From bc7571dab4d76440bd0f6d5c78c6f0e66c44c910 Mon Sep 17 00:00:00 2001 From: Gunnar Smith Date: Fri, 19 Sep 2025 22:21:41 -0500 Subject: [PATCH] user configurable validation of psql ssl --- backend/create_database.js | 2 ++ backend/db.js | 2 ++ backend/migrations.js | 2 ++ backend/routes/backup.js | 3 +++ 4 files changed, 9 insertions(+) diff --git a/backend/create_database.js b/backend/create_database.js index 700d243..2001a03 100644 --- a/backend/create_database.js +++ b/backend/create_database.js @@ -5,12 +5,14 @@ const _POSTGRES_PASSWORD = process.env.POSTGRES_PASSWORD; const _POSTGRES_IP = process.env.POSTGRES_IP; const _POSTGRES_PORT = process.env.POSTGRES_PORT; const _POSTGRES_DATABASE = process.env.POSTGRES_DB || 'jfstat'; +const _POSTGRES_SSL_REJECT_UNAUTHORIZED = process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === undefined ? true : process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === "true"; const client = new Client({ host: _POSTGRES_IP, user: _POSTGRES_USER, password: _POSTGRES_PASSWORD, port: _POSTGRES_PORT, + ssl: { rejectUnauthorized: _POSTGRES_SSL_REJECT_UNAUTHORIZED } }); const createDatabase = async () => { diff --git a/backend/db.js b/backend/db.js index bebde95..d6af617 100644 --- a/backend/db.js +++ b/backend/db.js @@ -7,6 +7,7 @@ const _POSTGRES_PASSWORD = process.env.POSTGRES_PASSWORD; const _POSTGRES_IP = process.env.POSTGRES_IP; const _POSTGRES_PORT = process.env.POSTGRES_PORT; const _POSTGRES_DATABASE = process.env.POSTGRES_DB || "jfstat"; +const _POSTGRES_SSL_REJECT_UNAUTHORIZED = process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === undefined ? true : process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === "true"; if ([_POSTGRES_USER, _POSTGRES_PASSWORD, _POSTGRES_IP, _POSTGRES_PORT].includes(undefined)) { console.log("Error: Postgres details not defined"); @@ -22,6 +23,7 @@ const pool = new Pool({ max: 20, // Maximum number of connections in the pool idleTimeoutMillis: 30000, // Close idle clients after 30 seconds connectionTimeoutMillis: 2000, // Return an error after 2 seconds if connection could not be established + ssl: { rejectUnauthorized: _POSTGRES_SSL_REJECT_UNAUTHORIZED } // Enable SSL without strict cert validation }); pool.on("error", (err, client) => { diff --git a/backend/migrations.js b/backend/migrations.js index 0240694..6d1ffd7 100644 --- a/backend/migrations.js +++ b/backend/migrations.js @@ -12,6 +12,7 @@ module.exports = { port:process.env.POSTGRES_PORT, database: process.env.POSTGRES_DB || 'jfstat', createDatabase: true, + ssl: { rejectUnauthorized: process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === undefined ? true : process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === "true" } }, migrations: { directory: __dirname + '/migrations', @@ -39,6 +40,7 @@ module.exports = { port:process.env.POSTGRES_PORT, database: process.env.POSTGRES_DB || 'jfstat', createDatabase: true, + ssl: { rejectUnauthorized: process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === undefined ? true : process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === "true" } }, migrations: { directory: __dirname + '/migrations', diff --git a/backend/routes/backup.js b/backend/routes/backup.js index 6e768ce..f756c02 100644 --- a/backend/routes/backup.js +++ b/backend/routes/backup.js @@ -23,6 +23,8 @@ const postgresPassword = process.env.POSTGRES_PASSWORD; const postgresIp = process.env.POSTGRES_IP; const postgresPort = process.env.POSTGRES_PORT; const postgresDatabase = process.env.POSTGRES_DB || "jfstat"; +const postgresSslRejectUnauthorized = process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === undefined ? true : process.env.POSTGRES_SSL_REJECT_UNAUTHORIZED === "true"; + const backupfolder = "backup-data"; // Restore function @@ -52,6 +54,7 @@ async function restore(file, refLog) { host: postgresIp, port: postgresPort, database: postgresDatabase, + ssl: { rejectUnauthorized: postgresSslRejectUnauthorized }, }); const backupPath = file;