chore: added TLS error handling to database and cache

2025-05-09 18:33:04 +00:00 · 2025-04-19 01:56:24 -04:00 · 2025-04-19 01:56:24 -04:00 · 4def8df3fe
commit 4def8df3fe
parent 7fd9497fb8
4 changed files with 47 additions and 16 deletions
--- a/drizzle.config.ts
+++ b/drizzle.config.ts
@ -11,10 +11,20 @@ export default defineConfig({
  dialect: 'postgresql',
  dbCredentials: {
    url: database.dbConnectionString,
-    ssl: {
-      ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
-      cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
-      key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
-    },
+    ssl: (() => {
+      try {
+        return {
+          ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
+          key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
+          cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
+        };
+      } catch (error) {
+        console.warn(
+          'Failed to load certificates for database, using insecure connection:',
+          error,
+        );
+        return undefined;
+      }
+    })(),
  },
 });
--- a/src/db/db.ts
+++ b/src/db/db.ts
@ -100,11 +100,21 @@ export async function initializeDatabaseConnection(): Promise<boolean> {
    // Create new connection pool
    dbPool = new Pool({
      connectionString: config.database.dbConnectionString,
-      ssl: {
-        ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
-        cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
-        key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
-      },
+      ssl: (() => {
+        try {
+          return {
+            ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
+            key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
+            cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
+          };
+        } catch (error) {
+          console.warn(
+            'Failed to load certificates for database, using insecure connection:',
+            error,
+          );
+          return undefined;
+        }
+      })(),
      connectionTimeoutMillis: 10000,
    });

--- a/src/db/redis.ts
+++ b/src/db/redis.ts
@ -93,11 +93,21 @@ async function initializeRedisConnection() {
      },
      maxRetriesPerRequest: 3,
      enableOfflineQueue: true,
-      tls: {
-        ca: fs.readFileSync(path.resolve('./certs/cache-ca.crt')),
-        cert: fs.readFileSync(path.resolve('./certs/cache-server.crt')),
-        key: fs.readFileSync(path.resolve('./certs/cache-client.key')),
-      },
+      tls: (() => {
+        try {
+          return {
+            ca: fs.readFileSync(path.resolve('./certs/cache-ca.crt')),
+            key: fs.readFileSync(path.resolve('./certs/cache-client.key')),
+            cert: fs.readFileSync(path.resolve('./certs/cache-server.crt')),
+          };
+        } catch (error) {
+          console.warn(
+            'Failed to load certificates for cache, using insecure connection:',
+            error,
+          );
+          return undefined;
+        }
+      })(),
    });

    // ========================
--- a/src/util/helpers.ts
+++ b/src/util/helpers.ts
@ -1,5 +1,6 @@
 import Canvas from '@napi-rs/canvas';
-import path from 'path';
+import fs from 'node:fs';
+import path from 'node:path';

 import {
  AttachmentBuilder,