Add client-cert parameters of the Go pq driver to the Vikunja config (#1161)

Co-authored-by: tuxthepenguin <tux@saturnv.uphus-internal.de>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1161
Reviewed-by: konrad <k@knt.li>
Co-authored-by: tuxthepenguin <tuxthepenguin@noreply.kolaente.de>
Co-committed-by: tuxthepenguin <tuxthepenguin@noreply.kolaente.de>

config.yml.sample

@@ -60,11 +60,11 @@ database:
   type: "sqlite"
   # Database user which is used to connect to the database.
   user: "vikunja"
-  # Databse password
+  # Database password
   password: ""
-  # Databse host
+  # Database host
   host: "localhost"
-  # Databse to use
+  # Database to use
   database: "vikunja"
   # When using sqlite, this is the path where to store the data
   path: "./vikunja.db"
@@ -77,6 +77,12 @@ database:
   # Secure connection mode. Only used with postgres.
   # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
   sslmode: disable
+  # The path to the client cert. Only used with postgres.
+  sslcert: ""
+  # The path to the client key. Only used with postgres.
+  sslkey: ""
+  # The path to the ca cert. Only used with postgres.
+  sslrootcert: ""
   # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
   tls: false
 

docs/content/doc/setup/config.md

@@ -340,7 +340,7 @@ Environment path: `VIKUNJA_DATABASE_USER`
 
 ### password
 
-Databse password
+Database password
 
 Default: `<empty>`
 
@@ -351,7 +351,7 @@ Environment path: `VIKUNJA_DATABASE_PASSWORD`
 
 ### host
 
-Databse host
+Database host
 
 Default: `localhost`
 
@@ -362,7 +362,7 @@ Environment path: `VIKUNJA_DATABASE_HOST`
 
 ### database
 
-Databse to use
+Database to use
 
 Default: `vikunja`
 
@@ -426,6 +426,35 @@ Full path: `database.sslmode`
 
 Environment path: `VIKUNJA_DATABASE_SSLMODE`
 
+### sslcert
+
+The path to the client cert. Only used with postgres.
+  
+Default: `<empty>`
+
+Full path: `database.sslcert`
+
+Environment path: `VIKUNJA_DATABASE_SSLCERT`
+
+### sslkey
+
+The path to the client key. Only used with postgres.
+
+Default: `<empty>`
+
+Full path: `database.sslkey`
+
+Environment path: `VIKUNJA_DATABASE_SSLKEY`
+
+### sslrootcert
+
+The path to the ca cert. Only used with postgres.
+
+Default: `<empty>`
+
+Full path: `database.sslrootcert`
+
+Environment path: `VIKUNJA_DATABASE_SSLROOTCERT`
 
 ### tls
 

pkg/config/config.go

@@ -78,6 +78,9 @@ const (
 	DatabaseMaxIdleConnections    Key = `database.maxidleconnections`
 	DatabaseMaxConnectionLifetime Key = `database.maxconnectionlifetime`
 	DatabaseSslMode               Key = `database.sslmode`
+	DatabaseSslCert               Key = `database.sslcert`
+	DatabaseSslKey                Key = `database.sslkey`
+	DatabaseSslRootCert           Key = `database.sslrootcert`
 	DatabaseTLS                   Key = `database.tls`
 
 	CacheEnabled        Key = `cache.enabled`
@@ -268,6 +271,9 @@ func InitDefaultConfig() {
 	DatabaseMaxIdleConnections.setDefault(50)
 	DatabaseMaxConnectionLifetime.setDefault(10000)
 	DatabaseSslMode.setDefault("disable")
+	DatabaseSslCert.setDefault("")
+	DatabaseSslKey.setDefault("")
+	DatabaseSslRootCert.setDefault("")
 	DatabaseTLS.setDefault("false")
 
 	// Cacher

pkg/db/db.go

@@ -150,13 +150,16 @@ func parsePostgreSQLHostPort(info string) (string, string) {
 
 func initPostgresEngine() (engine *xorm.Engine, err error) {
 	host, port := parsePostgreSQLHostPort(config.DatabaseHost.GetString())
-	connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s",
+	connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s sslcert=%s sslkey=%s sslrootcert=%s",
 		host,
 		port,
 		url.PathEscape(config.DatabaseUser.GetString()),
 		url.PathEscape(config.DatabasePassword.GetString()),
 		config.DatabaseDatabase.GetString(),
 		config.DatabaseSslMode.GetString(),
+		config.DatabaseSslCert.GetString(),
+		config.DatabaseSslKey.GetString(),
+		config.DatabaseSslRootCert.GetString(),
 	)
 
 	engine, err = xorm.NewEngine("postgres", connStr)