Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-06-03 13:44:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add DB_SSL_MODE environment variable for Postgres sslmode (#18025)

Browse Source 
* feat: Add DB_SSL_MODE environment variable for Postgres sslmode

* chore: clean up

---------

Co-authored-by: Jason Rasmussen <jason@rasm.me>
This commit is contained in:
David Cruz 2025-05-06 07:25:37 -06:00 committed by GitHub
parent ece977d9ca
commit 7072e48cbe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/docs/install/environment-variables.md
View File

@ -80,6 +80,7 @@ Information on the current workers can be found [here](/docs/administration/jobs
| `DB_USERNAME` | Database user | `postgres` | server, database<sup>\*1</sup> | | `DB_USERNAME` | Database user | `postgres` | server, database<sup>\*1</sup> |
| `DB_PASSWORD` | Database password | `postgres` | server, database<sup>\*1</sup> | | `DB_PASSWORD` | Database password | `postgres` | server, database<sup>\*1</sup> |
| `DB_DATABASE_NAME` | Database name | `immich` | server, database<sup>\*1</sup> | | `DB_DATABASE_NAME` | Database name | `immich` | server, database<sup>\*1</sup> |
| `DB_SSL_MODE` | Database SSL mode | | server |
| `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`pgvector`, `pgvecto.rs`]) | `pgvecto.rs` | server | | `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`pgvector`, `pgvecto.rs`]) | `pgvecto.rs` | server |
| `DB_SKIP_MIGRATIONS` | Whether to skip running migrations on startup (one of [`true`, `false`]) | `false` | server | | `DB_SKIP_MIGRATIONS` | Whether to skip running migrations on startup (one of [`true`, `false`]) | `false` | server |

6
server/src/dtos/env.dto.ts
View File

@ -1,6 +1,6 @@
import { Transform, Type } from 'class-transformer'; import { Transform, Type } from 'class-transformer';
import { IsEnum, IsInt, IsString } from 'class-validator'; import { IsEnum, IsInt, IsString } from 'class-validator';
import { ImmichEnvironment, LogLevel } from 'src/enum'; import { DatabaseSslMode, ImmichEnvironment, LogLevel } from 'src/enum';
import { IsIPRange, Optional, ValidateBoolean } from 'src/validation'; import { IsIPRange, Optional, ValidateBoolean } from 'src/validation';
export class EnvDto { export class EnvDto {
@ -142,6 +142,10 @@ export class EnvDto {
@ValidateBoolean({ optional: true }) @ValidateBoolean({ optional: true })
DB_SKIP_MIGRATIONS?: boolean; DB_SKIP_MIGRATIONS?: boolean;
@IsEnum(DatabaseSslMode)
@Optional()
DB_SSL_MODE?: DatabaseSslMode;
@IsString() @IsString()
@Optional() @Optional()
DB_URL?: string; DB_URL?: string;

8
server/src/enum.ts
View File

@ -610,3 +610,11 @@ export enum OAuthTokenEndpointAuthMethod {
CLIENT_SECRET_POST = 'client_secret_post', CLIENT_SECRET_POST = 'client_secret_post',
CLIENT_SECRET_BASIC = 'client_secret_basic', CLIENT_SECRET_BASIC = 'client_secret_basic',
} }
export enum DatabaseSslMode {
Disable = 'disable',
Allow = 'allow',
Prefer = 'prefer',
Require = 'require',
VerifyFull = 'verify-full',
}

12
server/src/repositories/config.repository.spec.ts
View File

@ -23,6 +23,7 @@ const resetEnv = () => {
'DB_USERNAME', 'DB_USERNAME',
'DB_PASSWORD', 'DB_PASSWORD',
'DB_DATABASE_NAME', 'DB_DATABASE_NAME',
'DB_SSL_MODE',
'DB_SKIP_MIGRATIONS', 'DB_SKIP_MIGRATIONS',
'DB_VECTOR_EXTENSION', 'DB_VECTOR_EXTENSION',
@ -92,6 +93,17 @@ describe('getEnv', () => {
}); });
}); });
it('should validate DB_SSL_MODE', () => {
process.env.DB_SSL_MODE = 'invalid';
expect(() => getEnv()).toThrowError('Invalid environment variables: DB_SSL_MODE');
});
it('should accept a valid DB_SSL_MODE', () => {
process.env.DB_SSL_MODE = 'prefer';
const { database } = getEnv();
expect(database.config).toMatchObject(expect.objectContaining({ ssl: 'prefer' }));
});
it('should allow skipping migrations', () => { it('should allow skipping migrations', () => {
process.env.DB_SKIP_MIGRATIONS = 'true'; process.env.DB_SKIP_MIGRATIONS = 'true';
const { database } = getEnv(); const { database } = getEnv();

1
server/src/repositories/config.repository.ts
View File

@ -193,6 +193,7 @@ const getEnv = (): EnvData => {
username: dto.DB_USERNAME || 'postgres', username: dto.DB_USERNAME || 'postgres',
password: dto.DB_PASSWORD || 'postgres', password: dto.DB_PASSWORD || 'postgres',
database: dto.DB_DATABASE_NAME || 'immich', database: dto.DB_DATABASE_NAME || 'immich',
ssl: dto.DB_SSL_MODE || undefined,
}; };
return { return {

2
server/src/types.ts
View File

@ -2,6 +2,7 @@ import { SystemConfig } from 'src/config';
import { import {
AssetType, AssetType,
DatabaseExtension, DatabaseExtension,
DatabaseSslMode,
ExifOrientation, ExifOrientation,
ImageFormat, ImageFormat,
JobName, JobName,
@ -380,6 +381,7 @@ export type DatabaseConnectionParts = {
username: string; username: string;
password: string; password: string;
database: string; database: string;
ssl?: DatabaseSslMode;
}; };
export type DatabaseConnectionParams = DatabaseConnectionURL | DatabaseConnectionParts; export type DatabaseConnectionParams = DatabaseConnectionURL | DatabaseConnectionParts;

4
server/src/utils/database.ts
View File

@ -17,7 +17,7 @@ import { parse } from 'pg-connection-string';
import postgres, { Notice } from 'postgres'; import postgres, { Notice } from 'postgres';
import { columns, Exif, Person } from 'src/database'; import { columns, Exif, Person } from 'src/database';
import { DB } from 'src/db'; import { DB } from 'src/db';
import { AssetFileType, DatabaseExtension } from 'src/enum'; import { AssetFileType, DatabaseExtension, DatabaseSslMode } from 'src/enum';
import { TimeBucketSize } from 'src/repositories/asset.repository'; import { TimeBucketSize } from 'src/repositories/asset.repository';
import { AssetSearchBuilderOptions } from 'src/repositories/search.repository'; import { AssetSearchBuilderOptions } from 'src/repositories/search.repository';
import { DatabaseConnectionParams, VectorExtension } from 'src/types'; import { DatabaseConnectionParams, VectorExtension } from 'src/types';
@ -35,7 +35,7 @@ export const asPostgresConnectionConfig = (params: DatabaseConnectionParams) =>
username: params.username, username: params.username,
password: params.password, password: params.password,
database: params.database, database: params.database,
ssl: undefined, ssl: params.ssl === DatabaseSslMode.Disable ? false : params.ssl,
}; };
} }