liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: db inline CA cert mode

Browse Source
This commit is contained in:
NGPixel 2020-04-20 18:47:06 -04:00
parent d651412d34
commit 81732da709
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
server/core/db.js
View File

@ -26,6 +26,8 @@ module.exports = {
init() { init() {
let self = this let self = this
// Fetch DB Config
let dbClient = null let dbClient = null
let dbConfig = (!_.isEmpty(process.env.DATABASE_URL)) ? process.env.DATABASE_URL : { let dbConfig = (!_.isEmpty(process.env.DATABASE_URL)) ? process.env.DATABASE_URL : {
host: WIKI.config.db.host.toString(), host: WIKI.config.db.host.toString(),
@ -35,12 +37,15 @@ module.exports = {
port: WIKI.config.db.port port: WIKI.config.db.port
} }
const dbUseSSL = (WIKI.config.db.ssl === true || WIKI.config.db.ssl === 'true' || WIKI.config.db.ssl === 1 || WIKI.config.db.ssl === '1') // Handle SSL Options
let dbUseSSL = (WIKI.config.db.ssl === true || WIKI.config.db.ssl === 'true' || WIKI.config.db.ssl === 1 || WIKI.config.db.ssl === '1')
let sslOptions = null let sslOptions = null
if (dbUseSSL && _.isPlainObject(dbConfig) && _.get(dbConfig, 'sslOptions.auto', null) === false) { if (dbUseSSL && _.isPlainObject(dbConfig) && _.get(WIKI.config.db, 'sslOptions.auto', null) === false) {
sslOptions = dbConfig.sslOptions sslOptions = WIKI.config.db.sslOptions
sslOptions.rejectUnauthorized = _.get(sslOptions, 'rejectUnauthorized', true) // eslint-disable-next-line no-unneeded-ternary
if (sslOptions.ca) { sslOptions.rejectUnauthorized = sslOptions.rejectUnauthorized === false ? false : true
if (sslOptions.ca && sslOptions.ca.indexOf('-----') !== 0) {
sslOptions.ca = fs.readFileSync(path.resolve(WIKI.ROOTPATH, sslOptions.ca)) sslOptions.ca = fs.readFileSync(path.resolve(WIKI.ROOTPATH, sslOptions.ca))
} }
if (sslOptions.cert) { if (sslOptions.cert) {
@ -56,6 +61,16 @@ module.exports = {
sslOptions = true sslOptions = true
} }
// Handle inline SSL CA Certificate mode
if (!_.isEmpty(process.env.DB_SSL_CA) && process.env.DB_SSL_CA) {
dbUseSSL = true
sslOptions = {
rejectUnauthorized: true,
ca: process.env.DB_SSL_CA
}
}
// Engine-specific config
switch (WIKI.config.db.type) { switch (WIKI.config.db.type) {
case 'postgres': case 'postgres':
dbClient = 'pg' dbClient = 'pg'
@ -100,6 +115,7 @@ module.exports = {
process.exit(1) process.exit(1)
} }
// Initialize Knex
this.knex = Knex({ this.knex = Knex({
client: dbClient, client: dbClient,
useNullAsDefault: true, useNullAsDefault: true,