feat: support CA_CERT env var override

Adds opt-in support for declaring a CA certificate value for the database TLS connection. Some managed postgres solutions, such as DigitalOcean's, require this setting. In order to use it: 1. set the CA_CERT env var with the string contents of the db's CA 2. remove the `sslmode=require` from the connection auth string The need for 2 is because the `connectionString` param clobbers any manual `ssl` opts in the db config, and is documented here [0]. Closes #55. [0] https://node-postgres.com/features/ssl#usage-with-connectionstring
penumbra-zone · Sep 19, 2024 · 9898885 · 9898885
1 parent 9898273
commit 9898885
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/justfile b/justfile
@@ -0,0 +1,6 @@
+# A justfile for dex-explorer development.
+# Documents common tasks for local dev.
+
+# build container image
+container:
+  podman build -f Containerfile .
diff --git a/src/utils/indexer/connector.tsx b/src/utils/indexer/connector.tsx
@@ -8,7 +8,19 @@ export class IndexerQuerier {
   private pool: Pool;
 
   constructor(connectionString: string) {
-    this.pool = new Pool({ connectionString });
+    const dbConfig = {
+      connectionString: connectionString,
+      // If a CA certificate was specified as an env var, pass that info to the database config.
+      // Be advised that if CA_CERT is set, then PENUMBRA_INDEXER_ENDPOINT must *lack* an `sslmode` param!
+      // This is documented here: https://node-postgres.com/features/ssl#usage-with-connectionstring
+      ...(process.env.CA_CERT != null && {
+        ssl: {
+            rejectUnauthorized: true,
+            ca: process.env.CA_CERT,
+          },
+      }),
+    };
+    this.pool = new Pool(dbConfig);
   }
 
   /**