✨ Add Postgres SSL support

2025-01-12 05:17:28 -08:00 · 2020-06-25 11:39:04 +02:00 · 2020-06-25 11:39:04 +02:00 · 6af3743e1b
parent ec62776e73
commit 6af3743e1b
2 changed files with 48 additions and 0 deletions
--- a/packages/cli/config/index.ts
+++ b/packages/cli/config/index.ts
@ -63,6 +63,34 @@ const config = convict({
 				default: 'public',
 				env: 'DB_POSTGRESDB_SCHEMA'
 			},
+
+			ssl: {
+				ca: {
+					doc: 'SSL certificate authority',
+					format: String,
+					default: '',
+					env: 'DB_POSTGRESDB_SSL_CA',
+				},
+				cert: {
+					doc: 'SSL certificate',
+					format: String,
+					default: '',
+					env: 'DB_POSTGRESDB_SSL_CERT',
+				},
+				key: {
+					doc: 'SSL key',
+					format: String,
+					default: '',
+					env: 'DB_POSTGRESDB_SSL_KEY',
+				},
+				rejectUnauthorized: {
+					doc: 'If unauthorized SSL connections should be rejected',
+					format: 'Boolean',
+					default: true,
+					env: 'DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED',
+				},
+			}
+
 		},
 		mysqldb: {
 			database: {
--- a/packages/cli/src/Db.ts
+++ b/packages/cli/src/Db.ts
@ -14,6 +14,8 @@ import {
 	getRepository,
 } from 'typeorm';

+import { TlsOptions } from 'tls';
+
 import * as config from '../config';

 import {
@ -72,6 +74,22 @@ export async function init(): Promise<IDatabaseCollections> {

 		case 'postgresdb':
 			entities = PostgresDb;
+
+			const sslCa = await GenericHelpers.getConfigValue('database.postgresdb.ssl.ca') as string;
+			const sslCert = await GenericHelpers.getConfigValue('database.postgresdb.ssl.cert') as string;
+			const sslKey = await GenericHelpers.getConfigValue('database.postgresdb.ssl.key') as string;
+			const sslRejectUnauthorized = await GenericHelpers.getConfigValue('database.postgresdb.ssl.rejectUnauthorized') as boolean;
+
+			let ssl: TlsOptions | undefined = undefined;
+			if (sslCa !== '' || sslCert !== '' || sslKey !== '' || sslRejectUnauthorized !== true) {
+				ssl = {
+					ca: sslCa || undefined,
+					cert: sslCert || undefined,
+					key: sslKey || undefined,
+					rejectUnauthorized: sslRejectUnauthorized,
+				};
+			}
+
 			connectionOptions = {
 				type: 'postgres',
 				entityPrefix,
@ -84,7 +102,9 @@ export async function init(): Promise<IDatabaseCollections> {
 				migrations: [InitialMigration1587669153312],
 				migrationsRun: true,
 				migrationsTableName: `${entityPrefix}migrations`,
+				ssl,
 			};
+
 			break;

 		case 'mariadb':