Merge remote-tracking branch 'origin/master'

2026-02-14 10:23:57 +03:00
parent 78f183c9ee
commit 563bc0a0b6
8 changed files with 112 additions and 62 deletions
--- a/svc/.env
+++ b/svc/.env
@@ -2,6 +2,8 @@ JWT_SECRET=bssapp_super_secret_key_1234567890
 PASSWORD_RESET_SECRET=1dc7d6d52fd0459a8b1f288a6590428e760f54339f8e47beb20db36b6df6070b
 APP_FRONTEND_URL=http://localhost:9000
 API_URL=http://localhost:8080
+UI_DIR=/opt/bssapp/ui/dist
+POSTGRES_CONN=host=127.0.0.1 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable



--- a/svc/db/postgres.go
+++ b/svc/db/postgres.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 	"time"

 	_ "github.com/lib/pq"
@@ -37,7 +38,32 @@ func ConnectPostgres() (*sql.DB, error) {

 	// 🔹 Test et
 	if err = db.Ping(); err != nil {
-		return nil, fmt.Errorf("PostgreSQL erişilemiyor: %w", err)
+		// Some managed PostgreSQL servers require TLS. If the current DSN uses
+		// sslmode=disable and server rejects with "no encryption", retry once
+		// with sslmode=require to avoid startup failure.
+		if strings.Contains(err.Error(), "no pg_hba.conf entry") &&
+			strings.Contains(err.Error(), "no encryption") &&
+			strings.Contains(strings.ToLower(connStr), "sslmode=disable") {
+			secureConnStr := strings.Replace(connStr, "sslmode=disable", "sslmode=require", 1)
+			log.Println("⚠️ PostgreSQL requires TLS, retrying with sslmode=require")
+
+			_ = db.Close()
+			db, err = sql.Open("postgres", secureConnStr)
+			if err != nil {
+				return nil, fmt.Errorf("PostgreSQL TLS retry open failed: %w", err)
+			}
+
+			db.SetMaxOpenConns(30)
+			db.SetMaxIdleConns(10)
+			db.SetConnMaxLifetime(30 * time.Minute)
+			db.SetConnMaxIdleTime(5 * time.Minute)
+
+			if err = db.Ping(); err != nil {
+				return nil, fmt.Errorf("PostgreSQL erişilemiyor (TLS retry): %w", err)
+			}
+		} else {
+			return nil, fmt.Errorf("PostgreSQL erişilemiyor: %w", err)
+		}
 	}

 	log.Println("✅ PostgreSQL bağlantısı başarılı!")