github/infisical
1
1
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-05-02 03:02:03 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4632 from Infisical/ENG-3904

Browse Source 
parse out sslmode from connectionUri under certain conditions
This commit is contained in:
Andre
2025-10-10 16:08:39 -04:00
committed by GitHub
parent 2c9d0d1ea8 c61a1293e3
commit 721663ee0d
1 changed files with 39 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
backend/src/db/instance.ts
View File

@@ -1,5 +1,27 @@
import knex, { Knex } from "knex";
const parseSslConfig = (dbConnectionUri: string, dbRootCert?: string) => {
let modifiedDbConnectionUri = dbConnectionUri;
let sslConfig: { rejectUnauthorized: boolean; ca: string } | boolean = false;
if (dbRootCert) {
const url = new URL(dbConnectionUri);
const sslMode = url.searchParams.get("sslmode");
if (sslMode && sslMode !== "disable") {
url.searchParams.delete("sslmode");
modifiedDbConnectionUri = url.toString();
sslConfig = {
rejectUnauthorized: ["verify-ca", "verify-full"].includes(sslMode),
ca: Buffer.from(dbRootCert, "base64").toString("ascii")
};
}
}
return { modifiedDbConnectionUri, sslConfig };
};
export type TDbClient = Knex;
export const initDbConnection = ({
dbConnectionUri,
@@ -32,23 +54,18 @@ export const initDbConnection = ({
return selectedReplica;
});
const { modifiedDbConnectionUri, sslConfig } = parseSslConfig(dbConnectionUri, dbRootCert);
db = knex({
client: "pg",
connection: {
connectionString: dbConnectionUri,
connectionString: modifiedDbConnectionUri,
host: process.env.DB_HOST,
// @ts-expect-error I have no clue why only for the port there is a type error
// eslint-disable-next-line
port: process.env.DB_PORT,
port: process.env.DB_PORT ? parseInt(process.env.DB_PORT, 10) : undefined,
user: process.env.DB_USER,
database: process.env.DB_NAME,
password: process.env.DB_PASSWORD,
ssl: dbRootCert
? {
rejectUnauthorized: true,
ca: Buffer.from(dbRootCert, "base64").toString("ascii")
}
: false
ssl: sslConfig
},
// https://knexjs.org/guide/#pool
pool: { min: 0, max: 10 },
@@ -59,16 +76,16 @@ export const initDbConnection = ({
readReplicaDbs = readReplicas.map((el) => {
const replicaDbCertificate = el.dbRootCert || dbRootCert;
const { modifiedDbConnectionUri: replicaUri, sslConfig: replicaSslConfig } = parseSslConfig(
el.dbConnectionUri,
replicaDbCertificate
);
return knex({
client: "pg",
connection: {
connectionString: el.dbConnectionUri,
ssl: replicaDbCertificate
? {
rejectUnauthorized: true,
ca: Buffer.from(replicaDbCertificate, "base64").toString("ascii")
}
: false
connectionString: replicaUri,
ssl: replicaSslConfig
},
migrations: {
tableName: "infisical_migrations"
@@ -87,26 +104,21 @@ export const initAuditLogDbConnection = ({
dbConnectionUri: string;
dbRootCert?: string;
}) => {
const { modifiedDbConnectionUri, sslConfig } = parseSslConfig(dbConnectionUri, dbRootCert);
// akhilmhdh: the default Knex is knex.Knex<any, any[]>. but when assigned with knex({<config>}) the value is knex.Knex<any, unknown[]>
// this was causing issue with files like `snapshot-dal` `findRecursivelySnapshots` this i am explicitly putting the any and unknown[]
// eslint-disable-next-line
const db: Knex<any, unknown[]> = knex({
client: "pg",
connection: {
connectionString: dbConnectionUri,
connectionString: modifiedDbConnectionUri,
host: process.env.AUDIT_LOGS_DB_HOST,
// @ts-expect-error I have no clue why only for the port there is a type error
// eslint-disable-next-line
port: process.env.AUDIT_LOGS_DB_PORT,
port: process.env.AUDIT_LOGS_DB_PORT ? parseInt(process.env.AUDIT_LOGS_DB_PORT, 10) : undefined,
user: process.env.AUDIT_LOGS_DB_USER,
database: process.env.AUDIT_LOGS_DB_NAME,
password: process.env.AUDIT_LOGS_DB_PASSWORD,
ssl: dbRootCert
? {
rejectUnauthorized: true,
ca: Buffer.from(dbRootCert, "base64").toString("ascii")
}
: false
ssl: sslConfig
},
migrations: {
tableName: "infisical_migrations"