add GLEAM_CACERTS_PATH env variable

gleam-lang · Dec 2, 2024 · 56b73d5 · 56b73d5
1 parent cf5ad56
commit 56b73d5
Showing 1 changed file with 31 additions and 1 deletion.
diff --git a/compiler-cli/src/http.rs b/compiler-cli/src/http.rs
@@ -6,6 +6,7 @@ use gleam_core::{Error, Result};
 use http::{Request, Response};
 
 static REQWEST_CLIENT: OnceLock<reqwest::Client> = OnceLock::new();
+static CERTS_ENV_VAR: &str = "GLEAM_CACERTS_PATH";
 
 #[derive(Debug)]
 pub struct HttpClient;
@@ -27,7 +28,7 @@ impl gleam_core::io::HttpClient for HttpClient {
             .try_into()
             .expect("Unable to convert HTTP request for use by reqwest library");
         let mut response = REQWEST_CLIENT
-            .get_or_init(reqwest::Client::new)
+            .get_or_init(init_client)
             .execute(request)
             .await
             .map_err(Error::http)?;
@@ -42,3 +43,32 @@ impl gleam_core::io::HttpClient for HttpClient {
             .map_err(Error::http)
     }
 }
+
+fn init_client() -> reqwest::Client {
+    if let Some(cert) = get_certificate() {
+        return reqwest::Client::builder()
+            .add_root_certificate(cert)
+            .build()
+            .expect("Unable to initialize a reqwest HTTP client");
+    } else {
+        return reqwest::Client::new();
+    }
+}
+
+fn get_certificate() -> Option<reqwest::Certificate> {
+    match std::env::var(CERTS_ENV_VAR) {
+        Ok(certs_path) => {
+            let data = std::fs::read(certs_path).expect(&format!(
+                "Unable to read certs file set as `{}`",
+                CERTS_ENV_VAR
+            ));
+            let cert = reqwest::Certificate::from_pem(&data).expect(&format!(
+                "Unable to construct a certificate from certs file set as `{}`",
+                CERTS_ENV_VAR
+            ));
+
+            Some(cert)
+        }
+        _ => None,
+    }
+}