eng-pad-server/internal/grpcserver/server.go

package grpcserver

import (
	"crypto/tls"
	"database/sql"
	"fmt"
	"log/slog"
	"net"

	pb "git.wntrmute.dev/kyle/eng-pad-server/gen/engpad/v1"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
)

type Config struct {
	Addr      string
	PlainAddr string
	TLSCert   string
	TLSKey    string
	DB        *sql.DB
	BaseURL   string
}

// Start creates and starts the gRPC server. It returns the server so the
// caller can manage graceful shutdown. The server runs in a background
// goroutine; errors are sent to errCh.
func Start(cfg Config) (*grpc.Server, error) {
	cert, err := tls.LoadX509KeyPair(cfg.TLSCert, cfg.TLSKey)
	if err != nil {
		return nil, fmt.Errorf("load TLS cert: %w", err)
	}

	tlsConfig := &tls.Config{
		Certificates: []tls.Certificate{cert},
		MinVersion:   tls.VersionTLS12,
	}

	lis, err := net.Listen("tcp", cfg.Addr)
	if err != nil {
		return nil, fmt.Errorf("listen %s: %w", cfg.Addr, err)
	}

	srv := grpc.NewServer(
		grpc.Creds(credentials.NewTLS(tlsConfig)),
		grpc.UnaryInterceptor(AuthInterceptor(cfg.DB)),
	)

	syncSvc := &SyncService{DB: cfg.DB, BaseURL: cfg.BaseURL}
	pb.RegisterEngPadSyncServiceServer(srv, syncSvc)

	slog.Info("gRPC server started", "addr", cfg.Addr)
	go func() { _ = srv.Serve(lis) }()

	// Optional plaintext listener for reverse proxy (e.g. nginx grpc_pass).
	if cfg.PlainAddr != "" {
		plainLis, err := net.Listen("tcp", cfg.PlainAddr)
		if err != nil {
			return nil, fmt.Errorf("listen %s: %w", cfg.PlainAddr, err)
		}
		plainSrv := grpc.NewServer(
			grpc.UnaryInterceptor(AuthInterceptor(cfg.DB)),
		)
		pb.RegisterEngPadSyncServiceServer(plainSrv, syncSvc)
		slog.Info("gRPC plaintext server started", "addr", cfg.PlainAddr)
		go func() { _ = plainSrv.Serve(plainLis) }()
	}

	return srv, nil
}