feat: support SSL for Postgres connection in @codefresh-io/eventbus (#165)

* ci: bump required Node.js to 20

* feat: add `POSTGRES_SSL_ENABLE` env variable for `@codefresh-io/eventbus`

* ci: remove redundant `eslint` command

* build: bump `mongodb` package

* refactor: replace `node-uuid` with `node:crypto`

* ci: delete obsolete CI spec

* build: optimize package size

Author: masontikhonov

.npmignore

@@ -0,0 +1,2 @@
+__tests__/**/*
+**/*spec.js

.nvmrc

@@ -1 +1 @@
-v18.0.0
+v20

codefresh.yaml

@@ -1,5 +1,5 @@
-const { splitUriBySlash, getDbNameFromUri } = require('../helper');
 const { MongoMemoryServer } = require('mongodb-memory-server');
+const { splitUriBySlash, getDbNameFromUri } = require('../helper');
 const mongoClient = require('../mongo');
 
 /**

infra/__tests__/smoke_test.spec.js

@@ -1,5 +1,3 @@
-
-
 const _ = require('lodash');
 const path = require('path');
 const fs = require('fs');
@@ -15,8 +13,8 @@ function findAppRoot(dir = path.dirname(require.main.filename)) {
 }
 
 function getApproot() {
-    if ((process.env.NODE_ENV === 'test') &&
-        (_.includes(__dirname, 'node_modules'))) {
+    if ((process.env.NODE_ENV === 'test')
+        && (_.includes(__dirname, 'node_modules'))) {
         return path.resolve(__dirname).split('/node_modules')[0];
     }
     return findAppRoot();
@@ -52,12 +50,14 @@ base.eventbus = {
     serviceName: name,
 };
 
+/** @type {import('pg').PoolConfig} */
 base.postgres = {
     host: process.env.POSTGRES_HOST || APPLICATION_DOMAIN,
-    port: process.env.POSTGRES_PORT || 5432,
+    port: Number.parseInt(process.env.POSTGRES_PORT || '5432', 10),
     database: process.env.POSTGRES_DATABASE || 'postgres',
     user: process.env.POSTGRES_USER || 'postgres',
     password: process.env.POSTGRES_PASSWORD || 'postgres',
+    ssl: process.env.POSTGRES_SSL_ENABLE === 'true',
 };
 
 base.mongo = {
@@ -93,9 +93,9 @@ base.logger = {
                 });
             }
             // human readable format
-            return `${options.timestamp()} ${options.level.toUpperCase()} >> ` +
-                `${options.message || ''}` +
-                `${options.meta && Object.keys(options.meta).length ? ` << ${JSON.stringify(options.meta)}` : ''}`;
+            return `${options.timestamp()} ${options.level.toUpperCase()} >> `
+                + `${options.message || ''}`
+                + `${options.meta && Object.keys(options.meta).length ? ` << ${JSON.stringify(options.meta)}` : ''}`;
         },
     },
     basePath: null,

infra/config.js

@@ -11,16 +11,16 @@ function _encryptDecryptObjectValues(safeId, obj, keysToEncrypt = [], encrypt =
         return Promise.resolve(obj);
     }
     const pairs = _.chain(keysToEncrypt)
-        .map(k => _.has(obj, k) && _.assign({ key: k, value: _.get(obj, k) }))
+        .map((k) => _.has(obj, k) && _.assign({ key: k, value: _.get(obj, k) }))
         .compact()
         .value();
 
     const resObj = _.clone(obj);
 
     return safe.getOrCreateSafe(safeId)
         .then((safeObj) => {
-            const Promises = pairs.map(kv => _encryptDecryptValue(safeObj, kv.value, encrypt)
-                .then(res => _.set(resObj, kv.key, res)));
+            const Promises = pairs.map((kv) => _encryptDecryptValue(safeObj, kv.value, encrypt)
+                .then((res) => _.set(resObj, kv.key, res)));
             return Promise.all(Promises);
         })
         .then(() => resObj);
@@ -35,13 +35,13 @@ function decryptObjectValues(safeId, obj, keysToEncrypt) {
 }
 
 function replaceEncryptedValues(encryptedObject = {}, keys = [], replaceWith = '*****') {
-    return Promise.map(keys, k => _.has(encryptedObject, k) && _.set(encryptedObject, k, replaceWith))
+    return Promise.map(keys, (k) => _.has(encryptedObject, k) && _.set(encryptedObject, k, replaceWith))
         .then(() => encryptedObject);
 }
 
 module.exports = {
     encryptObjectValues,
     decryptObjectValues,
-    getSafe: safeId => safe.getOrCreateSafe(safeId),
+    getSafe: (safeId) => safe.getOrCreateSafe(safeId),
     replaceEncryptedValues,
 };

infra/encryption/index.js

@@ -1,8 +1,6 @@
-
-
+const { randomUUID } = require('node:crypto');
 const _ = require('lodash');
 const Promise = require('bluebird');
-const uuid = require('node-uuid');
 const crypto = require('crypto');
 
 const config = require('../config');
@@ -45,7 +43,7 @@ function getOrCreateSafe(safeId) {
 
             const newSafe = {
                 _id: safeId,
-                key: (new Buffer(uuid.v4())).toString('base64'), // eslint-disable-line
+                key: (Buffer.from(randomUUID())).toString('base64'), // eslint-disable-line
             };
             return collection.insertOne(newSafe)
                 .then(() => new Safe(newSafe))
@@ -113,7 +111,6 @@ Safe.prototype.write_crypto = function (plaintext) { // eslint-disable-line
     return deferred.promise;
 };
 
-
 Safe.prototype.read = Safe.prototype.read_crypto;
 Safe.prototype.write = Safe.prototype.write_crypto;
 

infra/encryption/safe.js

@@ -1,5 +1,3 @@
-
-
 const Promise = require('bluebird');
 const eventBus = require('@codefresh-io/eventbus');
 const monitor = require('@codefresh-io/cf-monitor');
@@ -39,6 +37,7 @@ class Eventbus {
                         database: this.config.postgres.database,
                         user: this.config.postgres.user,
                         password: this.config.postgres.password,
+                        ssl: this.config.postgres.ssl,
                     },
                     microServiceName: this.config.eventbus.serviceName,
                 });
@@ -59,7 +58,6 @@ class Eventbus {
             });
     }
 
-
     /**
      * stops the connection to eventbus
      * @returns {*}
@@ -119,5 +117,4 @@ class Eventbus {
     }
 }
 
-
 module.exports = new Eventbus();

infra/eventbus.js

@@ -1,4 +1,3 @@
-
 const Promise = require('bluebird');
 const express = require('express');
 const compression = require('compression');
@@ -122,9 +121,9 @@ class Express {
                             const statusCode = err.statusCode || 500;
                             // check if err object has overridden toString method
                             // before sending toString() response to prevent [object Object] responses
-                            const message = err.toString === Object.prototype.toString ?
-                                (err.message || 'Internal server error') :
-                                err.toString();
+                            const message = err.toString === Object.prototype.toString
+                                ? (err.message || 'Internal server error')
+                                : err.toString();
                             res.status(statusCode).send({ message });
                         });
                     });
@@ -154,10 +153,9 @@ class Express {
                 .then((ret) => {
                     res.send(ret);
                 })
-                .catch(err => next(err));
+                .catch((err) => next(err));
         };
     }
 }
 
-
 module.exports = new Express();

infra/express.js

@@ -8,5 +8,5 @@ const splitUriBySlash = (uri) => {
     };
 };
 
-const getDbNameFromUri = uri => splitUriBySlash(uri).dbName;
+const getDbNameFromUri = (uri) => splitUriBySlash(uri).dbName;
 module.exports = { splitUriBySlash, getDbNameFromUri };

infra/helper.js

@@ -1,18 +1,16 @@
-
-
 const monitor = require('@codefresh-io/cf-monitor');
 
 monitor.init();
 const Promise = require('bluebird'); // jshint ignore:line
+const cflogs = require('cf-logs');
+const { openapi } = require('@codefresh-io/cf-openapi');
 const config = require('./config');
 const eventbus = require('./eventbus');
 const mongo = require('./mongo');
 const processEvents = require('./process-events');
 const express = require('./express');
 const logging = require('./logging');
 const redis = require('./redis');
-const cflogs = require('cf-logs');
-const { openapi } = require('@codefresh-io/cf-openapi');
 const { publishInterface, subscribeInterface } = require('./openapi-events');
 
 let logger;
@@ -87,7 +85,7 @@ class Microservice {
                     openapi.events().setSubscribeInterface(subscribeInterface);
                 }
             })
-            .then(() => express.init(config, app => initFn(app, eventbus), opt))
+            .then(() => express.init(config, (app) => initFn(app, eventbus), opt))
             .then(() => {
                 logger.info('Initialization completed');
                 this.markAsReady();

infra/index.js

@@ -1,5 +1,3 @@
-
-
 const Promise = require('bluebird');
 const cflogs = require('cf-logs');
 const { name: serviceName } = require('./config');
@@ -31,5 +29,4 @@ class Logging {
     }
 }
 
-
 module.exports = new Logging();

infra/logging.js

@@ -33,7 +33,6 @@ class Mongo {
         logger.info('Mongo db initialized');
     }
 
-
     /**
      * stops the connection to mongo
      */

infra/mongo.js

@@ -1,15 +1,19 @@
 const eventbus = require('./eventbus');
 
-const publishInterface = (serviceName) => eventbus.publish('openapi.push', { // eslint-disable-line
-    aggregateId: serviceName,
-}, true, true);
+const publishInterface = (aggregateId) => {
+    eventbus.publish(
+        'openapi.push',
+        { aggregateId },
+        true,
+        true,
+    );
+};
 
 const subscribeInterface = (handler) => {
-    eventbus.subscribe('openapi.push', (data) => {
-        const serviceName = data.aggregateId;
-        return Promise.resolve()
-            .then(() => handler(serviceName));
-    });
+    eventbus.subscribe(
+        'openapi.push',
+        async (data) => handler(data.aggregateId),
+    );
 };
 
 module.exports = {

infra/openapi-events.js

@@ -1,5 +1,3 @@
-
-
 const EventEmitter = require('events');
 const Promise = require('bluebird');
 
@@ -36,5 +34,4 @@ class ProcessEvents extends EventEmitter {
     }
 }
 
-
 module.exports = new ProcessEvents();

infra/process-events.js

@@ -1,5 +1,3 @@
-
-
 const Promise = require('bluebird');
 const monitor = require('@codefresh-io/cf-monitor');
 const redis = require('redis');
@@ -24,14 +22,13 @@ class Redis {
             deferred.resolve();
         }, 30000);
 
-        this.client =
-            redis.createClient({
-                host: config.redis.url,
-                port: config.redis.port,
-                password: config.redis.password,
-                db: config.redis.db,
-                tls: config.redis.tls,
-            });
+        this.client = redis.createClient({
+            host: config.redis.url,
+            port: config.redis.port,
+            password: config.redis.password,
+            db: config.redis.db,
+            tls: config.redis.tls,
+        });
 
         this.client.on('ready', () => {
             logger.info('Redis client ready');
@@ -55,7 +52,6 @@ class Redis {
         return deferred.promise;
     }
 
-
     /**
      * stops the connection to redis
      * @returns {*}

infra/redis.js

@@ -36,7 +36,6 @@ const customJsonSchemaStringJoi = Joi.extend((joi) => ({ // eslint-disable-line
 }));
 Joi.jsonSchemaString = customJsonSchemaStringJoi.jsonSchemaString;
 
-
 function validateField(field, val, options = { optional: false }) {
     if (val === undefined && _.get(options, 'optional')) {
         return Promise.resolve();
@@ -50,8 +49,8 @@ function validateFields(partialObject, options) {
 }
 
 function validateWithContext(obj, context) {
-    return this.validate(Object.assign({}, obj, context))
-        .then(normalized => _.omit(normalized, Object.keys(context)));
+    return this.validate({ ...obj, ...context })
+        .then((normalized) => _.omit(normalized, Object.keys(context)));
 }
 
 module.exports = {