From 13e73c1ae175c46a4c290dc9d04a33b46787086e Mon Sep 17 00:00:00 2001
From: Gao Lei <7885834+ladiesman218@users.noreply.github.com>
Date: Sat, 30 Dec 2023 20:49:45 +0800
Subject: [PATCH] Changed how tls for postgres is configured. (#5)

* Changed how tls for postgres is configured.

* A better solution for configuring database.

Now only production environment will force the use of an TLS
configuration, testing and development envs disable TLS by default.

* Update configure.swift

---------

Co-authored-by: Petr Pavlik <petrpavlik@me.com>
---
 Sources/App/configure.swift | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/Sources/App/configure.swift b/Sources/App/configure.swift
index f4f5fe5..568a96d 100644
--- a/Sources/App/configure.swift
+++ b/Sources/App/configure.swift
@@ -64,15 +64,22 @@ public func configure(_ app: Application) async throws {
     // cors middleware should come before default error middleware using `at: .beginning`
     app.middleware.use(cors, at: .beginning)
 
-    app.databases.use(DatabaseConfigurationFactory.postgres(configuration: .init(
-        hostname: Environment.get("DATABASE_HOST") ?? "localhost",
-        port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? (app.environment == .testing ? 5433 : 5432),
-        username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
-        password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
-        database: Environment.get("DATABASE_NAME") ?? "vapor_database",
-        tlsConfiguration: app.environment == .testing ? .none : .forClient(certificateVerification: .none))
-    ), as: .psql)
-
+	var tlsConfig: TLSConfiguration = .makeClientConfiguration()
+	// Check if you can increase the security by performing a certificate verification based on your database setup
+	tlsConfig.certificateVerification = .none
+	let nioSSLContext = try NIOSSLContext(configuration: tlsConfig)
+	
+	let config = SQLPostgresConfiguration(
+		hostname: Environment.get("DATABASE_HOST") ?? "localhost",
+		port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? (app.environment == .testing ? 5433 : 5432),
+		username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
+		password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
+		database: Environment.get("DATABASE_NAME") ?? "vapor_database",
+		tls: app.environment == .production ? .require(nioSSLContext) : .disable
+	)
+	let postgres = DatabaseConfigurationFactory.postgres(configuration: config)
+	app.databases.use(postgres, as: .psql)
+	
     if let firebaseProjectId = Environment.process.FIREBASE_PROJECT_ID {
         app.firebaseJwt.applicationIdentifier = firebaseProjectId
     } else {