tool/lxutils
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

增加tls

Browse Source
This commit is contained in:
wangjie 2025-07-25 23:20:22 +08:00
parent 22e5f6b918
commit a660df1d9e
1 changed files with 50 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lxDb/db.go
View File

@ -2,15 +2,20 @@ package lxDb
import ( import (
"context" "context"
"crypto/tls"
"crypto/x509"
"fmt" "fmt"
"io/ioutil"
"os"
"git.listensoft.net/tool/lxutils/lxzap" "git.listensoft.net/tool/lxutils/lxzap"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/go-sql-driver/mysql"
"go.uber.org/zap" "go.uber.org/zap"
"gorm.io/driver/mysql" gormMysql "gorm.io/driver/mysql"
"gorm.io/gorm" "gorm.io/gorm"
"gorm.io/gorm/logger" "gorm.io/gorm/logger"
"gorm.io/gorm/schema" "gorm.io/gorm/schema"
"os"
) )
// DB2.0 数据库连接 gorm2.0 // DB2.0 数据库连接 gorm2.0
@ -23,6 +28,7 @@ type DbConfig struct {
Password string Password string
Database string Database string
Charset string Charset string
TLS string
} }
func GetDB(c *gin.Context, dbName ...string) *gorm.DB { func GetDB(c *gin.Context, dbName ...string) *gorm.DB {
@ -65,13 +71,51 @@ func InitDB(env string, conf DbConfig) {
fmt.Println("未配置Db连接") fmt.Println("未配置Db连接")
return return
} }
if conf.Charset == "" { if conf.Charset == "" {
conf.Charset = "utf8mb4" conf.Charset = "utf8mb4"
} }
dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=%s&parseTime=True&loc=Local",
conf.User, conf.Password, conf.Host, conf.Port, conf.Database, conf.Charset) // 如果配置了TLS则设置TLS连接
if conf.TLS != "" {
// 1. 读取CA证书
caCert, err := ioutil.ReadFile("path/to/ca.pem")
if err != nil {
panic("读取CA证书失败: " + err.Error())
}
// 2. 创建证书池并添加CA证书
caCertPool := x509.NewCertPool()
if !caCertPool.AppendCertsFromPEM(caCert) {
panic("添加CA证书到池失败")
}
// 3. 加载客户端证书和私钥
cert, err := tls.LoadX509KeyPair("path/to/client-cert.pem", "path/to/client-key.pem")
if err != nil {
panic("加载客户端证书失败: " + err.Error())
}
// 4. 创建TLS配置
tlsConfig := &tls.Config{
RootCAs: caCertPool, // 信任的CA
Certificates: []tls.Certificate{cert}, // 客户端证书
MinVersion: tls.VersionTLS12, // 最小TLS版本
}
// 5. 注册自定义TLS配置到MySQL驱动
mysql.RegisterTLSConfig("custom-tls", tlsConfig)
}
var dsn string
if conf.TLS != "" {
dsn = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=%s&parseTime=True&loc=Local&tls=custom-tls",
conf.User, conf.Password, conf.Host, conf.Port, conf.Database, conf.Charset)
} else {
dsn = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=%s&parseTime=True&loc=Local",
conf.User, conf.Password, conf.Host, conf.Port, conf.Database, conf.Charset)
}
if env == "dev" { if env == "dev" {
db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{ db, err := gorm.Open(gormMysql.Open(dsn), &gorm.Config{
Logger: logger.Default.LogMode(logger.Info), Logger: logger.Default.LogMode(logger.Info),
NamingStrategy: schema.NamingStrategy{ NamingStrategy: schema.NamingStrategy{
SingularTable: true, // 使用单数表名,启用该选项,此时,`User` 的表名应该是 `user` SingularTable: true, // 使用单数表名,启用该选项,此时,`User` 的表名应该是 `user`
@ -84,7 +128,7 @@ func InitDB(env string, conf DbConfig) {
DBS[conf.Name] = db DBS[conf.Name] = db
} else { } else {
logger2 := lxzap.NewGormZap(zap.L()) logger2 := lxzap.NewGormZap(zap.L())
db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{ db, err := gorm.Open(gormMysql.Open(dsn), &gorm.Config{
//Logger: logger.Default.LogMode(logger.Info), //Logger: logger.Default.LogMode(logger.Info),
Logger: logger2, Logger: logger2,
NamingStrategy: schema.NamingStrategy{ NamingStrategy: schema.NamingStrategy{