Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-05-31 04:05:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): sslmode not working (#15587)

Browse Source 
* parse db url before passing it to the driver

* don't be lazy

* simplify

* simplify

* add tests

* update sql sync script

* update mock

* remove unused import

* remove unused imports
This commit is contained in:
Mert 2025-01-24 14:01:55 -05:00 committed by GitHub
parent f5a3d7ba23
commit ba01b40e7c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 154 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
server/src/app.module.ts
View File

@ -3,9 +3,11 @@ import { Inject, Module, OnModuleDestroy, OnModuleInit, ValidationPipe } from '@
import { APP_FILTER, APP_GUARD, APP_INTERCEPTOR, APP_PIPE, ModuleRef } from '@nestjs/core'; import { APP_FILTER, APP_GUARD, APP_INTERCEPTOR, APP_PIPE, ModuleRef } from '@nestjs/core';
import { ScheduleModule, SchedulerRegistry } from '@nestjs/schedule'; import { ScheduleModule, SchedulerRegistry } from '@nestjs/schedule';
import { TypeOrmModule } from '@nestjs/typeorm'; import { TypeOrmModule } from '@nestjs/typeorm';
import { PostgresJSDialect } from 'kysely-postgres-js';
import { ClsModule } from 'nestjs-cls'; import { ClsModule } from 'nestjs-cls';
import { KyselyModule } from 'nestjs-kysely'; import { KyselyModule } from 'nestjs-kysely';
import { OpenTelemetryModule } from 'nestjs-otel'; import { OpenTelemetryModule } from 'nestjs-otel';
import postgres from 'postgres';
import { commands } from 'src/commands'; import { commands } from 'src/commands';
import { IWorker } from 'src/constants'; import { IWorker } from 'src/constants';
import { controllers } from 'src/controllers'; import { controllers } from 'src/controllers';
@ -57,7 +59,19 @@ const imports = [
}, },
}), }),
TypeOrmModule.forFeature(entities), TypeOrmModule.forFeature(entities),
KyselyModule.forRoot(database.config.kysely), KyselyModule.forRoot({
dialect: new PostgresJSDialect({ postgres: postgres(database.config.kysely) }),
log(event) {
if (event.level === 'error') {
console.error('Query failed :', {
durationMs: event.queryDurationMillis,
error: event.error,
sql: event.query.sql,
params: event.query.parameters,
});
}
},
}),
]; ];
class BaseModule implements OnModuleInit, OnModuleDestroy { class BaseModule implements OnModuleInit, OnModuleDestroy {

4
server/src/bin/sync-sql.ts
View File

@ -4,10 +4,12 @@ import { Reflector } from '@nestjs/core';
import { SchedulerRegistry } from '@nestjs/schedule'; import { SchedulerRegistry } from '@nestjs/schedule';
import { Test } from '@nestjs/testing'; import { Test } from '@nestjs/testing';
import { TypeOrmModule } from '@nestjs/typeorm'; import { TypeOrmModule } from '@nestjs/typeorm';
import { PostgresJSDialect } from 'kysely-postgres-js';
import { KyselyModule } from 'nestjs-kysely'; import { KyselyModule } from 'nestjs-kysely';
import { OpenTelemetryModule } from 'nestjs-otel'; import { OpenTelemetryModule } from 'nestjs-otel';
import { mkdir, rm, writeFile } from 'node:fs/promises'; import { mkdir, rm, writeFile } from 'node:fs/promises';
import { join } from 'node:path'; import { join } from 'node:path';
import postgres from 'postgres';
import { format } from 'sql-formatter'; import { format } from 'sql-formatter';
import { GENERATE_SQL_KEY, GenerateSqlQueries } from 'src/decorators'; import { GENERATE_SQL_KEY, GenerateSqlQueries } from 'src/decorators';
import { entities } from 'src/entities'; import { entities } from 'src/entities';
@ -84,7 +86,7 @@ class SqlGenerator {
const moduleFixture = await Test.createTestingModule({ const moduleFixture = await Test.createTestingModule({
imports: [ imports: [
KyselyModule.forRoot({ KyselyModule.forRoot({
...database.config.kysely, dialect: new PostgresJSDialect({ postgres: postgres(database.config.kysely) }),
log: (event) => { log: (event) => {
if (event.level === 'query') { if (event.level === 'query') {
this.sqlLogger.logQuery(event.query.sql); this.sqlLogger.logQuery(event.query.sql);

78
server/src/repositories/config.repository.spec.ts
View File

@ -1,4 +1,3 @@
import { PostgresJSDialect } from 'kysely-postgres-js';
import { ImmichTelemetry } from 'src/enum'; import { ImmichTelemetry } from 'src/enum';
import { clearEnvCache, ConfigRepository } from 'src/repositories/config.repository'; import { clearEnvCache, ConfigRepository } from 'src/repositories/config.repository';
@ -81,10 +80,13 @@ describe('getEnv', () => {
const { database } = getEnv(); const { database } = getEnv();
expect(database).toEqual({ expect(database).toEqual({
config: { config: {
kysely: { kysely: expect.objectContaining({
dialect: expect.any(PostgresJSDialect), host: 'database',
log: expect.any(Function), port: 5432,
}, database: 'immich',
username: 'postgres',
password: 'postgres',
}),
typeorm: expect.objectContaining({ typeorm: expect.objectContaining({
type: 'postgres', type: 'postgres',
host: 'database', host: 'database',
@ -104,6 +106,72 @@ describe('getEnv', () => {
const { database } = getEnv(); const { database } = getEnv();
expect(database).toMatchObject({ skipMigrations: true }); expect(database).toMatchObject({ skipMigrations: true });
}); });
it('should use DB_URL', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({
host: 'database1',
password: 'postgres2',
user: 'postgres1',
port: 54_320,
database: 'immich',
});
});
it('should handle sslmode=require', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=require';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({ ssl: {} });
});
it('should handle sslmode=prefer', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=prefer';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({ ssl: {} });
});
it('should handle sslmode=verify-ca', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=verify-ca';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({ ssl: {} });
});
it('should handle sslmode=verify-full', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=verify-full';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({ ssl: {} });
});
it('should handle sslmode=no-verify', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=no-verify';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({ ssl: { rejectUnauthorized: false } });
});
it('should handle ssl=true', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?ssl=true';
const { database } = getEnv();
expect(database.config.kysely).toMatchObject({ ssl: true });
});
it('should reject invalid ssl', () => {
process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?ssl=invalid';
expect(() => getEnv()).toThrowError('Invalid ssl option: invalid');
});
}); });
describe('redis', () => { describe('redis', () => {

75
server/src/repositories/config.repository.ts
View File

@ -5,12 +5,11 @@ import { plainToInstance } from 'class-transformer';
import { validateSync } from 'class-validator'; import { validateSync } from 'class-validator';
import { Request, Response } from 'express'; import { Request, Response } from 'express';
import { RedisOptions } from 'ioredis'; import { RedisOptions } from 'ioredis';
import { KyselyConfig } from 'kysely';
import { PostgresJSDialect } from 'kysely-postgres-js';
import { CLS_ID, ClsModuleOptions } from 'nestjs-cls'; import { CLS_ID, ClsModuleOptions } from 'nestjs-cls';
import { OpenTelemetryModuleOptions } from 'nestjs-otel/lib/interfaces'; import { OpenTelemetryModuleOptions } from 'nestjs-otel/lib/interfaces';
import { join, resolve } from 'node:path'; import { join, resolve } from 'node:path';
import postgres, { Notice } from 'postgres'; import { parse } from 'pg-connection-string';
import { Notice } from 'postgres';
import { citiesFile, excludePaths, IWorker } from 'src/constants'; import { citiesFile, excludePaths, IWorker } from 'src/constants';
import { Telemetry } from 'src/decorators'; import { Telemetry } from 'src/decorators';
import { EnvDto } from 'src/dtos/env.dto'; import { EnvDto } from 'src/dtos/env.dto';
@ -20,6 +19,20 @@ import { QueueName } from 'src/interfaces/job.interface';
import { setDifference } from 'src/utils/set'; import { setDifference } from 'src/utils/set';
import { PostgresConnectionOptions } from 'typeorm/driver/postgres/PostgresConnectionOptions.js'; import { PostgresConnectionOptions } from 'typeorm/driver/postgres/PostgresConnectionOptions.js';
type Ssl = 'require' | 'allow' | 'prefer' | 'verify-full' | boolean | object;
type PostgresConnectionConfig = {
host?: string;
password?: string;
user?: string;
port?: number;
database?: string;
client_encoding?: string;
ssl?: Ssl;
application_name?: string;
fallback_application_name?: string;
options?: string;
};
export interface EnvData { export interface EnvData {
host?: string; host?: string;
port: number; port: number;
@ -53,7 +66,7 @@ export interface EnvData {
}; };
database: { database: {
config: { typeorm: PostgresConnectionOptions & DatabaseConnectionParams; kysely: KyselyConfig }; config: { typeorm: PostgresConnectionOptions & DatabaseConnectionParams; kysely: PostgresConnectionConfig };
skipMigrations: boolean; skipMigrations: boolean;
vectorExtension: VectorExtension; vectorExtension: VectorExtension;
}; };
@ -124,6 +137,9 @@ const asSet = <T>(value: string | undefined, defaults: T[]) => {
return new Set(values.length === 0 ? defaults : (values as T[])); return new Set(values.length === 0 ? defaults : (values as T[]));
}; };
const isValidSsl = (ssl?: string | boolean | object): ssl is Ssl =>
typeof ssl !== 'string' || ssl === 'require' || ssl === 'allow' || ssl === 'prefer' || ssl === 'verify-full';
const getEnv = (): EnvData => { const getEnv = (): EnvData => {
const dto = plainToInstance(EnvDto, process.env); const dto = plainToInstance(EnvDto, process.env);
const errors = validateSync(dto); const errors = validateSync(dto);
@ -185,6 +201,31 @@ const getEnv = (): EnvData => {
} }
} }
const parts = {
connectionType: 'parts',
host: dto.DB_HOSTNAME || 'database',
port: dto.DB_PORT || 5432,
username: dto.DB_USERNAME || 'postgres',
password: dto.DB_PASSWORD || 'postgres',
database: dto.DB_DATABASE_NAME || 'immich',
} as const;
let parsedOptions: PostgresConnectionConfig = parts;
if (dto.DB_URL) {
const parsed = parse(dto.DB_URL);
if (!isValidSsl(parsed.ssl)) {
throw new Error(`Invalid ssl option: ${parsed.ssl}`);
}
parsedOptions = {
...parsed,
ssl: parsed.ssl,
host: parsed.host ?? undefined,
port: parsed.port ? Number(parsed.port) : undefined,
database: parsed.database ?? undefined,
};
}
const driverOptions = { const driverOptions = {
onnotice: (notice: Notice) => { onnotice: (notice: Notice) => {
if (notice['severity'] !== 'NOTICE') { if (notice['severity'] !== 'NOTICE') {
@ -206,17 +247,9 @@ const getEnv = (): EnvData => {
serialize: (value: number) => value.toString(), serialize: (value: number) => value.toString(),
}, },
}, },
...parsedOptions,
}; };
const parts = {
connectionType: 'parts',
host: dto.DB_HOSTNAME || 'database',
port: dto.DB_PORT || 5432,
username: dto.DB_USERNAME || 'postgres',
password: dto.DB_PASSWORD || 'postgres',
database: dto.DB_DATABASE_NAME || 'immich',
} as const;
return { return {
host: dto.IMMICH_HOST, host: dto.IMMICH_HOST,
port: dto.IMMICH_PORT || 2283, port: dto.IMMICH_PORT || 2283,
@ -282,21 +315,7 @@ const getEnv = (): EnvData => {
parseInt8: true, parseInt8: true,
...(databaseUrl ? { connectionType: 'url', url: databaseUrl } : parts), ...(databaseUrl ? { connectionType: 'url', url: databaseUrl } : parts),
}, },
kysely: { kysely: driverOptions,
dialect: new PostgresJSDialect({
postgres: databaseUrl ? postgres(databaseUrl, driverOptions) : postgres({ ...parts, ...driverOptions }),
}),
log(event) {
if (event.level === 'error') {
console.error('Query failed :', {
durationMs: event.queryDurationMillis,
error: event.error,
sql: event.query.sql,
params: event.query.parameters,
});
}
},
},
}, },
skipMigrations: dto.DB_SKIP_MIGRATIONS ?? false, skipMigrations: dto.DB_SKIP_MIGRATIONS ?? false,

22
server/src/services/database.service.spec.ts
View File

@ -1,4 +1,3 @@
import { PostgresJSDialect } from 'kysely-postgres-js';
import { import {
DatabaseExtension, DatabaseExtension,
EXTENSION_NAMES, EXTENSION_NAMES,
@ -62,8 +61,11 @@ describe(DatabaseService.name, () => {
database: { database: {
config: { config: {
kysely: { kysely: {
dialect: expect.any(PostgresJSDialect), host: 'database',
log: ['error'], port: 5432,
user: 'postgres',
password: 'postgres',
database: 'immich',
}, },
typeorm: { typeorm: {
connectionType: 'parts', connectionType: 'parts',
@ -298,8 +300,11 @@ describe(DatabaseService.name, () => {
database: { database: {
config: { config: {
kysely: { kysely: {
dialect: expect.any(PostgresJSDialect), host: 'database',
log: ['error'], port: 5432,
user: 'postgres',
password: 'postgres',
database: 'immich',
}, },
typeorm: { typeorm: {
connectionType: 'parts', connectionType: 'parts',
@ -328,8 +333,11 @@ describe(DatabaseService.name, () => {
database: { database: {
config: { config: {
kysely: { kysely: {
dialect: expect.any(PostgresJSDialect), host: 'database',
log: ['error'], port: 5432,
user: 'postgres',
password: 'postgres',
database: 'immich',
}, },
typeorm: { typeorm: {
connectionType: 'parts', connectionType: 'parts',

9
server/test/repositories/config.repository.mock.ts
View File

@ -1,5 +1,3 @@
import { PostgresJSDialect } from 'kysely-postgres-js';
import postgres from 'postgres';
import { ImmichEnvironment, ImmichWorker } from 'src/enum'; import { ImmichEnvironment, ImmichWorker } from 'src/enum';
import { DatabaseExtension } from 'src/interfaces/database.interface'; import { DatabaseExtension } from 'src/interfaces/database.interface';
import { EnvData } from 'src/repositories/config.repository'; import { EnvData } from 'src/repositories/config.repository';
@ -24,12 +22,7 @@ const envData: EnvData = {
database: { database: {
config: { config: {
kysely: { kysely: { database: 'immich', host: 'database', port: 5432 },
dialect: new PostgresJSDialect({
postgres: postgres({ database: 'immich', host: 'database', port: 5432 }),
}),
log: ['error'],
},
typeorm: { typeorm: {
connectionType: 'parts', connectionType: 'parts',
database: 'immich', database: 'immich',