Skip to content

[FEAT] Add SSL support #2892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[FEAT] Add SSL support #2892

wants to merge 6 commits into from

Conversation

@admirsaheta
Copy link
Contributor

@admirsaheta admirsaheta commented Oct 27, 2025

[Feature] Add SSL Certificate Configuration Support for PostgreSQL Session Storage

WHY are these changes introduced?

Fixes #2835

When using cloud-hosted PostgreSQL databases that require SSL connections (such as AWS RDS, Google Cloud SQL, or other managed database services), the current PostgreSQL session storage implementation cannot establish secure connections because it extracts individual URL components and loses SSL parameters. This prevents developers from using the session storage with production-grade database services that mandate SSL encryption.

The current implementation in postgres-connection.ts manually constructs a pg.Pool configuration object from URL parts, which doesn't preserve SSL connection parameters that might be present in the original database URL or needed for certificate-based authentication.

WHAT is this pull request doing?

This PR adds comprehensive SSL configuration support to the PostgreSQL session storage by:

  1. Enhanced Type Definitions: Added an optional ssl property to PostgreSQLSessionStorageOptions interface that accepts any valid node-postgres SSL configuration
  2. Updated Connection Layer: Modified PostgresConnection class to accept and apply SSL options to the connection pool
  3. Backward Compatibility: Ensured existing code continues to work without any changes
  4. Comprehensive Documentation: Added detailed examples for various SSL scenarios including AWS RDS setup
  5. Testing: Added unit tests to verify SSL configuration is properly handled

Key Features Added:

  • Support for all node-postgres SSL options (rejectUnauthorized, ca, cert, key, passphrase, servername)
  • AWS RDS ready configuration with CA certificate support
  • Client certificate authentication support
  • Environment-based SSL configuration patterns
  • Full TypeScript support with proper type definitions

Usage Examples:

// Basic SSL
new PostgreSQLSessionStorage(dbUrl, {
  ssl: { rejectUnauthorized: true }
});

// AWS RDS with CA certificate
new PostgreSQLSessionStorage(dbUrl, {
  ssl: {
    rejectUnauthorized: true,
    ca: fs.readFileSync('./rds-ca-2019-root.pem').toString()
  }
});

Type of change

  • Patch: Bug (non-breaking change which fixes an issue)
  • Minor: New feature (non-breaking change which adds functionality)
  • Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

  • I have used pnpm changeset to create a draft changelog entry (do NOT update the CHANGELOG.md files manually)
  • I have added/updated tests for this change
  • I have documented new APIs/updated the documentation for modified APIs (for public APIs)

@admirsaheta admirsaheta requested a review from a team as a code owner October 27, 2025 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

@shopify/shopify-app-session-storage-postgresql: Support for SSL Certificate Configuration in PostgreSQL Session Storage.

1 participant

@admirsaheta