3 files changed, 89 insertions, 7 deletions
diff --git a/system/admin/config/config.go b/system/admin/config/config.go
index c83c311..66f767d 100644
--- a/system/admin/config/config.go
+++ b/system/admin/config/config.go
@@ -12,6 +12,7 @@ type Config struct {
 
 	Name            string   `json:"name"`
 	Domain          string   `json:"domain"`
+	AdminEmail      string   `json:"admin_email"`
 	ClientSecret    string   `json:"client_secret"`
 	Etag            string   `json:"etag"`
 	CacheInvalidate []string `json:"-"`
@@ -48,8 +49,13 @@ func (c *Config) MarshalEditor() ([]byte, error) {
 			}),
 		},
 		editor.Field{
+			View: editor.Input("AdminEmail", c, map[string]string{
+				"label": "Adminstrator Email (will be notified of internal system information)",
+			}),
+		},
+		editor.Field{
 			View: editor.Input("ClientSecret", c, map[string]string{
-				"label":    "Client Secret (used to validate requests)",
+				"label":    "Client Secret (used to validate requests, DO NOT SHARE)",
 				"disabled": "true",
 			}),
 		},
diff --git a/system/admin/handlers.go b/system/admin/handlers.go
index de340ae..497dec6 100644
--- a/system/admin/handlers.go
+++ b/system/admin/handlers.go
@@ -66,18 +66,20 @@ func initHandler(res http.ResponseWriter, req *http.Request) {
 		etag := db.NewEtag()
 		req.Form.Set("etag", etag)
 
-		err = db.SetConfig(req.Form)
+		email := strings.ToLower(req.FormValue("email"))
+		password := req.FormValue("password")
+		usr := user.NewUser(email, password)
+
+		_, err = db.SetUser(usr)
 		if err != nil {
 			fmt.Println(err)
 			res.WriteHeader(http.StatusInternalServerError)
 			return
 		}
 
-		email := strings.ToLower(req.FormValue("email"))
-		password := req.FormValue("password")
-		usr := user.NewUser(email, password)
-
-		_, err = db.SetUser(usr)
+		// set initial user email as admin_email and make config
+		req.Form.Set("admin_email", email)
+		err = db.SetConfig(req.Form)
 		if err != nil {
 			fmt.Println(err)
 			res.WriteHeader(http.StatusInternalServerError)
diff --git a/system/tls/enable.go b/system/tls/enable.go
new file mode 100644
index 0000000..4be0aa8
--- /dev/null
+++ b/system/tls/enable.go
@@ -0,0 +1,74 @@
+package tls
+
+import (
+	"crypto/tls"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/bosssauce/ponzu/system/db"
+
+	"golang.org/x/crypto/acme/autocert"
+)
+
+var m autocert.Manager
+
+// setup attempts to locate or create the cert cache directory and the certs for TLS encryption
+func setup() {
+	pwd, err := os.Getwd()
+	if err != nil {
+		log.Fatalln("Couldn't find working directory to locate or save certificates.")
+	}
+
+	cache := autocert.DirCache(filepath.Join(pwd, "system", "tls", "certs"))
+	if _, err := os.Stat(string(cache)); os.IsNotExist(err) {
+		err := os.MkdirAll(string(cache), os.ModePerm|os.ModeDir)
+		if err != nil {
+			log.Fatalln("Couldn't create cert directory at", cache)
+		}
+	}
+
+	// get host/domain and email from Config to use for TLS request to Let's encryption.
+	// we will fail fatally if either are not found since Let's Encrypt will rate-limit
+	// and sending incomplete requests is wasteful and guarenteed to fail its check
+	host, err := db.Config("domain")
+	if err != nil {
+		log.Fatalln("Error identifying host/domain during TLS set-up.", err)
+	}
+
+	if host == nil {
+		log.Fatalln("No 'domain' field set in Configuration. Please add a domain before attempting to make certificates.")
+	}
+
+	email, err := db.Config("admin_email")
+	if err != nil {
+		log.Fatalln("Error identifying admin email during TLS set-up.", err)
+	}
+
+	if email == nil {
+		log.Fatalln("No 'admin_email' field set in Configuration. Please add an admin email before attempting to make certificates.")
+	}
+
+	m = autocert.Manager{
+		Prompt:      autocert.AcceptTOS,
+		Cache:       cache,
+		HostPolicy:  autocert.HostWhitelist(string(host)),
+		RenewBefore: time.Hour * 24 * 30,
+		Email:       string(email),
+	}
+
+}
+
+// Enable runs the setup for creating or locating certificates and starts the TLS server
+func Enable() {
+	setup()
+
+	server := &http.Server{
+		Addr:      ":443",
+		TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
+	}
+
+	go log.Fatalln(server.ListenAndServeTLS("", ""))
+}