From 1b77d101eeb7f5b5eaaaf3ad936686a16500051c Mon Sep 17 00:00:00 2001 From: sparrow Date: Wed, 28 Jun 2023 00:41:18 +0100 Subject: [PATCH] Make redis and postgres tls optional and opt-in --- .config/example.yml | 4 +++- packages/backend/ormconfig.js | 6 +++--- packages/backend/src/config/types.ts | 2 ++ packages/backend/src/db/postgre.ts | 10 +++++----- packages/backend/src/db/redis.ts | 6 +++--- packages/backend/src/queue/initialize.ts | 6 +++--- 6 files changed, 19 insertions(+), 15 deletions(-) diff --git a/.config/example.yml b/.config/example.yml index ee61ebe25..2d42c2522 100644 --- a/.config/example.yml +++ b/.config/example.yml @@ -35,7 +35,7 @@ port: 3000 db: host: localhost port: 5432 - + #ssl: false # Database name db: calckey @@ -48,6 +48,7 @@ db: # Extra Connection options #extra: + # TODO: find another example # ssl: true # ┌─────────────────────┐ @@ -56,6 +57,7 @@ db: redis: host: localhost port: 6379 + #tls: false #family: 0 # 0=Both, 4=IPv4, 6=IPv6 #pass: example-pass #prefix: example-prefix diff --git a/packages/backend/ormconfig.js b/packages/backend/ormconfig.js index c230e09fd..b4a933356 100644 --- a/packages/backend/ormconfig.js +++ b/packages/backend/ormconfig.js @@ -12,8 +12,8 @@ export default new DataSource({ extra: config.db.extra, entities: entities, migrations: ["migration/*.js"], - ssl: { - rejectUnauthorized: false, + ssl: config.db.ssl ? { + rejectUnauthorized: false, //TODO make configurable ca: process.env.DB_SSL_CERT, - }, + } : undefined, }); diff --git a/packages/backend/src/config/types.ts b/packages/backend/src/config/types.ts index e9d1dbb64..93cb760f9 100644 --- a/packages/backend/src/config/types.ts +++ b/packages/backend/src/config/types.ts @@ -15,6 +15,7 @@ export type Source = { pass: string; disableCache?: boolean; extra?: { [x: string]: string }; + ssl?: boolean; }; redis: { host: string; @@ -24,6 +25,7 @@ export type Source = { db?: number; prefix?: string; user?: string; + tls?: boolean; }; elasticsearch: { host: string; diff --git a/packages/backend/src/db/postgre.ts b/packages/backend/src/db/postgre.ts index 0a0802a3a..93de959a8 100644 --- a/packages/backend/src/db/postgre.ts +++ b/packages/backend/src/db/postgre.ts @@ -211,10 +211,10 @@ export const db = new DataSource({ password: config.redis.pass, keyPrefix: `${config.redis.prefix}:query:`, db: config.redis.db || 0, - tls: { + tls: config.redis.tls ? { host: config.redis.host, - rejectUnauthorized: false, - }, + rejectUnauthorized: false, // TODO make configurable + } : undefined, }, } : false, @@ -223,10 +223,10 @@ export const db = new DataSource({ maxQueryExecutionTime: 300, entities: entities, migrations: ["../../migration/*.js"], - ssl: { + ssl: config.db.ssl ? { rejectUnauthorized: false, ca: process.env.DB_SSL_CERT, - }, + } : undefined, }); export async function initDb(force = false) { diff --git a/packages/backend/src/db/redis.ts b/packages/backend/src/db/redis.ts index a54bad2e7..e79b97108 100644 --- a/packages/backend/src/db/redis.ts +++ b/packages/backend/src/db/redis.ts @@ -10,10 +10,10 @@ export function createConnection() { username: config.redis.user ?? "default", keyPrefix: `${config.redis.prefix}:`, db: config.redis.db || 0, - tls: { - rejectUnauthorized: false, + tls: config.redis.tls ? { + rejectUnauthorized: false, //TODO make configurable host: config.redis.host, - }, + } : undefined, }); } diff --git a/packages/backend/src/queue/initialize.ts b/packages/backend/src/queue/initialize.ts index 5d96f7747..9a99d23e2 100644 --- a/packages/backend/src/queue/initialize.ts +++ b/packages/backend/src/queue/initialize.ts @@ -10,9 +10,9 @@ export function initialize(name: string, limitPerSec = -1) { user: config.redis.user ?? "default", password: config.redis.pass, db: config.redis.db || 0, - tls: { - host: config.redis.host, - }, + tls: config.redis.tls ? { + host: config.redis.host, //TODO add configurable cert validation + } : undefined, }, prefix: config.redis.prefix ? `${config.redis.prefix}:queue` : "queue", limiter: