Skip to content

Commit abfd1b1

Browse files
Intellicoden1ru4l
Intellicode
and
n1ru4l
authored
fix: encode input to ensure valid postgres urls + optional postgres password (#6123)
Co-authored-by: Laurin Quast <[email protected]>
1 parent 7e7f228 commit abfd1b1

File tree

16 files changed

+42
-20
lines changed

16 files changed

+42
-20
lines changed

.changeset/rare-paws-boil.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'hive': minor
3+
---
4+
5+
encode postgres variables and introduce optional password

packages/migrations/src/connection-string.ts

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,17 @@
11
export function createConnectionString(config: {
22
host: string;
33
port: number;
4-
password: string;
4+
password: string | undefined;
55
user: string;
66
db: string;
77
ssl: boolean;
88
}) {
99
// prettier-ignore
10-
return `postgres://${config.user}:${config.password}@${config.host}:${config.port}/${config.db}${config.ssl ? '?sslmode=require' : '?sslmode=disable'}`;
10+
const encodedUser = encodeURIComponent(config.user);
11+
const encodedPassword =
12+
typeof config.password === 'string' ? `:${encodeURIComponent(config.password)}` : '';
13+
const encodedHost = encodeURIComponent(config.host);
14+
const encodedDb = encodeURIComponent(config.db);
15+
16+
return `postgres://${encodedUser}${encodedPassword}@${encodedHost}:${config.port}/${encodedDb}${config.ssl ? '?sslmode=require' : '?sslmode=disable'}`;
1117
}

packages/migrations/src/environment.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ const PostgresModel = zod.object({
4343
POSTGRES_PORT: NumberFromString,
4444
POSTGRES_DB: zod.string(),
4545
POSTGRES_USER: zod.string(),
46-
POSTGRES_PASSWORD: zod.string(),
46+
POSTGRES_PASSWORD: emptyString(zod.string().optional()),
4747
});
4848

4949
const ClickHouseModel = zod.union([

packages/migrations/src/scripts/environment.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ const PostgresModel = zod.object({
3636
POSTGRES_PORT: NumberFromString,
3737
POSTGRES_DB: zod.string(),
3838
POSTGRES_USER: zod.string(),
39-
POSTGRES_PASSWORD: zod.string(),
39+
POSTGRES_PASSWORD: emptyString(zod.string().optional()),
4040
});
4141

4242
const configs = {

packages/migrations/tools/db-connection-string.cjs

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
const {
22
POSTGRES_USER = 'postgres',
3-
POSTGRES_PASSWORD = 'postgres',
3+
POSTGRES_PASSWORD = null,
44
POSTGRES_HOST = 'localhost',
55
POSTGRES_PORT = 5432,
66
POSTGRES_DB = 'registry',
@@ -9,11 +9,16 @@ const {
99
} = process.env;
1010

1111
function cn(dbName = POSTGRES_DB) {
12+
const user = encodeURIComponent(POSTGRES_USER);
13+
const password =
14+
typeof POSTGRES_PASSWORD === 'string' ? `:${encodeURIComponent(POSTGRES_PASSWORD)}` : '';
15+
const host = encodeURIComponent(POSTGRES_HOST);
16+
const dbNameEncoded = encodeURIComponent(dbName);
17+
const sslMode = POSTGRES_SSL ? 'require' : 'disable';
18+
1219
return (
1320
POSTGRES_CONNECTION_STRING ||
14-
`postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${dbName}${
15-
POSTGRES_SSL ? '?sslmode=require' : '?sslmode=disable'
16-
}`
21+
`postgres://${user}${password}@${host}:${POSTGRES_PORT}/${dbNameEncoded}?sslmode=${sslMode}`
1722
);
1823
}
1924

packages/services/rate-limit/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ you don't need this service.
1313
| `POSTGRES_PORT` | **Yes** | Port of the postgres database | `5432` |
1414
| `POSTGRES_DB` | **Yes** | Name of the postgres database. | `registry` |
1515
| `POSTGRES_USER` | **Yes** | User name for accessing the postgres database. | `postgres` |
16-
| `POSTGRES_PASSWORD` | **Yes** | Password for accessing the postgres database. | `postgres` |
16+
| `POSTGRES_PASSWORD` | No | Password for accessing the postgres database. | `postgres` |
1717
| `USAGE_ESTIMATOR_ENDPOINT` | **Yes** | The endpoint of the usage estimator service. | `http://127.0.0.1:4011` |
1818
| `EMAILS_ENDPOINT` | No (if not provided no limit emails will be sent.) | The endpoint of the GraphQL Hive Email service. | `http://127.0.0.1:6260` |
1919
| `ENVIRONMENT` | No | The environment of your Hive app. (**Note:** This will be used for Sentry reporting.) | `staging` |

packages/services/rate-limit/src/environment.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ const PostgresModel = zod.object({
4444
POSTGRES_PORT: NumberFromString,
4545
POSTGRES_DB: zod.string(),
4646
POSTGRES_USER: zod.string(),
47-
POSTGRES_PASSWORD: zod.string(),
47+
POSTGRES_PASSWORD: emptyString(zod.string().optional()),
4848
});
4949

5050
const PrometheusModel = zod.object({

packages/services/server/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ The GraphQL API for GraphQL Hive.
2121
| `POSTGRES_PORT` | **Yes** | Port of the postgres database | `5432` |
2222
| `POSTGRES_DB` | **Yes** | Name of the postgres database. | `registry` |
2323
| `POSTGRES_USER` | **Yes** | User name for accessing the postgres database. | `postgres` |
24-
| `POSTGRES_PASSWORD` | **Yes** | Password for accessing the postgres database. | `postgres` |
24+
| `POSTGRES_PASSWORD` | No | Password for accessing the postgres database. | `postgres` |
2525
| `CLICKHOUSE_PROTOCOL` | **Yes** | The clickhouse protocol for connecting to the clickhouse instance. | `http` |
2626
| `CLICKHOUSE_HOST` | **Yes** | The host of the clickhouse instance. | `127.0.0.1` |
2727
| `CLICKHOUSE_PORT` | **Yes** | The port of the clickhouse instance | `8123` |

packages/services/server/src/environment.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ const PostgresModel = zod.object({
7676
POSTGRES_PORT: NumberFromString,
7777
POSTGRES_DB: zod.string(),
7878
POSTGRES_USER: zod.string(),
79-
POSTGRES_PASSWORD: zod.string(),
79+
POSTGRES_PASSWORD: emptyString(zod.string().optional()),
8080
});
8181

8282
const ClickHouseModel = zod.object({

packages/services/storage/src/db/utils.ts

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,19 @@ import { sql } from 'slonik';
33
export function createConnectionString(config: {
44
host: string;
55
port: number;
6-
password: string;
6+
password: string | undefined;
77
user: string;
88
db: string;
99
ssl: boolean;
1010
}) {
1111
// prettier-ignore
12-
return `postgres://${config.user}:${config.password}@${config.host}:${config.port}/${config.db}${config.ssl ? '?sslmode=require' : '?sslmode=disable'}`;
12+
const encodedUser = encodeURIComponent(config.user);
13+
const encodedPassword =
14+
typeof config.password === 'string' ? `:${encodeURIComponent(config.password)}` : '';
15+
const encodedHost = encodeURIComponent(config.host);
16+
const encodedDb = encodeURIComponent(config.db);
17+
18+
return `postgres://${encodedUser}${encodedPassword}@${encodedHost}:${config.port}/${encodedDb}${config.ssl ? '?sslmode=require' : '?sslmode=disable'}`;
1319
}
1420

1521
export function toDate(date: Date) {

0 commit comments

Comments
 (0)