fix(server): sslmode not working (#15587)

* parse db url before passing it to the driver * don't be lazy * simplify * simplify * add tests * update sql sync script * update mock * remove unused import * remove unused imports
2025-01-24 14:01:55 -05:00
parent f5a3d7ba23
commit ba01b40e7c
6 changed files with 154 additions and 50 deletions
@@ -1,4 +1,3 @@
-import { PostgresJSDialect } from 'kysely-postgres-js';
 import { ImmichTelemetry } from 'src/enum';
 import { clearEnvCache, ConfigRepository } from 'src/repositories/config.repository';

@@ -81,10 +80,13 @@ describe('getEnv', () => {
      const { database } = getEnv();
      expect(database).toEqual({
        config: {
-          kysely: {
-            dialect: expect.any(PostgresJSDialect),
-            log: expect.any(Function),
-          },
+          kysely: expect.objectContaining({
+            host: 'database',
+            port: 5432,
+            database: 'immich',
+            username: 'postgres',
+            password: 'postgres',
+          }),
          typeorm: expect.objectContaining({
            type: 'postgres',
            host: 'database',
@@ -104,6 +106,72 @@ describe('getEnv', () => {
      const { database } = getEnv();
      expect(database).toMatchObject({ skipMigrations: true });
    });
+
+    it('should use DB_URL', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich';
+      const { database } = getEnv();
+      expect(database.config.kysely).toMatchObject({
+        host: 'database1',
+        password: 'postgres2',
+        user: 'postgres1',
+        port: 54_320,
+        database: 'immich',
+      });
+    });
+
+    it('should handle sslmode=require', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=require';
+
+      const { database } = getEnv();
+
+      expect(database.config.kysely).toMatchObject({ ssl: {} });
+    });
+
+    it('should handle sslmode=prefer', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=prefer';
+
+      const { database } = getEnv();
+
+      expect(database.config.kysely).toMatchObject({ ssl: {} });
+    });
+
+    it('should handle sslmode=verify-ca', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=verify-ca';
+
+      const { database } = getEnv();
+
+      expect(database.config.kysely).toMatchObject({ ssl: {} });
+    });
+
+    it('should handle sslmode=verify-full', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=verify-full';
+
+      const { database } = getEnv();
+
+      expect(database.config.kysely).toMatchObject({ ssl: {} });
+    });
+
+    it('should handle sslmode=no-verify', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?sslmode=no-verify';
+
+      const { database } = getEnv();
+
+      expect(database.config.kysely).toMatchObject({ ssl: { rejectUnauthorized: false } });
+    });
+
+    it('should handle ssl=true', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?ssl=true';
+
+      const { database } = getEnv();
+
+      expect(database.config.kysely).toMatchObject({ ssl: true });
+    });
+
+    it('should reject invalid ssl', () => {
+      process.env.DB_URL = 'postgres://postgres1:postgres2@database1:54320/immich?ssl=invalid';
+
+      expect(() => getEnv()).toThrowError('Invalid ssl option: invalid');
+    });
  });

  describe('redis', () => {