NodeJS encrypted connection string to Postgres - node.js

I am learning NodeJS by building a JWT server. Basically I want to authorize users against credentials in a PostgreSQL database. I am considering node-postgres, passport, pg to connect with PostgreSQL but I have not found anyway to store my connection values encrypted. Ideally I would store them in a properties file so I can change them per environment.
Most examples I see do something like:
var pg = require('pg');
var conString = "postgres://YourUserName:YourPassword#localhost:5432/YourDatabase";
Can someone help show me how to encrypt and use my credentials so I don't have to hard code the plain values in my source?

There seem to exist npm packages for this already. See https://www.npmjs.com/package/secure-conf. Seems to fulfill your needs.
Please note, that you should also secure your Connection to the DB using SSL. See SSL for PostgreSQL connection nodejs for a Solution.

This should help.
if you use sequelize to connect postgres
const sequelize = new Sequelize("DB", usrname, password, {
host: "/var/run/postgresql",
dialect: "postgres",
});
NB: get the host string from your pgsl db might be different //

Related

Configuring knex database connection uisng an access key

Well I recently started using knex for my database connectivity for my nodejs project. Here's the following code:
var knex = require('knex')({
client: 'mysql',
connection: {
'host':'localhost',
'port':'3306',
'user':'root',
'password':'',
'database':'db_sample'
}
});
So what I need is, I want to add an access key as well in my Database configuration. I just wanted to know if its possible to do it. If yes, please do tell me how. Thank you

Heroku Postgres add-on connection string for Nodejs app

I have a problem deploying a Nodejs app with a Postgresql database. The database comes from Heroku itself (Heroku Postgres add-on, hobby-dev). My app refused to connect to the database.
I found where the problem came from but I can't find a clean solution. And I think I could have misunderstood something (I'm new to Node and Heroku).
Heroku automatically gives me an environment variable DATABASE_CONFIG that includes the port:
postgres://username:password#hostname:port/databasename
Then, to connect with pg in my app, I use process.env.DATABASE_CONFIG as a connection string. I do something like:
const client = new Client({
connectionString: connectionString,
})
client.connect()
This fails to connect.
But if instead of using this environment variable, I cheat and change it, removing the port number from this connection string, it works.
I don't know why but the problem is that Heroku gives you this DATABASE_URL with the port included and you can't change it.
Did I do something wrong? Is there a clean solution to avoid that?
(because what I did is ugly as I hard-coded the DATABASE_CONFIG without the port directly in my code)
Thanks for your help!
First off, I would avoid using new Client() as this can lead to your connection being bottlenecked. Instead, use connection pooling. You can read a more indepth answer into why you want to do that here.
As for you direct issue, personally I have had trouble connecting to heroku postgres databases in the past, but here is a (basic) typical setup that works for me 99% of the time:
let pg = require('pg');
if (process.env.DATABASE_URL) {
pg.defaults.ssl = true;
}
// include an OR statement if you switch between a local dev db and
// a remote heroku environment
let connString = process.env.DATABASE_URL || 'postgresql://postgres:password#localhost:localpostgresport/yourlocaldbname';
const { Pool } = require('pg');
const pool = new Pool({
connectionString : connString
});
My first guess would be that it may have to do with ssl not being enabled. I know that has cause me problems in the past. Secondly, you want to make sure that you uses the process.env.DATABASE_URL, as environment variable should be set as the postgres connection string by Heroku.

node express postgres - why and how to connect to database using pg module?

I am super new to node express and postgres and wondering the following:
const pg=require('pg').native
const client=new pg.Clirnt('postgres ...')
what is const?
pg is used to create a client to connect to the Postgres database-correct?
If so
var db = new Sequelize('postgres://localhost:5432/mydb')
would work too or would I just have created a database without connecting it?
Why exactly do I need to connect at all-to do what?
Thanks a lot!
const is constant in javascript which was introduced in ES6 specification.
node-postgres is a client for PostgreSQL.
Sequelize is using node-postgres for working with PostgreSQL database, so yes, in the nutshell, it will act like node-postgres.
Imagine the warehouse, that's your database, where you have different shelves, that's your tables, to take or put different items into warehouse you need workers that will do your instructions like - INSERT someitem INTO items_shelf;. So worker is the client like Sequelize or node-postgres. The important part, warehouse should be open, otherwise, workers couldn't access to it, so your database should be turned on.
Hope I'm explained understandable enough.
what is const?
TLDR; variables that can't be re-assigned. scoped the same way as var. Part of es6.
pg is used to create a client to connect to the postgres database?
yes, note you need to do npm install --save pg as well as npm install --save sequelize. the save flag adds the packages to the package.json file for your convenience.
would I just have created a database without connecting it?
That bit of code should instantiate a connector - you haven't modified the database, and you also don't really know if the connection works yet.
why exactly do I need to connect at all?
The pg library looks to use a connection pool; this means you set it up once, and then you use it repeatedly as desired and it handles the connections for you. You connect now so you can run queries against the database later.
This snippet of code connects to a postgres instance running locally on my machine, and tests that it can connect - per the docs
const Sequelize = require('sequelize');
var sequelize = new Sequelize('postgres://localhost:5432/postgres');
sequelize.authenticate().then(() => {
console.log('yay');
}).catch((e) => {
console.log('nooo', e);
});

How to connect MongoDB to Openshift?

I have a NodeJS Express app that uses Mongoose for MongoDB. I'm confused as to how to connect it to the OpenShift database. For development, I'm connecting to a local database, which works fine. Here's what I have:
//====== MONGODB SETUP ======
mongo_url = process.env.OPENSHIFT_MONGODB_DB_HOST+":"+parseInt(process.env.OPENSHIFT_MONGODB_DB_PORT);
if(app.dev){
mongo_url = "mongodb://localhost:27017/my-db";
}
app.modules.mongoose.connect(mongo_url);
Any help would be great!
You need more than just host and port. You have to provide username and password.
A simpler way for it is to use:
mongo_url = process.env.OPENSHIFT_MONGODB_DB_URL;
OPENSHIFT_MONGODB_DB_URL has username and password too.
You have to provide username and password and the database name along with host and port.
So you can try appending OPENSHIFT_APP_NAME to the OPENSHIFT_MONGODB_DB_URL.
mongo_url = process.env.OPENSHIFT_MONGODB_DB_URL+process.env.OPENSHIFT_APP_NAME;
OPENSHIFT_MONGODB_DB_URL has the below format:
(e.g. mongodb://<username>:<password>#<hostname>:<port>/)

In nodejs with MySQL

I am Using Nodejs with MySQL.
But problem is that My MYSQL Connection Password Able to see in browser, With this any user get my my SQL username and Password.
Is it possible no one can see my MySQL Connection permanent as its is a server side.
Can any one help me in this.
Do not send you password to client but store it in a variable inside your server-side script. On a request, use it to access database and send only the result of the operation.
If you show your code you might get a more detailed answer then this...
var connection = mysql.createConnection({
host : 'host',
user : 'dbuser',
password : "pword",
database : 'database',
});
connection.connect();
connection.query(etc etc etc)
for full example see mysql module in node.js not works in my case
or another way is to save the configuration and password details in either an env file or other file (or even sqlite db file and load it on startup/restart of your script

Resources