From a5c938fa3c6e393715b0492e8c0ba019c3db12f4 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 04:11:45 -0700 Subject: [PATCH 1/9] chore: attempt to support postgresql ssl --- CommonServer/Config.ts | 13 +++++++++++++ CommonServer/Infrastructure/PostgresConfig.ts | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index ae3bc560db..aa5e28e1e9 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -36,6 +36,19 @@ export const DatabasePassword: string = export const DatabaseName: string = process.env['DATABASE_NAME'] || 'oneuptimedb'; +export const DatabaseSslCa: string = + process.env['DATABASE_SSL_CA'] || undefined; + +export const DatabaseSslKey: string = + process.env['DATABASE_SSL_KEY'] || undefined; + +export const DatabaseSslCert: string = + process.env['DATABASE_SSL_CERT'] || undefined; + +export const DatabaseRejectUnauthorized: boolean = Boolean(process.env['DATABASE_SSL_REJECT_UNAUTHORIZED']) || false; + +export const shouldDatabaseSslEnable: boolean = Boolean(DatabaseSslCa || DatabaseSslCert || DatabaseSslKey); + export const EncryptionSecret: ObjectID = new ObjectID( process.env['ENCRYPTION_SECRET'] || 'secret' ); diff --git a/CommonServer/Infrastructure/PostgresConfig.ts b/CommonServer/Infrastructure/PostgresConfig.ts index 776baa6847..7ad97a5a58 100644 --- a/CommonServer/Infrastructure/PostgresConfig.ts +++ b/CommonServer/Infrastructure/PostgresConfig.ts @@ -5,6 +5,11 @@ import { DatabasePassword, DatabasePort, DatabaseUsername, + DatabaseSslCa, + DatabaseSslKey, + DatabaseSslCert, + DatabaseRejectUnauthorized, + shouldDatabaseSslEnable, Env, } from '../Config'; import Entities from 'Model/Models/Index'; @@ -23,6 +28,12 @@ export const dataSourceOptions: DataSourceOptions = { migrationsTableName: 'migrations', migrations: Migrations, entities: Entities, + ssl: shouldDatabaseSslEnable ? { + rejectUnauthorized: DatabaseRejectUnauthorized, + ca: DatabaseSslCa, + key: DatabaseSslKey, + cert: DatabaseSslCert + } : undefined, // logging: 'all', // synchronize: Env === AppEnvironment.Development, synchronize: true, From a8f662a5ae24194506614f5b83fd4a6887131b11 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 04:33:38 -0700 Subject: [PATCH 2/9] chore: fix lint and lint fix --- CommonServer/Config.ts | 7 +++++-- CommonServer/Infrastructure/PostgresConfig.ts | 14 ++++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index aa5e28e1e9..d535e117db 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -45,9 +45,12 @@ export const DatabaseSslKey: string = export const DatabaseSslCert: string = process.env['DATABASE_SSL_CERT'] || undefined; -export const DatabaseRejectUnauthorized: boolean = Boolean(process.env['DATABASE_SSL_REJECT_UNAUTHORIZED']) || false; +export const DatabaseRejectUnauthorized: boolean = + Boolean(process.env['DATABASE_SSL_REJECT_UNAUTHORIZED']) || false; -export const shouldDatabaseSslEnable: boolean = Boolean(DatabaseSslCa || DatabaseSslCert || DatabaseSslKey); +export const shouldDatabaseSslEnable: boolean = Boolean( + DatabaseSslCa || DatabaseSslCert || DatabaseSslKey +); export const EncryptionSecret: ObjectID = new ObjectID( process.env['ENCRYPTION_SECRET'] || 'secret' diff --git a/CommonServer/Infrastructure/PostgresConfig.ts b/CommonServer/Infrastructure/PostgresConfig.ts index 7ad97a5a58..fb4e7d1470 100644 --- a/CommonServer/Infrastructure/PostgresConfig.ts +++ b/CommonServer/Infrastructure/PostgresConfig.ts @@ -28,12 +28,14 @@ export const dataSourceOptions: DataSourceOptions = { migrationsTableName: 'migrations', migrations: Migrations, entities: Entities, - ssl: shouldDatabaseSslEnable ? { - rejectUnauthorized: DatabaseRejectUnauthorized, - ca: DatabaseSslCa, - key: DatabaseSslKey, - cert: DatabaseSslCert - } : undefined, + ssl: shouldDatabaseSslEnable + ? { + rejectUnauthorized: DatabaseRejectUnauthorized, + ca: DatabaseSslCa, + key: DatabaseSslKey, + cert: DatabaseSslCert, + } + : undefined, // logging: 'all', // synchronize: Env === AppEnvironment.Development, synchronize: true, From 1d7f064f4bc1e236122fd7a4d9206f0c06dc7a5c Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 04:42:22 -0700 Subject: [PATCH 3/9] chore: tls expects ssl to be false or tlsoptions --- CommonServer/Infrastructure/PostgresConfig.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CommonServer/Infrastructure/PostgresConfig.ts b/CommonServer/Infrastructure/PostgresConfig.ts index fb4e7d1470..2ba0ebb557 100644 --- a/CommonServer/Infrastructure/PostgresConfig.ts +++ b/CommonServer/Infrastructure/PostgresConfig.ts @@ -35,7 +35,7 @@ export const dataSourceOptions: DataSourceOptions = { key: DatabaseSslKey, cert: DatabaseSslCert, } - : undefined, + : false, // logging: 'all', // synchronize: Env === AppEnvironment.Development, synchronize: true, From ce1c3b436dfd640be74bbe8da74d51b58f3f2625 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 04:52:25 -0700 Subject: [PATCH 4/9] chore: fix types --- CommonServer/Config.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index d535e117db..797e82275d 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -36,13 +36,13 @@ export const DatabasePassword: string = export const DatabaseName: string = process.env['DATABASE_NAME'] || 'oneuptimedb'; -export const DatabaseSslCa: string = +export const DatabaseSslCa: string | undefined = process.env['DATABASE_SSL_CA'] || undefined; -export const DatabaseSslKey: string = +export const DatabaseSslKey: string | undefined = process.env['DATABASE_SSL_KEY'] || undefined; -export const DatabaseSslCert: string = +export const DatabaseSslCert: string | undefined = process.env['DATABASE_SSL_CERT'] || undefined; export const DatabaseRejectUnauthorized: boolean = From 5b04e14a952f282921181ee167ce7bcbfdec1ce1 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 06:04:31 -0700 Subject: [PATCH 5/9] chore: update config.example.env --- config.example.env | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config.example.env b/config.example.env index af9c656add..2224ebcc65 100644 --- a/config.example.env +++ b/config.example.env @@ -59,6 +59,13 @@ DATABASE_USERNAME=postgres DATABASE_NAME=oneuptimedb DATABASE_HOST=postgres +# Used to connect to managed postgres providers. +# Fill only what your provider needs. +DatabaseRejectUnauthorized=false +DatabaseSslCa= +DatabaseSslKey= +DatabaseSslCert= + # Redis DB Settings. REDIS_HOST=redis From 873cee4a796b529fdf3aee9d335bdc50eabec38c Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 06:14:27 -0700 Subject: [PATCH 6/9] chore: resolve compromise --- CommonServer/Config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index 797e82275d..89df99fe57 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -49,7 +49,7 @@ export const DatabaseRejectUnauthorized: boolean = Boolean(process.env['DATABASE_SSL_REJECT_UNAUTHORIZED']) || false; export const shouldDatabaseSslEnable: boolean = Boolean( - DatabaseSslCa || DatabaseSslCert || DatabaseSslKey + DatabaseSslCa || (DatabaseSslCert && DatabaseSslKey) ); export const EncryptionSecret: ObjectID = new ObjectID( From 7af57b06b54c51efcdf209f0002b329f4c66b633 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 06:15:31 -0700 Subject: [PATCH 7/9] chore: update to use pascalcase --- CommonServer/Config.ts | 4 ++-- CommonServer/Infrastructure/PostgresConfig.ts | 4 ++-- Probe/Services/Register.ts | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index 89df99fe57..f3a3f54e4c 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -48,7 +48,7 @@ export const DatabaseSslCert: string | undefined = export const DatabaseRejectUnauthorized: boolean = Boolean(process.env['DATABASE_SSL_REJECT_UNAUTHORIZED']) || false; -export const shouldDatabaseSslEnable: boolean = Boolean( +export const ShouldDatabaseSslEnable: boolean = Boolean( DatabaseSslCa || (DatabaseSslCert && DatabaseSslKey) ); @@ -64,7 +64,7 @@ export const ClusterKey: ObjectID = new ObjectID( process.env['ONEUPTIME_SECRET'] || 'secret' ); -export const hasClusterKey: boolean = Boolean(process.env['ONEUPTIME_SECRET']); +export const HasClusterKey: boolean = Boolean(process.env['ONEUPTIME_SECRET']); export const Domain: Hostname = Hostname.fromString( process.env['DOMAIN'] || 'localhost' diff --git a/CommonServer/Infrastructure/PostgresConfig.ts b/CommonServer/Infrastructure/PostgresConfig.ts index 2ba0ebb557..041758fbee 100644 --- a/CommonServer/Infrastructure/PostgresConfig.ts +++ b/CommonServer/Infrastructure/PostgresConfig.ts @@ -9,7 +9,7 @@ import { DatabaseSslKey, DatabaseSslCert, DatabaseRejectUnauthorized, - shouldDatabaseSslEnable, + ShouldDatabaseSslEnable, Env, } from '../Config'; import Entities from 'Model/Models/Index'; @@ -28,7 +28,7 @@ export const dataSourceOptions: DataSourceOptions = { migrationsTableName: 'migrations', migrations: Migrations, entities: Entities, - ssl: shouldDatabaseSslEnable + ssl: ShouldDatabaseSslEnable ? { rejectUnauthorized: DatabaseRejectUnauthorized, ca: DatabaseSslCa, diff --git a/Probe/Services/Register.ts b/Probe/Services/Register.ts index 961f712a50..52b5be82d8 100644 --- a/Probe/Services/Register.ts +++ b/Probe/Services/Register.ts @@ -7,7 +7,7 @@ import { PROBE_NAME, } from '../Config'; import URL from 'Common/Types/API/URL'; -import { ClusterKey, hasClusterKey } from 'CommonServer/Config'; +import { ClusterKey, HasClusterKey } from 'CommonServer/Config'; import logger from 'CommonServer/Utils/Logger'; import HTTPResponse from 'Common/Types/API/HTTPResponse'; import { JSONObject } from 'Common/Types/JSON'; @@ -15,7 +15,7 @@ import LocalCache from 'CommonServer/Infrastructure/LocalCache'; export default class Register { public static async registerProbe(): Promise { - if (hasClusterKey) { + if (HasClusterKey) { const resullt: HTTPResponse = await API.post( URL.fromString(PROBE_API_URL.toString()).addRoute('/register'), { From 589acc35c170233e63fe84eefce9f96440cd1e80 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 06:28:27 -0700 Subject: [PATCH 8/9] chore: add env to docker.base.yml --- docker-compose.base.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-compose.base.yml b/docker-compose.base.yml index e6b96c66a7..576243f316 100644 --- a/docker-compose.base.yml +++ b/docker-compose.base.yml @@ -42,6 +42,10 @@ x-common-server-variables: &common-server-variables DATABASE_PASSWORD: ${DATABASE_PASSWORD} DATABASE_NAME: ${DATABASE_NAME} DATABASE_HOST: ${DATABASE_HOST} + DATABASE_SSL_CA: ${DATABASE_SSL_CA} + DATABASE_SSL_KEY: ${DATABASE_SSL_KEY} + DATABASE_SSL_CERT: ${DATABASE_SSL_CERT} + DATABASE_SSL_REJECT_UNAUTHORIZED: ${DATABASE_SSL_REJECT_UNAUTHORIZED} REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_HOST: ${REDIS_HOST} From fdfd762d935baeef868ada55a57b10e833a4a102 Mon Sep 17 00:00:00 2001 From: Jordan Jones Date: Sun, 30 Jul 2023 06:28:59 -0700 Subject: [PATCH 9/9] chore: fix truthy Boolean('false') is still true --- CommonServer/Config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index f3a3f54e4c..5cf89c8030 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -46,7 +46,7 @@ export const DatabaseSslCert: string | undefined = process.env['DATABASE_SSL_CERT'] || undefined; export const DatabaseRejectUnauthorized: boolean = - Boolean(process.env['DATABASE_SSL_REJECT_UNAUTHORIZED']) || false; + process.env['DATABASE_SSL_REJECT_UNAUTHORIZED'] === 'true'; export const ShouldDatabaseSslEnable: boolean = Boolean( DatabaseSslCa || (DatabaseSslCert && DatabaseSslKey)