Merge pull request #77 from daeisbae/76-use-link-to-download-the-db-certificate

daeisbae · web-flow · commit 337b1a1a9f8f · 2025-01-01T14:23:27.000-08:00
Change DB certificate fetching using s3 link (#76)
diff --git a/.env.example b/.env.example
@@ -5,8 +5,13 @@ DB_NAME=
 DB_USER=
 DB_PASSWORD=
 # if you do not require any certificate, you can ignore this
-# if you want to need ssl connection with the DB, place the certificate inside the certificates folder then give the filename of the certificate
-DB_CERTIFICATE=
+# if you want to need ssl connection with the DB, upload the certificate to amazon s3 and provide link of the certificate
+DB_CERTIFICATE_LINK=
+DB_CERTIFICATE_REGION=
+DB_CERTIFICATE_BUCKET_NAME=
+DB_CERTIFICATE_FILE=
+DB_CERTIFICATE_ACCESS_KEY_ID=
+DB_CERTIFICATE_SECRET_ACCESS_KEY=
 
 # Github Token for increasing rate limit of reading the repository
 GITHUB_TOKEN=
diff --git a/certificates/ADD_YOUR_CERTIFICATE_HERE b/certificates/ADD_YOUR_CERTIFICATE_HERE
diff --git a/package.json b/package.json
@@ -13,6 +13,7 @@
     "db:delete": "node --experimental-specifier-resolution=node src/db/scripts/drop-db.js"
   },
   "dependencies": {
+    "@aws-sdk/client-s3": "^3.717.0",
     "@google/generative-ai": "^0.21.0",
     "@langchain/core": "^0.3.26",
     "@radix-ui/react-navigation-menu": "^1.2.3",
diff --git a/src/db/config/config.js b/src/db/config/config.js
@@ -1,11 +1,16 @@
-import dotenv from 'dotenv'
-dotenv.config()
+import dotenv from "dotenv";
+dotenv.config();
 
 export const DBConfig = {
-    host: process.env.DB_HOST,
-    port: parseInt(process.env.DB_PORT),
-    database: process.env.DB_NAME,
-    user: process.env.DB_USER,
-    password: process.env.DB_PASSWORD,
-    certificate: process.env.DB_CERTIFICATE,
-}
+	host: process.env.DB_HOST,
+	port: parseInt(process.env.DB_PORT),
+	database: process.env.DB_NAME,
+	user: process.env.DB_USER,
+	password: process.env.DB_PASSWORD,
+	certificateLink: process.env.DB_CERTIFICATE_LINK,
+	certificateRegion: process.env.DB_CERTIFICATE_REGION,
+	certificateBucket: process.env.DB_CERTIFICATE_BUCKET_NAME,
+	certificateFile: process.env.DB_CERTIFICATE_FILE,
+	certificateAccessKeyID: process.env.DB_CERTIFICATE_ACCESS_KEY_ID,
+	certificateSecretAccessKey: process.env.DB_CERTIFICATE_SECRET_ACCESS_KEY,
+};
diff --git a/src/db/scripts/init-db.js b/src/db/scripts/init-db.js
@@ -1,70 +1,96 @@
-import { createRequire } from 'module'
-const require = createRequire(import.meta.url)
-const { Client } = require('pg')
-const { readFile } = require('fs/promises')
-import { fileURLToPath } from 'url'
-import { dirname, join } from 'path'
-import { DBConfig } from '../config/config.js'
-import { promises as fs } from 'fs'
+import { createRequire } from "module";
+const require = createRequire(import.meta.url);
+const { Client } = require("pg");
+const { readFile } = require("fs/promises");
+import { fileURLToPath } from "url";
+import { dirname, join } from "path";
+import { DBConfig } from "../config/config.js";
+import { S3Client, GetObjectCommand } from "@aws-sdk/client-s3";
 
-const __dirname = dirname(fileURLToPath(import.meta.url))
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+async function downloadCertificate() {
+	const s3Client = new S3Client({
+		region: DBConfig.certificateRegion,
+		endpoint: DBConfig.certificateLink,
+		credentials: {
+			accessKeyId: DBConfig.certificateAccessKeyID,
+			secretAccessKey: DBConfig.certificateSecretAccessKey,
+		},
+	});
+
+	try {
+		const command = new GetObjectCommand({
+			Bucket: DBConfig.certificateBucket,
+			Key: DBConfig.certificateFile,
+		});
+
+		const response = await s3Client.send(command);
+		const certificateData = await response.Body.transformToString();
+		return certificateData;
+	} catch (error) {
+		console.error("Failed to download certificate:", error);
+		throw error;
+	}
+}
 
 async function initDatabase() {
-    console.log('Initializing database with config:', {
-        host: DBConfig.host,
-        port: DBConfig.port,
-        database: DBConfig.database,
-        user: DBConfig.user,
-    })
+	console.log("Initializing database with config:", {
+		host: DBConfig.host,
+		port: DBConfig.port,
+		database: DBConfig.database,
+		user: DBConfig.user,
+		password: DBConfig.password,
+		certificateLink: DBConfig.certificateLink,
+	});
 
-    const { certificate, config } = DBConfig
+	const { config, certificateLink } = DBConfig;
 
-    let pgClient = undefined
+	let pgClient = undefined;
 
-    if (!certificate) {
-        pgClient = new Client({
-            ...config,
-        })
-    } else {
-        pgClient = new Client({
-            ...config,
-            ssl: {
-                rejectUnauthorized: false,
-                ca: fs
-                    .readFile(process.cwd() + '/certificates/' + certificate)
-                    .toString(),
-                sslmode: 'require',
-            },
-        })
-    }
+	if (!certificateLink) {
+		pgClient = new Client({
+			...config,
+		});
+	} else {
+		const certificateData = await downloadCertificate();
+		pgClient = new Client({
+			...config,
+			ssl: {
+				rejectUnauthorized: false,
+				ca: certificateData,
+				sslmode: "require",
+			},
+		});
+	}
 
-    pgClient.connect()
+	await pgClient.connect();
 
-    await pgClient
-        .query(`CREATE DATABASE ${DBConfig.database};`)
-        .catch((error) => {
-            console.log('❌ Database is already created')
-        })
-        .then(() => {
-            console.log('✅ Database created successfully')
-        })
+	await pgClient
+		.query(`CREATE DATABASE ${DBConfig.database};`)
+		.catch((error) => {
+			console.log("❌ Database is already created");
+		})
+		.then(() => {
+			console.log("✅ Database created successfully");
+		});
 
-    const schemaPath = join(__dirname, '../migrations/create_tables.sql')
-    const sql = await readFile(schemaPath, 'utf8')
+	const schemaPath = join(__dirname, "../migrations/create_tables.sql");
+	const sql = await readFile(schemaPath, "utf8");
 
-    await pgClient.query(sql).catch((error) => {
-        console.error('❌ Schema loading failed:', error)
-    })
-    console.log('✅ Schema loaded successfully')
-    pgClient.end()
+	await pgClient.query(sql).catch((error) => {
+		console.error("❌ Schema loading failed:", error);
+	});
+	console.log("✅ Schema loaded successfully");
+	pgClient.end();
 }
 
 initDatabase()
-    .then(() => {
-        console.log('✅ Database initialization complete')
-        process.exit(0)
-    })
-    .catch((error) => {
-        console.error('❌ Fatal error:', error)
-        process.exit(1)
-    })
+	.then(() => {
+		console.log("✅ Database initialization complete");
+		process.exit(0);
+	})
+	.catch((error) => {
+		console.error("❌ Fatal error:", error);
+		process.exit(1);
+	});
diff --git a/src/db/utils/connector.ts b/src/db/utils/connector.ts
@@ -1,6 +1,31 @@
 import pg, { QueryResult, QueryResultRow } from 'pg'
 import { DBConfig } from '@/db/config/config'
-import { promises as fs } from 'fs'
+import { S3Client, GetObjectCommand } from '@aws-sdk/client-s3'
+
+async function downloadCertificate() {
+	const s3Client = new S3Client({
+		region: DBConfig.certificateRegion,
+		endpoint: DBConfig.certificateLink,
+        credentials: {
+            accessKeyId: DBConfig.certificateAccessKeyID || '',
+            secretAccessKey: DBConfig.certificateSecretAccessKey || '',
+        },
+	});
+
+	try {
+		const command = new GetObjectCommand({
+			Bucket: DBConfig.certificateBucket,
+			Key: DBConfig.certificateFile,
+		});
+
+		const response = await s3Client.send(command);
+		const certificateData = await response.Body!.transformToString();
+		return certificateData;
+	} catch (error) {
+		console.error("Failed to download certificate:", error);
+		throw error;
+	}
+}
 
 /**
  * Database connection handler (Instance pattern - Although not recommended due to thread issue, this is currently the best solution)
@@ -18,21 +43,31 @@ class DBConnector {
     private constructor() {
         const { Pool } = pg
         this.conn = false
-        const { certificate, ...config } = DBConfig
-        if (!certificate) {
+        const { ...config } = DBConfig
+        if (!DBConfig.certificateLink) {
             this.pool = new Pool(config)
             return
         }
-        this.pool = new Pool({
-            ...config,
-            ssl: {
-                rejectUnauthorized: false,
-                ca: fs
-                    .readFile(process.cwd() + '/certificates/' + certificate)
-                    .toString(),
-                sslmode: 'require',
-            },
-        })
+
+        try {
+            let certificate: string | undefined = undefined
+            downloadCertificate().then((cert) => {
+                certificate = cert
+            });
+            this.pool = new Pool({
+                ...config,
+                ssl: {
+                    rejectUnauthorized: false,
+                    ca: certificate,
+                },
+            })
+        } catch (error) {
+            console.log(
+                `Database connection failed: ${
+                    error instanceof Error ? error.message : 'Unknown error'
+                }`
+            )
+        }
     }
 
     /**
@@ -66,7 +101,7 @@ class DBConnector {
             this.conn = false
             return result
         } catch (error) {
-            this.conn && client.release()
+            this.conn && client!.release()
             console.log(
                 `Database query failed: ${
                     error instanceof Error ? error.message : 'Unknown error'
