()
| 130 | } |
| 131 | |
| 132 | func (d *DatabaseCfg) ConnectionString() (string, error) { |
| 133 | connString := "" |
| 134 | |
| 135 | switch d.Type { |
| 136 | case "sqlite": |
| 137 | // this should make both sqlite3 and modernc/sqlite happy. |
| 138 | sqliteConnectionStringParameters := "_busy_timeout=100000&_fk=1&_pragma=foreign_keys(1)" |
| 139 | if d.UseWal != nil && *d.UseWal { |
| 140 | sqliteConnectionStringParameters += "&_journal_mode=WAL" |
| 141 | } |
| 142 | |
| 143 | connString = fmt.Sprintf("file:%s?%s", d.DbPath, sqliteConnectionStringParameters) |
| 144 | case "mysql": |
| 145 | params := url.Values{} |
| 146 | params.Add("parseTime", "True") |
| 147 | |
| 148 | tlsConfig := &tls.Config{} |
| 149 | |
| 150 | // This is just to get an initial value, don't care about the error |
| 151 | systemRootCAs, _ := x509.SystemCertPool() |
| 152 | if systemRootCAs != nil { |
| 153 | tlsConfig.RootCAs = systemRootCAs |
| 154 | } |
| 155 | |
| 156 | if d.isSocketConfig() { |
| 157 | connString = fmt.Sprintf("%s:%s@unix(%s)/%s", d.User, d.Password, d.DbPath, d.DbName) |
| 158 | } else { |
| 159 | connString = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s", d.User, d.Password, d.Host, d.Port, d.DbName) |
| 160 | } |
| 161 | |
| 162 | if d.SSLMode != "" { |
| 163 | // This will be overridden if a CA or client cert is provided |
| 164 | params.Set("tls", d.SSLMode) |
| 165 | } |
| 166 | |
| 167 | if d.SSLCACert != "" { |
| 168 | caCert, err := os.ReadFile(d.SSLCACert) |
| 169 | if err != nil { |
| 170 | return "", fmt.Errorf("failed to read CA cert file %s: %w", d.SSLCACert, err) |
| 171 | } |
| 172 | if tlsConfig.RootCAs == nil { |
| 173 | tlsConfig.RootCAs = x509.NewCertPool() |
| 174 | } |
| 175 | if !tlsConfig.RootCAs.AppendCertsFromPEM(caCert) { |
| 176 | return "", fmt.Errorf("failed to append CA cert file %s: %w", d.SSLCACert, err) |
| 177 | } |
| 178 | params.Set("tls", "custom") |
| 179 | } |
| 180 | |
| 181 | if d.SSLClientCert != "" && d.SSLClientKey != "" { |
| 182 | cert, err := tls.LoadX509KeyPair(d.SSLClientCert, d.SSLClientKey) |
| 183 | if err != nil { |
| 184 | return "", fmt.Errorf("failed to load client cert/key pair: %w", err) |
| 185 | } |
| 186 | tlsConfig.Certificates = []tls.Certificate{cert} |
| 187 | params.Set("tls", "custom") |
| 188 | } |
| 189 |
no test coverage detected