Merge pull request #1380 from swisstopo/feature/viewer-1345-enforce-ssl

Feature 1345: Enforce SSL
swisstopo · Nov 27, 2024 · 88a5c94 · 88a5c94
2 parents 48d6733 + 90d816d
commit 88a5c94
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## [Unreleased]
 
 ### Added
+- Add `PG_SSL_MODE` environment variable to allow SSL connections between the API and database.
 
 ### Changed
 - Values for "Height", "Angle", "Pitch", and coordinates are now input fields. Users can adjust values using arrow keys.

diff --git a/api/.env b/api/.env
@@ -15,9 +15,11 @@ PGPASSWORD=www-data
 PGHOST=db
 PGPORT=5432
 PGDATABASE=swissgeol-local
+PG_SSL_MODE=disable
+# PG_SSL_MODE=require
 
 # SQLx
-DATABASE_URL=postgres://${PGUSER}:${PGPASSWORD}@${PGHOST}:${PGPORT}/${PGDATABASE}
+DATABASE_URL=postgres://${PGUSER}:${PGPASSWORD}@${PGHOST}:${PGPORT}/${PGDATABASE}?ssl_mode=${PG_SSL_MODE}
 
 # S3
 S3_AWS_REGION=eu-west-1

diff --git a/api/DockerfileDev b/api/DockerfileDev
@@ -5,8 +5,9 @@ FROM rust:1.82
 
 WORKDIR /app
 
-RUN cargo install cargo-watch
-
+RUN cargo install cargo-watch && \
+    rustup component add rustfmt && \
+    rustup component add clippy
 COPY . .
 
 RUN chmod +x start.sh

diff --git a/api/src/database.rs b/api/src/database.rs
@@ -1,5 +1,5 @@
 use sqlx::{
-    postgres::{PgConnectOptions, PgPoolOptions},
+    postgres::{PgConnectOptions, PgPoolOptions, PgSslMode},
     Connection, Executor, PgConnection, PgPool,
 };
 
@@ -20,6 +20,9 @@ pub struct Database {
     /// The database name
     #[clap(long, env)]
     pub pgdatabase: String,
+    /// The database ssl mode
+    #[clap(env)]
+    pub pg_ssl_mode: PgSslMode,
 }
 
 impl Database {
@@ -34,7 +37,8 @@ impl Database {
             .host(&self.pghost)
             .port(self.pgport)
             .username(&self.pguser)
-            .password(&self.pgpassword);
+            .password(&self.pgpassword)
+            .ssl_mode(self.pg_ssl_mode);
 
         if create {
             // Create database