/
db.go
144 lines (125 loc) · 3.66 KB
/
db.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package main
import (
"crypto/x509"
"fmt"
"io/ioutil"
"path"
"time"
log "github.com/sirupsen/logrus"
"crypto/tls"
"github.com/go-sql-driver/mysql"
"github.com/google/uuid"
gmsql "gorm.io/driver/mysql"
"gorm.io/driver/postgres"
"gorm.io/gorm"
)
const PostGresCertName = "db_cert.pem"
// path to cert-files hard coded
// Most of this is copy pasted from the internet
// and used without much reflection
func createTLSConf(ca string) tls.Config {
rootCertPool := x509.NewCertPool()
pem, err := ioutil.ReadFile(ca)
if err != nil {
log.Fatal(err)
}
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
log.Fatal("Failed to append PEM.")
}
// clientCert := make([]tls.Certificate, 0, 1)
// certs, err := tls.LoadX509KeyPair("cert/client-cert.pem", "cert/client-key.pem")
// if err != nil {
// log.Fatal(err)
// }
// clientCert = append(clientCert, certs)
return tls.Config{
RootCAs: rootCertPool,
// Certificates: clientCert,
InsecureSkipVerify: true, // needed for self signed certs
}
}
func getDB(config *Config) *gorm.DB {
dbCertPath := path.Join(config.SecureEnclavePath, PostGresCertName)
log.WithField("DB_PATH", dbCertPath).Info("start load DB Cert")
if err := ValidateConfigPath(dbCertPath); err != nil {
log.Info("start build cert file to secure enclave")
ioutil.WriteFile(dbCertPath, toByte(config.DB.SSLRootCert), 0466)
}
dsn := ""
if config.DbType == "mysql" {
// When I realized that the tls/ssl/cert thing was handled separately
// it became easier, the following two lines are the important bit
tlsConf := createTLSConf(dbCertPath)
err := mysql.RegisterTLSConfig("custom", &tlsConf)
if err != nil {
log.Panic(err)
}
// try to connect to mysql database.
cfg := mysql.Config{
User: config.DB.Username,
Passwd: config.DB.Password,
Addr: fmt.Sprintf("%s:%s", config.DB.Address, config.DB.Port), //IP:PORT
Net: "tcp",
DBName: config.DB.Dbname,
Loc: time.Local,
AllowNativePasswords: true,
TLSConfig: "custom",
}
dsn = cfg.FormatDSN()
} else {
dsn = fmt.Sprintf(
"host=%s port=%s user=%s dbname=%s password=%s sslrootcert=%s sslmode=verify-full TimeZone=Asia/Shanghai",
// "host=%s port=%s user=%s dbname=%s password=%s TimeZone=Asia/Shanghai",
config.DB.Address,
config.DB.Port,
config.DB.Username,
config.DB.Dbname,
config.DB.Password,
dbCertPath,
)
}
log.Println(dsn)
var db *gorm.DB
var err error
if config.DbType == "mysql" {
db, err = gorm.Open(gmsql.Open(dsn), &gorm.Config{})
} else {
db, err = gorm.Open(postgres.Open(dsn), &gorm.Config{})
}
if err != nil {
log.Println("Connect DB failed.")
log.Fatal(fmt.Sprintf("err: %v", err))
} else {
log.Println("Connect DB success.")
}
log.Println("Successfully connected to database!", db)
err = db.AutoMigrate(&KeyStore{})
if err != nil {
log.Println("Unable to migrate table. Err:", err)
log.Fatal(fmt.Sprintf("err: %v", err))
return nil
}
return db
}
func insertKey(db *gorm.DB, privateKey, publicKey string) (*KeyStore, error) {
keyId := uuid.New().String()
key := &KeyStore{
Uuid: keyId,
Name: keyId,
PrivateKey: privateKey,
PublicKey: publicKey,
}
if err := db.Create(key).Error; err != nil {
log.WithField("key", key).WithError(err).Error("fail to insert to DB")
log.Println("", err)
return nil, err
}
log.WithField("key", key).Println("insert success")
return key, nil
}
func getKeyByUUID(db *gorm.DB, keyUuid string) *KeyStore {
log.WithField("key_uuid", keyUuid).Info("start search key")
key := &KeyStore{}
db.First(key, "uuid=?", keyUuid)
return key
}