feat: add AnyIP certificate download with cache and fallback chain

internal/server/server.go

@@ -5,35 +5,32 @@ import (
 	"fmt"
 	"io/fs"
 	"log/slog"
-
 	"github.com/gofiber/fiber/v3"
 	"github.com/gofiber/fiber/v3/middleware/static"
-
 	"github.com/imbytecat/voicepaste/internal/config"
-	vpTLS "github.com/imbytecat/voicepaste/internal/tls"
 )
 
 // Server holds the Fiber app and related state.
 type Server struct {
-	app   *fiber.App
-	token string
-	lanIP string
-	webFS fs.FS
+	app    *fiber.App
+	token  string
+	lanIP  string
+	webFS  fs.FS
+	tlsCfg *tls.Config // nil = no TLS
 }
 
 // New creates a new Server instance.
-func New(token, lanIP string, webFS fs.FS) *Server {
+func New(token, lanIP string, webFS fs.FS, tlsCfg *tls.Config) *Server {
 	app := fiber.New(fiber.Config{
 		AppName: "VoicePaste",
 	})
-
 	s := &Server{
-		app:   app,
-		token: token,
-		lanIP: lanIP,
-		webFS: webFS,
+		app:    app,
+		token:  token,
+		lanIP:  lanIP,
+		webFS:  webFS,
+		tlsCfg: tlsCfg,
 	}
-
 	s.setupRoutes()
 	return s
 }
@@ -66,21 +63,15 @@ func (s *Server) Token() string {
 func (s *Server) Start() error {
 	cfg := config.Get()
 	addr := fmt.Sprintf(":%d", cfg.Server.Port)
-
-	if cfg.Server.TLSAuto {
-		tlsCfg, err := vpTLS.GetTLSConfig(s.lanIP)
-		if err != nil {
-			return fmt.Errorf("TLS setup failed: %w", err)
-		}
+	if s.tlsCfg != nil {
 		slog.Info("starting HTTPS server", "addr", addr)
 		return s.app.Listen(addr, fiber.ListenConfig{
 			TLSConfig: &tls.Config{
-				Certificates: tlsCfg.Certificates,
+				Certificates: s.tlsCfg.Certificates,
 				MinVersion:   tls.VersionTLS12,
 			},
 		})
 	}
-
 	slog.Info("starting HTTP server (no TLS)", "addr", addr)
 	return s.app.Listen(addr)
 }