fix: no fallback from TLS to unsecure connection (#4113)

* fix: no fallback from TLS to unsecure connection

* chore: improve debug logging

Author: sweatybridge

internal/utils/connect.go

@@ -70,8 +70,8 @@ func GetPoolerConfig(projectRef string) *pgconn.Config {
 		return nil
 	}
 	// There is a risk of MITM attack if we simply trust the hostname specified in pooler URL.
-	if !isSupabaseDomain(poolerConfig.Host) {
-		fmt.Fprintln(logger, "Pooler hostname does not belong to Supabase domain:", poolerConfig.Host)
+	if !strings.HasSuffix(poolerConfig.Host, "."+CurrentProfile.ProjectHost) {
+		fmt.Fprintln(logger, "Pooler hostname does not belong to current profile:", poolerConfig.Host)
 		return nil
 	}
 	fmt.Fprintln(logger, "Using connection pooler:", Config.Db.Pooler.ConnectionString)
@@ -92,15 +92,6 @@ func ParsePoolerURL(connString string) (*pgconn.Config, error) {
 	return poolerConfig, nil
 }
 
-func isSupabaseDomain(host string) bool {
-	switch GetSupabaseAPIHost() {
-	case "https://api.supabase.green":
-		return strings.HasSuffix(host, ".supabase.green")
-	default:
-		return strings.HasSuffix(host, ".supabase.com")
-	}
-}
-
 // Connnect to local Postgres with optimised settings. The caller is responsible for closing the connection returned.
 func ConnectLocalPostgres(ctx context.Context, config pgconn.Config, options ...func(*pgx.ConnConfig)) (*pgx.Conn, error) {
 	if len(config.Host) == 0 {
@@ -121,13 +112,29 @@ func ConnectLocalPostgres(ctx context.Context, config pgconn.Config, options ...
 	if config.ConnectTimeout == 0 {
 		config.ConnectTimeout = 2 * time.Second
 	}
+	options = append(options, func(cc *pgx.ConnConfig) {
+		cc.TLSConfig = nil
+	})
 	return ConnectByUrl(ctx, ToPostgresURL(config), options...)
 }
 
 func ConnectByUrl(ctx context.Context, url string, options ...func(*pgx.ConnConfig)) (*pgx.Conn, error) {
 	if viper.GetBool("DEBUG") {
 		options = append(options, debug.SetupPGX)
 	}
+	// No fallback from TLS to unsecure connection
+	options = append(options, func(cc *pgx.ConnConfig) {
+		if cc.TLSConfig == nil {
+			return
+		}
+		var fallbacks []*pgconn.FallbackConfig
+		for _, fc := range cc.Fallbacks {
+			if fc.TLSConfig != nil {
+				fallbacks = append(fallbacks, fc)
+			}
+		}
+		cc.Fallbacks = fallbacks
+	})
 	return pgxv5.Connect(ctx, url, options...)
 }
 

internal/utils/connect_test.go

@@ -2,6 +2,7 @@ package utils
 
 import (
 	"context"
+	"fmt"
 	"net"
 	"net/http"
 	"testing"
@@ -25,9 +26,9 @@ var dbConfig = pgconn.Config{
 	Database: "postgres",
 }
 
-const (
-	PG13_POOLER_URL = "postgres://postgres:[YOUR-PASSWORD]@aws-0-ap-southeast-1.pooler.supabase.com:6543/postgres?options=reference%3Dzupyfdrjfhbeevcogohz"
-	PG15_POOLER_URL = "postgres://postgres.zupyfdrjfhbeevcogohz:[YOUR-PASSWORD]@fly-0-sin.pooler.supabase.com:6543/postgres"
+var (
+	PG13_POOLER_URL = fmt.Sprintf("postgres://postgres:[YOUR-PASSWORD]@aws-0-ap-southeast-1.pooler.%s:6543/postgres?options=reference%%3Dzupyfdrjfhbeevcogohz", CurrentProfile.ProjectHost)
+	PG15_POOLER_URL = fmt.Sprintf("postgres://postgres.zupyfdrjfhbeevcogohz:[YOUR-PASSWORD]@fly-0-sin.pooler.%s:6543/postgres", CurrentProfile.ProjectHost)
 )
 
 func TestConnectByConfig(t *testing.T) {

internal/utils/profile.go

@@ -2,6 +2,7 @@ package utils
 
 import (
 	"context"
+	"fmt"
 	"strings"
 
 	"github.com/go-errors/errors"
@@ -45,6 +46,7 @@ func LoadProfile(ctx context.Context, fsys afero.Fs) error {
 	prof := viper.GetString("PROFILE")
 	for _, p := range allProfiles {
 		if strings.EqualFold(p.Name, prof) {
+			fmt.Fprintln(GetDebugLogger(), "Using project host:", p.ProjectHost)
 			CurrentProfile = p
 			return nil
 		}