// grpc server
package main

import (
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"
	"net"

	log "github.com/sirupsen/logrus"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"

	pb "github.com/esinio/geco/gen/proto/echo/v1"
	srv "github.com/esinio/geco/service/echo/v1"
)

func main() {
	cert, err := tls.LoadX509KeyPair("./cert/server.pem", "./cert/server.key")
	if err != nil {
		log.Fatal(err)
	}

	certPool := x509.NewCertPool()
	ca, err := ioutil.ReadFile("./cert/ca.pem")
	if err != nil {
		log.Fatal(err)
	}
	if ok := certPool.AppendCertsFromPEM(ca); !ok {
		log.Fatal("failed to append certs")
	}

	creds := credentials.NewTLS(&tls.Config{
		Certificates: []tls.Certificate{cert},
		ClientAuth:   tls.RequireAndVerifyClientCert, // NOTE: this is optional!
		ClientCAs:    certPool,
	})

	s := grpc.NewServer(grpc.Creds(creds))
	pb.RegisterEchoServiceServer(s, srv.NewService())
	lis, err := net.Listen("tcp", ":9090")
	if err != nil {
		panic(err)
	}
	defer lis.Close()

	defer s.GracefulStop()

	if err := s.Serve(lis); err != nil {
		panic(err)
	}
}