From 980a6d8347ae4d11e2e3e62f5ff0654594779979 Mon Sep 17 00:00:00 2001
From: Waleed <walif6@gmail.com>
Date: Wed, 1 Oct 2025 19:09:08 -0700
Subject: [PATCH] improvement(db): enforce SSL everywhere where a DB connection
 is established (#1522)

* improvement(db): enforce SSL everywhere where a DB connection is established

* remove extraneous comment
---
 apps/sim/lib/workflows/db-helpers.ts               | 7 +------
 apps/sim/socket-server/database/operations.ts      | 1 +
 apps/sim/socket-server/rooms/manager.ts            | 1 +
 packages/db/index.ts                               | 1 +
 packages/db/scripts/migrate-deployment-versions.ts | 1 +
 packages/db/scripts/register-sso-provider.ts       | 1 +
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apps/sim/lib/workflows/db-helpers.ts b/apps/sim/lib/workflows/db-helpers.ts
index b4f6f7589..bc00d01d1 100644
--- a/apps/sim/lib/workflows/db-helpers.ts
+++ b/apps/sim/lib/workflows/db-helpers.ts
@@ -150,12 +150,7 @@ export async function loadWorkflowFromNormalizedTables(
     })
 
     // Sanitize any invalid custom tools in agent blocks to prevent client crashes
-    const { blocks: sanitizedBlocks, warnings } = sanitizeAgentToolsInBlocks(blocksMap)
-    if (warnings.length > 0) {
-      logger.warn(`Sanitized workflow ${workflowId} tools with ${warnings.length} warning(s)`, {
-        warnings,
-      })
-    }
+    const { blocks: sanitizedBlocks } = sanitizeAgentToolsInBlocks(blocksMap)
 
     // Convert edges to the expected format
     const edgesArray: Edge[] = edges.map((edge) => ({
diff --git a/apps/sim/socket-server/database/operations.ts b/apps/sim/socket-server/database/operations.ts
index 388d6610a..98f505757 100644
--- a/apps/sim/socket-server/database/operations.ts
+++ b/apps/sim/socket-server/database/operations.ts
@@ -18,6 +18,7 @@ const socketDb = drizzle(
     max: 25,
     onnotice: () => {},
     debug: false,
+    ssl: 'require',
   }),
   { schema }
 )
diff --git a/apps/sim/socket-server/rooms/manager.ts b/apps/sim/socket-server/rooms/manager.ts
index b36ac85a7..feef1d1bc 100644
--- a/apps/sim/socket-server/rooms/manager.ts
+++ b/apps/sim/socket-server/rooms/manager.ts
@@ -15,6 +15,7 @@ const db = drizzle(
     connect_timeout: 20,
     max: 5,
     onnotice: () => {},
+    ssl: 'require',
   }),
   { schema }
 )
diff --git a/packages/db/index.ts b/packages/db/index.ts
index d53999e08..01f6e99a3 100644
--- a/packages/db/index.ts
+++ b/packages/db/index.ts
@@ -16,6 +16,7 @@ const postgresClient = postgres(connectionString, {
   connect_timeout: 30,
   max: 80,
   onnotice: () => {},
+  ssl: 'require',
 })
 
 const drizzleClient = drizzle(postgresClient, { schema })
diff --git a/packages/db/scripts/migrate-deployment-versions.ts b/packages/db/scripts/migrate-deployment-versions.ts
index 30677c88b..f0d0453d6 100644
--- a/packages/db/scripts/migrate-deployment-versions.ts
+++ b/packages/db/scripts/migrate-deployment-versions.ts
@@ -123,6 +123,7 @@ const postgresClient = postgres(CONNECTION_STRING, {
   connect_timeout: 30,
   max: 10,
   onnotice: () => {},
+  ssl: 'require',
 })
 const db = drizzle(postgresClient)
 
diff --git a/packages/db/scripts/register-sso-provider.ts b/packages/db/scripts/register-sso-provider.ts
index 3b09c8fd2..fbe04e939 100644
--- a/packages/db/scripts/register-sso-provider.ts
+++ b/packages/db/scripts/register-sso-provider.ts
@@ -147,6 +147,7 @@ const postgresClient = postgres(CONNECTION_STRING, {
   connect_timeout: 30,
   max: 10,
   onnotice: () => {},
+  ssl: 'require',
 })
 const db = drizzle(postgresClient)