Skip to content

Commit

Permalink
Support encrypted connections to MySQL/Maria and Postgres
Browse files Browse the repository at this point in the history
  • Loading branch information
acelaya committed Dec 18, 2024
1 parent 83570f5 commit 6c0ca3d
Showing 1 changed file with 19 additions and 10 deletions.
29 changes: 19 additions & 10 deletions config/autoload/entity-manager.global.php
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
$driver = EnvVars::DB_DRIVER->loadFromEnv();
$isMysqlCompatible = contains($driver, ['maria', 'mysql']);

$resolveDriver = static fn () => match ($driver) {
$doctrineDriver = match ($driver) {
'postgres' => 'pdo_pgsql',
'mssql' => 'pdo_sqlsrv',
default => 'pdo_mysql',
Expand All @@ -23,31 +23,40 @@
$value = $envVar->loadFromEnv();
return $value === null ? null : (string) $value;
};
$resolveCharset = static fn () => match ($driver) {
$charset = match ($driver) {
// This does not determine charsets or collations in tables or columns, but the charset used in the data
// flowing in the connection, so it has to match what has been set in the database.
'maria', 'mysql' => 'utf8mb4',
'postgres' => 'utf8',
default => null,
};

$resolveConnection = static fn () => match ($driver) {
$driverOptions = match ($driver) {
'mssql' => ['TrustServerCertificate' => 'true'],
'maria', 'mysql' => [
1007 => true, // PDO::MYSQL_ATTR_SSL_KEY: Use SSL if possible
1014 => false, // PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT: Trust any certificate
],
'postgres' => [
'sslmode' => 'allow', // Allow connections to both encrypted and non-encrypted servers
'sslrootcert' => '', // Allow any certificate
],
default => [],
};
$connection = match ($driver) {
null, 'sqlite' => [
'driver' => 'pdo_sqlite',
'path' => 'data/database.sqlite',
],
default => [
'driver' => $resolveDriver(),
'driver' => $doctrineDriver,
'dbname' => EnvVars::DB_NAME->loadFromEnv(),
'user' => $readCredentialAsString(EnvVars::DB_USER),
'password' => $readCredentialAsString(EnvVars::DB_PASSWORD),
'host' => EnvVars::DB_HOST->loadFromEnv(),
'port' => EnvVars::DB_PORT->loadFromEnv(),
'unix_socket' => $isMysqlCompatible ? EnvVars::DB_UNIX_SOCKET->loadFromEnv() : null,
'charset' => $resolveCharset(),
'driverOptions' => $driver !== 'mssql' ? [] : [
'TrustServerCertificate' => 'true',
],
'charset' => $charset,
'driverOptions' => $driverOptions,
],
};

Expand All @@ -63,7 +72,7 @@
Events::postFlush => [ShortUrlVisitsCountTracker::class, OrphanVisitsCountTracker::class],
],
],
'connection' => $resolveConnection(),
'connection' => $connection,
],

];
Expand Down

0 comments on commit 6c0ca3d

Please sign in to comment.