From 67f68e42d72faa61521029b6a5ac9ba239044bbf Mon Sep 17 00:00:00 2001 From: David Grimbichler Date: Tue, 14 May 2024 09:10:10 +0200 Subject: [PATCH] Add SSL support for database connection This update adds SSL support for the database connection in main.js and introduces new form fields in main.html to handle SSL-related configurations like CA-Certificate, Cert, and Key. It also includes error handling for failed certificate reads. It enhances security by enabling encrypted connections to databases using certificates. --- CHANGELOG.md | 7 ++++++- src/main.html | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++- src/main.js | 36 ++++++++++++++++++++++++++++++++++- 3 files changed, 92 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 741cf83..7a7ba10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # CHANGELOG +## Unreleased + +- 🔐 Add new ssl options for securing connections with certificates + + ## 1.0.5 (2021-01-25) - 🐞 Fix an issue where msg.payload wasn't checked well (see #3) @@ -24,4 +29,4 @@ ## 1.0.0 (2020-05-11) -- 🎉 First version \ No newline at end of file +- 🎉 First version diff --git a/src/main.html b/src/main.html index 5f491ef..5ed3453 100644 --- a/src/main.html +++ b/src/main.html @@ -12,6 +12,25 @@ +
+ + + +
+
+ + +
+
+ + +
+
+ + +
@@ -49,6 +68,22 @@ value: true, required: true }, + rejectUnauthorized: { + value: true, + required: true + }, + caCertificate: { + value: "", + required: false + }, + cert: { + value: "", + required: false + }, + key: { + value: "", + required: false + }, database: { value: "", required: true @@ -65,6 +100,21 @@ // Note: label (and probably labelStyle) have to be a classical function (not an arrow function) label: function () { return this.name || this.database + }, + oneditprepare: function () { + function toggleTlsFields(show) { + $("#node-config-input-caCertificate").closest('div').toggle(show); + $("#node-config-input-cert").closest('div').toggle(show); + $("#node-config-input-key").closest('div').toggle(show); + $("#node-config-input-rejectUnauthorized").closest('div').toggle(show); + } + + const tlsCheckbox = $("#node-config-input-tls"); + tlsCheckbox.on('change', function () { + toggleTlsFields(this.checked); + }); + + toggleTlsFields(tlsCheckbox.prop('checked')); } }); @@ -162,4 +212,4 @@

References

return this.name ? 'node_label_italic' : '' } }); - \ No newline at end of file + diff --git a/src/main.js b/src/main.js index bfb72f7..31f24cc 100644 --- a/src/main.js +++ b/src/main.js @@ -1,3 +1,5 @@ +const fs = require('fs'); + module.exports = (RED) => { 'use strict'; @@ -39,6 +41,38 @@ module.exports = (RED) => { return; } + let sslOptions; + if (config.tls) { + sslOptions = {}; + if (config.caCertificate) { + try { + sslOptions.ca = fs.readFileSync(config.caCertificate); + } catch (err) { + this.error(`Unable to read CA-Certificate: ${err}`); + return; + } + } + if (config.cert) { + try { + sslOptions.ca = fs.readFileSync(config.cert) + } catch (err) { + this.error(`Unable to read cert: ${err}`); + return; + } + } + if (config.key) { + try { + sslOptions.ca = fs.readFileSync(config.key) + } catch (err) { + this.error(`Unable to read key: ${err}`); + return; + } + } + sslOptions.rejectUnauthorized = config.rejectUnauthorized; + } else { + sslOptions = false; + } + // Note: the connection is not done here this.pool = mysql.createPool({ host: config.host, @@ -50,7 +84,7 @@ module.exports = (RED) => { connectionLimit: 5, queueLimit: 0, connectTimeout: 1000, - ssl: config.tls ? {} : false, + ssl: sslOptions, // See https://www.npmjs.com/package/mysql#custom-format queryFormat: (query, values) => {