Add configuration for SSL database connection #140
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hectorgomezv
approved these changes
Jan 9, 2024
| @@ -10,4 +11,23 @@ export const dataSourceOptions: DataSourceOptions = { | |||
| url: process.env.MIGRATIONS_DATABASE_URL, | |||
| entities: [Webhook], | |||
| migrations: [__dirname + '/../migrations/**/*{.ts,.js}'], | |||
| }; | |||
| ... (process.env.DB_SSL_ENABLE == 'true' ? { | |||
There was a problem hiding this comment.
I think the spread operator is not strictly required here. If I'm not wrong, the expression can be simplified:
ssl: process.env.DB_SSL_ENABLE == 'true',
extra: process.env.DB_CA_PATH
? {
ssl: {
ca: readFileSync(process.env.DB_CA_PATH),
rejectUnauthorized: true,
},
}
: {
ssl: {
rejectUnauthorized: false,
},
},There was a problem hiding this comment.
We can remove extra option and just keep ssl with the configuration.
https://typeorm.io/data-source-options#postgres--cockroachdb-data-source-options
moisses89
force-pushed
the
enable_ssl_db_connection
branch
from
155ca44
to
6d4629f
Compare
hectorgomezv
approved these changes
Jan 9, 2024
Uxio0
requested changes
Jan 10, 2024
.env.sample
Outdated
| @@ -7,4 +7,6 @@ ADMIN_PASSWORD=password | |||
| WEBHOOKS_CACHE_TTL=300000 | |||
| NODE_ENV=dev | |||
| SSE_AUTH_TOKEN=aW5mcmFAc2FmZS5nbG9iYWw6YWJjMTIz | |||
| DB_SSL_ENABLE=false | |||
There was a problem hiding this comment.
I would use 0 or 1 instead of a string like false.
Also we should use the same naming, as the original variable is DATABASE_URL this should be DATABASE_SSL_ENABLED, same for the CA path
Uxio0
approved these changes
Jan 15, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #132
Description
This PR adds the needed configuration to enable SSL connection with database and optional configuration of database certificates.
New environment vars
DB_SSL_ENABLEif is unset or false SSL won't be used but if true then the connection will use SSL.DB_CA_PATHpath of database certificate, when is configured the connection will validate the database certificate during the connection.