chore: port browser-proxy to pg-gateway Web API #100
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
| SNICallback: (servername, callback) => { | ||
| debug('SNICallback', servername) | ||
| if (isValidServername(servername)) { | ||
| debug('SNICallback', 'valid') | ||
| callback(null, tls.createSecureContext(tlsOptions)) |
There was a problem hiding this comment.
in the end we don't need that, the default secureContext is used.
| const tcpSocket = tcpConnections.get(databaseId) | ||
| tcpSocket?.write(data) | ||
| const tcpConnection = tcpConnections.get(databaseId) | ||
| tcpConnection?.streamWriter?.write(data) |
There was a problem hiding this comment.
here is why I needed to add the streamWriter property in pg-gateway, because getting a new writer from duplex here wouldn't work as the stream.writable is locked by processData.
| tls: tlsOptions, | ||
| const connection = await fromNodeSocket(socket, { | ||
| tls: getTls, |
There was a problem hiding this comment.
now the TLS certificates should be correctly refreshed after some time. 😅
| await db.sql`rollback;`.catch() | ||
| // we clean the session state, see: https://www.pgbouncer.org/faq.html#how-to-use-prepared-statements-with-session-pooling | ||
| // we do this to avoid having old prepared statements in the session | ||
| await db.sql`discard all;` |
There was a problem hiding this comment.
Added after working on making pg_dump works. Running pg_dump twice showed that we kept old prepared statements in the session for the next connected client, which ended up erroring as the next pg_dump creates the same prepare statement.
There was a problem hiding this comment.
I suppose we should mention rollback + discard all in the pg-gateway pglite examples too? I imagine this would apply to any pg-gateway + PGlite stack.
| if (parameters.client_ip === '') { | ||
| setConnectedClientIp(null) | ||
| // we ensure we're not in a transaction block first | ||
| await db.sql`rollback;`.catch() |
There was a problem hiding this comment.
discard all can't be run in a transaction block and it seems like after a pg_dump we still have a transaction opened somehow. 🤔
| // cache the TLS certificate for 1 week | ||
| const cache = new ExpiryMap(1000 * 60 * 60 * 24 * 7) |
There was a problem hiding this comment.
What if this server restarted 1 day before renewal? I suppose the old cert is still good for another week, so this should be safe?
There was a problem hiding this comment.
I need to check but I think we renew the certificate monthly while the validity is 3 months. So in any cases with 2 week refresh we should be safe.
| if (parameters.client_ip === '') { | ||
| setConnectedClientIp(null) | ||
| // we ensure we're not in a transaction block first | ||
| await db.sql`rollback;`.catch() |
| await db.sql`rollback;`.catch() | ||
| // we clean the session state, see: https://www.pgbouncer.org/faq.html#how-to-use-prepared-statements-with-session-pooling | ||
| // we do this to avoid having old prepared statements in the session | ||
| await db.sql`discard all;` |
There was a problem hiding this comment.
I suppose we should mention rollback + discard all in the pg-gateway pglite examples too? I imagine this would apply to any pg-gateway + PGlite stack.
In this PR I'm porting browser-proxy to the upcoming version of pg-gateway rewritten with Web API support.
I'll hold until this PR is merged and published so I can update the dependency of pg-gateway here.