From 1b69ebdb93ac514a31e9a82a9d9eb7aca66233d8 Mon Sep 17 00:00:00 2001 From: niztal Date: Mon, 29 Jan 2024 23:30:38 +0200 Subject: [PATCH 1/5] mysql-ssl --- packages/server/src/DataSource.ts | 32 +++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/packages/server/src/DataSource.ts b/packages/server/src/DataSource.ts index 83a7fa2c..bd7e8dd2 100644 --- a/packages/server/src/DataSource.ts +++ b/packages/server/src/DataSource.ts @@ -40,7 +40,19 @@ export const init = async (): Promise => { synchronize: false, migrationsRun: false, entities: Object.values(entities), - migrations: mysqlMigrations + migrations: mysqlMigrations, + ...(process.env.DATABASE_SSL_KEY_BASE64 + ? { + ssl: { + rejectUnauthorized: false, + ca: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') + } + } + : process.env.DATABASE_SSL === 'true' + ? { + ssl: true + } + : {}), }) break case 'postgres': @@ -53,16 +65,16 @@ export const init = async (): Promise => { database: process.env.DATABASE_NAME, ...(process.env.DATABASE_SSL_KEY_BASE64 ? { - ssl: { - rejectUnauthorized: false, - cert: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') - } - } + ssl: { + rejectUnauthorized: false, + cert: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') + } + } : process.env.DATABASE_SSL === 'true' - ? { - ssl: true - } - : {}), + ? { + ssl: true + } + : {}), synchronize: false, migrationsRun: false, entities: Object.values(entities), From 289b04fb120ebbb0e9b61448d073025a618840ca Mon Sep 17 00:00:00 2001 From: niztal Date: Tue, 30 Jan 2024 00:50:27 +0200 Subject: [PATCH 2/5] fix lint --- packages/server/src/DataSource.ts | 36 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/packages/server/src/DataSource.ts b/packages/server/src/DataSource.ts index bd7e8dd2..222dae5b 100644 --- a/packages/server/src/DataSource.ts +++ b/packages/server/src/DataSource.ts @@ -43,16 +43,16 @@ export const init = async (): Promise => { migrations: mysqlMigrations, ...(process.env.DATABASE_SSL_KEY_BASE64 ? { - ssl: { - rejectUnauthorized: false, - ca: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') - } - } + ssl: { + rejectUnauthorized: false, + ca: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') + } + } : process.env.DATABASE_SSL === 'true' - ? { - ssl: true - } - : {}), + ? { + ssl: true + } + : {}) }) break case 'postgres': @@ -65,16 +65,16 @@ export const init = async (): Promise => { database: process.env.DATABASE_NAME, ...(process.env.DATABASE_SSL_KEY_BASE64 ? { - ssl: { - rejectUnauthorized: false, - cert: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') - } - } + ssl: { + rejectUnauthorized: false, + cert: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') + } + } : process.env.DATABASE_SSL === 'true' - ? { - ssl: true - } - : {}), + ? { + ssl: true + } + : {}), synchronize: false, migrationsRun: false, entities: Object.values(entities), From 82e78d3e4de48f0bcfb5f883b36e9b32cc11545a Mon Sep 17 00:00:00 2001 From: niztal Date: Tue, 30 Jan 2024 22:06:12 +0200 Subject: [PATCH 3/5] refactor uninfy pg and mysql to use the same SSL config function --- packages/server/src/DataSource.ts | 38 ++++++++++++------------------- 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/packages/server/src/DataSource.ts b/packages/server/src/DataSource.ts index 222dae5b..861bd83b 100644 --- a/packages/server/src/DataSource.ts +++ b/packages/server/src/DataSource.ts @@ -41,18 +41,7 @@ export const init = async (): Promise => { migrationsRun: false, entities: Object.values(entities), migrations: mysqlMigrations, - ...(process.env.DATABASE_SSL_KEY_BASE64 - ? { - ssl: { - rejectUnauthorized: false, - ca: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') - } - } - : process.env.DATABASE_SSL === 'true' - ? { - ssl: true - } - : {}) + ssl: getDatabaseSSLFromEnv(), }) break case 'postgres': @@ -63,18 +52,7 @@ export const init = async (): Promise => { username: process.env.DATABASE_USER, password: process.env.DATABASE_PASSWORD, database: process.env.DATABASE_NAME, - ...(process.env.DATABASE_SSL_KEY_BASE64 - ? { - ssl: { - rejectUnauthorized: false, - cert: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') - } - } - : process.env.DATABASE_SSL === 'true' - ? { - ssl: true - } - : {}), + ssl: getDatabaseSSLFromEnv(), synchronize: false, migrationsRun: false, entities: Object.values(entities), @@ -101,3 +79,15 @@ export function getDataSource(): DataSource { } return appDataSource } + +const getDatabaseSSLFromEnv = () => { + if (process.env.DATABASE_SSL_KEY_BASE64) { + return { + rejectUnauthorized: false, + ca: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') + }; + } else if (process.env.DATABASE_SSL === 'true') { + return true; + } + return {}; +} From a382e230f4817d2efce896a04c60656687cf8acd Mon Sep 17 00:00:00 2001 From: niztal Date: Tue, 30 Jan 2024 22:07:56 +0200 Subject: [PATCH 4/5] fix lint issues --- packages/server/src/DataSource.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/server/src/DataSource.ts b/packages/server/src/DataSource.ts index 861bd83b..f563dce0 100644 --- a/packages/server/src/DataSource.ts +++ b/packages/server/src/DataSource.ts @@ -41,7 +41,7 @@ export const init = async (): Promise => { migrationsRun: false, entities: Object.values(entities), migrations: mysqlMigrations, - ssl: getDatabaseSSLFromEnv(), + ssl: getDatabaseSSLFromEnv() }) break case 'postgres': @@ -85,9 +85,9 @@ const getDatabaseSSLFromEnv = () => { return { rejectUnauthorized: false, ca: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') - }; + } } else if (process.env.DATABASE_SSL === 'true') { - return true; + return true } - return {}; + return {} } From 4107118673136023d3a644dfff75fb85d12260ff Mon Sep 17 00:00:00 2001 From: niztal Date: Tue, 30 Jan 2024 23:44:42 +0200 Subject: [PATCH 5/5] avoid BWC PGSQLMODE returning empty ssl object --- packages/server/src/DataSource.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/server/src/DataSource.ts b/packages/server/src/DataSource.ts index f563dce0..483c070e 100644 --- a/packages/server/src/DataSource.ts +++ b/packages/server/src/DataSource.ts @@ -89,5 +89,5 @@ const getDatabaseSSLFromEnv = () => { } else if (process.env.DATABASE_SSL === 'true') { return true } - return {} + return undefined }