Skip to content

Commit

Permalink
Changed how tls for postgres is configured. (#5)
Browse files Browse the repository at this point in the history
* Changed how tls for postgres is configured.

* A better solution for configuring database.

Now only production environment will force the use of an TLS
configuration, testing and development envs disable TLS by default.

* Update configure.swift

---------

Co-authored-by: Petr Pavlik <[email protected]>
  • Loading branch information
ladiesman218 and petrpavlik authored Dec 30, 2023
1 parent 4c47b82 commit 13e73c1
Showing 1 changed file with 16 additions and 9 deletions.
25 changes: 16 additions & 9 deletions Sources/App/configure.swift
Original file line number Diff line number Diff line change
Expand Up @@ -64,15 +64,22 @@ public func configure(_ app: Application) async throws {
// cors middleware should come before default error middleware using `at: .beginning`
app.middleware.use(cors, at: .beginning)

app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init(
hostname: Environment.get("DATABASE_HOST") ?? "localhost",
port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? (app.environment == .testing ? 5433 : 5432),
username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
database: Environment.get("DATABASE_NAME") ?? "vapor_database",
tlsConfiguration: app.environment == .testing ? .none : .forClient(certificateVerification: .none))
), as: .psql)

var tlsConfig: TLSConfiguration = .makeClientConfiguration()
// Check if you can increase the security by performing a certificate verification based on your database setup
tlsConfig.certificateVerification = .none
let nioSSLContext = try NIOSSLContext(configuration: tlsConfig)

let config = SQLPostgresConfiguration(
hostname: Environment.get("DATABASE_HOST") ?? "localhost",
port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? (app.environment == .testing ? 5433 : 5432),
username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
database: Environment.get("DATABASE_NAME") ?? "vapor_database",
tls: app.environment == .production ? .require(nioSSLContext) : .disable
)
let postgres = DatabaseConfigurationFactory.postgres(configuration: config)
app.databases.use(postgres, as: .psql)

if let firebaseProjectId = Environment.process.FIREBASE_PROJECT_ID {
app.firebaseJwt.applicationIdentifier = firebaseProjectId
} else {
Expand Down

0 comments on commit 13e73c1

Please sign in to comment.