You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(connectors): allow self-hosted private DB hosts via opt-in flag (#5322)
* fix(connectors): allow self-hosted private DB hosts via opt-in flag
Database/connector tools rejected any host resolving to a private/reserved/
loopback IP, blocking the common self-hosted topology where the DB is reached
by a Docker/K8s/Swarm service name. Add an opt-in ALLOW_PRIVATE_DATABASE_HOSTS
flag that bypasses the private-host block in validateDatabaseHost while still
resolving and pinning DNS. Blocked on the hosted platform regardless of the env
var, mirroring DISABLE_AUTH.
Fixes#4319
* fix(connectors): pin postgres IP in all ssl modes; strip IPv6 brackets
Address review on #5322:
- validateDatabaseHost now strips surrounding IPv6 brackets before the
localhost/private-IP checks and DNS lookup, so a bracketed loopback like
[::1] is classified correctly instead of failing as unresolvable.
- PostgreSQL connector always connects to the validated, pinned IP (removed
the ssl='preferred' carve-out that passed the original hostname and let the
driver re-resolve during connection). Matches the MySQL/MongoDB pin pattern.
- Add postgres connector pinning tests and bracketed-IPv6 host tests.
* fix(connectors): rename flag to isPrivateDatabaseHostsAllowed; trim comment
- Rename env-flag const to satisfy the env-flags 'is' prefix CI check
(env var ALLOW_PRIVATE_DATABASE_HOSTS is unchanged).
- Tighten the postgres pinning comment to a single line.
# DISABLE_AUTH=true # Uncomment to bypass authentication entirely. Creates an anonymous session for all requests.
14
14
15
+
# Private Database Hosts (Optional - for self-hosted deployments only)
16
+
# ALLOW_PRIVATE_DATABASE_HOSTS=true # Uncomment to let database/connector tools reach private/reserved/loopback hosts (e.g. Docker/K8s service names, localhost). Loosens the SSRF boundary; only enable on a trusted private network.
17
+
15
18
# NextJS (Required)
16
19
NEXT_PUBLIC_APP_URL=http://localhost:3000
17
20
# INTERNAL_API_BASE_URL=http://sim-app.default.svc.cluster.local:3000 # Optional: internal URL for server-side /api self-calls; defaults to NEXT_PUBLIC_APP_URL
'ALLOW_PRIVATE_DATABASE_HOSTS is set but ignored on hosted environment. Private/reserved database hosts remain blocked for security.'
94
+
)
95
+
}else{
96
+
logger.warn(
97
+
'ALLOW_PRIVATE_DATABASE_HOSTS is enabled. Database/connector tools may reach private, reserved, and loopback hosts. Only use this in trusted private networks.'
98
+
)
99
+
}
100
+
})
101
+
.catch(()=>{
102
+
// Fallback during config compilation when logger is unavailable
ALLOW_PRIVATE_DATABASE_HOSTS: z.boolean().optional(),// Opt-in (self-hosted only): let database/connector tools reach private/reserved/loopback hosts (e.g. Docker/K8s service names). Loosens the SSRF boundary; ignored on the hosted platform.
36
37
ALLOWED_LOGIN_EMAILS: z.string().optional(),// Comma-separated list of allowed email addresses for login
37
38
ALLOWED_LOGIN_DOMAINS: z.string().optional(),// Comma-separated list of allowed email domains for login
38
39
BLOCKED_SIGNUP_DOMAINS: z.string().optional(),// Comma-separated list of email domains blocked from signing up (e.g., "gmail.com,yahoo.com")
0 commit comments