feat: added ssl option for database

docker-compose.db.yml

@@ -18,7 +18,7 @@ services:
       POSTGRES_DB: db
     volumes:
       - pg:/var/lib/postgresql/data
-  
+
   app:
     image: ghcr.io/not-three/api:nightly
     <<: *restart

pnpm-workspace.yaml

@@ -0,0 +1,5 @@
+onlyBuiltDependencies:
+  - '@nestjs/core'
+  - '@scarf/scarf'
+  - sqlite3
+  - unrs-resolver

src/config/Database.ts

@@ -54,6 +54,20 @@ export class DatabaseConfig {
    */
   database = $str("DATABASE_NAME", "database");
 
+  /**
+   * Use SSL for the database connection.
+   * @default false
+   * @env DATABASE_SSL
+   */
+  ssl = $bool("DATABASE_SSL", false);
+
+  /**
+   * If SSL is used, should the certificate be verified.
+   * @default true
+   * @env DATABASE_SSL_REJECT_UNAUTHORIZED
+   */
+  sslRejectUnauthorized = $bool("DATABASE_SSL_REJECT_UNAUTHORIZED", true);
+
   /**
    * In the rare case that you need to downgrade the database, set this temporarily to true.
    * Be aware that this can lead to data loss. Make sure to have backups.

src/services/database.service.ts

@@ -49,9 +49,27 @@ export class DatabaseService
         const dir = resolve(join(process.cwd(), cfg.filename, ".."));
         if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
       }
+
+      const connection: any =
+        cfg.mode === "sqlite3"
+          ? { filename: cfg.filename }
+          : {
+              host: cfg.host,
+              port: cfg.port,
+              user: cfg.user,
+              password: cfg.password,
+              database: cfg.database,
+            };
+
+      if (cfg.mode !== "sqlite3" && cfg.ssl) {
+        connection.ssl = cfg.sslRejectUnauthorized
+          ? true
+          : { rejectUnauthorized: false };
+      }
+
       this.knex = knex({
         client: cfg.mode,
-        connection: cfg,
+        connection,
         useNullAsDefault: true,
       });
       await this.knex.raw("SELECT 1;");