feat(redis): add REDIS_USERNAME support for Redis ACL

Dounx · lyingbug · commit 6e03f1ea79f5 · 2026-02-04T19:38:40.000+08:00
diff --git a/.env.example b/.env.example
@@ -52,6 +52,9 @@ DB_PASSWORD=postgres123!@#
 DB_NAME=WeKnora
 
 # 如果使用 redis 作为流处理后端，需要配置以下参数
+# Redis用户名，Redis 6.0+ ACL 功能支持（可选）
+# REDIS_USERNAME=
+
 # Redis密码，如果没有设置密码，可以留空
 REDIS_PASSWORD=redis123!@#
 
diff --git a/helm/templates/app.yaml b/helm/templates/app.yaml
@@ -76,6 +76,12 @@ spec:
             # Redis configuration
             - name: REDIS_ADDR
               value: "redis:6379"
+            - name: REDIS_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "weknora.secretName" . }}
+                  key: REDIS_USERNAME
+                  optional: true
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
diff --git a/helm/templates/secrets.yaml b/helm/templates/secrets.yaml
@@ -25,6 +25,7 @@ stringData:
   DB_PASSWORD: {{ required "secrets.dbPassword is required" .Values.secrets.dbPassword | quote }}
   DB_NAME: {{ .Values.secrets.dbName | quote }}
   # Redis credentials
+  REDIS_USERNAME: {{ .Values.secrets.redisUsername | default "" | quote }}
   REDIS_PASSWORD: {{ required "secrets.redisPassword is required" .Values.secrets.redisPassword | quote }}
   # Application secrets
   JWT_SECRET: {{ required "secrets.jwtSecret is required" .Values.secrets.jwtSecret | quote }}
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -386,6 +386,8 @@ secrets:
   dbPassword: ""
   # -- Database name
   dbName: weknora
+  # -- Redis username (OPTIONAL: for Redis 6.0+ ACL)
+  redisUsername: ""
   # -- Redis password (REQUIRED: change in production)
   redisPassword: ""
   # -- JWT signing secret (REQUIRED: change in production)
@@ -394,7 +396,7 @@ secrets:
   tenantAesKey: ""
 
   # -- Use existing secret instead of creating one
-  # The secret must contain keys: DB_USER, DB_PASSWORD, DB_NAME, REDIS_PASSWORD, JWT_SECRET, TENANT_AES_KEY
+  # The secret must contain keys: DB_USER, DB_PASSWORD, DB_NAME, REDIS_USERNAME, REDIS_PASSWORD, JWT_SECRET, TENANT_AES_KEY
   existingSecret: ""
 
 # -----------------------------------------------------------------------------
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -149,6 +149,7 @@ type StreamManagerConfig struct {
 // RedisConfig Redis配置
 type RedisConfig struct {
 	Address  string        `yaml:"address"  json:"address"`  // Redis地址
+	Username string        `yaml:"username" json:"username"` // Redis用户名
 	Password string        `yaml:"password" json:"password"` // Redis密码
 	DB       int           `yaml:"db"       json:"db"`       // Redis数据库
 	Prefix   string        `yaml:"prefix"   json:"prefix"`   // 键前缀
diff --git a/internal/container/container.go b/internal/container/container.go
@@ -238,6 +238,7 @@ func initRedisClient() (*redis.Client, error) {
 
 	client := redis.NewClient(&redis.Options{
 		Addr:     os.Getenv("REDIS_ADDR"),
+		Username: os.Getenv("REDIS_USERNAME"),
 		Password: os.Getenv("REDIS_PASSWORD"),
 		DB:       db,
 	})
diff --git a/internal/stream/factory.go b/internal/stream/factory.go
@@ -25,6 +25,7 @@ func NewStreamManager() (interfaces.StreamManager, error) {
 		ttl := time.Hour // 默认1小时
 		return NewRedisStreamManager(
 			os.Getenv("REDIS_ADDR"),
+			os.Getenv("REDIS_USERNAME"),
 			os.Getenv("REDIS_PASSWORD"),
 			db,
 			os.Getenv("REDIS_PREFIX"),
diff --git a/internal/stream/redis_manager.go b/internal/stream/redis_manager.go
@@ -18,11 +18,12 @@ type RedisStreamManager struct {
 }
 
 // NewRedisStreamManager creates a new Redis-based stream manager
-func NewRedisStreamManager(redisAddr, redisPassword string,
+func NewRedisStreamManager(redisAddr, redisUsername, redisPassword string,
 	redisDB int, prefix string, ttl time.Duration,
 ) (*RedisStreamManager, error) {
 	client := redis.NewClient(&redis.Options{
 		Addr:     redisAddr,
+		Username: redisUsername,
 		Password: redisPassword,
 		DB:       redisDB,
 	})
