mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-21 21:57:19 +00:00
Streaming: improve handling of SSLMODE and cert/key/ca files
This commit is contained in:
parent
02633d6ebb
commit
aecd31a84f
|
@ -1,3 +1,6 @@
|
|||
import fs from 'node:fs';
|
||||
import path from 'node:path';
|
||||
|
||||
import pg from 'pg';
|
||||
import pgConnectionString from 'pg-connection-string';
|
||||
|
||||
|
@ -83,19 +86,34 @@ export function configFromEnv(env, environment) {
|
|||
baseConfig = pgConfigs[environment];
|
||||
|
||||
if (env.DB_SSLMODE) {
|
||||
switch(env.DB_SSLMODE) {
|
||||
// This is the same logic used by `pg` for handling sslmode:
|
||||
switch (env.DB_SSLMODE) {
|
||||
case 'disable':
|
||||
case '':
|
||||
baseConfig.ssl = false;
|
||||
break;
|
||||
case 'prefer':
|
||||
case 'require':
|
||||
case 'verify-ca':
|
||||
case 'verify-full':
|
||||
baseConfig.ssl = {};
|
||||
break;
|
||||
case 'no-verify':
|
||||
baseConfig.ssl = { rejectUnauthorized: false };
|
||||
break;
|
||||
default:
|
||||
baseConfig.ssl = {};
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (typeof env.DB_SSL_CERT === 'string' && typeof baseConfig.ssl === 'object') {
|
||||
baseConfig.ssl.cert = fs.readFileSync(path.resolve(env.DB_SSL_CERT), 'ascii');
|
||||
}
|
||||
|
||||
if (typeof env.DB_SSL_KEY === 'string' && typeof baseConfig.ssl === 'object') {
|
||||
baseConfig.ssl.key = fs.readFileSync(path.resolve(env.DB_SSL_KEY), 'ascii');
|
||||
}
|
||||
|
||||
if (typeof env.DB_SSL_CA === 'string' && typeof baseConfig.ssl === 'object') {
|
||||
baseConfig.ssl.ca = fs.readFileSync(path.resolve(env.DB_SSL_CA), 'ascii');
|
||||
}
|
||||
} else {
|
||||
throw new Error('Unable to resolve postgresql database configuration.');
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue