add TLSConfig on redis configuration #1515

Former-commit-id: 3ce4a43185c7b6b5250f49483d7d229ea9dd1670
2025-12-18 02:17:05 +00:00 · 2020-05-17 03:25:32 +03:00
parent 571322f595
commit 21a013569f
6 changed files with 78 additions and 62 deletions
--- a/sessions/sessiondb/redis/database.go
+++ b/sessions/sessiondb/redis/database.go
@@ -1,6 +1,7 @@
 package redis

 import (
+	"crypto/tls"
 	"errors"
 	"time"

@@ -45,6 +46,11 @@ type Config struct {
 	// Delim the delimeter for the keys on the sessiondb. Defaults to "-".
 	Delim string

+	// TLSConfig will cause Dial to perform a TLS handshake using the provided
+	// config. If is nil then no TLS is used.
+	// See https://golang.org/pkg/crypto/tls/#Config
+	TLSConfig *tls.Config
+
 	// Driver supports `Redigo()` or `Radix()` go clients for redis.
 	// Configure each driver by the return value of their constructors.
 	//
@@ -63,6 +69,7 @@ func DefaultConfig() Config {
 		Timeout:   DefaultRedisTimeout,
 		Prefix:    "",
 		Delim:     DefaultDelim,
+		TLSConfig: nil,
 		Driver:    Redigo(),
 	}
 }
--- a/sessions/sessiondb/redis/driver_radix.go
+++ b/sessions/sessiondb/redis/driver_radix.go
@@ -45,6 +45,10 @@ func (r *RadixDriver) Connect(c Config) error {

 	var options []radix.DialOpt

+	if c.TLSConfig != nil {
+		options = append(options, radix.DialUseTLS(c.TLSConfig))
+	}
+
 	if c.Password != "" {
 		options = append(options, radix.DialAuthPass(c.Password))
 	}
--- a/sessions/sessiondb/redis/driver_redigo.go
+++ b/sessions/sessiondb/redis/driver_redigo.go
@@ -271,62 +271,61 @@ func (r *RedigoDriver) Delete(key string) error {
 	return err
 }

-func dial(network string, addr string, pass string, timeout time.Duration) (redis.Conn, error) {
-	if network == "" {
-		network = DefaultRedisNetwork
-	}
-	if addr == "" {
-		addr = DefaultRedisAddr
-	}
-
-	var options []redis.DialOption
-
-	if timeout > 0 {
-		options = append(options,
-			redis.DialConnectTimeout(timeout),
-			redis.DialReadTimeout(timeout),
-			redis.DialWriteTimeout(timeout))
-	}
-
-	c, err := redis.Dial(network, addr, options...)
-	if err != nil {
-		return nil, err
-	}
-
-	if pass != "" {
-		if _, err = c.Do("AUTH", pass); err != nil {
-			c.Close()
-			return nil, err
-		}
-	}
-	return c, err
-}
-
-// Connect connects to the redis, called only once
+// Connect connects to the redis, called only once.
 func (r *RedigoDriver) Connect(c Config) error {
+	if c.Network == "" {
+		c.Network = DefaultRedisNetwork
+	}
+
+	if c.Addr == "" {
+		c.Addr = DefaultRedisAddr
+	}
+
 	pool := &redis.Pool{IdleTimeout: r.IdleTimeout, MaxIdle: r.MaxIdle, Wait: r.Wait, MaxActive: c.MaxActive}
 	pool.TestOnBorrow = func(c redis.Conn, t time.Time) error {
 		_, err := c.Do("PING")
 		return err
 	}

-	if c.Database != "" {
-		pool.Dial = func() (redis.Conn, error) {
-			red, err := dial(c.Network, c.Addr, c.Password, c.Timeout)
-			if err != nil {
-				return nil, err
-			}
-			if _, err = red.Do("SELECT", c.Database); err != nil {
-				red.Close()
-				return nil, err
-			}
-			return red, err
-		}
-	} else {
-		pool.Dial = func() (redis.Conn, error) {
-			return dial(c.Network, c.Addr, c.Password, c.Timeout)
-		}
+	var options []redis.DialOption
+
+	if c.Timeout > 0 {
+		options = append(options,
+			redis.DialConnectTimeout(c.Timeout),
+			redis.DialReadTimeout(c.Timeout),
+			redis.DialWriteTimeout(c.Timeout))
 	}
+
+	if c.TLSConfig != nil {
+		options = append(options,
+			redis.DialTLSConfig(c.TLSConfig),
+			redis.DialUseTLS(true),
+		)
+	}
+
+	pool.Dial = func() (redis.Conn, error) {
+		conn, err := redis.Dial(c.Network, c.Addr, options...)
+		if err != nil {
+			return nil, err
+		}
+
+		if c.Password != "" {
+			if _, err = conn.Do("AUTH", c.Password); err != nil {
+				conn.Close()
+				return nil, err
+			}
+		}
+
+		if c.Database != "" {
+			if _, err = conn.Do("SELECT", c.Database); err != nil {
+				conn.Close()
+				return nil, err
+			}
+		}
+
+		return conn, err
+	}
+
 	r.Connected = true
 	r.pool = pool
 	r.Config = c