Make go get to install work.

.wtc.yaml

@@ -7,7 +7,7 @@ rules:
   - name: run
     match: \.go$
     ignore: web|examples|docs|_test\.go$
-    command: go run cmd/main.go serv
+    command: go run main.go serv
   - name: test
     match: _test\.go$
     command: go test -cover {PKG}

Dockerfile

@@ -1,7 +1,7 @@
 # stage: 1
 FROM node:10 as react-build
 WORKDIR /web
-COPY /cmd/internal/serv/web/ ./
+COPY /internal/serv/web/ ./
 RUN yarn
 RUN yarn build
 
@@ -24,8 +24,8 @@ RUN chmod 755 /usr/local/bin/sops
 WORKDIR /app
 COPY . /app
 
-RUN mkdir -p /app/cmd/internal/serv/web/build
-COPY --from=react-build /web/build/ ./cmd/internal/serv/web/build
+RUN mkdir -p /app/internal/serv/web/build
+COPY --from=react-build /web/build/ ./internal/serv/web/build
 
 RUN go mod vendor
 RUN make build
@@ -45,7 +45,7 @@ RUN mkdir -p /config
 COPY --from=go-build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=go-build /app/config/* /config/
 COPY --from=go-build /app/super-graph .
-COPY --from=go-build /app/cmd/scripts/start.sh .
+COPY --from=go-build /app/internal/scripts/start.sh .
 COPY --from=go-build /usr/local/bin/sops .
 
 RUN chmod +x /super-graph

Makefile

@@ -12,10 +12,10 @@ endif
 export GO111MODULE := on
 
 # Build-time Go variables
-version        = github.com/dosco/super-graph/cmd/internal/serv.version
-gitBranch      = github.com/dosco/super-graph/cmd/internal/serv.gitBranch
-lastCommitSHA  = github.com/dosco/super-graph/cmd/internal/serv.lastCommitSHA
-lastCommitTime = github.com/dosco/super-graph/cmd/internal/serv.lastCommitTime
+version        = github.com/dosco/super-graph/internal/serv.version
+gitBranch      = github.com/dosco/super-graph/internal/serv.gitBranch
+lastCommitSHA  = github.com/dosco/super-graph/internal/serv.lastCommitSHA
+lastCommitTime = github.com/dosco/super-graph/internal/serv.lastCommitTime
 
 BUILD_FLAGS ?= -ldflags '-s -w -X ${lastCommitSHA}=${BUILD} -X "${lastCommitTime}=${BUILD_DATE}" -X "${version}=${BUILD_VERSION}" -X ${gitBranch}=${BUILD_BRANCH}'
 
@@ -28,18 +28,18 @@ BIN_DIR := $(GOPATH)/bin
 GORICE := $(BIN_DIR)/rice
 GOLANGCILINT := $(BIN_DIR)/golangci-lint
 GITCHGLOG := $(BIN_DIR)/git-chglog
-WEB_BUILD_DIR := ./cmd/internal/serv/web/build/manifest.json
+WEB_BUILD_DIR := ./internal/serv/web/build/manifest.json
 
 $(GORICE):
 	@GO111MODULE=off go get -u github.com/GeertJohan/go.rice/rice
 
 $(WEB_BUILD_DIR):
 	@echo "First install Yarn and create a build of the web UI then re-run make install"
-	@echo "Run this command: yarn --cwd cmd/internal/serv/web/ build"
+	@echo "Run this command: yarn --cwd internal/serv/web/ build"
 	@exit 1
 
 $(GITCHGLOG):
-	@GO111MODULE=off go get -u github.com/git-chglog/git-chglog/cmd/git-chglog
+	@GO111MODULE=off go get -u github.com/git-chglog/git-chglog/git-chglog
 
 changelog: $(GITCHGLOG)
 	@git-chglog $(ARGS)
@@ -57,7 +57,7 @@ os = $(word 1, $@)
 
 $(PLATFORMS): lint test 
 	@mkdir -p release
-	@GOOS=$(os) GOARCH=amd64 go build $(BUILD_FLAGS) -o release/$(BINARY)-$(BUILD_VERSION)-$(os)-amd64 cmd/main.go
+	@GOOS=$(os) GOARCH=amd64 go build $(BUILD_FLAGS) -o release/$(BINARY)-$(BUILD_VERSION)-$(os)-amd64 main.go
 
 release: windows linux darwin
 
@@ -69,7 +69,7 @@ gen: $(GORICE) $(WEB_BUILD_DIR)
 	@go generate ./...
 
 $(BINARY): clean
-	@go build $(BUILD_FLAGS) -o $(BINARY) cmd/main.go 
+	@go build $(BUILD_FLAGS) -o $(BINARY) main.go 
 
 clean:
 	@rm -f $(BINARY)

core/internal/qcode/utils.go

@@ -1,12 +1,17 @@
 package qcode
 
 func GetQType(gql string) QType {
+	ic := false
 	for i := range gql {
 		b := gql[i]
-		if b == '{' {
+		switch {
+		case b == '#':
+			ic = true
+		case b == '\n':
+			ic = false
+		case !ic && b == '{':
 			return QTQuery
-		}
-		if al(b) {
+		case !ic && al(b):
 			switch b {
 			case 'm', 'M':
 				return QTMutation

core/internal/qcode/utils_test.go

@@ -0,0 +1,50 @@
+package qcode
+
+import "testing"
+
+func TestGetQType(t *testing.T) {
+	type args struct {
+		gql string
+	}
+	type ts struct {
+		name string
+		args args
+		want QType
+	}
+	tests := []ts{
+		ts{
+			name: "query",
+			args: args{gql: "  query {"},
+			want: QTQuery,
+		},
+		ts{
+			name: "mutation",
+			args: args{gql: "  mutation {"},
+			want: QTMutation,
+		},
+		ts{
+			name: "default query",
+			args: args{gql: "  {"},
+			want: QTQuery,
+		},
+		ts{
+			name: "default query with comment",
+			args: args{gql: `# query is good 
+			{`},
+			want: QTQuery,
+		},
+		ts{
+			name: "failed query with comment",
+			args: args{gql: `# query is good query {`},
+			want: -1,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := GetQType(tt.args.gql); got != tt.want {
+				t.Errorf("GetQType() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

docs/guide/guide.md

@@ -1790,18 +1790,37 @@ database:
   # Enable this if you need the user id in triggers, etc
   set_user_id: false
 
-  # Define additional variables here to be used with filters
-  variables:
-    admin_account_id: "5"
+  # database ping timeout is used for db health checking
+  ping_timeout: 1m
 
-  # Field and table names that you wish to block
-  blocklist:
-    - ar_internal_metadata
-    - schema_migrations
-    - secret
-    - password
-    - encrypted
-    - token
+  # Set up an secure tls encrypted db connection
+  enable_tls: false
+
+  # Required for tls. For example with Google Cloud SQL it's
+  # <gcp-project-id>:<cloud-sql-instance>"
+  # server_name: blah
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # server_cert: ./server-ca.pem
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # client_cert: ./client-cert.pem
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # client_key: ./client-key.pem
+
+# Define additional variables here to be used with filters
+variables:
+  admin_account_id: "5"
+
+# Field and table names that you wish to block
+blocklist:
+  - ar_internal_metadata
+  - schema_migrations
+  - secret
+  - password
+  - encrypted
+  - token
 
 # Create custom actions with their own api endpoints
 # For example the below action will be available at /api/v1/actions/refresh_leaderboard_users

internal/serv/api.go

@@ -3,8 +3,8 @@ package serv
 import (
 	"time"
 
-	"github.com/dosco/super-graph/cmd/internal/serv/internal/auth"
 	"github.com/dosco/super-graph/core"
+	"github.com/dosco/super-graph/internal/serv/internal/auth"
 
 	"github.com/spf13/viper"
 )
@@ -60,6 +60,11 @@ type Serv struct {
 		PoolSize    int32         `mapstructure:"pool_size"`
 		MaxRetries  int           `mapstructure:"max_retries"`
 		PingTimeout time.Duration `mapstructure:"ping_timeout"`
+		EnableTLS   bool          `mapstructure:"enable_tls"`
+		ServerName  string        `mapstructure:"server_name"`
+		ServerCert  string        `mapstructure:"server_cert"`
+		ClientCert  string        `mapstructure:"client_cert"`
+		ClientKey   string        `mapstructure:"client_key"`
 	} `mapstructure:"database"`
 
 	Actions []Action

internal/serv/cmd.go

@@ -156,6 +156,20 @@ func cmdVersion(cmd *cobra.Command, args []string) {
 }
 
 func BuildDetails() string {
+	if len(version) == 0 {
+		return fmt.Sprintf(`
+Super Graph (unknown version)
+For documentation, visit https://supergraph.dev
+
+To build with version information please use the Makefile
+> git clone https://github.com/dosco/super-graph
+> cd super-graph && make install
+
+Licensed under the Apache Public License 2.0
+Copyright 2020, Vikram Rangnekar
+`)
+	}
+
 	return fmt.Sprintf(`
 Super Graph %v 
 For documentation, visit https://supergraph.dev
@@ -166,7 +180,7 @@ Branch                : %v
 Go version            : %v
 
 Licensed under the Apache Public License 2.0
-Copyright 2020, Vikram Rangnekar.
+Copyright 2020, Vikram Rangnekar
 `,
 		version,
 		lastCommitSHA,

internal/serv/cmd_migrate.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dosco/super-graph/cmd/internal/serv/internal/migrate"
+	"github.com/dosco/super-graph/internal/serv/internal/migrate"
 	"github.com/spf13/cobra"
 )
 

internal/serv/http.go

@@ -8,8 +8,8 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/dosco/super-graph/cmd/internal/serv/internal/auth"
 	"github.com/dosco/super-graph/core"
+	"github.com/dosco/super-graph/internal/serv/internal/auth"
 	"github.com/rs/cors"
 	"go.uber.org/zap"
 )

internal/serv/init.go

@@ -1,8 +1,14 @@
 package serv
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"database/sql"
+	"errors"
+	"fmt"
+	"io/ioutil"
 	"path"
+	"strings"
 	"time"
 
 	"github.com/jackc/pgx/v4"
@@ -10,6 +16,10 @@ import (
 	//_ "github.com/jackc/pgx/v4/stdlib"
 )
 
+const (
+	PEM_SIG = "--BEGIN "
+)
+
 func initConf() (*Config, error) {
 	c, err := ReadInConfig(path.Join(confPath, GetConfigName()))
 	if err != nil {
@@ -83,27 +93,6 @@ func initDB(c *Config, useDB bool) (*sql.DB, error) {
 	var db *sql.DB
 	var err error
 
-	// cs := fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s",
-	// 	c.DB.Host, c.DB.Port,
-	// 	c.DB.User, c.DB.Password,
-	// 	c.DB.DBName)
-
-	// fmt.Println(">>", cs)
-
-	// for i := 1; i < 10; i++ {
-	// 	db, err = sql.Open("pgx", cs)
-	// 	if err == nil {
-	// 		break
-	// 	}
-	// 	time.Sleep(time.Duration(i*100) * time.Millisecond)
-	// }
-
-	// if err != nil {
-	// 	return nil, err
-	// }
-
-	// return db, nil
-
 	config, _ := pgx.ParseConfig("")
 	config.Host = c.DB.Host
 	config.Port = c.DB.Port
@@ -118,6 +107,59 @@ func initDB(c *Config, useDB bool) (*sql.DB, error) {
 		config.Database = c.DB.DBName
 	}
 
+	if c.DB.EnableTLS {
+		if len(c.DB.ServerName) == 0 {
+			return nil, errors.New("server_name is required")
+		}
+		if len(c.DB.ServerCert) == 0 {
+			return nil, errors.New("server_cert is required")
+		}
+		if len(c.DB.ClientCert) == 0 {
+			return nil, errors.New("client_cert is required")
+		}
+		if len(c.DB.ClientKey) == 0 {
+			return nil, errors.New("client_key is required")
+		}
+
+		rootCertPool := x509.NewCertPool()
+		var pem []byte
+		var err error
+
+		if strings.Contains(c.DB.ServerCert, PEM_SIG) {
+			pem = []byte(c.DB.ServerCert)
+		} else {
+			pem, err = ioutil.ReadFile(c.DB.ServerCert)
+		}
+
+		if err != nil {
+			return nil, fmt.Errorf("db tls: %w", err)
+		}
+
+		if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+			return nil, errors.New("db tls: failed to append pem")
+		}
+
+		clientCert := make([]tls.Certificate, 0, 1)
+		var certs tls.Certificate
+
+		if strings.Contains(c.DB.ClientCert, PEM_SIG) {
+			certs, err = tls.X509KeyPair([]byte(c.DB.ClientCert), []byte(c.DB.ClientKey))
+		} else {
+			certs, err = tls.LoadX509KeyPair(c.DB.ClientCert, c.DB.ClientKey)
+		}
+
+		if err != nil {
+			return nil, fmt.Errorf("db tls: %w", err)
+		}
+
+		clientCert = append(clientCert, certs)
+		config.TLSConfig = &tls.Config{
+			RootCAs:      rootCertPool,
+			Certificates: clientCert,
+			ServerName:   c.DB.ServerName,
+		}
+	}
+
 	// switch c.LogLevel {
 	// case "debug":
 	// 	config.LogLevel = pgx.LogLevelDebug

internal/serv/internal/auth/rails.go

@@ -9,8 +9,8 @@ import (
 	"strings"
 
 	"github.com/bradfitz/gomemcache/memcache"
-	"github.com/dosco/super-graph/cmd/internal/serv/internal/rails"
 	"github.com/dosco/super-graph/core"
+	"github.com/dosco/super-graph/internal/serv/internal/rails"
 	"github.com/garyburd/redigo/redis"
 )
 

internal/serv/serv.go

@@ -11,7 +11,7 @@ import (
 
 	rice "github.com/GeertJohan/go.rice"
 	"github.com/NYTimes/gziphandler"
-	"github.com/dosco/super-graph/cmd/internal/serv/internal/auth"
+	"github.com/dosco/super-graph/internal/serv/internal/auth"
 )
 
 func initWatcher() {

internal/serv/tmpl/dev.yml

@@ -133,20 +133,36 @@ database:
   # database ping timeout is used for db health checking
   ping_timeout: 1m
 
-  # Define additional variables here to be used with filters
-  variables:
-    #admin_account_id: "5"
-    admin_account_id: "sql:select id from users where admin = true limit 1"
+  # Set up an secure tls encrypted db connection
+  enable_tls: false
+
+  # Required for tls. For example with Google Cloud SQL it's
+  # <gcp-project-id>:<cloud-sql-instance>"
+  # server_name: blah
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # server_cert: ./server-ca.pem
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # client_cert: ./client-cert.pem
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # client_key: ./client-key.pem
+
+# Define additional variables here to be used with filters
+variables:
+  #admin_account_id: "5"
+  admin_account_id: "sql:select id from users where admin = true limit 1"
 
 
-  # Field and table names that you wish to block
-  blocklist:
-    - ar_internal_metadata
-    - schema_migrations
-    - secret
-    - password
-    - encrypted
-    - token
+# Field and table names that you wish to block
+blocklist:
+  - ar_internal_metadata
+  - schema_migrations
+  - secret
+  - password
+  - encrypted
+  - token
 
 # Create custom actions with their own api endpoints
 # For example the below action will be available at /api/v1/actions/refresh_leaderboard_users

internal/serv/tmpl/prod.yml

@@ -77,4 +77,20 @@ database:
   set_user_id: false
 
   # database ping timeout is used for db health checking
-  ping_timeout: 5m
+  ping_timeout: 5m
+
+  # Set up an secure tls encrypted db connection
+  enable_tls: false
+
+  # Required for tls. For example with Google Cloud SQL it's
+  # <gcp-project-id>:<cloud-sql-instance>"
+  # server_name: blah
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # server_cert: ./server-ca.pem
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # client_cert: ./client-cert.pem
+
+  # Required for tls. Can be a file path or the contents of the pem file
+  # client_key: ./client-key.pem

main.go

@@ -3,13 +3,13 @@
 Super Graph
 For documentation, visit https://supergraph.dev
 
-Commit SHA-1          :
-Commit timestamp      :
-Branch                :
+Commit SHA-1          : 75ff551
+Commit timestamp      : 2020-04-13 00:43:18 -0400
+Branch                : master
 Go version            : go1.14
 
 Licensed under the Apache Public License 2.0
-Copyright 2020, Vikram Rangnekar.
+Copyright 2020, Vikram Rangnekar
 
 Usage:
   super-graph [command]
@@ -38,7 +38,7 @@ Use "super-graph [command] --help" for more information about a command.
 
 package main
 
-import "github.com/dosco/super-graph/cmd/internal/serv"
+import "github.com/dosco/super-graph/internal/serv"
 
 func main() {
 	serv.Cmd()