-
-
Notifications
You must be signed in to change notification settings - Fork 138
/
Copy pathssl.ts
128 lines (119 loc) · 3.39 KB
/
ssl.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
import CryptoJS from 'crypto-js'
import fs from 'node:fs'
import path from 'node:path'
import { fileURLToPath } from 'node:url'
import { expect, test } from 'vitest'
import { app } from './utils'
import { CRYPTO_KEY, DEFAULT_POOL_CONFIG } from '../../src/server/constants'
// @ts-ignore: Harmless type error on import.meta.
const cwd = path.dirname(fileURLToPath(import.meta.url))
const sslRootCertPath = path.join(cwd, '../db/server.crt')
const sslRootCert = fs.readFileSync(sslRootCertPath, { encoding: 'utf8' })
test('query with no ssl', async () => {
const res = await app.inject({
method: 'POST',
path: '/query',
headers: {
'x-connection-encrypted': CryptoJS.AES.encrypt(
'postgresql://postgres:postgres@localhost:5432/postgres',
CRYPTO_KEY
).toString(),
},
payload: { query: 'select 1;' },
})
expect(res.json()).toMatchInlineSnapshot(`
[
{
"?column?": 1,
},
]
`)
})
test('query with ssl w/o root cert', async () => {
const res = await app.inject({
method: 'POST',
path: '/query',
headers: {
'x-connection-encrypted': CryptoJS.AES.encrypt(
'postgresql://postgres:postgres@localhost:5432/postgres?sslmode=verify-full',
CRYPTO_KEY
).toString(),
},
payload: { query: 'select 1;' },
})
expect(res.json()?.error).toMatch(/^self[ -]signed certificate$/)
})
test('query with ssl with root cert', async () => {
const defaultSsl = DEFAULT_POOL_CONFIG.ssl
DEFAULT_POOL_CONFIG.ssl = { ca: sslRootCert }
const res = await app.inject({
method: 'POST',
path: '/query',
headers: {
'x-connection-encrypted': CryptoJS.AES.encrypt(
`postgresql://postgres:postgres@localhost:5432/postgres?sslmode=verify-full`,
CRYPTO_KEY
).toString(),
},
payload: { query: 'select 1;' },
})
expect(res.json()).toMatchInlineSnapshot(`
[
{
"?column?": 1,
},
]
`)
DEFAULT_POOL_CONFIG.ssl = defaultSsl
})
test('query with invalid space empty encrypted connection string', async () => {
const res = await app.inject({
method: 'POST',
path: '/query',
headers: {
'x-connection-encrypted': CryptoJS.AES.encrypt(` `, CRYPTO_KEY).toString(),
},
payload: { query: 'select 1;' },
})
expect(res.statusCode).toBe(500)
expect(res.json()).toMatchInlineSnapshot(`
{
"error": "failed to get upstream connection details",
}
`)
})
test('query with invalid empty encrypted connection string', async () => {
const res = await app.inject({
method: 'POST',
path: '/query',
headers: {
'x-connection-encrypted': CryptoJS.AES.encrypt(``, CRYPTO_KEY).toString(),
},
payload: { query: 'select 1;' },
})
expect(res.statusCode).toBe(500)
expect(res.json()).toMatchInlineSnapshot(`
{
"error": "failed to get upstream connection details",
}
`)
})
test('query with missing host connection string encrypted connection string', async () => {
const res = await app.inject({
method: 'POST',
path: '/query',
headers: {
'x-connection-encrypted': CryptoJS.AES.encrypt(
`postgres://name:password@:5432/postgres?sslmode=prefer`,
CRYPTO_KEY
).toString(),
},
payload: { query: 'select 1;' },
})
expect(res.statusCode).toBe(500)
expect(res.json()).toMatchInlineSnapshot(`
{
"error": "failed to process upstream connection details",
}
`)
})