ch5: add ssl for postgre

Signed-off-by: Jin Dong <jin.dong@databricks.com>
djdongjin · Mar 27, 2024 · b5fd237 · b5fd237
1 parent 9efae9e
commit b5fd237
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 5 deletions.
diff --git a/configuration/local.yaml b/configuration/local.yaml
@@ -1,2 +1,4 @@
 application:
-  host: 127.0.0.1
+  host: 127.0.0.1
+database:
+  require_ssl: false
diff --git a/configuration/production.yaml b/configuration/production.yaml
@@ -1,2 +1,4 @@
 application:
-  host: 0.0.0.0
+  host: 0.0.0.0
+database:
+  require_ssl: true
diff --git a/src/configuration.rs b/src/configuration.rs
@@ -1,6 +1,7 @@
 use secrecy::{ExposeSecret, Secret};
 use serde_aux::field_attributes::deserialize_number_from_string;
-use sqlx::postgres::PgConnectOptions;
+use sqlx::postgres::{PgConnectOptions, PgSslMode};
+use sqlx::ConnectOptions;
 
 #[derive(serde::Deserialize)]
 pub struct Settings {
@@ -16,6 +17,8 @@ pub struct DatabseSettings {
     #[serde(deserialize_with = "deserialize_number_from_string")]
     pub port: u16,
     pub database_name: String,
+    // Determine if we demand the connection to be encrypted or not
+    pub require_ssl: bool,
 }
 
 #[derive(serde::Deserialize)]
@@ -26,15 +29,23 @@ pub struct ApplicationSettings {
 
 impl DatabseSettings {
     pub fn without_db(&self) -> PgConnectOptions {
+        let ssl_mode = if self.require_ssl {
+            PgSslMode::Require
+        } else {
+            PgSslMode::Prefer
+        };
+
         PgConnectOptions::new()
             .username(&self.username)
-            .password(&self.password.expose_secret())
+            .password(self.password.expose_secret())
             .host(&self.host)
             .port(self.port)
+            .ssl_mode(ssl_mode)
     }
 
     pub fn with_db(&self) -> PgConnectOptions {
-        self.without_db().database(&self.database_name)
+        let options = self.without_db().database(&self.database_name);
+        options.log_statements(tracing_log::log::LevelFilter::Trace)
     }
 }