also disable ssl when connecting to pgsql using ip

2026-06-03 08:34:13 +02:00 · 2021-06-16 13:27:35 +02:00 · 2021-06-16 13:27:35 +02:00 · 26a212cb9b
commit 26a212cb9b
parent 87dd4c570b
5 changed files with 131 additions and 27 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@ -142,6 +142,7 @@ pub enum Database {
        username: String,
        password: String,
        connect: DbConnect,
+        disable_ssl: bool,
    },
 }

@ -156,7 +157,7 @@ impl From<Database> for sqlx::any::AnyConnectOptions {
    fn from(cfg: Database) -> Self {
        use sqlx::{
            mysql::{MySqlConnectOptions, MySqlSslMode},
-            postgres::PgConnectOptions,
+            postgres::{PgConnectOptions, PgSslMode},
            sqlite::SqliteConnectOptions,
        };

@ -193,11 +194,15 @@ impl From<Database> for sqlx::any::AnyConnectOptions {
                username,
                password,
                connect,
+                disable_ssl,
            } => {
                let mut options = PgConnectOptions::default()
                    .database(&database)
                    .username(&username)
                    .password(&password);
+                if disable_ssl {
+                    options = options.ssl_mode(PgSslMode::Disable);
+                }
                match connect {
                    DbConnect::Socket(socket) => {
                        options = options.socket(socket);
--- a/src/nc.rs
+++ b/src/nc.rs
@ -173,32 +173,39 @@ fn parse_db_options(parsed: &Value) -> Result<Database> {
        Some("pgsql") => {
            let username = parsed["dbuser"].as_str().ok_or(DbError::NoUsername)?;
            let password = parsed["dbpassword"].as_str().ok_or(DbError::NoPassword)?;
-            let mut connect = match split_host(parsed["dbhost"].as_str().unwrap_or_default()) {
-                (addr, None, None) => DbConnect::Tcp {
-                    host: addr.into(),
-                    port: 5432,
-                },
-                (addr, Some(port), None) => DbConnect::Tcp {
-                    host: addr.into(),
-                    port,
-                },
-                (_, None, Some(socket)) => {
-                    let mut socket_path = Path::new(socket);
+            let (mut connect, disable_ssl) =
+                match split_host(parsed["dbhost"].as_str().unwrap_or_default()) {
+                    (addr, None, None) => (
+                        DbConnect::Tcp {
+                            host: addr.into(),
+                            port: 5432,
+                        },
+                        IpAddr::from_str(addr).is_ok(),
+                    ),
+                    (addr, Some(port), None) => (
+                        DbConnect::Tcp {
+                            host: addr.into(),
+                            port,
+                        },
+                        IpAddr::from_str(addr).is_ok(),
+                    ),
+                    (_, None, Some(socket)) => {
+                        let mut socket_path = Path::new(socket);

-                    // sqlx wants the folder the socket is in, not the socket itself
-                    if socket_path
-                        .file_name()
-                        .map(|name| name.to_str().unwrap().starts_with(".s"))
-                        .unwrap_or(false)
-                    {
-                        socket_path = socket_path.parent().unwrap();
+                        // sqlx wants the folder the socket is in, not the socket itself
+                        if socket_path
+                            .file_name()
+                            .map(|name| name.to_str().unwrap().starts_with(".s"))
+                            .unwrap_or(false)
+                        {
+                            socket_path = socket_path.parent().unwrap();
+                        }
+                        (DbConnect::Socket(socket_path.into()), false)
                    }
-                    DbConnect::Socket(socket_path.into())
-                }
-                (_, Some(_), Some(_)) => {
-                    unreachable!()
-                }
-            };
+                    (_, Some(_), Some(_)) => {
+                        unreachable!()
+                    }
+                };
            if let Some(port) = parsed["dbport"].clone().into_int() {
                if let DbConnect::Tcp {
                    port: connect_port, ..
@ -214,6 +221,7 @@ fn parse_db_options(parsed: &Value) -> Result<Database> {
                username: username.into(),
                password: password.into(),
                connect,
+                disable_ssl,
            })
        }
        Some("sqlite3") => {
@ -474,6 +482,7 @@ fn test_parse_postgres_socket() {
            username: "redacted".to_string(),
            password: "redacted".to_string(),
            connect: DbConnect::Socket("/var/run/postgresql".into()),
+            disable_ssl: false,
        },
        &config.database,
    );
@ -499,6 +508,7 @@ fn test_parse_postgres_socket_folder() {
            username: "redacted".to_string(),
            password: "redacted".to_string(),
            connect: DbConnect::Socket("/var/run/postgresql".into()),
+            disable_ssl: false,
        },
        &config.database,
    );
@ -592,3 +602,62 @@ fn test_parse_config_mysql_fqdn() {
        config.database.into(),
    );
 }
+
+#[test]
+fn test_parse_postgres_ip() {
+    let config = config_from_file("tests/configs/postgres_ip.php");
+    assert_debug_equal(
+        &Database::Postgres {
+            database: "nextcloud".to_string(),
+            username: "redacted".to_string(),
+            password: "redacted".to_string(),
+            connect: DbConnect::Tcp {
+                host: "1.2.3.4".to_string(),
+                port: 5432,
+            },
+            disable_ssl: true,
+        },
+        &config.database,
+    );
+    #[cfg(feature = "db-sqlx")]
+    assert_debug_equal(
+        AnyConnectOptions::from(
+            PgConnectOptions::new()
+                .host("1.2.3.4")
+                .username("redacted")
+                .password("redacted")
+                .database("nextcloud")
+                .ssl_mode(sqlx::postgres::PgSslMode::Disable),
+        ),
+        config.database.into(),
+    );
+}
+
+#[test]
+fn test_parse_postgres_fqdn() {
+    let config = config_from_file("tests/configs/postgres_fqdn.php");
+    assert_debug_equal(
+        &Database::Postgres {
+            database: "nextcloud".to_string(),
+            username: "redacted".to_string(),
+            password: "redacted".to_string(),
+            connect: DbConnect::Tcp {
+                host: "pg.example.com".to_string(),
+                port: 5432,
+            },
+            disable_ssl: false,
+        },
+        &config.database,
+    );
+    #[cfg(feature = "db-sqlx")]
+    assert_debug_equal(
+        AnyConnectOptions::from(
+            PgConnectOptions::new()
+                .host("pg.example.com")
+                .username("redacted")
+                .password("redacted")
+                .database("nextcloud"),
+        ),
+        config.database.into(),
+    );
+}