Make redis and postgres tls optional and opt-in

This commit is contained in:
sparrow 2023-06-28 00:41:18 +01:00
parent 4f92a1066f
commit 1b77d101ee
6 changed files with 19 additions and 15 deletions

View file

@ -35,7 +35,7 @@ port: 3000
db: db:
host: localhost host: localhost
port: 5432 port: 5432
#ssl: false
# Database name # Database name
db: calckey db: calckey
@ -48,6 +48,7 @@ db:
# Extra Connection options # Extra Connection options
#extra: #extra:
# TODO: find another example
# ssl: true # ssl: true
# ┌─────────────────────┐ # ┌─────────────────────┐
@ -56,6 +57,7 @@ db:
redis: redis:
host: localhost host: localhost
port: 6379 port: 6379
#tls: false
#family: 0 # 0=Both, 4=IPv4, 6=IPv6 #family: 0 # 0=Both, 4=IPv4, 6=IPv6
#pass: example-pass #pass: example-pass
#prefix: example-prefix #prefix: example-prefix

View file

@ -12,8 +12,8 @@ export default new DataSource({
extra: config.db.extra, extra: config.db.extra,
entities: entities, entities: entities,
migrations: ["migration/*.js"], migrations: ["migration/*.js"],
ssl: { ssl: config.db.ssl ? {
rejectUnauthorized: false, rejectUnauthorized: false, //TODO make configurable
ca: process.env.DB_SSL_CERT, ca: process.env.DB_SSL_CERT,
}, } : undefined,
}); });

View file

@ -15,6 +15,7 @@ export type Source = {
pass: string; pass: string;
disableCache?: boolean; disableCache?: boolean;
extra?: { [x: string]: string }; extra?: { [x: string]: string };
ssl?: boolean;
}; };
redis: { redis: {
host: string; host: string;
@ -24,6 +25,7 @@ export type Source = {
db?: number; db?: number;
prefix?: string; prefix?: string;
user?: string; user?: string;
tls?: boolean;
}; };
elasticsearch: { elasticsearch: {
host: string; host: string;

View file

@ -211,10 +211,10 @@ export const db = new DataSource({
password: config.redis.pass, password: config.redis.pass,
keyPrefix: `${config.redis.prefix}:query:`, keyPrefix: `${config.redis.prefix}:query:`,
db: config.redis.db || 0, db: config.redis.db || 0,
tls: { tls: config.redis.tls ? {
host: config.redis.host, host: config.redis.host,
rejectUnauthorized: false, rejectUnauthorized: false, // TODO make configurable
}, } : undefined,
}, },
} }
: false, : false,
@ -223,10 +223,10 @@ export const db = new DataSource({
maxQueryExecutionTime: 300, maxQueryExecutionTime: 300,
entities: entities, entities: entities,
migrations: ["../../migration/*.js"], migrations: ["../../migration/*.js"],
ssl: { ssl: config.db.ssl ? {
rejectUnauthorized: false, rejectUnauthorized: false,
ca: process.env.DB_SSL_CERT, ca: process.env.DB_SSL_CERT,
}, } : undefined,
}); });
export async function initDb(force = false) { export async function initDb(force = false) {

View file

@ -10,10 +10,10 @@ export function createConnection() {
username: config.redis.user ?? "default", username: config.redis.user ?? "default",
keyPrefix: `${config.redis.prefix}:`, keyPrefix: `${config.redis.prefix}:`,
db: config.redis.db || 0, db: config.redis.db || 0,
tls: { tls: config.redis.tls ? {
rejectUnauthorized: false, rejectUnauthorized: false, //TODO make configurable
host: config.redis.host, host: config.redis.host,
}, } : undefined,
}); });
} }

View file

@ -10,9 +10,9 @@ export function initialize<T>(name: string, limitPerSec = -1) {
user: config.redis.user ?? "default", user: config.redis.user ?? "default",
password: config.redis.pass, password: config.redis.pass,
db: config.redis.db || 0, db: config.redis.db || 0,
tls: { tls: config.redis.tls ? {
host: config.redis.host, host: config.redis.host, //TODO add configurable cert validation
}, } : undefined,
}, },
prefix: config.redis.prefix ? `${config.redis.prefix}:queue` : "queue", prefix: config.redis.prefix ? `${config.redis.prefix}:queue` : "queue",
limiter: limiter: