Phase 1-2 of server consolidation + security hardening

inventory-server/shared/db/pg.js

@@ -0,0 +1,19 @@
+import pg from 'pg';
+
+const { Pool } = pg;
+
+export function createPool(envPrefix = 'DB', overrides = {}) {
+  const get = (key) => process.env[`${envPrefix}_${key}`];
+
+  return new Pool({
+    host: overrides.host ?? get('HOST'),
+    user: overrides.user ?? get('USER'),
+    password: overrides.password ?? get('PASSWORD'),
+    database: overrides.database ?? get('NAME'),
+    port: overrides.port ?? Number(get('PORT')) || 5432,
+    ssl: (overrides.ssl ?? get('SSL')) === 'true' ? { rejectUnauthorized: false } : false,
+    max: overrides.max ?? 20,
+    idleTimeoutMillis: overrides.idleTimeoutMillis ?? 30_000,
+    connectionTimeoutMillis: overrides.connectionTimeoutMillis ?? 5_000,
+  });
+}

inventory-server/shared/db/redis.js

@@ -0,0 +1,27 @@
+import Redis from 'ioredis';
+
+export function createRedis(overrides = {}) {
+  const url = overrides.url ?? process.env.REDIS_URL;
+
+  const options = {
+    lazyConnect: true,
+    maxRetriesPerRequest: 3,
+    enableOfflineQueue: false,
+    retryStrategy(times) {
+      return Math.min(times * 200, 2_000);
+    },
+    ...overrides,
+  };
+
+  if (url) {
+    return new Redis(url, options);
+  }
+
+  return new Redis({
+    host: overrides.host ?? process.env.REDIS_HOST ?? 'localhost',
+    port: overrides.port ?? Number(process.env.REDIS_PORT) || 6379,
+    username: overrides.username ?? process.env.REDIS_USERNAME,
+    password: overrides.password ?? process.env.REDIS_PASSWORD,
+    ...options,
+  });
+}