Add option to have miniflare accept https requests

.gitguardian.yaml

@@ -0,0 +1,4 @@
+secret:
+  ignored-paths:
+    - packages/miniflare/src/http/cert.ts
+version: 2

packages/miniflare/src/http/cert.ts

@@ -0,0 +1,30 @@
+// Generated via
+// openssl ecparam -name prime256v1 -genkey -noout -out key.pem
+export const KEY = `
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIC+umAaVUbEfPqGA9M7b5zAP7tN2eLT1bu8U8gpbaKbsoAoGCCqGSM49
+AwEHoUQDQgAEtrIEgzogjrUHIvB4qgjg/cT7blhWuLUfSUp6H62NCo21NrVWgPtC
+mCWw+vbGTBwIr/9X1S4UL1/f3zDICC7YSA==
+-----END EC PRIVATE KEY-----
+`;
+
+// Genereated via
+// openssl req -new -x509 -days 36500 -config openssl.cnf  -key key.pem -out cert.pem
+export const CERT = `
+-----BEGIN CERTIFICATE-----
+MIICcDCCAhegAwIBAgIUE97EcbEWw3YZMN/ucGBSzJ/5qA4wCgYIKoZIzj0EAwIw
+VTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4x
+EzARBgNVBAoMCkNsb3VkZmxhcmUxEDAOBgNVBAsMB1dvcmtlcnMwIBcNMjMwNjIy
+MTg1ODQ3WhgPMjEyMzA1MjkxODU4NDdaMFUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
+DAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMRMwEQYDVQQKDApDbG91ZGZsYXJlMRAw
+DgYDVQQLDAdXb3JrZXJzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtrIEgzog
+jrUHIvB4qgjg/cT7blhWuLUfSUp6H62NCo21NrVWgPtCmCWw+vbGTBwIr/9X1S4U
+L1/f3zDICC7YSKOBwjCBvzAdBgNVHQ4EFgQUSXahTksi00c6KhUECHIY4FLW7Sow
+HwYDVR0jBBgwFoAUSXahTksi00c6KhUECHIY4FLW7SowDwYDVR0TAQH/BAUwAwEB
+/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+CwYDVR0PBAQDAgL0MDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
+BQUHAwMGCCsGAQUFBwMIMAoGCCqGSM49BAMCA0cAMEQCIE2qnXbKTHQ8wtwI+9XR
+h4ivDyz7w7iGxn3+ccmj/CQqAiApdX/Iz/jGRzi04xFlE4GoPVG/zaMi64ckmIpE
+ez/dHA==
+-----END CERTIFICATE-----
+`;

packages/miniflare/src/http/index.ts

@@ -2,6 +2,7 @@ export * from "./fetch";
 export * from "./request";
 export * from "./response";
 export * from "./websocket";
+export * from "./server";
 
 export { File, FormData, Headers } from "undici";
 export type {

packages/miniflare/src/http/server.ts

@@ -0,0 +1,68 @@
+import fs from "fs/promises";
+import { PluginSharedOptions } from "../index";
+import { HEADER_CF_BLOB, SERVICE_ENTRY, SOCKET_ENTRY } from "../plugins";
+import { HttpOptions, Socket, Socket_Https } from "../runtime";
+import { Awaitable } from "../shared";
+import { CERT, KEY } from "./cert";
+
+export async function configureEntrySocket(
+  sharedOpts: PluginSharedOptions
+): Promise<Socket> {
+  const coreOpts = sharedOpts.core;
+
+  const httpOptions = {
+    // Even though we inject a `cf` object in the entry worker, allow it to
+    // be customised via `dispatchFetch`
+    cfBlobHeader: HEADER_CF_BLOB,
+  };
+
+  let privateKey: string | undefined = undefined;
+  let certificateChain: string | undefined = undefined;
+
+  if (
+    (coreOpts.httpsKey || coreOpts.httpsKeyPath) &&
+    (coreOpts.httpsCert || coreOpts.httpsCertPath)
+  ) {
+    privateKey = await valueOrFile(coreOpts.httpsKey, coreOpts.httpsKeyPath);
+    certificateChain = await valueOrFile(
+      coreOpts.httpsCert,
+      coreOpts.httpsCertPath
+    );
+  } else if (coreOpts.https) {
+    privateKey = KEY;
+    certificateChain = CERT;
+  }
+
+  let options: { http: HttpOptions } | { https: Socket_Https };
+
+  if (privateKey && certificateChain) {
+    options = {
+      https: {
+        options: httpOptions,
+        tlsOptions: {
+          keypair: {
+            privateKey: privateKey,
+            certificateChain: certificateChain,
+          },
+        },
+      },
+    };
+  } else {
+    options = {
+      http: httpOptions,
+    };
+  }
+
+  return {
+    name: SOCKET_ENTRY,
+    service: { name: SERVICE_ENTRY },
+    ...options,
+  };
+}
+
+function valueOrFile(
+  value?: string,
+  filePath?: string
+): Awaitable<string | undefined> {
+  return value ?? (filePath && fs.readFile(filePath, "utf8"));
+}

packages/miniflare/src/index.ts

@@ -18,6 +18,7 @@ import {
   Request,
   RequestInit,
   Response,
+  configureEntrySocket,
   coupleWebSocket,
   fetch,
 } from "./http";
@@ -33,8 +34,6 @@ import {
   Plugins,
   QueueConsumers,
   QueuesError,
-  SERVICE_ENTRY,
-  SOCKET_ENTRY,
   SharedOptions,
   WorkerOptions,
   getGlobalServices,
@@ -82,7 +81,7 @@ export type MiniflareOptions = SharedOptions &
 type PluginWorkerOptions = {
   [Key in keyof Plugins]: z.infer<Plugins[Key]["options"]>;
 };
-type PluginSharedOptions = {
+export type PluginSharedOptions = {
   [Key in keyof Plugins]: OptionalZodTypeOf<Plugins[Key]["sharedOptions"]>;
 };
 
@@ -716,15 +715,7 @@ export class Miniflare {
       services.set(service.name, service);
     }
 
-    const sockets: Socket[] = [
-      {
-        name: SOCKET_ENTRY,
-        service: { name: SERVICE_ENTRY },
-        // Even though we inject a `cf` object in the entry worker, allow it to
-        // be customised via `dispatchFetch`
-        http: { cfBlobHeader: HEADER_CF_BLOB },
-      },
-    ];
+    const sockets: Socket[] = [await configureEntrySocket(sharedOpts)];
 
     for (let i = 0; i < allWorkerOpts.length; i++) {
       const workerOpts = allWorkerOpts[i];

packages/miniflare/src/plugins/core/index.ts

@@ -87,10 +87,21 @@ export const CoreOptionsSchema = z.intersection(
   })
 );
 
+export interface KeyPair {
+  key: string;
+  cert: string;
+}
+
 export const CoreSharedOptionsSchema = z.object({
   host: z.string().optional(),
   port: z.number().optional(),
 
+  https: z.boolean().optional(),
+  httpsKey: z.string().optional(),
+  httpsKeyPath: z.string().optional(),
+  httpsCert: z.string().optional(),
+  httpsCertPath: z.string().optional(),
+
   inspectorPort: z.number().optional(),
   verbose: z.boolean().optional(),
 

packages/miniflare/src/plugins/index.ts

@@ -95,6 +95,7 @@ export type {
   ModuleDefinition,
   GlobalServicesOptions,
   SourceOptions,
+  KeyPair,
 } from "./core";
 export * from "./d1";
 export * from "./do";