From 310dbad9d0b63e17f0d3fc910c17c1a365ea27cb Mon Sep 17 00:00:00 2001
From: Nicholas Clarke <nicholasgclarke@gmail.com>
Date: Sat, 8 Apr 2023 22:30:05 -0700
Subject: [PATCH] Pass ssl params in databases options.

---
 ProcFile                                    |  0
 Procfile                                    |  1 +
 api/v10/views.py                            |  0
 api/v11/__init__.py                         |  0
 api/v11/urls.py                             |  0
 charting_library_charts/settings.py         | 11 +++++++++++
 model/__init__.py                           |  0
 model/migrations/0001_initial.py            |  0
 model/migrations/0002_auto_20141007_1601.py |  0
 model/migrations/0003_auto_20141008_1252.py |  0
 model/migrations/__init__.py                |  0
 model/models.py                             |  0
 notes.md                                    |  4 +++-
 ssl_backend/base.py                         | 12 +++++++++---
 14 files changed, 24 insertions(+), 4 deletions(-)
 delete mode 100644 ProcFile
 create mode 100644 Procfile
 mode change 100755 => 100644 api/v10/views.py
 mode change 100755 => 100644 api/v11/__init__.py
 mode change 100755 => 100644 api/v11/urls.py
 mode change 100755 => 100644 model/__init__.py
 mode change 100755 => 100644 model/migrations/0001_initial.py
 mode change 100755 => 100644 model/migrations/0002_auto_20141007_1601.py
 mode change 100755 => 100644 model/migrations/0003_auto_20141008_1252.py
 mode change 100755 => 100644 model/migrations/__init__.py
 mode change 100755 => 100644 model/models.py

diff --git a/ProcFile b/ProcFile
deleted file mode 100644
index e69de29..0000000
diff --git a/Procfile b/Procfile
new file mode 100644
index 0000000..0faa756
--- /dev/null
+++ b/Procfile
@@ -0,0 +1 @@
+web: python manage.py runserver "0.0.0.0:${PORT:-5000}"
\ No newline at end of file
diff --git a/api/v10/views.py b/api/v10/views.py
old mode 100755
new mode 100644
diff --git a/api/v11/__init__.py b/api/v11/__init__.py
old mode 100755
new mode 100644
diff --git a/api/v11/urls.py b/api/v11/urls.py
old mode 100755
new mode 100644
diff --git a/charting_library_charts/settings.py b/charting_library_charts/settings.py
index 04620f6..4e77e36 100644
--- a/charting_library_charts/settings.py
+++ b/charting_library_charts/settings.py
@@ -1,6 +1,7 @@
 # Django settings for charting_library_charts project.
 
 import os
+import pathlib
 
 DEBUG = False
 TEMPLATE_DEBUG = DEBUG
@@ -13,6 +14,8 @@ ADMINS = (
 
 MANAGERS = ADMINS
 
+base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent
+
 DATABASES = {
 	'default': {
 		'ENGINE': 'ssl_backend',
@@ -21,6 +24,14 @@ DATABASES = {
 		'PASSWORD': os.getenv('DB_PASSWORD', 'postgres'),
 		'HOST': os.getenv('DB_HOST', 'localhost'),
 		'PORT': int(os.getenv('DB_PORT', '5432')),
+
+
+		'OPTIONS': {
+            'sslmode': 'verify-ca',
+            'sslrootcert': base_path / "ssl" / "ca.pem",
+            'sslcert': base_path / "ssl" / "client.pem",
+            'sslkey': base_path / "ssl" / "client-key.pem",
+        },
 	}
 }
 
diff --git a/model/__init__.py b/model/__init__.py
old mode 100755
new mode 100644
diff --git a/model/migrations/0001_initial.py b/model/migrations/0001_initial.py
old mode 100755
new mode 100644
diff --git a/model/migrations/0002_auto_20141007_1601.py b/model/migrations/0002_auto_20141007_1601.py
old mode 100755
new mode 100644
diff --git a/model/migrations/0003_auto_20141008_1252.py b/model/migrations/0003_auto_20141008_1252.py
old mode 100755
new mode 100644
diff --git a/model/migrations/__init__.py b/model/migrations/__init__.py
old mode 100755
new mode 100644
diff --git a/model/models.py b/model/models.py
old mode 100755
new mode 100644
diff --git a/notes.md b/notes.md
index 9636435..f208a0f 100644
--- a/notes.md
+++ b/notes.md
@@ -2,4 +2,6 @@ Ran `ALTER ROLE tv_backend SET search_path TO tv_backend` to point tv_backend to
 
 The below are useful for checking migrations
 `python manage.py migrate --plan`
-`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
\ No newline at end of file
+`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
+
+vscode and heroku can handle multiline env vars - using \n in terminal though breaks the ssl files
\ No newline at end of file
diff --git a/ssl_backend/base.py b/ssl_backend/base.py
index 2259fd8..e2578a7 100644
--- a/ssl_backend/base.py
+++ b/ssl_backend/base.py
@@ -1,13 +1,14 @@
 from django.db.backends.postgresql import base
 import os
-
+import stat
+import pathlib
 
 def maybe_write_ssl_files():
     # Need to pass ssl keys to as filepaths - but they are stored as env variables
     # So write them from env vars to ssl dir
     # Only write if they don't already exist or if the keys in the files are different
 
-    base_path = os.path.dirname(os.path.abspath(os.environ.get('PGSSLKEY')))
+    base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent / "ssl"
 
     if not os.path.exists(base_path):
         os.mkdir(base_path)
@@ -29,7 +30,12 @@ def maybe_write_ssl_files():
         if write_file:
             with open(filepath, "w") as f:
                 f.write(os.environ[env_var])
-
+        
+        if env_var == "SSL_CLIENT_KEY_PEM":
+            try:
+                os.chmod(filepath, stat.S_IREAD | stat.S_IWRITE)
+            finally:
+                pass
 
 class DatabaseWrapper(base.DatabaseWrapper):
     def get_new_connection(self, conn_params):