Merge remote-tracking branch 'origin/master'

svc/db/postgres.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 	"time"
 
 	_ "github.com/lib/pq"
@@ -37,7 +38,32 @@ func ConnectPostgres() (*sql.DB, error) {
 
 	// 🔹 Test et
 	if err = db.Ping(); err != nil {
-		return nil, fmt.Errorf("PostgreSQL erişilemiyor: %w", err)
+		// Some managed PostgreSQL servers require TLS. If the current DSN uses
+		// sslmode=disable and server rejects with "no encryption", retry once
+		// with sslmode=require to avoid startup failure.
+		if strings.Contains(err.Error(), "no pg_hba.conf entry") &&
+			strings.Contains(err.Error(), "no encryption") &&
+			strings.Contains(strings.ToLower(connStr), "sslmode=disable") {
+			secureConnStr := strings.Replace(connStr, "sslmode=disable", "sslmode=require", 1)
+			log.Println("⚠️ PostgreSQL requires TLS, retrying with sslmode=require")
+
+			_ = db.Close()
+			db, err = sql.Open("postgres", secureConnStr)
+			if err != nil {
+				return nil, fmt.Errorf("PostgreSQL TLS retry open failed: %w", err)
+			}
+
+			db.SetMaxOpenConns(30)
+			db.SetMaxIdleConns(10)
+			db.SetConnMaxLifetime(30 * time.Minute)
+			db.SetConnMaxIdleTime(5 * time.Minute)
+
+			if err = db.Ping(); err != nil {
+				return nil, fmt.Errorf("PostgreSQL erişilemiyor (TLS retry): %w", err)
+			}
+		} else {
+			return nil, fmt.Errorf("PostgreSQL erişilemiyor: %w", err)
+		}
 	}
 
 	log.Println("✅ PostgreSQL bağlantısı başarılı!")