From 2333eb94c0352f34fb11508c113925d4eaa91786 Mon Sep 17 00:00:00 2001 From: "DESKTOP-4RNDQIC\\29019" <290198252@qq.com> Date: Sun, 30 Aug 2020 18:44:29 +0800 Subject: [PATCH] gorm ssl --- .gitignore | 1 + db/sqlManager.go | 83 ++++++++++++++++++++++++++++++++++++++++-------- main.go | 2 +- 3 files changed, 71 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 04675b1..713c541 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ background image/ deploy.bat docbackground.exe +__debug_bin diff --git a/db/sqlManager.go b/db/sqlManager.go index b2017c6..b43ce05 100644 --- a/db/sqlManager.go +++ b/db/sqlManager.go @@ -10,6 +10,7 @@ import ( "io/ioutil" "log" "os" + "time" "github.com/go-sql-driver/mysql" _ "github.com/go-sql-driver/mysql" @@ -31,20 +32,78 @@ func Init() { //InitMongoDb() log.Print("api runmode is " + config.ApiConfig().RunMode) if config.ApiConfig().RunMode == "debug" { - gDb = Database{Type: string(""), DB: initMysql(mysqlconf)} - sqls := fmt.Sprintf("%s:%s@(%s)/%s?charset=utf8&parseTime=True&loc=Local", - mysqlconf.UserName, mysqlconf.Password, mysqlconf.Addr, - mysqlconf.Db) - log.Print(sqls) - gOrm, e = gorm.Open("mysql", sqls) + gDb = Database{Type: string(""), DB: initMysqlTLS(mysqlconf)} + rootCertPool := x509.NewCertPool() + pem, err := ioutil.ReadFile("pem/ca.pem") + if err != nil { + log.Fatal(err) + } + if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { + log.Fatal("Failed to append PEM.") + } + clientCert := make([]tls.Certificate, 0, 1) + certs, err := tls.LoadX509KeyPair("pem/client-cert.pem", "pem/client-key.pem") + if err != nil { + log.Fatal(err) + } + clientCert = append(clientCert, certs) + mysql.RegisterTLSConfig("custom", &tls.Config{ + RootCAs: rootCertPool, + Certificates: clientCert, + InsecureSkipVerify: true, + }) + // try to connect to mysql database. + cfg := mysql.Config{ + User: config.GetMysqlBlogConfig().UserName, + Passwd: config.GetMysqlBlogConfig().Password, + Addr: config.GetMysqlBlogConfig().Addr, //IP:PORT + Net: "tcp", + DBName: "background", + Loc: time.Local, + AllowNativePasswords: true, + } + cfg.TLSConfig = "custom" + str := cfg.FormatDSN() + gOrm, e = gorm.Open("mysql", str) if nil != e { log.Print(e.Error()) os.Exit(-1) } } else { - sqls := fmt.Sprintf("%s:%s@/%s?charset=utf8&parseTime=True&loc=Local", mysqlconf.UserName, mysqlconf.Password, - mysqlconf.Db) - gOrm, e = gorm.Open("mysql", sqls) + rootCertPool := x509.NewCertPool() + pem, err := ioutil.ReadFile("pem/ca.pem") + if err != nil { + log.Fatal(err) + } + if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { + log.Fatal("Failed to append PEM.") + } + clientCert := make([]tls.Certificate, 0, 1) + certs, err := tls.LoadX509KeyPair("pem/client-cert.pem", "pem/client-key.pem") + if err != nil { + log.Fatal(err) + } + clientCert = append(clientCert, certs) + log.Print("client cert is ", clientCert) + mysql.RegisterTLSConfig("custom", &tls.Config{ + RootCAs: rootCertPool, + Certificates: clientCert, + }) + + // try to connect to mysql database. + cfg := mysql.Config{ + User: config.GetMysqlBlogConfig().UserName, + Passwd: config.GetMysqlBlogConfig().Password, + Addr: config.GetMysqlBlogConfig().Addr, //IP:PORT + Net: "tcp", + DBName: "background", + Loc: time.Local, + AllowNativePasswords: true, + } + cfg.TLSConfig = "custom" + str := cfg.FormatDSN() + log.Print(str) + gOrm, e = gorm.Open("mysql", str) if nil != e { log.Print(e.Error()) os.Exit(-1) @@ -72,18 +131,14 @@ func initMysql(mysqlconf *config.MysqlConfig) *sql.DB { cnn := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?charset=utf8", mysqlconf.UserName, mysqlconf.Password, mysqlconf.Addr, mysqlconf.Db) log.Print("Connect to mysql " + cnn) - - //db := mysql.New(proto, "", addr, user, pass, dbname) - _db, err := sql.Open("mysql", cnn) if err != nil { fmt.Println("connect sql server ", err.Error()) os.Exit(200) - } e := _db.Ping() if nil != e { - fmt.Println(e.Error()) + fmt.Println("ping mysql server error", e.Error()) os.Exit(200) } return _db diff --git a/main.go b/main.go index 6d98b42..31ba787 100644 --- a/main.go +++ b/main.go @@ -13,8 +13,8 @@ import ( "strconv" "github.com/gin-gonic/gin" - swaggerFiles "github.com/swaggo/files" // swagger embed files ginSwagger "github.com/swaggo/gin-swagger" // gin-swagger middleware + "github.com/swaggo/gin-swagger/swaggerFiles" sessions "github.com/tommy351/gin-sessions" )