Make redis and postgres tls optional and opt-in

This commit is contained in:
sparrow 2023-06-28 00:41:18 +01:00
parent 4f92a1066f
commit 1b77d101ee
6 changed files with 19 additions and 15 deletions

View file

@ -35,7 +35,7 @@ port: 3000
db:
host: localhost
port: 5432
#ssl: false
# Database name
db: calckey
@ -48,6 +48,7 @@ db:
# Extra Connection options
#extra:
# TODO: find another example
# ssl: true
# ┌─────────────────────┐
@ -56,6 +57,7 @@ db:
redis:
host: localhost
port: 6379
#tls: false
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
#pass: example-pass
#prefix: example-prefix

View file

@ -12,8 +12,8 @@ export default new DataSource({
extra: config.db.extra,
entities: entities,
migrations: ["migration/*.js"],
ssl: {
rejectUnauthorized: false,
ssl: config.db.ssl ? {
rejectUnauthorized: false, //TODO make configurable
ca: process.env.DB_SSL_CERT,
},
} : undefined,
});

View file

@ -15,6 +15,7 @@ export type Source = {
pass: string;
disableCache?: boolean;
extra?: { [x: string]: string };
ssl?: boolean;
};
redis: {
host: string;
@ -24,6 +25,7 @@ export type Source = {
db?: number;
prefix?: string;
user?: string;
tls?: boolean;
};
elasticsearch: {
host: string;

View file

@ -211,10 +211,10 @@ export const db = new DataSource({
password: config.redis.pass,
keyPrefix: `${config.redis.prefix}:query:`,
db: config.redis.db || 0,
tls: {
tls: config.redis.tls ? {
host: config.redis.host,
rejectUnauthorized: false,
},
rejectUnauthorized: false, // TODO make configurable
} : undefined,
},
}
: false,
@ -223,10 +223,10 @@ export const db = new DataSource({
maxQueryExecutionTime: 300,
entities: entities,
migrations: ["../../migration/*.js"],
ssl: {
ssl: config.db.ssl ? {
rejectUnauthorized: false,
ca: process.env.DB_SSL_CERT,
},
} : undefined,
});
export async function initDb(force = false) {

View file

@ -10,10 +10,10 @@ export function createConnection() {
username: config.redis.user ?? "default",
keyPrefix: `${config.redis.prefix}:`,
db: config.redis.db || 0,
tls: {
rejectUnauthorized: false,
tls: config.redis.tls ? {
rejectUnauthorized: false, //TODO make configurable
host: config.redis.host,
},
} : undefined,
});
}

View file

@ -10,9 +10,9 @@ export function initialize<T>(name: string, limitPerSec = -1) {
user: config.redis.user ?? "default",
password: config.redis.pass,
db: config.redis.db || 0,
tls: {
host: config.redis.host,
},
tls: config.redis.tls ? {
host: config.redis.host, //TODO add configurable cert validation
} : undefined,
},
prefix: config.redis.prefix ? `${config.redis.prefix}:queue` : "queue",
limiter: