v0.4.4: database config updates #1537
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Summary
This PR adds SSL configuration support to the Drizzle ORM database configurations in both the main database package and the app container. The changes introduce a `getSSLConfig()` function that handles various PostgreSQL SSL modes (`disable`, `prefer`, `require`, `verify-ca`, `verify-full`) and supports base64-encoded CA certificates from environment variables.The implementation follows a consistent pattern across both files: it reads SSL mode from DATABASE_SSL_MODE environment variable, configures appropriate SSL settings for each mode, and conditionally includes SSL configuration in the database credentials. The changes enable flexible SSL configuration through environment variables, which is essential for containerized deployments and cloud environments where SSL connections are required.
This enhancement integrates well with the existing Drizzle ORM setup by extending the dbCredentials configuration without breaking existing non-SSL configurations. The conditional spreading ensures backward compatibility while enabling secure database connections when needed.
Important Files Changed
Changed Files
| Filename | Score | Overview |
|---|---|---|
| packages/db/drizzle.config.ts | 4/5 | Added comprehensive SSL configuration with multi-mode support and CA certificate handling |
| apps/sim/drizzle.config.ts | 3/5 | Added SSL configuration support with type safety concerns due to any type usage |
Confidence score: 4/5
- This PR is generally safe to merge with some attention needed for type safety improvements
- Score reflects solid functionality with minor concerns around type assertions and certificate validation security
- Pay close attention to apps/sim/drizzle.config.ts for the
anytype usage that reduces type safety
Sequence Diagram
sequenceDiagram
participant User as "User"
participant App as "App Container"
participant DB as "Database Package"
participant Env as "Environment Variables"
participant SSL as "SSL Configuration"
participant PostgreSQL as "PostgreSQL Database"
User->>App: "Deploy application with SSL config"
App->>Env: "Read DATABASE_SSL environment variable"
Env-->>App: "Return SSL mode (disable/prefer/require/verify-ca/verify-full)"
App->>SSL: "Call getSSLConfig()"
SSL->>Env: "Check DATABASE_SSL value"
alt SSL disabled or undefined
SSL-->>App: "Return undefined"
else SSL prefer
SSL-->>App: "Return 'prefer'"
else SSL require
SSL->>SSL: "Set rejectUnauthorized = false"
SSL-->>App: "Return SSL config object"
else SSL verify-ca or verify-full
SSL->>SSL: "Set rejectUnauthorized = true"
SSL->>Env: "Check for DATABASE_SSL_CA"
alt CA certificate provided
SSL->>SSL: "Decode base64 CA certificate"
SSL->>SSL: "Add CA to SSL config"
end
SSL-->>App: "Return SSL config with CA"
end
App->>PostgreSQL: "Connect with SSL configuration"
PostgreSQL-->>App: "Connection established"
Note over DB: "Similar process occurs in DB package for migrations"
DB->>Env: "Read DATABASE_SSL from process.env"
DB->>SSL: "Call getSSLConfig()"
DB->>PostgreSQL: "Connect for migrations with SSL config"
PostgreSQL-->>DB: "Migration connection established"
Context used:
Context from dashboard - Avoid using type assertions to 'any' in TypeScript. Instead, ensure proper type definitions are used... (source)
2 files reviewed, 3 comments
fix(db): added SSL config to migrations container
fix(db): added database config to drizzle.config in app container (#1536