Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support CA_CERT env var override #194

Merged
merged 2 commits into from
Sep 19, 2024
Merged

feat: support CA_CERT env var override #194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bba0288
feat: support CA_CERT env var override
conorsch Sep 3, 2024
360fcc0
refactor: implement review feedback
conorsch Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions apps/web/src/lib/db.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,27 @@
import pg from "pg";
const { Pool, types } = pg;

const pool = new Pool({
// By default we assume that the `DATABASE_URL` connection string parsing is sufficient.
// It fails, however, when pointed out at URL for a managed Postgres db hosted by DigitalOcean.
//
// Therefore let's provide an opt-in method of providing a CA for the cert info.
// In order to use a DO managed DB URL, you must prune the `?sslmode=require` from the connection string!
// This is documented here: https://node-postgres.com/features/ssl#usage-with-connectionstring
const dbConfig = {
connectionString: process.env.DATABASE_URL,
});
ssl: {},
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In js/ts you can do in-place conditionals in objects like this:

Suggested change
ssl: {},
...(process.env.CA_CERT && {
ssl: {
rejectUnauthorized: true,
ca: process.env.CA_CERT,
},
}),

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a style preference, your code works perfectly fine as is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL! Great suggestion, added. (I also tested with a new ad-hoc container build to confirm I didn't break anything with my clumsy TS.)

// If a CA certificate was specified as an env var, pass that info to the database config.
// Be advised that if CA_CERT is set, then DATABASE_URL must *lack* an `sslmode` param!
...(process.env.CA_CERT != null && {
ssl: {
rejectUnauthorized: true,
ca: process.env.CA_CERT,
},
}),
};

// Construct the db connection.
const pool = new Pool(dbConfig);

types.setTypeParser(types.builtins.DATE, (val: string) => val);
types.setTypeParser(types.builtins.INT8, (val: string) => BigInt(val));
Expand Down
7 changes: 6 additions & 1 deletion justfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,13 @@ pgtyped-cli:
update-cometbft-schema:
curl -o deploy/postgres-cometbft-schema.sql -sSf "https://raw.githubusercontent.com/cometbft/cometbft/v0.37.2/state/indexer/sink/psql/schema.sql"

# Build the webapp container image
container:
podman build -t ghcr.io/penumbra-zone/cuiloa .
podman build -t ghcr.io/penumbra-zone/cuiloa -f apps/web/Containerfile .

# Build, then run the webapp container image. Uses local env vars.
run-container: container
podman run -e CA_CERT -e DATABASE_URL -e APP_URL -e PENUMBRA_GRPC_ENDPOINT -p 3000:3000 -it ghcr.io/penumbra-zone/cuiloa

compose:
docker compose up
Expand Down
Loading