRequest>
 #include <QtHttpServer/QHttpServerResponse>
-#include <QTcpServer>
+#include <QSslServer>
 #include <QDir>
 #include <QFile>
 #include <QDateTime>
 #include <QJsonArray>
 #include <QDebug>
 #include <QtConcurrent/QtConcurrent>
+#include <QFile>
 #include <QFuture>
 #include <QSqlQuery>
 #include <QSqlError>
+#include <QSslKey>
 
 // C++ includes
 #include <iostream>
@@ -965,13 +967,32 @@ bool WebServer::start_server(quint16 port) {
         });
     });
 
-    // Attempt to listen on `port`
-    if (!tcp_server_.listen(QHostAddress::Any, port) || !http_server_.bind(&tcp_server_)) {
+    {
+        QSslConfiguration ssl_config = QSslConfiguration::defaultConfiguration();
+        QFile cert_file("/srv/lubuntu-ci/repos/ci-tools/server.crt");
+        cert_file.open(QIODevice::ReadOnly);
+        ssl_config.setLocalCertificate(QSslCertificate(&cert_file, QSsl::Pem));
+        cert_file.close();
+        QFile key_file("/srv/lubuntu-ci/repos/ci-tools/server.key");
+        key_file.open(QIODevice::ReadOnly);
+        ssl_config.setPrivateKey(QSslKey(&key_file, QSsl::Rsa, QSsl::Pem));
+        key_file.close();
+
+        ssl_config.setPeerVerifyMode(QSslSocket::VerifyNone);
+        ssl_config.setProtocol(QSsl::TlsV1_3);
+        ssl_server_.setSslConfiguration(ssl_config);
+
+        QHttp2Configuration Http2Conf = QHttp2Configuration();
+        Http2Conf.setServerPushEnabled(true);
+        http_server_.setHttp2Configuration(Http2Conf);
+    }
+
+    if (!ssl_server_.listen(QHostAddress::Any, port) || !http_server_.bind(&ssl_server_)) {
         std::cerr << timestamp_now() << " [ERROR] Could not bind to port " << port << std::endl;
         return false;
     }
 
     std::cout << timestamp_now() << " [INFO] Web server running on port "
-              << tcp_server_.serverPort() << std::endl;
+              << ssl_server_.serverPort() << std::endl;
     return true;
 }
diff --git a/cpp/web_server.h b/cpp/web_server.h
index 7eff9e2..ddf10b9 100644
--- a/cpp/web_server.h
+++ b/cpp/web_server.h
@@ -25,7 +25,7 @@
 #include <QMap>
 #include <QSqlDatabase>
 #include <QString>
-#include <QTcpServer>
+#include <QSslServer>
 #include <string>
 
 class WebServer : public QObject {
@@ -41,7 +41,7 @@ private:
     void load_tokens(QSqlDatabase& p_db);
 
     QHttpServer http_server_;
-    QTcpServer tcp_server_;
+    QSslServer ssl_server_;
     std::unique_ptr<TaskQueue> task_queue;
     std::jthread expire_tokens_thread_;
     std::jthread process_sources_thread_;