gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-03-15 02:04:46 +08:00
Code

fix: 修改 Mysql 远程数据库添加校验 (#3939)

Browse Source 
Refs #3936
This commit is contained in:
ssongliu 2024-02-21 17:00:30 +08:00 committed by GitHub
parent 61ff55e157
commit 2475c82a63
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
backend/utils/mysql/client/info.go
View File

@ -5,6 +5,7 @@ import (
"crypto/x509" "crypto/x509"
"errors" "errors"
"github.com/1Panel-dev/1Panel/backend/global"
"github.com/go-sql-driver/mysql" "github.com/go-sql-driver/mysql"
) )
@ -124,22 +125,27 @@ func ConnWithSSL(ssl, skipVerify bool, clientKey, clientCert, rootCert string) (
if !ssl { if !ssl {
return "", nil return "", nil
} }
pool := x509.NewCertPool() tlsConfig := &tls.Config{
InsecureSkipVerify: skipVerify,
}
if len(rootCert) != 0 { if len(rootCert) != 0 {
pool := x509.NewCertPool()
if ok := pool.AppendCertsFromPEM([]byte(rootCert)); !ok { if ok := pool.AppendCertsFromPEM([]byte(rootCert)); !ok {
global.LOG.Error("append certs from pem failed")
return "", errors.New("unable to append root cert to pool") return "", errors.New("unable to append root cert to pool")
} }
tlsConfig.RootCAs = pool
tlsConfig.VerifyPeerCertificate = VerifyPeerCertFunc(pool)
} }
if len(clientCert) != 0 && len(clientKey) != 0 {
cert, err := tls.X509KeyPair([]byte(clientCert), []byte(clientKey)) cert, err := tls.X509KeyPair([]byte(clientCert), []byte(clientKey))
if err != nil { if err != nil {
return "", err return "", err
} }
if err := mysql.RegisterTLSConfig("cloudsql", &tls.Config{ tlsConfig.Certificates = []tls.Certificate{cert}
RootCAs: pool, }
Certificates: []tls.Certificate{cert}, if err := mysql.RegisterTLSConfig("cloudsql", tlsConfig); err != nil {
InsecureSkipVerify: skipVerify, global.LOG.Errorf("register tls config failed, err: %v", err)
VerifyPeerCertificate: VerifyPeerCertFunc(pool),
}); err != nil {
return "", err return "", err
} }
return "&tls=cloudsql", nil return "&tls=cloudsql", nil

4
frontend/src/views/database/mysql/remote/operate/index.vue
View File

@ -176,10 +176,6 @@ const rules = reactive({
port: [Rules.port], port: [Rules.port],
username: [Rules.requiredInput], username: [Rules.requiredInput],
password: [Rules.requiredInput], password: [Rules.requiredInput],
clientKey: [Rules.requiredInput],
clientCert: [Rules.requiredInput],
rootCert: [Rules.requiredInput],
}); });
type FormInstance = InstanceType<typeof ElForm>; type FormInstance = InstanceType<typeof ElForm>;