| 28 | { |
| 29 | protocols: ['postgres', 'postgresql'], |
| 30 | create(connectionString) { |
| 31 | const url = new URL(connectionString) |
| 32 | |
| 33 | if (['sslcert', 'sslkey', 'sslrootcert'].some((param) => url.searchParams.has(param))) { |
| 34 | throw new Error( |
| 35 | 'Unsupported parameters in connection string: uploading and using custom TLS certificates is not currently supported', |
| 36 | ) |
| 37 | } |
| 38 | |
| 39 | const sslmode = url.searchParams.get('sslmode') |
| 40 | |
| 41 | // Accept self-signed certificates with `sslmode=require` for backward compatibility with QE |
| 42 | // and consistency with libpq. If certificate validation is desired, `sslmode` must be set |
| 43 | // to `verify-ca` or `verify-full`. |
| 44 | // Note that `sslmode=prefer` is still treated the same as `sslmode=require`. This is a |
| 45 | // `node-postgres` quirk which is inconsistent with both QE and libpq. Unfortunately |
| 46 | // there's currently no way to support `sslmode=prefer` properly with `node-postgres`. |
| 47 | if (sslmode === 'prefer' || sslmode === 'require') { |
| 48 | url.searchParams.set('sslmode', 'no-verify') |
| 49 | } |
| 50 | |
| 51 | return new PrismaPg({ connectionString: url.toString() }) |
| 52 | }, |
| 53 | }, |
| 54 | |
| 55 | { |