Streaming: improve handling of SSLMODE and cert/key/ca files

This commit is contained in:
Emelia Smith 2024-08-30 19:31:14 +02:00
parent 02633d6ebb
commit aecd31a84f
No known key found for this signature in database

View file

@ -1,3 +1,6 @@
import fs from 'node:fs';
import path from 'node:path';
import pg from 'pg';
import pgConnectionString from 'pg-connection-string';
@ -83,19 +86,34 @@ export function configFromEnv(env, environment) {
baseConfig = pgConfigs[environment];
if (env.DB_SSLMODE) {
// This is the same logic used by `pg` for handling sslmode:
switch (env.DB_SSLMODE) {
case 'disable':
case '':
baseConfig.ssl = false;
break;
case 'prefer':
case 'require':
case 'verify-ca':
case 'verify-full':
baseConfig.ssl = {};
break;
case 'no-verify':
baseConfig.ssl = { rejectUnauthorized: false };
break;
default:
baseConfig.ssl = {};
break;
}
}
if (typeof env.DB_SSL_CERT === 'string' && typeof baseConfig.ssl === 'object') {
baseConfig.ssl.cert = fs.readFileSync(path.resolve(env.DB_SSL_CERT), 'ascii');
}
if (typeof env.DB_SSL_KEY === 'string' && typeof baseConfig.ssl === 'object') {
baseConfig.ssl.key = fs.readFileSync(path.resolve(env.DB_SSL_KEY), 'ascii');
}
if (typeof env.DB_SSL_CA === 'string' && typeof baseConfig.ssl === 'object') {
baseConfig.ssl.ca = fs.readFileSync(path.resolve(env.DB_SSL_CA), 'ascii');
}
} else {
throw new Error('Unable to resolve postgresql database configuration.');
}