fix(connectors): allow self-hosted private DB hosts via opt-in flag#5322
Conversation
Database/connector tools rejected any host resolving to a private/reserved/ loopback IP, blocking the common self-hosted topology where the DB is reached by a Docker/K8s/Swarm service name. Add an opt-in ALLOW_PRIVATE_DATABASE_HOSTS flag that bypasses the private-host block in validateDatabaseHost while still resolving and pinning DNS. Blocked on the hosted platform regardless of the env var, mirroring DISABLE_AUTH. Fixes #4319
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview
PostgreSQL Documented in Reviewed by Cursor Bugbot for commit 0eeff7a. Configure here. |
Greptile SummaryThis PR adds an opt-in path for self-hosted deployments to connect database tools to private hosts.
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (3): Last reviewed commit: "fix(connectors): rename flag to isPrivat..." | Re-trigger Greptile |
Address review on #5322: - validateDatabaseHost now strips surrounding IPv6 brackets before the localhost/private-IP checks and DNS lookup, so a bracketed loopback like [::1] is classified correctly instead of failing as unresolvable. - PostgreSQL connector always connects to the validated, pinned IP (removed the ssl='preferred' carve-out that passed the original hostname and let the driver re-resolve during connection). Matches the MySQL/MongoDB pin pattern. - Add postgres connector pinning tests and bracketed-IPv6 host tests.
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 90f6e6f. Configure here.
…omment - Rename env-flag const to satisfy the env-flags 'is' prefix CI check (env var ALLOW_PRIVATE_DATABASE_HOSTS is unchanged). - Tighten the postgres pinning comment to a single line.
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0eeff7a. Configure here.
Summary
validateDatabaseHost, which unconditionally rejected any host resolving to a private/reserved/loopback IP. This blocks the common self-hosted topology where the DB is reached by a Docker/K8s/Swarm service name (e.g.db→ internal IP). Reported in [BUG] "PostgreSQL query failed: host resolves to a blocked IP address" #4319.ALLOW_PRIVATE_DATABASE_HOSTSenv flag. When set on a self-hosted deployment,validateDatabaseHostbypasses the private/reserved/loopback block but still resolves and pins DNS (DNS-rebind protection preserved).&& !isHosted) regardless of the env var, and logs a warn/error on startup — same shape asDISABLE_AUTH..env.example; added 9 regression tests (hosted-blocked, self-host default-blocked, self-host opt-in allowed, IP pinning, unresolvable host).Type of Change
Testing
Tested manually —
input-validationsuite passes (435 tests),tscand biome clean.Checklist