implement TLS options for SQLx databases

2023-08-26 16:56:46 +02:00 · 2023-08-26 16:56:46 +02:00 · 2ee96ce7eb
parent 26a3f00f82
commit 2ee96ce7eb
4 changed files with 53 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -31,3 +31,6 @@ scripts/redirect.html

 # Uploads in pastebin example.
 examples/pastebin/upload/*
+
+# Editor/IDE configurations
+.vscode/
--- a/contrib/db_pools/lib/Cargo.toml
+++ b/contrib/db_pools/lib/Cargo.toml
@ -22,6 +22,8 @@ sqlx_mysql = ["sqlx", "sqlx/mysql"]
 sqlx_postgres = ["sqlx", "sqlx/postgres"]
 sqlx_sqlite = ["sqlx", "sqlx/sqlite"]
 sqlx_macros = ["sqlx/macros"]
+sqlx_native_tls = ["sqlx/tls-native-tls"]
+sqlx_rustls = ["sqlx/tls-rustls"]
 # diesel features
 diesel_postgres = ["diesel-async/postgres", "diesel-async/deadpool", "diesel", "deadpool"]
 diesel_mysql = ["diesel-async/mysql", "diesel-async/deadpool", "diesel", "deadpool"]
--- a/contrib/db_pools/lib/src/config.rs
+++ b/contrib/db_pools/lib/src/config.rs
@ -1,4 +1,5 @@
 use rocket::serde::{Deserialize, Serialize};
+use std::path::PathBuf;

 /// Base configuration for all database drivers.
 ///
@ -36,6 +37,9 @@ use rocket::serde::{Deserialize, Serialize};
 ///             max_connections: 1024,
 ///             connect_timeout: 3,
 ///             idle_timeout: None,
+///             ssl_root_cert: None,
+///             ssl_client_cert: None,
+///             ssl_client_key: None
 ///         }));
 ///
 ///     rocket::custom(figment)
@ -80,4 +84,17 @@ pub struct Config {
    ///
    /// _Default:_ `None`.
    pub idle_timeout: Option<u64>,
+    /// Sets the name of a file containing SSL certificate authority (CA) certificate(s).
+    /// If the file exists, the server’s certificate will be verified to be signed by one of these authorities.
+    ///
+    /// _Default:_ `None`.
+    pub ssl_root_cert: Option<PathBuf>,
+    /// Sets the name of a file containing SSL client certificate.
+    ///
+    /// _Default:_ `None`.
+    pub ssl_client_cert: Option<PathBuf>,
+    /// Sets the name of a file containing SSL client key.
+    ///
+    /// _Default:_ `None`.
+    pub ssl_client_key: Option<PathBuf>,
 }
--- a/contrib/db_pools/lib/src/pool.rs
+++ b/contrib/db_pools/lib/src/pool.rs
@ -240,6 +240,37 @@ mod sqlx {
                .busy_timeout(Duration::from_secs(__config.connect_timeout))
                .create_if_missing(true);
        }
+
+        #[cfg(feature = "sqlx_postgres")]
+        if let Some(o) = __options.downcast_mut::<sqlx::postgres::PgConnectOptions>() {
+            if let Some(ref ssl_root_cert) = __config.ssl_root_cert {
+                *o = std::mem::take(o).ssl_root_cert(ssl_root_cert);
+            }
+
+            if let Some(ref ssl_client_cert) = __config.ssl_client_cert {
+                *o = std::mem::take(o).ssl_client_cert(ssl_client_cert);
+            }
+
+            if let Some(ref ssl_client_key) = __config.ssl_client_key {
+                *o = std::mem::take(o).ssl_client_key(ssl_client_key);
+            }
+        }
+
+        #[cfg(feature = "sqlx_mysql")]
+        if let Some(o) = __options.downcast_mut::<sqlx::mysql::MySqlConnectOptions>() {
+            if let Some(ref ssl_root_cert) = __config.ssl_root_cert {
+                *o = std::mem::take(o).ssl_ca(ssl_root_cert);
+            }
+
+            if let Some(ref ssl_client_cert) = __config.ssl_client_cert {
+                *o = std::mem::take(o).ssl_client_cert(ssl_client_cert);
+            }
+
+            if let Some(ref ssl_client_key) = __config.ssl_client_key {
+                *o = std::mem::take(o).ssl_client_key(ssl_client_key);
+            }
+        }
+
    }

    #[rocket::async_trait]