feat(database): allow enforcing of SSL for database connection (#36)

GEWIS · Jan 12, 2025 · b34b019 · b34b019
2 parents 5ead463 + e9d5f6f
commit b34b019
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/.env.example b/.env.example
@@ -12,6 +12,8 @@ TYPEORM_SYNCHRONIZE = true
 TYPEORM_LOGGING = false
 TYPEORM_MIGRATIONS = dist/migration/**/*.js
 TYPEORM_SUBSCRIBERS = dist/subscriber/**/*.js
+TYPEORM_SSL_ENABLED = false
+TYPEORM_SSL_CACERTS = /etc/ssl/certs/ca-certificates.crt
 
 SESSION_SECRET = secret
 

diff --git a/src/database.ts b/src/database.ts
@@ -1,4 +1,5 @@
 import { DataSource } from 'typeorm';
+import fs from 'fs';
 import { Company } from './entity/Company';
 import { Contact } from './entity/Contact';
 import { Contract } from './entity/Contract';
@@ -32,6 +33,13 @@ const AppDataSource = new DataSource({
   type: process.env.TYPEORM_CONNECTION as 'postgres' | 'mariadb' | 'mysql',
   username: process.env.TYPEORM_USERNAME,
   password: process.env.TYPEORM_PASSWORD,
+  ...(process.env.TYPEORM_SSL_ENABLED === 'true' && process.env.TYPEORM_SSL_CACERTS
+    ? {
+        ssl: {
+          ca: fs.readFileSync(process.env.TYPEORM_SSL_CACERTS),
+        },
+      }
+    : {}),
   synchronize: process.env.TYPEORM_SYNCHRONIZE === 'true',
   logging: process.env.TYPEORM_LOGGING === 'true',
   entities: [Company, Contact, Contract, IdentityApiKey, IdentityLDAP, IdentityLocal, Invoice, Product,