[add] Added an example on how to use an SSL Connection with RediSearch

RediSearch · May 10, 2020 · 543495d · 543495d
1 parent 062e8a1
commit 543495d
Show file tree

Hide file tree

Showing 8 changed files with 325 additions and 107 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,6 +3,46 @@
 # Check https://circleci.com/docs/2.0/language-go/ for more details
 version: 2
 jobs:
+  build-tls:
+    machine:
+      enabled: true
+      image: ubuntu-1604:202004-01
+    steps:
+      - checkout
+      - run:
+          name: Setting GOPATH
+          command: |
+            go version
+            go env -w GOPATH=$HOME/go
+      - run:
+          name: Generate a root CA and a server certificate using redis helpers
+          command: |
+            git clone git://github.com/antirez/redis.git --branch 6.0.1
+            cd redis
+            ./utils/gen-test-certs.sh
+            cd ..
+      - run:
+          name: Copy RediSearch
+          command: |
+            docker run --rm --entrypoint cat redislabs/redisearch:edge  /usr/lib/redis/modules/redisearch.so > redisearch.so
+            chmod 755 redisearch.so
+      - run:
+          name: Run RedisAI with tls support
+          command: |
+            docker run -d -v $(pwd)/redisearch.so:/data/redisearch.so \
+                       -v $(pwd)/redis/tests/tls/:/data \
+                       -p 6379:6379 redis redis-server --tls-port 6379 --port 0  \
+                       --tls-cert-file /data/redis.crt  \
+                       --tls-key-file /data/redis.key  \
+                       --tls-ca-cert-file /data/ca.crt \
+                       --tls-auth-clients no  --loadmodule /data/redisearch.so
+      - run:
+          name: Run Examples
+          command: |
+            make examples TLS_CERT=redis/tests/tls/redis.crt \
+                          TLS_KEY=redis/tests/tls/redis.key \
+                          TLS_CACERT=redis/tests/tls/ca.crt
+
   build: # test with redisearch:edge
     docker:
       - image: circleci/golang:1.9
@@ -23,14 +63,15 @@ jobs:
     working_directory: /go/src/github.com/RediSearch/redisearch-go
     steps:
       - checkout
-      - run: go get -v -t -d ./...
-      - run: go test -v ./... -race #no need for codecov on nightly
+      - run: make get
+      - run: make test
 
 workflows:
   version: 2
   commit:
     jobs:
       - build
+      - build-tls
   nightly:
     triggers:
       - schedule:
@@ -40,4 +81,5 @@ workflows:
               only:
                 - master
     jobs:
-      - build_nightly
+      - build_nightly
+      - build-tls
diff --git a/Makefile b/Makefile
@@ -8,11 +8,27 @@ GOGET=$(GOCMD) get
 GOMOD=$(GOCMD) mod
 
 .PHONY: all test coverage
-all: test coverage
+all: test coverage examples
 
 get:
 	$(GOGET) -t -v ./...
 
+TLS_CERT ?= redis.crt
+TLS_KEY ?= redis.key
+TLS_CACERT ?= ca.crt
+REDISEARCH_TEST_HOST ?= 127.0.0.1:6379
+
+examples: get
+	@echo " "
+	@echo "Building the examples..."
+	$(GOBUILD) ./examples/redisearch_quickstart/.
+	$(GOBUILD) ./examples/redisearch_auth/.
+	$(GOBUILD) ./examples/redisearch_tls_client/.
+	./redisearch_tls_client --tls-cert-file $(TLS_CERT) \
+						 --tls-key-file $(TLS_KEY) \
+						 --tls-ca-cert-file $(TLS_CACERT) \
+						 --host $(REDISEARCH_TEST_HOST)
+
 test: get
 	$(GOTEST) -race -covermode=atomic ./...
 

diff --git a/examples/auth/main.go → examples/redisearch_auth/redisearch_auth.go b/examples/auth/main.go → examples/redisearch_auth/redisearch_auth.go
@@ -1,11 +1,11 @@
 package main
 
 import (
-"fmt"
-redisearch "github.com/RediSearch/redisearch-go/redisearch"
-"github.com/gomodule/redigo/redis"
-"log"
-"time"
+	"fmt"
+	"github.com/RediSearch/redisearch-go/redisearch"
+	"github.com/gomodule/redigo/redis"
+	"log"
+	"time"
 )
 
 // exemplifies the NewClientFromPool function
@@ -49,4 +49,4 @@ func main() {
 
 	fmt.Println(docs[0].Id, docs[0].Properties["title"], total, err)
 	// Output: doc1 Hello world 1 <nil>
-}
+}
diff --git a/examples/quickstart/main.go → ...earch_quickstart/redisearch_quickstart.go b/examples/quickstart/main.go → ...earch_quickstart/redisearch_quickstart.go
diff --git a/examples/redisearch_tls_client/redisearch_tls_client.go b/examples/redisearch_tls_client/redisearch_tls_client.go
@@ -0,0 +1,115 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"github.com/RediSearch/redisearch-go/redisearch"
+	"github.com/gomodule/redigo/redis"
+	"io/ioutil"
+	"log"
+	"os"
+	"time"
+)
+
+var (
+	tlsCertFile   = flag.String("tls-cert-file", "redis.crt", "A a X.509 certificate to use for authenticating the  server to connected clients, masters or cluster peers. The file should be PEM formatted.")
+	tlsKeyFile    = flag.String("tls-key-file", "redis.key", "A a X.509 privat ekey to use for authenticating the  server to connected clients, masters or cluster peers. The file should be PEM formatted.")
+	tlsCaCertFile = flag.String("tls-ca-cert-file", "ca.crt", "A PEM encoded CA's certificate file.")
+	host          = flag.String("host", "127.0.0.1:6379", "Redis host.")
+	password      = flag.String("password", "", "Redis password.")
+)
+
+func exists(filename string) (exists bool) {
+	exists = false
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) || info.IsDir() {
+		return
+	}
+	exists = true
+	return
+}
+
+/*
+ * Example of how to establish an SSL connection from your app to the RedisAI Server
+ */
+func main() {
+	flag.Parse()
+	// Quickly check if the files exist
+	if !exists(*tlsCertFile) || !exists(*tlsKeyFile) || !exists(*tlsCaCertFile) {
+		fmt.Println("Some of the required files does not exist. Leaving example...")
+		return
+	}
+
+	// Load client cert
+	cert, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Load CA cert
+	caCert, err := ioutil.ReadFile(*tlsCaCertFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	clientTLSConfig := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		RootCAs:      caCertPool,
+	}
+
+	// InsecureSkipVerify controls whether a client verifies the
+	// server's certificate chain and host name.
+	// If InsecureSkipVerify is true, TLS accepts any certificate
+	// presented by the server and any host name in that certificate.
+	// In this mode, TLS is susceptible to man-in-the-middle attacks.
+	// This should be used only for testing.
+	clientTLSConfig.InsecureSkipVerify = true
+
+	pool := &redis.Pool{Dial: func() (redis.Conn, error) {
+		return redis.Dial("tcp", *host,
+			redis.DialPassword(*password),
+			redis.DialTLSConfig(clientTLSConfig),
+			redis.DialUseTLS(true),
+			redis.DialTLSSkipVerify(true),
+		)
+	}}
+
+	c := redisearch.NewClientFromPool(pool, "search-client-1")
+
+	// Create a schema
+	sc := redisearch.NewSchema(redisearch.DefaultOptions).
+		AddField(redisearch.NewTextField("body")).
+		AddField(redisearch.NewTextFieldOptions("title", redisearch.TextFieldOptions{Weight: 5.0, Sortable: true})).
+		AddField(redisearch.NewNumericField("date"))
+
+	// Drop an existing index. If the index does not exist an error is returned
+	c.Drop()
+
+	// Create the index with the given schema
+	if err := c.CreateIndex(sc); err != nil {
+		log.Fatal(err)
+	}
+
+	// Create a document with an id and given score
+	doc := redisearch.NewDocument("doc1", 1.0)
+	doc.Set("title", "Hello world").
+		Set("body", "foo bar").
+		Set("date", time.Now().Unix())
+
+	// Index the document. The API accepts multiple documents at a time
+	if err := c.Index([]redisearch.Document{doc}...); err != nil {
+		log.Fatal(err)
+	}
+
+	// Searching with limit and sorting
+	docs, total, err := c.Search(redisearch.NewQuery("hello world").
+		Limit(0, 2).
+		SetReturnFields("title"))
+
+	fmt.Println(docs[0].Id, docs[0].Properties["title"], total, err)
+	// Output: doc1 Hello world 1 <nil>
+}