Merge pull request #64 from ThouCheese/postgres-pool-rustls-example

Add an example of using a pooled bb8 connection with rustls

Author: weiznich

.github/workflows/ci.yml

@@ -115,6 +115,9 @@ jobs:
 
       - name: Test diesel_async
         run: cargo +${{ matrix.rust }} test --manifest-path Cargo.toml --no-default-features --features "${{ matrix.backend }} deadpool bb8 mobc"
+      - name: Run examples
+        if: matrix.backend == 'postgres'
+        run: cargo +${{ matrix.rust }} check --manifest-path examples/postgres/pooled-with-rustls/Cargo.toml
 
   rustfmt_and_clippy:
     name: Check rustfmt style && run clippy

.gitignore

@@ -1,2 +1,2 @@
-/target
+**/target
 Cargo.lock

Cargo.toml

@@ -51,3 +51,9 @@ rustdoc-args = ["--cfg", "doc_cfg"]
 
 [patch.crates-io]
 diesel = { git = "https://github.com/diesel-rs/diesel", rev = "b878fed" }
+
+[workspace]
+members = [
+        ".",
+        "examples/postgres/pooled-with-rustls"
+]

examples/postgres/pooled-with-rustls/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "pooled-with-rustls"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+diesel = { version = "2.0.2", default-features = false, features = ["postgres"] }
+diesel-async = { version = "0.2.0", path = "../../../", features = ["bb8", "postgres"] }
+futures-util = "0.3.21"
+rustls = "0.20.8"
+rustls-native-certs = "0.6.2"
+tokio = { version = "1.2.0", default-features = false, features = ["macros", "rt-multi-thread"] }
+tokio-postgres = "0.7.7"
+tokio-postgres-rustls = "0.9.0"

examples/postgres/pooled-with-rustls/src/main.rs

@@ -0,0 +1,68 @@
+use diesel::{ConnectionError, ConnectionResult};
+use diesel_async::pooled_connection::bb8::Pool;
+use diesel_async::pooled_connection::AsyncDieselConnectionManager;
+use diesel_async::AsyncPgConnection;
+use futures_util::future::BoxFuture;
+use futures_util::FutureExt;
+use std::time::Duration;
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let db_url = std::env::var("DATABASE_URL").expect("Env var `DATABASE_URL` not set");
+
+    // First we have to construct a connection manager with our custom `establish_connection`
+    // function
+    let mgr = AsyncDieselConnectionManager::<AsyncPgConnection>::new_with_setup(
+        db_url,
+        establish_connection,
+    );
+    // From that connection we can then create a pool, here given with some example settings.
+    //
+    // This creates a TLS configuration that's equivalent to `libpq'` `sslmode=verify-full`, which
+    // means this will check whether the provided certificate is valid for the given database host.
+    //
+    // `libpq` does not perform these checks by default (https://www.postgresql.org/docs/current/libpq-connect.html)
+    // If you hit a TLS error while conneting to the database double check your certificates
+    let pool = Pool::builder()
+        .max_size(10)
+        .min_idle(Some(5))
+        .max_lifetime(Some(Duration::from_secs(60 * 60 * 24)))
+        .idle_timeout(Some(Duration::from_secs(60 * 2)))
+        .build(mgr)
+        .await?;
+
+    // Now we can use our pool to run queries over a TLS-secured connection:
+    let conn = pool.get().await?;
+    let _ = conn;
+
+    Ok(())
+}
+
+fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConnection>> {
+    let fut = async {
+        // We first set up the way we want rustls to work.
+        let rustls_config = rustls::ClientConfig::builder()
+            .with_safe_defaults()
+            .with_root_certificates(root_certs())
+            .with_no_client_auth();
+        let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);
+        let (client, conn) = tokio_postgres::connect(config, tls)
+            .await
+            .map_err(|e| ConnectionError::BadConnection(e.to_string()))?;
+        tokio::spawn(async move {
+            if let Err(e) = conn.await {
+                eprintln!("Database connection: {e}");
+            }
+        });
+        AsyncPgConnection::try_from(client).await
+    };
+    fut.boxed()
+}
+
+fn root_certs() -> rustls::RootCertStore {
+    let mut roots = rustls::RootCertStore::empty();
+    let certs = rustls_native_certs::load_native_certs().expect("Certs not loadable!");
+    let certs: Vec<_> = certs.into_iter().map(|cert| cert.0).collect();
+    roots.add_parsable_certificates(&certs);
+    roots
+}