From a660df1d9eeed1aa80a389a32a304d058c0cfb36 Mon Sep 17 00:00:00 2001
From: wangjie <JerryWon1214@gmail.com>
Date: Fri, 25 Jul 2025 23:20:22 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0tls?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lxDb/db.go | 56 ++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 50 insertions(+), 6 deletions(-)

diff --git a/lxDb/db.go b/lxDb/db.go
index 94126c0..1b1a081 100644
--- a/lxDb/db.go
+++ b/lxDb/db.go
@@ -2,15 +2,20 @@ package lxDb
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io/ioutil"
+	"os"
+
 	"git.listensoft.net/tool/lxutils/lxzap"
 	"github.com/gin-gonic/gin"
+	"github.com/go-sql-driver/mysql"
 	"go.uber.org/zap"
-	"gorm.io/driver/mysql"
+	gormMysql "gorm.io/driver/mysql"
 	"gorm.io/gorm"
 	"gorm.io/gorm/logger"
 	"gorm.io/gorm/schema"
-	"os"
 )
 
 // DB2.0 数据库连接 gorm2.0
@@ -23,6 +28,7 @@ type DbConfig struct {
 	Password string
 	Database string
 	Charset  string
+	TLS      string
 }
 
 func GetDB(c *gin.Context, dbName ...string) *gorm.DB {
@@ -65,13 +71,51 @@ func InitDB(env string, conf DbConfig) {
 		fmt.Println("未配置Db连接")
 		return
 	}
+
 	if conf.Charset == "" {
 		conf.Charset = "utf8mb4"
 	}
-	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=%s&parseTime=True&loc=Local",
-		conf.User, conf.Password, conf.Host, conf.Port, conf.Database, conf.Charset)
+
+	// 如果配置了TLS，则设置TLS连接
+	if conf.TLS != "" {
+		// 1. 读取CA证书
+		caCert, err := ioutil.ReadFile("path/to/ca.pem")
+		if err != nil {
+			panic("读取CA证书失败: " + err.Error())
+		}
+
+		// 2. 创建证书池并添加CA证书
+		caCertPool := x509.NewCertPool()
+		if !caCertPool.AppendCertsFromPEM(caCert) {
+			panic("添加CA证书到池失败")
+		}
+
+		// 3. 加载客户端证书和私钥
+		cert, err := tls.LoadX509KeyPair("path/to/client-cert.pem", "path/to/client-key.pem")
+		if err != nil {
+			panic("加载客户端证书失败: " + err.Error())
+		}
+
+		// 4. 创建TLS配置
+		tlsConfig := &tls.Config{
+			RootCAs:      caCertPool,              // 信任的CA
+			Certificates: []tls.Certificate{cert}, // 客户端证书
+			MinVersion:   tls.VersionTLS12,        // 最小TLS版本
+		}
+
+		// 5. 注册自定义TLS配置到MySQL驱动
+		mysql.RegisterTLSConfig("custom-tls", tlsConfig)
+	}
+	var dsn string
+	if conf.TLS != "" {
+		dsn = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=%s&parseTime=True&loc=Local&tls=custom-tls",
+			conf.User, conf.Password, conf.Host, conf.Port, conf.Database, conf.Charset)
+	} else {
+		dsn = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=%s&parseTime=True&loc=Local",
+			conf.User, conf.Password, conf.Host, conf.Port, conf.Database, conf.Charset)
+	}
 	if env == "dev" {
-		db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{
+		db, err := gorm.Open(gormMysql.Open(dsn), &gorm.Config{
 			Logger: logger.Default.LogMode(logger.Info),
 			NamingStrategy: schema.NamingStrategy{
 				SingularTable: true, // 使用单数表名，启用该选项，此时，`User` 的表名应该是 `user`
@@ -84,7 +128,7 @@ func InitDB(env string, conf DbConfig) {
 		DBS[conf.Name] = db
 	} else {
 		logger2 := lxzap.NewGormZap(zap.L())
-		db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{
+		db, err := gorm.Open(gormMysql.Open(dsn), &gorm.Config{
 			//Logger: logger.Default.LogMode(logger.Info),
 			Logger: logger2,
 			NamingStrategy: schema.NamingStrategy{