refactor: updated cmd and pkg implementations

2025-08-30 23:30:46 -06:00 · 2025-08-30 23:30:46 -06:00 · fbed466c3d
commit fbed466c3d
parent d88ab2c01f
10 changed files with 287 additions and 196 deletions
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@ -1,12 +1,16 @@
 package client

 import (
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io"
 	"mime/multipart"
+	"net"
 	"net/http"
 	"os"
 	"strings"
+	"time"

 	"git.towk2.me/towk/makeshift/pkg/util"
 	"github.com/cavaliergopher/grab/v3"
@ -107,6 +111,43 @@ func (c *Client) UploadMultipartFile(uri, key, path string) (*http.Response, err
 	return resp, nil
 }

+func (c *Client) LoadCertificateFromPath(path string) error {
+	cacert, err := os.ReadFile(path)
+	if err != nil {
+		return fmt.Errorf("failed to read certificate at path: %s", path)
+	}
+	certPool := x509.NewCertPool()
+	certPool.AppendCertsFromPEM(cacert)
+	err = c.LoadCertificateFromPool(certPool)
+	if err != nil {
+		return fmt.Errorf("could not initialize certificate from pool: %v", err)
+	}
+	return nil
+}
+
+func (c *Client) LoadCertificateFromPool(certPool *x509.CertPool) error {
+	// make sure we have a valid cert pool
+	if certPool == nil {
+		return fmt.Errorf("invalid cert pool")
+	}
+
+	// make sure that we can access the internal client
+	c.Transport = &http.Transport{
+		TLSClientConfig: &tls.Config{
+			RootCAs:            certPool,
+			InsecureSkipVerify: false,
+		},
+		DisableKeepAlives: true,
+		Dial: (&net.Dialer{
+			Timeout:   120 * time.Second,
+			KeepAlive: 120 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout:   120 * time.Second,
+		ResponseHeaderTimeout: 120 * time.Second,
+	}
+	return nil
+}
+
 func mustOpen(f string) *os.File {
 	r, err := os.Open(f)
 	if err != nil {