Make redis and postgres tls optional and opt-in

2023-06-28 00:41:18 +01:00 · 2023-06-28 00:41:18 +01:00 · 1b77d101ee
parent 4f92a1066f
commit 1b77d101ee
6 changed files with 19 additions and 15 deletions
--- a/.config/example.yml
+++ b/.config/example.yml
@ -35,7 +35,7 @@ port: 3000
 db:
  host: localhost
  port: 5432
-
+  #ssl: false
  # Database name
  db: calckey
@ -48,6 +48,7 @@ db:
  # Extra Connection options
  #extra:
  # TODO: find another example
  #  ssl: true
 #   ┌─────────────────────┐
@ -56,6 +57,7 @@ db:
 redis:
  host: localhost
  port: 6379
  #tls: false
  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
  #pass: example-pass
  #prefix: example-prefix
--- a/packages/backend/ormconfig.js
+++ b/packages/backend/ormconfig.js
@ -12,8 +12,8 @@ export default new DataSource({
 	extra: config.db.extra,
 	entities: entities,
 	migrations: ["migration/*.js"],
-	ssl: {
+	ssl: config.db.ssl ? {
-		rejectUnauthorized: false,
+		rejectUnauthorized: false, //TODO make configurable
 		ca: process.env.DB_SSL_CERT,
-	},
+	} : undefined,
 });
--- a/packages/backend/src/config/types.ts
+++ b/packages/backend/src/config/types.ts
@ -15,6 +15,7 @@ export type Source = {
 		pass: string;
 		disableCache?: boolean;
 		extra?: { [x: string]: string };
 		ssl?: boolean;
 	};
 	redis: {
 		host: string;
@ -24,6 +25,7 @@ export type Source = {
 		db?: number;
 		prefix?: string;
 		user?: string;
 		tls?: boolean;
 	};
 	elasticsearch: {
 		host: string;
--- a/packages/backend/src/db/postgre.ts
+++ b/packages/backend/src/db/postgre.ts
@ -211,10 +211,10 @@ export const db = new DataSource({
 					password: config.redis.pass,
 					keyPrefix: `${config.redis.prefix}:query:`,
 					db: config.redis.db || 0,
-					tls: {
+					tls: config.redis.tls ? {
 						host: config.redis.host,
-						rejectUnauthorized: false,
+						rejectUnauthorized: false, // TODO make configurable
-					},
+					} : undefined,
 				},
 		  }
 		: false,
@ -223,10 +223,10 @@ export const db = new DataSource({
 	maxQueryExecutionTime: 300,
 	entities: entities,
 	migrations: ["../../migration/*.js"],
-	ssl: {
+	ssl: config.db.ssl ? {
 		rejectUnauthorized: false,
 		ca: process.env.DB_SSL_CERT,
-	},
+	} : undefined,
 });
 export async function initDb(force = false) {
--- a/packages/backend/src/db/redis.ts
+++ b/packages/backend/src/db/redis.ts
@ -10,10 +10,10 @@ export function createConnection() {
 		username: config.redis.user ?? "default",
 		keyPrefix: `${config.redis.prefix}:`,
 		db: config.redis.db || 0,
-		tls: {
+		tls: config.redis.tls ? {
-			rejectUnauthorized: false,
+			rejectUnauthorized: false, //TODO make configurable
 			host: config.redis.host,
-		},
+		} : undefined,
 	});
 }
--- a/packages/backend/src/queue/initialize.ts
+++ b/packages/backend/src/queue/initialize.ts
@ -10,9 +10,9 @@ export function initialize<T>(name: string, limitPerSec = -1) {
 			user: config.redis.user ?? "default",
 			password: config.redis.pass,
 			db: config.redis.db || 0,
-			tls: {
+			tls: config.redis.tls ? {
-				host: config.redis.host,
+				host: config.redis.host, //TODO add configurable cert validation
-			},
+			} : undefined,
 		},
 		prefix: config.redis.prefix ? `${config.redis.prefix}:queue` : "queue",
 		limiter: