feat(config): add db.ssl to enable db ssl mode (#587)

* feat(config): add `db.ssl` to enable db ssl mode * update artalk.example.simple.yml * add docs * modify conf
ArtalkJS · Sep 20, 2023 · d8b4977 · d8b4977
1 parent 2c8107a
commit d8b4977
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 26 deletions.
diff --git a/conf/artalk.example.simple.yml b/conf/artalk.example.simple.yml
@@ -16,6 +16,7 @@ db:
   user: "root"
   password: ""
   charset: "utf8mb4"
+  ssl: false
 log:
   enabled: true
   filename: "./data/artalk.log"
@@ -35,7 +36,6 @@ ssl:
   enabled: false
   cert_path: ""
   key_path: ""
-admin_users:
 moderator:
   pending_default: false
   api_fail_block: false
@@ -53,7 +53,8 @@ moderator:
   keywords:
     enabled: false
     pending: false
-    files: []
+    files:
+      - "./data/keywords_1.txt"
     file_sep: "\n"
     replac_to: "x"
 captcha:
@@ -74,6 +75,15 @@ captcha:
   geetest:
     captcha_id: ""
     captcha_key: ""
+img_upload:
+  enabled: true
+  path: "./data/artalk-img/"
+  max_size: 5
+  public_path: null
+  upgit:
+    enabled: false
+    exec: "./upgit -c UPGIT_CONF_FILE_PATH -t /artalk-img"
+    del_local: true
 email:
   enabled: false
   send_type: "smtp"
@@ -90,15 +100,6 @@ email:
     access_key_id: ""
     access_key_secret: ""
     account_name: "noreply@example.com"
-img_upload:
-  enabled: true
-  path: "./data/artalk-img/"
-  max_size: 5
-  public_path: null
-  upgit:
-    enabled: false
-    exec: "./upgit -c UPGIT_CONF_FILE_PATH -t /artalk-img"
-    del_local: true
 admin_notify:
   notify_tpl: "default"
   noise_mode: false
@@ -141,7 +142,7 @@ frontend:
   noComment: ""
   sendBtn: ""
   editorTravel: true
-  emoticons: ""
+  emoticons: "https://cdn.jsdelivr.net/gh/ArtalkJS/Emoticons/grps/default.json"
   vote: true
   voteDown: false
   uaBadge: true
@@ -153,7 +154,7 @@ frontend:
   nestMax: 2
   nestSort: DATE_ASC
   gravatar:
-    mirror: "https://www.gravatar.com/"
+    mirror: "https://www.gravatar.com/avatar/"
     params: "d=mp&s=240"
   pagination:
     pageSize: 20

diff --git a/conf/artalk.example.yml b/conf/artalk.example.yml
@@ -45,6 +45,8 @@ db:
   password: ""
   # Database charset
   charset: "utf8mb4"
+  # Enable SSL mode
+  ssl: false
 
 # Logging
 log:

diff --git a/conf/artalk.example.zh-CN.yml b/conf/artalk.example.zh-CN.yml
@@ -42,6 +42,8 @@ db:
   charset: "utf8mb4"
   # 表前缀 (例如："atk_")
   table_prefix: ""
+  # 启用 SSL
+  ssl: false
 
 # 日志
 log:

diff --git a/docs/guide/backend/config.md b/docs/guide/backend/config.md
@@ -95,10 +95,23 @@ db:
   password: ""       # 密码
   charset: "utf8mb4" # 编码格式
   table_prefix: ""   # 表前缀 (例如："atk_")
+  ssl: false         # 启用 SSL
 ```
 
 数据表将在 Artalk 启动时自动完成创建，无需额外操作。
 
+#### 数据库连接字符串 (DSN)
+
+如有需要，你还可以手动配置 `db.dsn` 来指定数据库连接字符串，例如：
+
+```yaml
+db:
+  type: "mysql"
+  dsn: "mysql://myuser:mypassword@localhost:3306/mydatabase?tls=skip-verify"
+```
+
+更多内容参考：[@go-sql-driver/mysql:README.md](https://github.com/go-sql-driver/mysql)
+
 ## 管理员 `admin_users`
 
 你需要配置管理员账户，这样才能通过「[控制中心](../frontend/sidebar.md)」对站点内容进行管理。
@@ -191,22 +204,21 @@ Artalk.init({ site: "Artalk 官网" })
 
 详情参考：[“后端 · 验证码”](/guide/backend/captcha.md)
 
-## 缓存配置 `cache`
+## 高速缓存 `cache`
 
-为了提高评论系统的响应速度和性能，Artalk 内置一套缓存机制，并且默认开启，无需额外配置。但如果有需要，你也可以连接外部缓存服务器，支持 Redis 和 Memcache。
+为节省内存资源占用，缓存默认关闭。如果你对网站性能有较高要求，请手动开启。你还可以连接外部缓存服务器，支持 Redis 和 Memcache。
 
 ```yaml
 cache:
+  enabled: true   # 启用缓存 (默认关闭)
   type: "builtin" # 支持 redis, memcache, builtin (自带缓存)
   expires: 30     # 缓存过期时间 (单位：分钟)
   warm_up: false  # 程序启动时预热缓存
   server: ""      # 连接缓存服务器 (例如："localhost:6379")
 ```
 
 - **warm_up**：缓存预热功能。设置为 `true`，在 Artalk 启动时会立刻对数据库内容进行全面缓存，如果你的评论数据较多，多达上万条，启动时间可能会延长。
-- **type**：缓存类型。可选：`redis`, `memcache`, `builtin`。
-
-type 默认为 `builtin`，如遇特殊情况可将缓存关闭，将其设置为 `disabled`。
+- **type**：缓存类型，默认为 `builtin`。可选：`redis`, `memcache`, `builtin`。
 
 注：如果在 Artalk 程序外部修改数据库内容，需要刷新 Artalk 缓存才能更新。
 
@@ -225,9 +237,8 @@ cache:
     db: 0          # 使用零号数据库
 ```
 
-技术细节：[Artalk 缓存机制 时序图.png](/images/artalk/artalk-cache.png)
-
-![](/images/artalk/artalk-cache.png)
+<!-- 技术细节：[Artalk 缓存机制 时序图.png](/images/artalk/artalk-cache.png) -->
+<!-- ![](/images/artalk/artalk-cache.png) -->
 
 ## 监听地址 `host`
 

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -57,6 +57,7 @@ type DBConf struct {
 
 	TablePrefix string `koanf:"table_prefix" json:"table_prefix"`
 	Charset     string `koanf:"charset" json:"charset"`
+	SSL         bool   `koanf:"ssl" json:"ssl"`
 }
 
 type CacheConf struct {

diff --git a/internal/db/dsn.go b/internal/db/dsn.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/ArtalkJS/Artalk/internal/config"
+	"github.com/samber/lo"
 )
 
 func getDsnByConf(conf config.DBConf) string {
@@ -14,21 +15,24 @@ func getDsnByConf(conf config.DBConf) string {
 		dsn = conf.File
 
 	case config.TypePostgreSQL:
-		dsn = fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%d sslmode=disable",
+		dsn = fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%d sslmode=%s",
 			conf.Host,
 			conf.User,
 			conf.Password,
 			conf.Name,
-			conf.Port)
+			conf.Port,
+			lo.If(conf.SSL, "require").Else("disable"),
+		)
 
 	case config.TypeMySql:
-		dsn = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=%s&parseTime=True&loc=Local",
+		dsn = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=%s&parseTime=True&loc=Local&tls=%s",
 			conf.User,
 			conf.Password,
 			conf.Host,
 			conf.Port,
 			conf.Name,
 			conf.Charset,
+			lo.If(conf.SSL, "true").Else("false"),
 		)
 
 	case config.TypeMSSQL:

diff --git a/internal/db/dsn_test.go b/internal/db/dsn_test.go
@@ -29,6 +29,7 @@ func TestGetDsnByConf(t *testing.T) {
 				Password: "password",
 				Name:     "dbname",
 				Port:     5432,
+				SSL:      false,
 			},
 			expected: "host=localhost user=user password=password dbname=dbname port=5432 sslmode=disable",
 		},
@@ -42,11 +43,12 @@ func TestGetDsnByConf(t *testing.T) {
 				Name:     "dbname",
 				Port:     3306,
 				Charset:  "utf8",
+				SSL:      false,
 			},
-			expected: "user:password@tcp(localhost:3306)/dbname?charset=utf8&parseTime=True&loc=Local",
+			expected: "user:password@tcp(localhost:3306)/dbname?charset=utf8&parseTime=True&loc=Local&tls=false",
 		},
 		{
-			name: "DB configuration",
+			name: "SQL Server configuration",
 			conf: config.DBConf{
 				Type:     config.TypeMSSQL,
 				Host:     "localhost",