Lumber not allowing pass-through of dialectOptions for Sequelize
antoniojtorres opened this issue ยท 13 comments
This may be more of a feature request / limitation than a bug. Thanks in advance.
Expected behavior
Setting up ForestAdmin using lumber for the first time. Have a backend service in heroku using Heroku Postgres. When generating the lumber command and adding my database connection. Once that runs I expect lumber to run successfully.
Actual behavior
When running the command I received the error "SequelizeConnectionError: self signed certificate". This is because heroku postgres uses self-signed certificates for this database.
When specifying ssl as true, lumber-generate.js generates these options for Sequelize
{ logging: false, dialectOptions: { ssl: true } }
This isn't enough for my scenario.
The installation can be pushed through with
{ logging: false, dialectOptions: { ssl: true, rejectUnauthorized: false } }
This issue is not about what is right or wrong in terms on how to connect. What I am suggesting is providing the ability to have a pass-through for database specific flags so users can tackle their edge cases. The current implementation in lumber-generate has a very narrow set of options.
Failure Logs
? Does your database require a SSL connection? Yes
โ Connecting to your database
Cannot connect to the database due to the following error:
SequelizeConnectionError: self signed certificate
Context
Node 12.16.3
NPM 6.14.4
- Lumber Package Version: 3.6.4
- Database Dialect: PostgreSQL
- Database Version: 12.3
Thank you all for the wonderful code and product. Big fan.
PS: As you may have figured, when I launched the admin the cert validation error is also present there. I am stuck :(
Hi @antoniojtorres! Thank you for your feedback and this detailed explanation ๐ . I guess we should improve this, I opened an issue on our product board about this need.
Hi, I need this too !
Same, I can't use DigitalOcean managed DB because of this.
I cannot use Heroku managed DB myself because of this.
Thanks a lot ! You can test if this works with Heroku simply via their free Postgres add-ons
Related issue here: https://community.forestadmin.com/t/ssl-issues-with-forestadmin/837
(Side note: I'm working on a patch, I hope to release it this week).
Hi @antoniojtorres @djpate @snwfdhmp
We just released a new version of Lumber that adds a DATABASE_REJECT_UNAUTHORIZED
parameter in Lumber generated projects (it is set to false
by default to ease users onboarding). If you update Lumber to the latest version then start a new project, you should not be annoyed anymore with the SequelizeConnectionError: self-signed certificate message.
If you want to fix your actual project without re-running the install command, add this line to your .env
file:
DATABASE_REJECT_UNAUTHORIZED=false
Then edit models/index.js
(here):
- databaseOptions.dialectOptions.ssl = true;
+ if (process.env.DATABASE_REJECT_UNAUTHORIZED === false) {
+ databaseOptions.dialectOptions.ssl = { rejectUnauthorized: false };
+ } else {
+ databaseOptions.dialectOptions.ssl = true;
+ }
A quick note about the chosen implementation: I first created an implementation with a dialectOptions for Lumber, but after some discussion with other members of the team, we finally decided to implement a fix for this need only (the main argument is that we do not need to develop something heavy for problems that are not identified yet).
TL;DR: Issue fixed, update to latest Lumber version.
Thank you for your patience ๐ Let me know if you have any issue, I would be glad to help you!
@rap2hpoutre thanks a lot !
Hey, the fix doesn't work.
The environment variable DATABASE_REJECT_UNAUTHORIZED
doesn't automatically get parsed and converted to a boolean, so === false
doesn't work.
@bartjoyce Whoops. Thank you for spotting this, and sorry for the mess. A new PR is on its way!
@bartjoyce It has just been fixed thanks to your comment!
Could you try again with the latest version of lumber? (v3.7.2)
If you want to fix your actual project without re-running the install command, add this line to your .env
file:
DATABASE_REJECT_UNAUTHORIZED=false
Then edit models/index.js
(here):
- databaseOptions.dialectOptions.ssl = true;
+ const rejectUnauthorized = process.env.DATABASE_REJECT_UNAUTHORIZED;
+ if (rejectUnauthorized && (JSON.parse(rejectUnauthorized.toLowerCase()) === false)) {
+ databaseOptions.dialectOptions.ssl = { rejectUnauthorized: false };
+ } else {
+ databaseOptions.dialectOptions.ssl = true;
+ }
Let me know if it fixed your issue ๐
Feel free to re-open if you still have any issues.