Skip to content

Commit

Permalink
fix: secure sql (#21)
Browse files Browse the repository at this point in the history 
* use new cert loaded in dockerfile
  • Loading branch information
@dtp263
dtp263 authored Apr 18, 2024
1 parent d1b4c69 commit 5365955
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 2 deletions.
4 changes: 2 additions & 2 deletions docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ WORKDIR /usr/src/app
RUN apk update && apk add bash curl

RUN mkdir -p /usr/local/certs/ca-certificates
RUN curl -ks 'https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem' -o '/usr/local/certs/ca-certificates/rds-ca-2015-root.pem'
RUN curl -ks 'https://truststore.pki.rds.amazonaws.com/us-west-2/us-west-2-bundle.pem' -o '/usr/local/certs/ca-certificates/us-west-2-bundle.pem'

COPY . .

Expand All @@ -33,7 +33,7 @@ COPY --from=builder /usr/src/app/packages/backend/tsconfig.json /usr/src/app

COPY --from=builder /usr/src/app/packages/frontend/build /usr/src/app/public

COPY --from=builder /usr/local/certs/ca-certificates/rds-ca-2015-root.pem /usr/local/certs/ca-certificates/rds-ca-2015-root.pem
COPY --from=builder /usr/local/certs/ca-certificates/us-west-2-bundle.pem /usr/local/certs/ca-certificates/us-west-2-bundle.pem

RUN yarn install --production

Expand Down
3 changes: 3 additions & 0 deletions packages/backend/config/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ export interface Config {
JWTSecret: string;
Port: number;
PostgresConnectionURL: string;
PostgresSSLCertPath?: string;
}

function getCORSWhitelist(): string[] {
Expand Down Expand Up @@ -39,6 +40,8 @@ export function getConfig(): Config {
Port: parseInt((process.env.BACKEND_PORT as string) ?? '3001', 10),
PostgresConnectionURL:
(process.env.POSTGRES_CONNECTION_URL as string) ?? '',
PostgresSSLCertPath:
'/usr/local/certs/ca-certificates/us-west-2-bundle.pem',
};

return config;
Expand Down
9 changes: 9 additions & 0 deletions packages/backend/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,15 @@ console.log('using postgres session store');
const PostgresqlStore = genFunc(session);
const sessionStore = new PostgresqlStore({
conString: config.PostgresConnectionURL,
conObject: {
connectionString: config.PostgresConnectionURL,
ssl:
config.Environment === 'production'
? {
cert: fs.readFileSync(config.PostgresSSLCertPath).toString(),
}
: false,
},
});

app.use(
Expand Down

0 comments on commit 5365955

Please sign in to comment.