fix(postgres): respect sslmode from connection string#191
Merged
Conversation
…ing rejectUnauthorized:false The previous commit (841d023) hardcoded ssl: { rejectUnauthorized: false } for all connection strings, silently overriding any sslmode the caller set (e.g. sslmode=verify-full on an RDS instance). Parse the sslmode query parameter and map it to the correct pg ssl option: - disable → ssl: false - verify-ca/full → ssl: true (verify cert against system CA) - require/prefer/unset → ssl: { rejectUnauthorized: false } (TLS on, no cert check — safe for proxied connections) Applied in destination-postgres buildPoolConfig, state-postgres setupStateStore, createStateStore, and runMigrationsWithContent. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Committed-By-Agent: claude
…rate-openapi.sh --config SSL is now opt-in: connections without an explicit sslmode use ssl:false by default. Use sslmode=require for SSL without cert verification, or sslmode=verify-ca / verify-full for full verification. Also fixes generate-openapi.sh to pass --config .prettierrc when writing to a temp dir (--check mode), so prettier uses printWidth:100 from the project config instead of the default 80. This resolves persistent DRIFT detection on CI where the enum array was wrapped differently. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Committed-By-Agent: claude
tonyxiao
force-pushed
the
fix-postgres-tls-semantics
branch
from
b8542de to
d1bf372
Compare
matingathani
added a commit
to matingathani/stripe-sync-engine
that referenced
this pull request
Mar 30, 2026
The IF NOT EXISTS guards in several migration files checked pg_type by name only, without constraining by schema. If a type with the same name happened to exist in another schema (e.g. public), the check would pass and the migration would skip creating the stripe-schema enum, causing subsequent column definitions that reference it to fail. Joined pg_namespace in all affected checks so the guard is limited to the stripe schema: - 0003_prices.sql: pricing_type, pricing_tiers - 0004_subscriptions.sql: subscription_status - 0005_invoices.sql: invoice_status - 0024_subscription_schedules.sql: subscription_schedule_status Fixes stripe#191
kdhillon-stripe
approved these changes
Mar 30, 2026
Comment on lines
+7
to
+12
| function sslConfigFromConnectionString(connStr: string): ClientConfig['ssl'] { | ||
| try { | ||
| const sslmode = new URL(connStr).searchParams.get('sslmode') | ||
| if (sslmode === 'disable') return false | ||
| if (sslmode === 'verify-ca' || sslmode === 'verify-full') return true | ||
| if (sslmode === 'require') return { rejectUnauthorized: false } |
Collaborator
There was a problem hiding this comment.
@tonyxiao can we move this into packages/util-postgres to not duplicate it across files
4 tasks
Yostra
approved these changes
Mar 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
841d023(from #185) hardcodedssl: { rejectUnauthorized: false }for all Postgres connection strings. This silently overrides anysslmodethe caller set — e.g. a user withsslmode=verify-fullon an RDS instance would have cert verification quietly disabled.This PR resolves the
TODO: Preserve connection-string sslmode semanticsin all 4 places by parsing thesslmodequery parameter:sslmodessloptiondisablefalseverify-ca/verify-fulltrue(verify against system CA)require/prefer/ unset{ rejectUnauthorized: false }(TLS on, no cert check — safe for proxied connections)Applied in:
destination-postgresbuildPoolConfigstate-postgressetupStateStore,createStateStore,runMigrationsWithContentTest plan
cd packages/destination-postgres && pnpm test— newsslmode=disable,sslmode=verify-full,sslmode=requirecases passpnpm build— cleancc @kdhillon-stripe — this resolves the
TODOleft in 841d023. TherejectUnauthorized: falsedefault is preserved for unsetsslmode(correct for proxied connections), butverify-full/disableare now respected.🤖 Generated with Claude Code