search

hyperledger / aries-askar

Secure storage designed for Hyperledger Aries agents.
Apache License 2.0
58 stars 42 forks source link

Unable to specify multiple backend properties under NodeJS #267

Open scottexton opened 3 weeks ago

scottexton commented 3 weeks ago

When using the NodeJS interface I want to be able to specify multiple parameters to the backend PostgreSQL interface. However, it looks like the '&' character cannot be used to seperate multiple parameters in the uri. For example, if I specify a URI of: 'postgres://postgres:passw0rd@postgres:5432/mydb?sslmode=verify-full&sslrootcert=mycert.pem' it sometimes ignores the parameters altogether and at other times fails with the following error:

AriesAskarError: Error connecting to database pool
Caused by: error with configuration: error with configuration: unknown value "verify-fullsslrootcert=mycert.pem" for `ssl_mode`
    at NodeJSAriesAskar.getAriesAskarError (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at cb (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:169:30)
    at Object.<anonymous> (/Users/exton/Desktop/askar-test/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 1

The uri always work fine if I only specify a single parameter. However, as soon as I specify more than one parameter (separated by the '&' character) I get some inconsistent behaviour.

Is this a known issue, or am I simply specifying the URL incorrectly?

swcurran commented 3 weeks ago

@genaris @andrewwhitehead --thoughts on this one?

TimoGlastra commented 3 weeks ago

Does this happen with SQLite or Postgres (or both)?

And could you provide a minimal repository with a reproduction? So it's easy to reproduce your issue and debug?

scottexton commented 3 weeks ago

@TimoGlastra I've only tried this on Postgresql. I don't have a minimal repository but the reproduction steps are trivial.

Here is the typescript code which can be used to replicate the error:

require('@hyperledger/aries-askar-nodejs')

import { Store, StoreKeyMethod, KdfMethod } from '@hyperledger/aries-askar-shared'

const testStoreUri = "postgres://postgres:passw0rd@www.google.com:443/db?sslmode=verify-full&badoption=xyz";

Store.open({
        uri: testStoreUri,
        keyMethod: new StoreKeyMethod(KdfMethod.Argon2IMod),
        passKey: "key"});

When running this typescript program you get inconsistent results. Sometimes you get an SSL connection error (which is expected because the program is not pointing at a real postgresql server) and at other times you get the 'invalid sslmode' error:

scotts-mbp-2:askar-test exton$ ts-node test.ts
AriesAskarError: Error connecting to database pool
Caused by: encountered unexpected or invalid data: unexpected response from SSLRequest: 0x15
    at NodeJSAriesAskar.getAriesAskarError (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at cb (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:169:30)
    at Object.<anonymous> (/Users/exton/Desktop/askar-test/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 1
}
scotts-mbp-2:askar-test exton$ ts-node test.ts
AriesAskarError: Error connecting to database pool
Caused by: error with configuration: error with configuration: unknown value "verify-fullbadoption=xyz" for `ssl_mode`
    at NodeJSAriesAskar.getAriesAskarError (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at cb (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:169:30)
    at Object.<anonymous> (/Users/exton/Desktop/askar-test/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 1
}

This same issue was happening when I used the 'sslmode' and 'sslrootcert' parameters. As soon as I removed the 'sslrootcert' parameter and instead set the root certificate using the PGSSLROOTCERT environment variable everything started working correctly.

genaris commented 3 weeks ago

It seems weird to me, since in Credo we are specifying multiple parameters (as seen here) and we aren't experiencing this issue. However, we are not using those particular query parameters.

If we do, we arrive at the same problem that you've described. It actually happens also if we put some parameters in the middle of 'sslmode' and 'badoption', like:

uri: postgres://postgres:postgres@localhost:5432/PostgresWalletAgentsAlicef70f?sslmode=verify-full&max_connections=12&min_connections=4&badoption=xyz

The error thrown is the same: "error with configuration: error with configuration: unknown value "verify-fullbadoption=xyz" for ssl_mode" 🤯

It would be good to test this specific configuration with Python wrapper to see if there is something wrong with JS layer or we need to analyze deeper in FFI/Rust/SQLX code.