Skip to content

feat(config): add secure flag to opt into HTTPS in base_url#13

Open
terafin wants to merge 1 commit into
joeblack2k:mainfrom
intarweb:feat/https-support
Open

feat(config): add secure flag to opt into HTTPS in base_url#13
terafin wants to merge 1 commit into
joeblack2k:mainfrom
intarweb:feat/https-support

Conversation

@terafin

@terafin terafin commented Jun 9, 2026

Copy link
Copy Markdown

Summary

Helpers currently hardcode http:// regardless of port, which makes them unusable against HTTPS backends. Users running modern home setups (Traefik / nginx / Caddy with auto-TLS) need to fall back to a parallel HTTP route on their backend just to keep the helper working.

Adds an opt-in secure: bool field so base_url() returns https://... when set. Defaults to false — every existing config.ini is byte-identical to before. Applied identically across mister / steamdeck / windows helpers.

Why

Real-world hit: Steam Deck and SS1 currently sync to saves-sync.siliconspirit.net:80 because that's the only path the helper can speak. Adding a Windows helper (arcade PC) revealed the same — port 443 with http:// scheme returns 404 from Traefik. Forcing a parallel HTTP route on the backend isn't tenable for setups that want TLS-only.

What

  • AppConfig gains secure: bool (default false).
  • ConfigOverrides gains secure: Option<bool>.
  • from_sources reads SECURE env/ini via existing choose_bool helper.
  • base_url():
    pub fn base_url(&self) -> String {
        let scheme = if self.secure { "https" } else { "http" };
        format!("{}://{}:{}", scheme, self.url, self.port)
    }
  • Same exact change in all three helpers.

Tests

  • base_url_uses_https_when_secure_true — happy path: SECURE=true + PORT=443https://host:443
  • base_url_remains_http_when_secure_unset_for_backwards_compat — regression guard: no SECURE set → byte-identical http://host:port (proves no behavior change for existing users)

Both tests in every helper (6 new tests total).

Migration

For users wanting HTTPS, add to config.ini:

URL = saves.example.com
PORT = 443
SECURE = true

Scope

  • Opt-in only. No existing config changes behavior unless SECURE=true is added.
  • A --secure CLI flag could follow in a separate PR if desired.

🤖 Generated with Claude Code

@terafin terafin force-pushed the feat/https-support branch 2 times, most recently from c79e087 to cdb2d08 Compare June 30, 2026 14:16
terafin referenced this pull request in intarweb/SGM-Helper Jun 30, 2026
#13 added `secure: bool` to AppConfig (config.rs), but the test-code
AppConfig{} initializers across helpers/{steamdeck,mister,windows} ×
{backend_config,service,sources}.rs lacked it -> E0063 in test compile
(CI clippy/test red; release artifact unaffected since release.yml
doesn't compile tests).

Adds `secure: false` to all 9 fixtures. Verified false is correct for
every one: grep found ZERO `secure` references in any of these test
files, so none is a secure-test (the secure=true path is exercised via
the ConfigOverrides/test_sources route). cargo check --tests + cargo
clippy --tests green on all 3 helpers.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds a `secure` opt-in (env/ini: SECURE, default false) that flips base_url
to https://. Wires it through ConfigOverrides + AppConfig across the mister,
steamdeck, and windows helpers (struct fields, the global_overrides
initializers, and all AppConfig test fixtures).
@terafin terafin force-pushed the feat/https-support branch from 298550b to 839c967 Compare June 30, 2026 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant