feat(db): MTLS for redis/db

Author: shantanuraj

src/app/api/redis.ts

@@ -7,6 +7,7 @@ import {
   KEY_TOP_PODCASTS,
 } from '@/data/constants';
 import type { IEpisodeListing, IPodcast, IShortUrl } from '@/types';
+import { mtls } from '@/server/mtls';
 
 /**
  * Redis cached entity with timestamp
@@ -61,6 +62,7 @@ const redis = new Redis({
   host: process.env.KV_REDIS_HOST,
   password: process.env.KV_REDIS_PASS,
   port: parseInt(process.env.KV_REDIS_PORT || '0', 10),
+  tls: mtls,
 });
 
 /**

src/server/db.ts

@@ -1,5 +1,7 @@
 import postgres from 'postgres';
 
+import { mtls } from './mtls';
+
 const connectionString = process.env.DATABASE_URL;
 
 if (!connectionString) {
@@ -10,6 +12,7 @@ export const sql = postgres(connectionString, {
   max: 10,
   idle_timeout: 20,
   connect_timeout: 10,
+  ssl: mtls,
   types: {
     bigint: {
       to: 20,

src/server/mtls.ts

@@ -0,0 +1,12 @@
+const pem = (value?: string) => value?.replace(/\\n/g, '\n');
+
+const ca = pem(process.env.MTLS_CA);
+
+export const mtls = ca
+  ? {
+      ca,
+      cert: pem(process.env.MTLS_CERT),
+      key: pem(process.env.MTLS_KEY),
+      rejectUnauthorized: true,
+    }
+  : undefined;