ahmadk953/poixpixel-discord-bot
1
0
Fork 0
mirror of https://github.com/ahmadk953/poixpixel-discord-bot.git synced 2025-05-10 02:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

chore: merge pull request #348 from ahmadk953/local-ssl

Browse source 
modified code to use self-signed ssl certificates
This commit is contained in:
Ahmad 2025-04-19 02:03:59 -04:00 committed by GitHub
commit daa231ea40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 121 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -2,6 +2,7 @@ target/
node_modules/ node_modules/
drizzle/ drizzle/
.vscode/ .vscode/
certs/
config.json config.json
.env .env
.yarn .yarn

2
.prettierignore
View file

@ -4,6 +4,8 @@ drizzle/
.vscode/ .vscode/
.github/ .github/
.yarn/ .yarn/
docs/
certs/
config.json config.json
config.example.json config.example.json
package.json package.json

27
docker-compose.yml
View file

@ -8,11 +8,18 @@ services:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB} POSTGRES_DB: ${POSTGRES_DB}
volumes: volumes:
- ./certs/psql-server.crt:/var/lib/postgresql/server.crt:ro
- ./certs/psql-server.key:/var/lib/postgresql/server.key:ro
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
ports: ports:
- "5432:5432" - '5432:5432'
command: >
postgres
-c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt
-c ssl_key_file=/var/lib/postgresql/server.key
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}']
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
@ -23,13 +30,23 @@ services:
image: valkey/valkey:8-alpine image: valkey/valkey:8-alpine
container_name: valkey container_name: valkey
restart: always restart: always
command: ["valkey-server", "--requirepass", "${VALKEY_PASSWORD}"]
ports: ports:
- "6379:6379" - '6379:6379'
volumes: volumes:
- ./certs/cache-server.crt:/certs/server.crt:ro
- ./certs/cache-server.key:/certs/server.key:ro
- ./certs/cache-ca.crt:/certs/ca.crt:ro
- valkey_data:/data - valkey_data:/data
command: >
valkey-server
--requirepass ${VALKEY_PASSWORD}
--tls-port 6379
--port 0
--tls-cert-file /certs/server.crt
--tls-key-file /certs/server.key
--tls-ca-cert-file /certs/ca.crt
healthcheck: healthcheck:
test: ["CMD", "valkey-cli", "-a", "${VALKEY_PASSWORD}", "ping"] test: ['CMD', 'valkey-cli', '-a', '${VALKEY_PASSWORD}', 'ping']
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5

16
drizzle.config.ts
View file

@ -1,4 +1,5 @@
import fs from 'node:fs'; import fs from 'node:fs';
import path from 'node:path';
import { defineConfig } from 'drizzle-kit'; import { defineConfig } from 'drizzle-kit';
const config = JSON.parse(fs.readFileSync('./config.json', 'utf8')); const config = JSON.parse(fs.readFileSync('./config.json', 'utf8'));
@ -10,5 +11,20 @@ export default defineConfig({
dialect: 'postgresql', dialect: 'postgresql',
dbCredentials: { dbCredentials: {
url: database.dbConnectionString, url: database.dbConnectionString,
ssl: (() => {
try {
return {
ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
};
} catch (error) {
console.warn(
'Failed to load certificates for database, using insecure connection:',
error,
);
return undefined;
}
})(),
}, },
}); });

43
generate-certs.sh Executable file
View file

@ -0,0 +1,43 @@
#!/bin/bash
# Get the Effective User ID
_uid="$(id -u)"
# Create the certificates directory
mkdir -p certs
# Generate PostgreSQL Certificates
openssl req -new -x509 -days 365 -nodes \
-out certs/psql-server.crt \
-keyout certs/psql-server.key \
-subj "/CN=localhost"
# Generate Valkey Certificates
openssl req -new -x509 -days 365 -nodes \
-out certs/cache-server.crt \
-keyout certs/cache-server.key \
-subj "/CN=localhost"
# Get CA Certificates
cp certs/psql-server.crt certs/psql-ca.crt
cp certs/cache-server.crt certs/cache-ca.crt
# Setup Permissions
chmod 0600 certs/psql-server.key
chmod 0600 certs/cache-server.key
# Assign Ownership
sudo chown 70:70 certs/psql-*.*
sudo chown 999:1000 certs/cache-*.*
# Get Client Keys
sudo cp certs/psql-server.key certs/psql-client.key
sudo cp certs/cache-server.key certs/cache-client.key
# Change Client Key Ownership
sudo chown $_uid:$_uid certs/psql-client.key
sudo chown $_uid:$_uid certs/cache-client.key
# Change Client Key Permissions
sudo chmod +r certs/psql-client.key
sudo chmod +r certs/cache-client.key

18
src/db/db.ts
View file

@ -1,6 +1,8 @@
// ======================== // ========================
// External Imports // External Imports
// ======================== // ========================
import fs from 'node:fs';
import path from 'node:path';
import pkg from 'pg'; import pkg from 'pg';
import { drizzle } from 'drizzle-orm/node-postgres'; import { drizzle } from 'drizzle-orm/node-postgres';
import { Client } from 'discord.js'; import { Client } from 'discord.js';
@ -98,7 +100,21 @@ export async function initializeDatabaseConnection(): Promise<boolean> {
// Create new connection pool // Create new connection pool
dbPool = new Pool({ dbPool = new Pool({
connectionString: config.database.dbConnectionString, connectionString: config.database.dbConnectionString,
ssl: true, ssl: (() => {
try {
return {
ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
};
} catch (error) {
console.warn(
'Failed to load certificates for database, using insecure connection:',
error,
);
return undefined;
}
})(),
connectionTimeoutMillis: 10000, connectionTimeoutMillis: 10000,
}); });

17
src/db/redis.ts
View file

@ -1,3 +1,5 @@
import fs from 'node:fs';
import path from 'node:path';
import Redis from 'ioredis'; import Redis from 'ioredis';
import { Client } from 'discord.js'; import { Client } from 'discord.js';
@ -91,6 +93,21 @@ async function initializeRedisConnection() {
}, },
maxRetriesPerRequest: 3, maxRetriesPerRequest: 3,
enableOfflineQueue: true, enableOfflineQueue: true,
tls: (() => {
try {
return {
ca: fs.readFileSync(path.resolve('./certs/cache-ca.crt')),
key: fs.readFileSync(path.resolve('./certs/cache-client.key')),
cert: fs.readFileSync(path.resolve('./certs/cache-server.crt')),
};
} catch (error) {
console.warn(
'Failed to load certificates for cache, using insecure connection:',
error,
);
return undefined;
}
})(),
}); });
// ======================== // ========================

3
src/util/helpers.ts
View file

@ -1,5 +1,6 @@
import Canvas from '@napi-rs/canvas'; import Canvas from '@napi-rs/canvas';
import path from 'path'; import fs from 'node:fs';
import path from 'node:path';
import { import {
AttachmentBuilder, AttachmentBuilder,