Add support for ?sslmode connection string param

2025-12-08 20:16:25 +00:00 · 2020-09-10 17:45:20 +01:00 · 2020-09-10 17:45:20 +01:00 · 6be3b9022f
commit 6be3b9022f
parent f0fc470d88
2 changed files with 65 additions and 0 deletions
--- a/packages/pg-connection-string/index.js
+++ b/packages/pg-connection-string/index.js
@ -81,6 +81,25 @@ function parse(str) {
    config.ssl.ca = fs.readFileSync(config.sslrootcert).toString()
  }

+  switch (config.sslmode) {
+    case 'disable': {
+      config.ssl = false
+      break
+    }
+    case 'prefer':
+    case 'require':
+    case 'verify-ca':
+    case 'verify-full': {
+      config.ssl = config.ssl || true
+      break
+    }
+    case 'no-verify': {
+      config.ssl = config.ssl || {}
+      config.ssl.rejectUnauthorized = false
+      break
+    }
+  }
+
  return config
 }

--- a/packages/pg-connection-string/test/parse.js
+++ b/packages/pg-connection-string/test/parse.js
@ -241,6 +241,52 @@ describe('parse', function () {
    })
  })

+  it('configuration parameter sslmode=no-verify', function () {
+    var connectionString = 'pg:///?sslmode=no-verify'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql({
+      rejectUnauthorized: false,
+    })
+  })
+
+  it('configuration parameter sslmode=disable', function () {
+    var connectionString = 'pg:///?sslmode=disable'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(false)
+  })
+
+  it('configuration parameter sslmode=prefer', function () {
+    var connectionString = 'pg:///?sslmode=prefer'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it('configuration parameter sslmode=require', function () {
+    var connectionString = 'pg:///?sslmode=require'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it('configuration parameter sslmode=verify-ca', function () {
+    var connectionString = 'pg:///?sslmode=verify-ca'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it('configuration parameter sslmode=verify-full', function () {
+    var connectionString = 'pg:///?sslmode=verify-full'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it("configuration parameter sslmode=require doesn't overwrite sslrootcert=/path/to/ca", function () {
+    var connectionString = 'pg:///?sslrootcert=' + __dirname + '/example.ca&sslmode=require'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql({
+      ca: 'example ca\n',
+    })
+  })
+
  it('allow other params like max, ...', function () {
    var subject = parse('pg://myhost/db?max=18&min=4')
    subject.max.should.equal('18')