Skip to content

Commit

Permalink
fix: support enforcing SSL connection
Browse files Browse the repository at this point in the history
  • Loading branch information
@fenos
fenos committed Jul 28, 2023
1 parent 23d6602 commit 8f8c7df
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ type StorageConfigType = {
jwtAlgorithm: string
multitenantDatabaseUrl?: string
databaseURL: string
databaseForceSSL?: boolean
databasePoolURL?: string
databaseMaxConnections: number
databaseFreePoolAfterInactivity: number
Expand Down Expand Up @@ -108,6 +109,7 @@ export function getConfig(): StorageConfigType {
jwtSecret: getOptionalIfMultitenantConfigFromEnv('PGRST_JWT_SECRET') || '',
jwtAlgorithm: getOptionalConfigFromEnv('PGRST_JWT_ALGORITHM') || 'HS256',
multitenantDatabaseUrl: getOptionalConfigFromEnv('MULTITENANT_DATABASE_URL'),
databaseForceSSL: getOptionalConfigFromEnv('DATABASE_FORCE_SSL') === 'true',
databaseURL: getOptionalIfMultitenantConfigFromEnv('DATABASE_URL') || '',
databasePoolURL: getOptionalConfigFromEnv('DATABASE_POOL_URL') || '',
databaseMaxConnections: parseInt(
Expand Down
16 changes: 12 additions & 4 deletions src/database/connection.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@ import { StorageBackendError } from '../storage'
// https://github.com/knex/knex/issues/387#issuecomment-51554522
pg.types.setTypeParser(20, 'text', parseInt)

const { databaseMaxConnections, databaseFreePoolAfterInactivity, databaseConnectionTimeout } =
getConfig()
const {
databaseForceSSL,
databaseMaxConnections,
databaseFreePoolAfterInactivity,
databaseConnectionTimeout,
} = getConfig()

interface TenantConnectionOptions {
user: User
Expand Down Expand Up @@ -73,7 +77,11 @@ export class TenantConnection {
idleTimeoutMillis: isExternalPool ? 100 : databaseFreePoolAfterInactivity,
reapIntervalMillis: isExternalPool ? 110 : undefined,
},
connection: connectionString,
connection: {
connectionString: connectionString,
...(databaseForceSSL ? { ssl: { rejectUnauthorized: false } } : {}),
},

acquireConnectionTimeout: databaseConnectionTimeout,
})

Expand Down Expand Up @@ -137,7 +145,7 @@ export class TenantConnection {
},
{
minTimeout: 50,
maxTimeout: 500,
maxTimeout: 200,
maxRetryTime: 2000,
retries: 10,
}
Expand Down

0 comments on commit 8f8c7df

Please sign in to comment.