From c8e7b0f3c9a921935fbf764f7ac0016293922959 Mon Sep 17 00:00:00 2001
From: Javier Marcos <1271349+javuto@users.noreply.github.com>
Date: Thu, 3 Oct 2024 21:00:25 +0200
Subject: [PATCH] Adding flag to utilize the SSL support for the backend
 connection

---
 admin/main.go         | 7 +++++++
 api/main.go           | 7 +++++++
 backend/backend.go    | 5 +++--
 deploy/config/db.json | 1 +
 tls/main.go           | 7 +++++++
 5 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/admin/main.go b/admin/main.go
index 5d9bbc12..d49a6c5a 100644
--- a/admin/main.go
+++ b/admin/main.go
@@ -416,6 +416,13 @@ func init() {
 			EnvVars:     []string{"DB_PASS"},
 			Destination: &dbConfigValues.Password,
 		},
+		&cli.StringFlag{
+			Name:        "db-sslmode",
+			Value:       "disable",
+			Usage:       "SSL native support to encrypt the connection to the backend",
+			EnvVars:     []string{"DB_SSLMODE"},
+			Destination: &dbConfigValues.SSLMode,
+		},
 		&cli.IntFlag{
 			Name:        "db-max-idle-conns",
 			Value:       20,
diff --git a/api/main.go b/api/main.go
index ab0a0417..93c0d290 100644
--- a/api/main.go
+++ b/api/main.go
@@ -337,6 +337,13 @@ func init() {
 			EnvVars:     []string{"DB_PASS"},
 			Destination: &dbConfigValues.Password,
 		},
+		&cli.StringFlag{
+			Name:        "db-sslmode",
+			Value:       "disable",
+			Usage:       "SSL native support to encrypt the connection to the backend",
+			EnvVars:     []string{"DB_SSLMODE"},
+			Destination: &dbConfigValues.SSLMode,
+		},
 		&cli.IntFlag{
 			Name:        "db-max-idle-conns",
 			Value:       20,
diff --git a/backend/backend.go b/backend/backend.go
index 90abb718..f9fd9c51 100644
--- a/backend/backend.go
+++ b/backend/backend.go
@@ -12,7 +12,7 @@ import (
 
 const (
 	// DBString to format connection string to database for postgres
-	DBString = "host=%s port=%s dbname=%s user=%s password=%s sslmode=disable"
+	DBString = "host=%s port=%s dbname=%s user=%s password=%s sslmode=%s"
 	// DBKey to identify the configuration JSON key
 	DBKey = "db"
 )
@@ -31,6 +31,7 @@ type JSONConfigurationDB struct {
 	Name            string `json:"name"`
 	Username        string `json:"username"`
 	Password        string `json:"password"`
+	SSLMode         string `json:"sslmode"`
 	MaxIdleConns    int    `json:"maxIdleConns"`
 	MaxOpenConns    int    `json:"maxOpenConns"`
 	ConnMaxLifetime int    `json:"connMaxLifetime"`
@@ -57,7 +58,7 @@ func LoadConfiguration(file, key string) (JSONConfigurationDB, error) {
 // PrepareDSN to generate DB connection string
 func PrepareDSN(config JSONConfigurationDB) string {
 	return fmt.Sprintf(
-		DBString, config.Host, config.Port, config.Name, config.Username, config.Password)
+		DBString, config.Host, config.Port, config.Name, config.Username, config.Password, config.SSLMode)
 }
 
 // GetDB to get PostgreSQL DB using GORM
diff --git a/deploy/config/db.json b/deploy/config/db.json
index 9fa2ac03..3e15d00d 100644
--- a/deploy/config/db.json
+++ b/deploy/config/db.json
@@ -5,6 +5,7 @@
     "name": "_DB_NAME",
     "username": "_DB_USERNAME",
     "password": "_DB_PASSWORD",
+    "sslmode": "disable",
     "maxIdleConns": 20,
     "maxOpenConns": 100,
     "connMaxLifetime": 30,
diff --git a/tls/main.go b/tls/main.go
index 63816c3f..dc88d126 100644
--- a/tls/main.go
+++ b/tls/main.go
@@ -363,6 +363,13 @@ func init() {
 			EnvVars:     []string{"DB_PASS"},
 			Destination: &dbConfigValues.Password,
 		},
+		&cli.StringFlag{
+			Name:        "db-sslmode",
+			Value:       "disable",
+			Usage:       "SSL native support to encrypt the connection to the backend",
+			EnvVars:     []string{"DB_SSLMODE"},
+			Destination: &dbConfigValues.SSLMode,
+		},
 		&cli.IntFlag{
 			Name:        "db-max-idle-conns",
 			Value:       20,