Skip to content

Commit

Permalink
Merge pull request #2488 from aflcio/ssl-fixes
Browse files Browse the repository at this point in the history
Fix Redis and readonly DB certificate issues
  • Loading branch information
mau11 authored Oct 18, 2024
2 parents 7ce0e22 + 3c83842 commit f22ce38
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ const organizationContactCache = {
if (r.redis && organizationContact) {
await r.redis
.MULTI()
.SET(cachekey, json.stringify(organizationcontact))
.SET(cacheKey, JSON.stringify(organizationContact))
.EXPIRE(cacheKey, 43200) // 12 hours
.exec();
}
Expand Down
16 changes: 12 additions & 4 deletions src/server/models/thinky.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ import bluebird from "bluebird";
import knex from "knex";
import config from "../knex-connect";

const { parse: pgDbUrlParser } = require("pg-connection-string");

// Instantiate the rethink-knex-adapter using the config defined in
// /src/server/knex.js.
const knexConn = knex(config);
Expand All @@ -14,11 +16,18 @@ if (
) {
const roConfig = {
...config,
connection: process.env.READONLY_DATABASE_URL || {
connection: {
...config.connection,
host: process.env.DB_READONLY_HOST
}
};

if (process.env.READONLY_DATABASE_URL) {
roConfig.connection = pgDbUrlParser(process.env.READONLY_DATABASE_URL);
const useSSL = process.env.DB_USE_SSL === "1" || process.env.DB_USE_SSL.toLowerCase() === "true";
roConfig.connection.ssl = useSSL ? { rejectUnauthorized: false } : false;
}

thinkyConn.r.knexReadOnly = knex(roConfig);
} else {
thinkyConn.r.knexReadOnly = thinkyConn.r.knex;
Expand Down Expand Up @@ -51,10 +60,9 @@ if (redisUrl) {
if (/rediss/.test(redisSettings.url)) {
// secure redis protocol for Redis 6.0+
// https://devcenter.heroku.com/articles/securing-heroku-redis#using-node-js
redisSettings.tls = {
redisSettings.socket = {
tls: true,
rejectUnauthorized: false,
requestCert: true,
agent: false
};
}
if (process.env.REDIS_JSON) {
Expand Down

0 comments on commit f22ce38

Please sign in to comment.