Changed how tls for postgres is configured. (#5)

* Changed how tls for postgres is configured. * A better solution for configuring database. Now only production environment will force the use of an TLS configuration, testing and development envs disable TLS by default. * Update configure.swift --------- Co-authored-by: Petr Pavlik <[email protected]>
petrpavlik · Dec 30, 2023 · 13e73c1 · 13e73c1
1 parent 4c47b82
commit 13e73c1
Showing 1 changed file with 16 additions and 9 deletions.
diff --git a/Sources/App/configure.swift b/Sources/App/configure.swift
@@ -64,15 +64,22 @@ public func configure(_ app: Application) async throws {
     // cors middleware should come before default error middleware using `at: .beginning`
     app.middleware.use(cors, at: .beginning)
 
-    app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init(
-        hostname: Environment.get("DATABASE_HOST") ?? "localhost",
-        port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? (app.environment == .testing ? 5433 : 5432),
-        username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
-        password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
-        database: Environment.get("DATABASE_NAME") ?? "vapor_database",
-        tlsConfiguration: app.environment == .testing ? .none : .forClient(certificateVerification: .none))
-    ), as: .psql)
-
+	var tlsConfig: TLSConfiguration = .makeClientConfiguration()
+	// Check if you can increase the security by performing a certificate verification based on your database setup
+	tlsConfig.certificateVerification = .none
+	let nioSSLContext = try NIOSSLContext(configuration: tlsConfig)
+
+	let config = SQLPostgresConfiguration(
+		hostname: Environment.get("DATABASE_HOST") ?? "localhost",
+		port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? (app.environment == .testing ? 5433 : 5432),
+		username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
+		password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
+		database: Environment.get("DATABASE_NAME") ?? "vapor_database",
+		tls: app.environment == .production ? .require(nioSSLContext) : .disable
+	)
+	let postgres = DatabaseConfigurationFactory.postgres(configuration: config)
+	app.databases.use(postgres, as: .psql)
+
     if let firebaseProjectId = Environment.process.FIREBASE_PROJECT_ID {
         app.firebaseJwt.applicationIdentifier = firebaseProjectId
     } else {