From 4ce9471a8e4123b2e8dab0f115db1ad36310fae1 Mon Sep 17 00:00:00 2001
From: Corey Johnson <probablycorey@gmail.com>
Date: Thu, 12 Mar 2026 13:44:36 -0700
Subject: [PATCH] Auto-generate self-signed TLS certs on startup

getUserMedia requires HTTPS, so generate certs if missing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/server/index.tsx | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 1457df5..6d14166 100644
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -22,16 +22,26 @@ app.get('/ggwave.js', () =>
 
 startup(PORT)
 
-const hasCerts = await Bun.file('./certs/cert.pem').exists()
+async function ensureCerts() {
+  const certPath = './certs/cert.pem'
+  const keyPath = './certs/key.pem'
+  if (await Bun.file(certPath).exists()) return
+
+  const { mkdirSync } = await import('fs')
+  mkdirSync('./certs', { recursive: true })
+  Bun.spawnSync(['openssl', 'req', '-x509', '-newkey', 'rsa:2048',
+    '-keyout', keyPath, '-out', certPath,
+    '-days', '365', '-nodes', '-subj', '/CN=localhost'])
+}
+
+await ensureCerts()
 
 export default {
   ...app.defaults,
   port: PORT,
   idleTimeout: 255,
-  ...(hasCerts && {
-    tls: {
-      key: Bun.file('./certs/key.pem'),
-      cert: Bun.file('./certs/cert.pem'),
-    },
-  }),
+  tls: {
+    key: Bun.file('./certs/key.pem'),
+    cert: Bun.file('./certs/cert.pem'),
+  },
 }