new database_password configuration option

lovasoa · lovasoa · commit 67e51f8a8bbc · 2024-10-05T23:07:40.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
  - **Fix**: the search feature in the shell component was not working when no menu item was defined.
  - Add support for encrypted Microsoft SQL Server connections. This finally allows connecting to databases that refuse clear-text connections, such as those hosted on Azure.
  - Easier json handling in databases without a native json type. SQLPage now detects when you use a json function in SQLite or MariaDB to generate a column, and automatically converts the resulting string to a json object. This allows easily using components that take json parameters (like the new columns component) in MariaDB and SQLite.
+ - Add a new optional `database_password` configuration option to set the password for the database connection separately from the connection string. This allows to keep the password separate from the connection string, which can be useful for security purposes, logging, and avoids having to percent-encode the password in the connection string.
 
 ## 0.29.0 (2024-09-25)
  - New columns component: `columns`. Useful to display a comparison between items, or large key figures to an user.
diff --git a/configuration.md b/configuration.md
@@ -10,6 +10,7 @@ Here are the available configuration options and their default values:
 | --------------------------------------------- | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | `listen_on`                                   | 0.0.0.0:8080                                                | Interface and port on which the web server should listen                                                                                                                                                                                               |
 | `database_url`                                | sqlite://sqlpage.db?mode=rwc                                | Database connection URL, in the form `dbengine://user:password@host:port/dbname`. Special characters in user and password should be [percent-encoded](https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding). |
+| `database_password`                            |         | Database password. If set, this will override any password specified in the `database_url`. This allows you to keep the password separate from the connection string for better security. |
 | `port`                                        | 8080                                                        | Like listen_on, but specifies only the port.                                                                                                                                                                                                           |
 | `unix_socket`                                 |                                                             | Path to a UNIX socket to listen on instead of the TCP port. If specified, SQLPage will accept HTTP connections only on this socket and not on any TCP port. This option is mutually exclusive with `listen_on` and `port`.
 | `max_database_pool_connections`               | PostgreSQL: 50<BR>  MySql: 75<BR> SQLite: 16<BR> MSSQL: 100 | How many simultaneous database connections to open at most                                                                                                                                                                                             |
@@ -75,10 +76,15 @@ A full connection string for a PostgreSQL database might look like this:
 postgres://my_user:p%40ss@localhost:5432/my_database?sslmode=verify-ca&sslrootcert=/path/to/ca.pem&sslcert=/path/to/cert.pem&sslkey=/path/to/key.pem&application_name=my_application
 ```
 
+If the `database_password` configuration parameter is set, it will override any password specified in the `database_url`.
+It does not need to be percent-encoded.
+This allows you to keep the password separate from the connection string, which can be useful for security purposes, especially when storing configurations in version control systems.
+
 ### Example `.env` file
 
 ```bash
-DATABASE_URL="sqlite:///path/to/my_database.db?mode=rwc"
+DATABASE_URL="postgres://my_user@localhost:5432/my_database?sslmode=verify-ca&sslrootcert=/path/to/ca.pem"
+DATABASE_PASSWORD="my_secure_password"
 SQLITE_EXTENSIONS="mod_spatialite crypto define regexp"
 ```
 
diff --git a/src/app_config.rs b/src/app_config.rs
@@ -148,6 +148,9 @@ pub fn load_from_env() -> anyhow::Result<AppConfig> {
 pub struct AppConfig {
     #[serde(default = "default_database_url")]
     pub database_url: String,
+    /// A separate field for the database password. If set, this will override any password specified in the `database_url`.
+    #[serde(default)]
+    pub database_password: Option<String>,
     pub max_database_pool_connections: Option<u32>,
     pub database_connection_idle_timeout_seconds: Option<f64>,
     pub database_connection_max_lifetime_seconds: Option<f64>,
diff --git a/src/webserver/database/connect.rs b/src/webserver/database/connect.rs
@@ -1,4 +1,4 @@
-use std::time::Duration;
+use std::{mem::take, time::Duration};
 
 use super::Database;
 use crate::{app_config::AppConfig, ON_CONNECT_FILE};
@@ -16,6 +16,9 @@ impl Database {
         let mut connect_options: AnyConnectOptions = database_url
             .parse()
             .with_context(|| format!("\"{database_url}\" is not a valid database URL. Please change the \"database_url\" option in the configuration file."))?;
+        if let Some(password) = &config.database_password {
+            set_database_password(&mut connect_options, password);
+        }
         connect_options.log_statements(log::LevelFilter::Trace);
         connect_options.log_slow_statements(
             log::LevelFilter::Warn,
@@ -148,3 +151,17 @@ fn make_sqlite_fun(name: &str, f: fn(&str) -> String) -> Function {
         }
     })
 }
+
+fn set_database_password(options: &mut AnyConnectOptions, password: &str) {
+    if let Some(opts) = options.as_postgres_mut() {
+        *opts = take(opts).password(password);
+    } else if let Some(opts) = options.as_mysql_mut() {
+        *opts = take(opts).password(password);
+    } else if let Some(opts) = options.as_mssql_mut() {
+        *opts = take(opts).password(password);
+    } else if let Some(_opts) = options.as_sqlite_mut() {
+        log::warn!("Setting a password for a SQLite database is not supported");
+    } else {
+        unreachable!("Unsupported database type");
+    }
+}
