implement client tls certificates

fixes #300
sqlpage · May 4, 2024 · 969b2b9 · 969b2b9
1 parent 1cb8f94
commit 969b2b9
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,9 @@
  - Fix missing visual indication of selected item in form dropdown fields. 
    - ![screenshot](https://github.com/tabler/tabler/assets/552629/a575db2f-e210-4984-a786-5727687ac037)
  - fix autofocus on select fields with dropdown
+ - Added support for SSL client certificates in MySQL and Postgres
+    - SSL client certificates are commonly used to secure connections to databases in cloud environments. To connect to a database that requires a client certificate, you can now use the ssl_cert and ssl_key connection options in the connection string. For example: postgres://user@host/db?ssl_cert=/path/to/client-cert.pem&ssl_key=/path/to/client-key.pem
+
 
 ## 0.20.4 (2024-04-23)
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,7 +18,7 @@ panic = "abort"
 codegen-units = 2
 
 [dependencies]
-sqlx = { package = "sqlx-oldapi", version = "0.6.20", features = ["any", "runtime-actix-rustls", "sqlite", "postgres", "mysql", "mssql", "chrono", "json" ] }
+sqlx = { package = "sqlx-oldapi", version = "0.6.22", features = ["any", "runtime-actix-rustls", "sqlite", "postgres", "mysql", "mssql", "chrono", "json" ] }
 chrono = "0.4.23"
 actix-web = { version = "4", features = ["rustls-0_22", "cookies"] }
 percent-encoding = "2.2.0"

diff --git a/configuration.md b/configuration.md
@@ -44,6 +44,31 @@ environment variable to `sqlpage=debug` to get more detailed logs and see exactl
 
 If you have a `.env` file in the current directory or in any of its parent directories, SQLPage will automatically load environment variables from it.
 
+### Database connection strings
+
+The `database_url` parameter sets all the connection parameters for the database, including
+
+ - the database type (`sqlite`, `postgres`, `mysql`, `mssql`, etc.)
+ - the username and password
+ - the host (or ip adress) and port
+ - the database name
+ - any additional parameters, including
+    - `mode=rwc` for SQLite to allow read-write connections
+    - `sslmode=require` (or `disable`, `allow`, `verify-ca`, `verify-full`)
+     for PostgreSQL to enable or disable SSL
+    - `sslrootcert=/path/to/ca.pem` for PostgreSQL to specify the path to the CA certificate file
+    - `sslcert=/path/to/cert.pem` to specify the path to the TLS client certificate file and `sslkey=/path/to/key.pem` to specify the path to the TLS client key file for PostgreSQL and MySQL.
+    - `application_name=my_application` for PostgreSQL to set the application name, which can be useful for monitoring and logging on the database server side.
+    - `collation=utf8mb4_unicode_ci` for MySQL to set the collation of the connection
+
+All the parameters need to be properly [percent-encoded](https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding) if they contain special characters.
+
+A full connection string for a PostgreSQL database might look like this:
+
+```
+postgres://my_user:p%40ss@localhost:5432/my_database?sslmode=verify-ca&sslrootcert=/path/to/ca.pem&sslcert=/path/to/cert.pem&sslkey=/path/to/key.pem&application_name=my_application
+```
+
 ### Example `.env` file
 
 ```bash