ssl configs for mysql (#532)

* ssl configs for mysql

* docker file revert

* updated cert file

* updated cert file

* updated mysql version

* updated mysql version

* update docker file

* fix ssl certificate issue

* update docker file

* update docker file

* update docker file

* update docker file

* update docker file

* update docker file

* lint

* sh256 certficates

* sh256 certficates

* updated readme

Co-authored-by: alphmth <>

docker-compose.yaml

@@ -19,6 +19,28 @@ services:
       MYSQL_ALLOW_EMPTY_PASSWORD: 1
       MYSQL_DATABASE: keyv_test
       MYSQL_USER: mysql
+  keyv_mysql_1:
+        image: "mysql/mysql-server:8.0.17"
+        command: [ "mysqld",
+                    "--character-set-server=utf8mb4",
+                    "--collation-server=utf8mb4_unicode_ci",
+                    "--require_secure_transport=ON",
+                    "--bind-address=0.0.0.0",
+                    "--ssl-ca=/etc/certs/ca.pem",
+                    "--ssl-cert=/etc/certs/server-cert.pem",
+                    "--ssl-key=/etc/certs/server-key.pem",
+                    "--default_authentication_plugin=mysql_native_password" ]
+        ports:
+          - "3307:3306"
+        volumes:
+          - type: bind
+            source: ./packages/mysql/test/certs
+            target: /etc/certs/
+        restart: always
+        environment:
+          MYSQL_ALLOW_EMPTY_PASSWORD: 1
+          MYSQL_DATABASE: keyv_test
+          MYSQL_ROOT_HOST: '%'
   keyv_redis:
     image: redis:latest
     environment:

packages/mysql/README.md

@@ -35,6 +35,26 @@ const keyv = new Keyv('mysql://user:pass@localhost:3306/dbname', {
 });
 ```
 
+## SSL
+
+```
+const fs = require('fs');
+const path = require('path');
+const KeyvMysql = require('@keyv/mysql');
+
+const options = {
+	ssl: {
+		rejectUnauthorized: false,
+		ca: fs.readFileSync(path.join(__dirname, '/certs/ca.pem')).toString(),
+		key: fs.readFileSync(path.join(__dirname, '/certs/client-key.pem')).toString(),
+		cert: fs.readFileSync(path.join(__dirname, '/certs/client-cert.pem')).toString(),
+	},
+};
+
+const keyv = new KeyvMysql({uri, ...options});
+
+```
+
 **Note:** Some MySQL/MariaDB installations won't allow a key size longer than 767 bytes. If you get an error on table creation try reducing `keySize` to 191 or lower. [#5](https://github.com/jaredwray/keyv-sql/issues/5)
 
 ## License

packages/mysql/src/index.js

@@ -4,6 +4,8 @@ const EventEmitter = require('events');
 const mysql = require('mysql2/promise');
 const {pool, endPool} = require('./pool.js');
 
+const keyvMysqlKeys = new Set(['uri', 'dialect', 'connect']);
+
 class KeyvMysql extends EventEmitter {
 	constructor(options) {
 		super();
@@ -15,8 +17,14 @@ class KeyvMysql extends EventEmitter {
 		options = {dialect: 'mysql',
 			uri: 'mysql://localhost', ...options};
 
+		const mysqlOptions = Object.fromEntries(
+			Object.entries(options).filter(
+				([k]) => !keyvMysqlKeys.has(k),
+			),
+		);
+
 		options.connect = () => Promise.resolve()
-			.then(() => pool(options.uri))
+			.then(() => pool(options.uri, mysqlOptions))
 			.then(connection => sql => connection.execute(sql)
 				.then(data => data[0]));
 

packages/mysql/src/pool.js

@@ -3,22 +3,25 @@ const mysql = require('mysql2');
 let pool;
 let globalUri;
 
-const pools = uri => {
+const pools = (uri, options = {}) => {
 	if (globalUri !== uri) {
 		pool = undefined;
 		globalUri = uri;
 	}
 
-	pool = pool || mysql.createPool(uri);
+	pool = pool || mysql.createPool({uri, ...options});
 	return pool.promise();
 };
 
 const endPool = () => {
-	pool.end();
+	if (pool) {
+		pool.end();
+	}
+
 	globalUri = undefined;
 };
 
 module.exports = {
-	pool: uri => pools(uri),
+	pool: (uri, options) => pools(uri, options),
 	endPool,
 };

packages/mysql/test/certs/ca.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE1DCCArwCCQDV/5eP+QZlaTANBgkqhkiG9w0BAQsFADAsMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCTnkxEDAOBgNVBAMMB2NhLWNlcnQwHhcNMjIxMDMxMDg0MDI3
+WhcNMzIwOTA4MDg0MDI3WjAsMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTnkxEDAO
+BgNVBAMMB2NhLWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDu
+6goy/YztHKYb+HLOxvg0lHOnoCASLeGdj19B9NYqe2JHm7yUaQGavHqUA1oAZ/Ok
+7VV90bVcy5IvvI9tvOUWNfTG29TURVYFENTOMn0Eh1mqzihSHXxmOWMFteiZGyeB
+ctfyJCfUkhkwKrGyLX5+Nf5CbMDxnLQ+yctq66O6oIe3PgNOsAj4jF5tecO5xCj2
+AI25bDaRm5DVVLlnlTvCRWJloacoNJWmTa44x7FKVR1gNpKWdP1Eh8Dz/BCqciHC
+1llv3TJ9VkaZyQwEni1ug5Q5f/9HCyiagwZfft5TqgRN+4+giA5zd28ZDAtNDVqy
+OdfGiHUOY9wH1sdd7ju4OhoJZ80UqumblRTEXWHp44nxt+44RUxnhJdKdkZhrhLJ
+KbTHI9YGnaIyCKEVW2ub5N+wh+yjqmV7vANxwBVzYuGAncCJNEGm16rYsqhktJY4
++J4R1/RvAj3/ppPVDRkK8zEtgC0Ws74lk7SRyvUcYkif6Za9cwG5VUxyxnvR3CR/
+rhK8CpmOjHOsOFT8BjjOjO9guNqjcGQQyHUxSMndj7uC7sgHIzkSY9+BB7mtBzXa
+aW9wCU4umzu333LLbtZCiXYToT506H7BOAqpOC+PWNyQiYS6zhLSQyXvTYWbAzt3
+EjT9NxCQftWvFGz7qA34CtS9fdaencqxQZkVugYRHQIDAQABMA0GCSqGSIb3DQEB
+CwUAA4ICAQBvZ9umeolq9zuGrXWaU21qN0tTSzONkle/yWsZY7kwhETmA2znjaR8
+7YFKxRfVtULcYmjy40ZHhyPgPbCYTmhB0PgpiXNoMavRin0ApohOCC+MCfE38Lea
+W1sHAzOuUq9PKrz3nunXyjsA/3wsrQGYzdhVX6ARrp8ghBTEpKr0nQOkoNaQbctg
+3Ot2v1mpAeXkWh7Rb1hwdEHicXcwvOPxXrDxv/glLfxe4TYVaN9JgL7tR9MNaKM4
+eRtLX4C62DVI1IuMsAP4B3zXWF6BviIvZd8iAlpE5hWV/aoyZ5ZB62ifHdOpypb4
+KFeMlS+OExGa9SObPKjmhP6H97du6Tbk+o80qd7YdG7f37KiCUmuL9x8oc1cC1/L
+Vu72mQUWPjt2dy7Pp2mqEklrcznnMPQGFEhpthnsZkGkrqGL/FXn+xpzCmpkDTfV
+p2yOSWDbMJ1PKzDYWjslD5dK4ktOZz9Ce41OThDqHUKRy7wWEpFlOuP6nwX089Od
+C+RtTNsO+0zCNqElMqLOQ6dPf9RuwnvJ0kkgUmi25jKvKPtTH4KZk2mezCJlTw+R
+RbLpGTRZGpok+QfEB9EhnhXyvN10SfLMDpdtqAzvQ7y+FOojCZRF9JGeU6C1YSM0
+lAh35usiQrF2Pshvdfht4gSop2K4nJX87YaTlbhKVm1CaZGwp9mVWA==
+-----END CERTIFICATE-----

packages/mysql/test/certs/client-cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCAbgCAQEwDQYJKoZIhvcNAQELBQAwLDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk55MRAwDgYDVQQDDAdjYS1jZXJ0MB4XDTIyMTAzMTA4NDMxOVoXDTMyMDkw
+ODA4NDMxOVowMDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk55MRQwEgYDVQQDDAtj
+bGllbnQtY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkOoZ4m
+OYWDXmx7vlju0tLozQt70P5NtVfRnmkPkty+sB5BYrT0bf5A1ZxQDJgC5X6u5gqz
+SdwJp7/4xMPJF63vzIlqmgfvxvHfEPZcVz1zkx/mLr4m+EsMGXQ7OCHtL96+kXvb
+Qt53IxCpL62M8iWembdfF1qwoIfuH/RmoaF/SBa3HvOQlU/df5tUuWtjz3R9k9ni
+X5sKRoem46HlBTTJsRJIyYv6x9H0Y3l/A7VzzdBB+qVEmaoCqFY73Oy/S1UZcHyI
+0mDpXmKNpP4wB7HowePsCbQ8KbCxTyxWk5Fg+ssXI4QcEsx82hFT4J9MXJLNCaYo
+/f3MdKJrlLxA7dkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAxFqK9EST7tBXnRCW
+KJ5HN90utXQKlptJGLwZtofSfGcTTLw8nDrce636Mdq20GpZUuB9Ri/lo146oYOX
+Zkdot+dxdJatXc2MH5SSecH/P1d57vU7kQnESpQZ1gq3uHQxGUGD/NPvGQ4jGZSC
+RZdDbmGHoCF1OjEF7ZsELTGGGiuGaIPvGGPlEn1hCnmGGXx1T4GT4p236F7zgFh7
+QGKLYTbwRL4dXJqVyTq/x6tWEK35uQswRxNqaHAWmQ//T8h/+jCzyFcTOgm/gKkT
+WXPtiVjDc/2RYCjkLxAwdcAglh2MtXXPfOP5ZfbYQ8t2Ok6DkSodpYHa1EMqCj/I
+vDNcxA+3SV0No9zJW0MBgUHtV0WE7Fx8Cm3XioYg3iYunq0OrwwvNvL4Yl3JGsjH
+fgZyBQWSe1RL86BttSae/lisM1308TiXEG01hp57bNzfQSHHJm9B/o2caNkPwAcV
+YdyKY3+JLxZiUCSOfP9ChtO8EWTbBJtbMXUfKWQLA8zW5onegWXTjIPukr4vwzLU
+6cXGFcWPKWX6PiU7WS7t3dGRvw1aHEuElIqkEuYLSsaXpLwDHlekzpFRqVWGiU3q
+27eUZnxYi6CBUuGzmNlYmFymaen7ghnKlJJw3iVp6LK7zXQKU5CWie6hg3/zZjyC
+L1/3njEtThz3d1AKsKfUvbUDw3o=
+-----END CERTIFICATE-----

packages/mysql/test/certs/client-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAyQ6hniY5hYNebHu+WO7S0ujNC3vQ/k21V9GeaQ+S3L6wHkFi
+tPRt/kDVnFAMmALlfq7mCrNJ3Amnv/jEw8kXre/MiWqaB+/G8d8Q9lxXPXOTH+Yu
+vib4SwwZdDs4Ie0v3r6Re9tC3ncjEKkvrYzyJZ6Zt18XWrCgh+4f9GahoX9IFrce
+85CVT91/m1S5a2PPdH2T2eJfmwpGh6bjoeUFNMmxEkjJi/rH0fRjeX8DtXPN0EH6
+pUSZqgKoVjvc7L9LVRlwfIjSYOleYo2k/jAHsejB4+wJtDwpsLFPLFaTkWD6yxcj
+hBwSzHzaEVPgn0xcks0Jpij9/cx0omuUvEDt2QIDAQABAoIBACctJKzOQfMUD/gP
+fJ2Tm5zhI+MS8zw6JBXCkJ1kHXfJ6ENc9kDQSAZ816KnrmyIU/OFXOnE2aV4dClh
+7eVAb87CpRY5oV3eiONkVcfLYmxk8swKbB09NrBY4TTWvS9PKj6631pE9RioGjsK
+3HFyv1Q5PTaP3tsbA4y5B5z1ypTPAYr2AXvDKwTflco0lUyar+cqF3g2jcFniQwj
+0uyo9uGl8gruunPhxAZa4xEu61PfUziqHI7Sr9FufUyMT/+NRBd1dTx+PhHnI4zN
+D85Fa0ap8aYk8YS2plc2qvIjEJlcIU1hzBvufXGPs/Cs0XRkhjp3Bq9YbZEaNVga
+0cXFbQECgYEA+XZ+Aklv8FksQ6KfAB8Qji6aSk53oH5M91Yd3RbAmf56PdgICjzn
+1PUOmOyYB1eKdiLHrrqVURX2KbzhwoRXy2Kjqu64Nxf3toXkkFvKzoGc4ARS6jfl
+t1izOU1Q+vkqWaX+AqiHo9lX6hJdPC1VC9v98pg4h565oe2oJJiqWIkCgYEAzlNp
+fxmTYK7Krj5YeaUseVPM8TYi+pzQWE0kfRd5L8fVuyN2zml911DfBuPyUnkKwkmo
+OECAPYzTYtVM3HciLzkx4PBqmKLFM9TKL6GHZH0NShNtgexbW2mnW+Yyzqw+6mgI
+dZ8vsJUkGwJbMghmKaSKgZ3k+itv30oR8cqD9tECgYAEC9b5ZIWLSXb9VdrsXpSf
+KcRY5jLsiH/pFx1+44qWNNl4vVNMDzbXbm4hLt08aUAWsHO6ss4PNaL7hFPJGupt
+oxjygdK9Ggdrj3pomQSOGu4XeBp8MBHqymaFzGo+1+HG+HlJQ8CHeNQDOO8INdgG
+TDgvQibQlFOAe+FZTpycuQKBgBvpiOIa8acovl6oLIv4XnXjclxHeJ/yyvTHKuKJ
+ZGmkXTO97nqqJs4UMLfb6pJhsaTrFgjWIQMyo/5A4O8KZuOAl1DY9XLEwmzqopej
+AJAFouCclDn5YbqSJoP2NnVjM/e+LzbKXEdFRecpgHDaVgfYLKywUaPOcIoCmT7e
+qM+hAoGAX56H5QvDj6HcOjWhQ+/nH7bjvaoOylLwqWU760qLIF/8tt6BgkqxR8Rh
+5wtVFu004CsUCHkMqTR4pOi/HqIHz7Hto9cwo2cl7AFkU8fO8mt2N7vLrjEeYgm4
+Jb1MVCjeMk9I7JyeXRKPW67008jhWfHbz5ckjMxID3c/ROpP5bA=
+-----END RSA PRIVATE KEY-----

packages/mysql/test/certs/server-cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0DCCAbgCAQEwDQYJKoZIhvcNAQELBQAwLDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk55MRAwDgYDVQQDDAdjYS1jZXJ0MB4XDTIyMTAzMTA4NDIzNVoXDTMyMDkw
+ODA4NDIzNVowMDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk55MRQwEgYDVQQDDAtz
+ZXJ2ZXItY2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPpAmWlK
+g7jAGN2k82RWZf9NaGapC1WxSQ2TyWgHPZYNbadYxGYXfdtqTKqin8+kbKiWxU2p
+fKuzD60JyIqxytiEDeIhyL+I+8dMqA+wJpYEGvGoDTOZcU6sm5/jCLmJVDR6W52/
+i3eBRzADRvrBuCCe9dVCMh/DVRpGSIZsrZwePankLSOLJq5MyBUj+Z8ZuQaMrUbk
+Dg9kLaCmhCAdMuOhLUm/0TkR56B98/8CKz4RVTi0KQq02BEaGUUwjaQlOgrPe8he
+7Kl1dW8MyYbV/cuxzmD7o2wDOmSbfU6a7b22N+0Ko1FJIQEhqbGY2tGkrA40YW3L
+qeenirJpCN9GRJkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAC1xeV+Po8OOyoOjk
+u7AmOnzZ1iP2QUfhHOyS04WqYewSR4hULfbyZSLiU/AvRtoBbd2RunWVBaJj1Nyt
+HcaAjbVs/UMinDj5U9CEIVnRSzGWAVSFi725otrdaHarXnU+E+lc180i8YHMVe+a
+/6wOz/jUmQdboOjgpU26eNhrJ/8NqwykZ2J97ovTRBT56ika88uEr3UeGcvJ5exk
+yipxDreCatWP4pt6PzWASi1CzsRUUUrdXplc4ochGNtmk+faoLbMOwQTDEpR9mVm
+vaNmOXiBzkNsB79t3/XFPPgmiuWuunFm4OjScOdB8pTyGWHWMfGzKXDM1XkbP2Ti
+Kv3Y9fsW884xdv6K0qrpZ0VTY6RHrQxeFzEzScE0pq0wz+aipAwmlFiL4tU4XUxL
+ZqcvoNW/XGez5mjn/26EjsoS99ASO+1fCl+LrRVTa603NFnDcNlGh62zupqSueql
+Ngv126wYomb7HluBE38oEJqBzcHknKlYUOoQgnhQjOk/rNKre4yBSWmgAAvFuxPW
+X5XIdjQg01vHq8xvyxrDKJu3OkwgF8+UTFCTRzjuqrrrBYnXLFmWvRJRZvJ/q5Kw
+ySemKaojQECeS9xWD92nKp+gMBcnztH7uXQGZFP0v4zrW7JJ9uXNhFxTIOpNeRpC
++q04voBcpsDhDtTX74SSaHAQiJk=
+-----END CERTIFICATE-----

packages/mysql/test/certs/server-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA+kCZaUqDuMAY3aTzZFZl/01oZqkLVbFJDZPJaAc9lg1tp1jE
+Zhd922pMqqKfz6RsqJbFTal8q7MPrQnIirHK2IQN4iHIv4j7x0yoD7AmlgQa8agN
+M5lxTqybn+MIuYlUNHpbnb+Ld4FHMANG+sG4IJ711UIyH8NVGkZIhmytnB49qeQt
+I4smrkzIFSP5nxm5BoytRuQOD2QtoKaEIB0y46EtSb/RORHnoH3z/wIrPhFVOLQp
+CrTYERoZRTCNpCU6Cs97yF7sqXV1bwzJhtX9y7HOYPujbAM6ZJt9TprtvbY37Qqj
+UUkhASGpsZja0aSsDjRhbcup56eKsmkI30ZEmQIDAQABAoIBAQDFBckCYX0VHoA1
+OGG7dF43Qy1X7e0TmVFnlBv0gAbXtVjIcRWnPwWCks0rZn+ljdFSZemOvEqAL6i+
+1j4CG/oUvtrjVy/ixCld/pcuSsQGRdMkwOcr4bmYdELN/YPn9xvJeS/aIWzfOHPg
+dCQU1iFt5VisfsJRyYqd9gmxc6y3hHUA4UoMzhjSTehj4yn4G82Z8F5DOgYEDuEK
+GobkJ/L54OfYegEekrHwU9wpLz3T0wrNu24Hd+RwKpKd1WfQll1gtCpDs/ppKdYF
+P9kcIvg4LxnWogofoznCq1ruueVC8VTj0m9ATRjpEfnDjxFgAYdTlju5PVPJ1VLN
+WleShISBAoGBAP1Urxow4J3lcihmZ1fR8Jjw9tH0yKARZWInBSbkr32d6ZqWRS9w
+yNSEexJlQWD7hSHDTVQI/X4BOrVbH0thI0kNAThAswHVeRnjvPEBmcKmeVMHrWDS
+Cane6JEvcH0yBTH164iTVezoCnEk9hgNiCjdxS4VRoIsYp+eZgtJF1NRAoGBAPzj
+nJY0ZpVEC45NqCWHVU3haPvQ19APtBk47JnQYSAAKXilbcD7iLQmjjVe7qJxf88X
+y9whyHCVA+NscP+Mj7USGcN2sSaxc8pk7NoBB60/93X8nC1eIxh0K1SpJtZudInD
+Oi3dcvOvxdzRZgCTkDQoC+8Ieb0T5DhKhLC1XbrJAoGAXyrtDP3HpAmKNTsjH46y
+wAHl90HqDJf8aj8WZGIMuzgThgtluki4aX3LbkGzqedTQDfKWQN3l1qG35J30y2O
+v+auyp8joFC9ycgQNsnPJZy8f0CnFXRSRQqEe+ZCcAXWhcpIzWnsIa+aHJ8yBB8x
+Q4jshj9f2Y8rDaPH2f1/UcECgYEAho+2alZHn3UtkPLRXea9BUvDyPo/W35/nkwj
+2VR/2b88Ue30kJNHElTRpqR05grurwtCdkejmAQypXi2R8RLU1XmT5OAf848hp1d
+SkLyCsXWrvlTQPCuS/zEca/v8nmjmQpAktcaq4AEEJN7ayMZwCbu8qnX3TwQW8OL
+B1v6G8ECgYAl9vCnHFOivH0xQI82uHvMqKX/TYK9VpKEY01stDOcDA4nvj+4N2oe
+9WrP1s5wtmnUnCCv2dFHWFl3FEjCYy8aeGIzV6BJawjkpPsYdlRoetcJcKKepLyp
+vJJnjFzXKMv9SZq58KxeXcKnyg/gxxeMRsmArZ2/6p/usoZn7GE8ZQ==
+-----END RSA PRIVATE KEY-----

packages/mysql/test/ssl.js

@@ -0,0 +1,32 @@
+const fs = require('fs');
+const path = require('path');
+const test = require('ava');
+const KeyvMysql = require('this');
+const {endPool} = require('../src/pool.js');
+
+const options = {
+	ssl: {
+		rejectUnauthorized: false,
+		ca: fs.readFileSync(path.join(__dirname, '/certs/ca.pem')).toString(),
+		key: fs.readFileSync(path.join(__dirname, '/certs/client-key.pem')).toString(),
+		cert: fs.readFileSync(path.join(__dirname, '/certs/client-cert.pem')).toString(),
+	},
+};
+
+test.serial('throws if ssl is not used', async t => {
+	try {
+		const keyv = new KeyvMysql({uri: 'mysql://root@localhost:3307/keyv_test'});
+		await keyv.get('foo');
+		t.fail();
+	} catch {
+		t.pass();
+	} finally {
+		endPool();
+	}
+});
+
+test.serial('set with ssl ', async t => {
+	const keyv = new KeyvMysql({uri: 'mysql://root@localhost:3307/keyv_test', ...options});
+	await keyv.set('key', 'value');
+	t.is(await keyv.get('key'), 'value');
+});