Pass ssl params in databases options.

2023-04-08 22:30:05 -07:00 · 2023-04-08 22:30:05 -07:00 · 310dbad9d0
parent f3e7596fe4
commit 310dbad9d0
14 changed files with 24 additions and 4 deletions
--- a/0
+++ b/0
--- a/1
+++ b/1
@ -0,0 +1 @@
+web: python manage.py runserver "0.0.0.0:${PORT:-5000}"
--- a/api/v10/views.py
+++ b/api/v10/views.py
--- a/api/v11/init.py
+++ b/api/v11/init.py
--- a/api/v11/urls.py
+++ b/api/v11/urls.py
--- a/charting_library_charts/settings.py
+++ b/charting_library_charts/settings.py
@ -1,6 +1,7 @@
 # Django settings for charting_library_charts project.

 import os
+import pathlib

 DEBUG = False
 TEMPLATE_DEBUG = DEBUG
@ -13,6 +14,8 @@ ADMINS = (

 MANAGERS = ADMINS

+base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent
+
 DATABASES = {
 	'default': {
 		'ENGINE': 'ssl_backend',
@ -21,6 +24,14 @@ DATABASES = {
 		'PASSWORD': os.getenv('DB_PASSWORD', 'postgres'),
 		'HOST': os.getenv('DB_HOST', 'localhost'),
 		'PORT': int(os.getenv('DB_PORT', '5432')),
+
+
+		'OPTIONS': {
+            'sslmode': 'verify-ca',
+            'sslrootcert': base_path / "ssl" / "ca.pem",
+            'sslcert': base_path / "ssl" / "client.pem",
+            'sslkey': base_path / "ssl" / "client-key.pem",
+        },
 	}
 }

--- a/model/init.py
+++ b/model/init.py
--- a/model/migrations/0001_initial.py
+++ b/model/migrations/0001_initial.py
--- a/model/migrations/0002_auto_20141007_1601.py
+++ b/model/migrations/0002_auto_20141007_1601.py
--- a/model/migrations/0003_auto_20141008_1252.py
+++ b/model/migrations/0003_auto_20141008_1252.py
--- a/model/migrations/init.py
+++ b/model/migrations/init.py
--- a/model/models.py
+++ b/model/models.py
--- a/notes.md
+++ b/notes.md
@ -2,4 +2,6 @@ Ran `ALTER ROLE tv_backend SET search_path TO tv_backend` to point tv_backend to

 The below are useful for checking migrations
 `python manage.py migrate --plan`
-`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
+`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
+
+vscode and heroku can handle multiline env vars - using \n in terminal though breaks the ssl files
--- a/ssl_backend/base.py
+++ b/ssl_backend/base.py
@ -1,13 +1,14 @@
 from django.db.backends.postgresql import base
 import os
-
+import stat
+import pathlib

 def maybe_write_ssl_files():
    # Need to pass ssl keys to as filepaths - but they are stored as env variables
    # So write them from env vars to ssl dir
    # Only write if they don't already exist or if the keys in the files are different

-    base_path = os.path.dirname(os.path.abspath(os.environ.get('PGSSLKEY')))
+    base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent / "ssl"

    if not os.path.exists(base_path):
        os.mkdir(base_path)
@ -29,7 +30,12 @@ def maybe_write_ssl_files():
        if write_file:
            with open(filepath, "w") as f:
                f.write(os.environ[env_var])
-
+        
+        if env_var == "SSL_CLIENT_KEY_PEM":
+            try:
+                os.chmod(filepath, stat.S_IREAD | stat.S_IWRITE)
+            finally:
+                pass

 class DatabaseWrapper(base.DatabaseWrapper):
    def get_new_connection(self, conn_params):
				`@ -0,0 +1 @@`
				`web: python manage.py runserver "0.0.0.0:${PORT:-5000}"`