[incubator-devlake] branch fix#5659 updated: fix: add tls connection

[abeizn]

This is an automated email from the ASF dual-hosted git repository.

abeizn pushed a commit to branch fix#5659
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git


The following commit(s) were added to refs/heads/fix#5659 by this push:
     new f7337bbdc fix: add tls connection
f7337bbdc is described below

commit f7337bbdc211fd700eb1ad409166d27a5ce6946e
Author: abeizn <zikuan...@merico.dev>
AuthorDate: Tue Sep 26 15:37:33 2023 +0800

    fix: add tls connection
---
 backend/core/runner/db.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/backend/core/runner/db.go b/backend/core/runner/db.go
index 0a98704a4..73a4e7875 100644
--- a/backend/core/runner/db.go
+++ b/backend/core/runner/db.go
@@ -19,8 +19,12 @@ package runner
 
 import (
        "context"
+       "crypto/tls"
+       "crypto/x509"
+       "database/sql"
        "fmt"
        "net/url"
+       "os"
        "strings"
        "time"
 
@@ -28,6 +32,7 @@ import (
        "github.com/apache/incubator-devlake/core/dal"
        "github.com/apache/incubator-devlake/core/errors"
        "github.com/apache/incubator-devlake/core/log"
+       tlsMysql "github.com/go-sql-driver/mysql"
        "gorm.io/driver/mysql"
        "gorm.io/driver/postgres"
        "gorm.io/gorm"
@@ -109,6 +114,9 @@ func addLocal(query url.Values) string {
        if query.Get("loc") == "" {
                query.Set("loc", "Local")
        }
+       if query.Get("ca-cert") != "" {
+               query.Del("ca-cert")
+       }
        return query.Encode()
 }
 
@@ -120,6 +128,28 @@ func getDbConnection(dbUrl string, conf *gorm.Config) 
(*gorm.DB, error) {
        switch strings.ToLower(u.Scheme) {
        case "mysql":
                dbUrl = fmt.Sprintf("%s@tcp(%s)%s?%s", getUserString(u), 
u.Host, u.Path, addLocal(u.Query()))
+               if u.Query().Get("ca-cert") != "" {
+                       rootCertPool := x509.NewCertPool()
+                       pem, err := os.ReadFile(u.Query().Get("ca-cert"))
+                       if err != nil {
+                               return nil, err
+                       }
+                       if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+                               return nil, err
+                       }
+                       tlsMysql.RegisterTLSConfig("custom", 
&tls.Config{RootCAs: rootCertPool})
+
+                       dbUrl = fmt.Sprintf("%s&tls=custom", dbUrl)
+                       db, err := sql.Open("mysql", dbUrl)
+                       if err != nil {
+                               return nil, err
+                       }
+                       gormDB, err := gorm.Open(mysql.New(mysql.Config{
+                               Conn: db,
+                       }), &gorm.Config{})
+
+                       return gormDB, err
+               }
                return gorm.Open(mysql.Open(dbUrl), conf)
        case "postgresql", "postgres", "pg":
                return gorm.Open(postgres.Open(dbUrl), conf)