Add TLS to the web server (#2086)

Co-authored-by: Jayden <23619946+Silverarmor@users.noreply.github.com> Co-authored-by: kuba <xnetcat.dev@gmail.com>
spotDL · Jul 20, 2024 · d78d071 · d78d071
1 parent cc8d847
commit d78d071
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 2 deletions.
diff --git a/docs/usage.md b/docs/usage.md
@@ -309,6 +309,10 @@ If you don't want config to load automatically change `load_config` option in co
     "port": 8800,
     "host": "localhost",
     "keep_alive": false,
+    "enable_tls": false,
+    "key_file": null,
+    "cert_file":null,
+    "ca_file":null,
     "allowed_origins": null,
     "keep_sessions": false,
     "only_verified_results": false,
@@ -474,6 +478,12 @@ Web options:
                         The allowed origins for the web server.
   --web-use-output-dir  Use the output directory instead of the session directory for downloads. (This might cause issues if you have multiple users using the web-ui at the same time)
   --keep-sessions       Keep the session directory after the web server is closed.
+  --enable-tls          Enable TLS on the web server.
+  --cert-file CERT_FILE
+                        File Path to the TLS Certificate Chain (PEM format).
+  --key-file KEY_FILE   File Path to the TLS Private Key (PEM format).
+  --ca-file CA_FILE     File Path to the TLS Certificate Authority File (PEM format).
+
 
 Misc options:
   --log-level {CRITICAL,FATAL,ERROR,WARN,WARNING,INFO,MATCH,DEBUG,NOTSET}

diff --git a/spotdl/console/web.py b/spotdl/console/web.py
@@ -98,7 +98,7 @@ def web(web_settings: WebOptions, downloader_settings: DownloaderOptions):
         SPAStaticFiles(directory=web_app_dir + "/dist", html=True),
         name="static",
     )
-
+    protocol = "http"
     config = Config(
         app=app_state.api,
         host=web_settings["host"],
@@ -107,13 +107,19 @@ def web(web_settings: WebOptions, downloader_settings: DownloaderOptions):
         log_level=NAME_TO_LEVEL[downloader_settings["log_level"]],
         loop=app_state.loop,  # type: ignore
     )
+    if web_settings["enable_tls"]:
+        logger.info("Enabeling TLS")
+        protocol = "https"
+        config.ssl_certfile = web_settings["cert_file"]
+        config.ssl_keyfile = web_settings["key_file"]
+        config.ssl_ca_certs = web_settings["ca_file"]
 
     app_state.server = Server(config)
 
     app_state.downloader_settings = downloader_settings
 
     # Open the web browser
-    webbrowser.open(f"http://{web_settings['host']}:{web_settings['port']}/")
+    webbrowser.open(f"{protocol}://{web_settings['host']}:{web_settings['port']}/")
 
     if not web_settings["web_use_output_dir"]:
         logger.info(

diff --git a/spotdl/types/options.py b/spotdl/types/options.py
@@ -97,6 +97,10 @@ class WebOptions(TypedDict):
     port: int
     host: str
     keep_alive: bool
+    enable_tls: bool
+    key_file: str | None
+    cert_file: str | None
+    ca_file: str | None
     allowed_origins: Optional[List[str]]
     keep_sessions: bool
 
@@ -183,6 +187,10 @@ class WebOptionalOptions(TypedDict, total=False):
     port: int
     host: str
     keep_alive: bool
+    enable_tls: bool
+    key_file: str | None
+    cert_file: str | None
+    ca_file: str | None
     allowed_origins: Optional[str]
     keep_sessions: bool
 

diff --git a/spotdl/utils/arguments.py b/spotdl/utils/arguments.py
@@ -659,6 +659,31 @@ def parse_web_options(parser: _ArgumentGroup):
         help="Keep the session directory after the web server is closed.",
     )
 
+    # Enable TLS for the web server
+    parser.add_argument(
+        "--enable-tls",
+        action="store_const",
+        const=True,
+        help="Enable TLS on the web server.",
+    )
+
+    # Add File Location of the TLS Certificate file (Pem Format)
+    parser.add_argument(
+        "--cert-file", type=str, help="File Path to the TLS Certificate (PEM format)."
+    )
+
+    # Add File Location of the TLS Private Key file (Pem Format)
+    parser.add_argument(
+        "--key-file", type=str, help="File Path to the TLS Private Key (PEM format)."
+    )
+
+    # Add File Location of the TLS Certificate Authority file (Pem Format)
+    parser.add_argument(
+        "--ca-file",
+        type=str,
+        help="File Path to the TLS Certificate Authority File (PEM format).",
+    )
+
 
 def parse_misc_options(parser: _ArgumentGroup):
     """

diff --git a/spotdl/utils/config.py b/spotdl/utils/config.py
@@ -337,6 +337,10 @@ def get_parameter(cls, key):
     "port": 8800,
     "host": "localhost",
     "keep_alive": False,
+    "enable_tls": False,
+    "key_file": None,
+    "cert_file": None,
+    "ca_file": None,
     "allowed_origins": None,
     "keep_sessions": False,
 }

diff --git a/spotdl/utils/web.py b/spotdl/utils/web.py
@@ -564,6 +564,10 @@ def get_options() -> Dict[str, Any]:
         "host",
         "port",
         "keep_alive",
+        "enable_tls",
+        "key_file",
+        "cert_file",
+        "ca_file",
         "allowed_origins",
         "web_use_output_dir",
         "keep_sessions",