From 933293a997edc882eb42366e88fc7e8c110627a3 Mon Sep 17 00:00:00 2001
From: Hexaflexagon <Hexaflexagon@outlook.de>
Date: Sat, 6 Aug 2022 23:27:25 +0200
Subject: [PATCH] feat: add elasticsearch ssl options (#5499)

---
 .../search/elasticsearch/definition.yml       | 19 ++++++++++++-----
 server/modules/search/elasticsearch/engine.js | 21 +++++++++++++++++++
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/server/modules/search/elasticsearch/definition.yml b/server/modules/search/elasticsearch/definition.yml
index 856f651b..8475c0b5 100644
--- a/server/modules/search/elasticsearch/definition.yml
+++ b/server/modules/search/elasticsearch/definition.yml
@@ -20,28 +20,37 @@ props:
     title: Host(s)
     hint: Comma-separated list of Elasticsearch hosts to connect to, including the port, username and password if necessary. (e.g. http://localhost:9200, https://user:pass@es1.example.com:9200)
     order: 2
+  verifyTLSCertificate:
+    title: Verify TLS Certificate
+    type: Boolean
+    default: true
+    order: 3
+  tlsCertPath:
+    title: TLS Certificate Path
+    type: String
+    hint: Absolute path to the TLS certificate on the server.
+    order: 4
   indexName:
     type: String
     title: Index Name
     hint: The index name to use during creation
     default: wiki
-    order: 3
+    order: 5
   analyzer:
     type: String
     title: Analyzer
     hint: 'The token analyzer in elasticsearch'
     default: simple
-    order: 4
+    order: 6
   sniffOnStart:
     type: Boolean
     title: Sniff on start
     hint: 'Should Wiki.js attempt to detect the rest of the cluster on first connect? (Default: off)'
     default: false
-    order: 5
+    order: 7
   sniffInterval:
     type: Number
     title: Sniff Interval
     hint: '0 = disabled, Interval in seconds to check for updated list of nodes in cluster. (Default: 0)'
     default: 0
-    order: 6
-
+    order: 8
diff --git a/server/modules/search/elasticsearch/engine.js b/server/modules/search/elasticsearch/engine.js
index 4a41df88..4a96b2bb 100644
--- a/server/modules/search/elasticsearch/engine.js
+++ b/server/modules/search/elasticsearch/engine.js
@@ -1,6 +1,7 @@
 const _ = require('lodash')
 const stream = require('stream')
 const Promise = require('bluebird')
+const fs = require('fs')
 const pipeline = Promise.promisify(stream.pipeline)
 
 /* global WIKI */
@@ -24,6 +25,7 @@ module.exports = {
           nodes: this.config.hosts.split(',').map(_.trim),
           sniffOnStart: this.config.sniffOnStart,
           sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
+          ssl: getTlsOptions(this.config),
           name: 'wiki-js'
         })
         break
@@ -33,6 +35,7 @@ module.exports = {
           nodes: this.config.hosts.split(',').map(_.trim),
           sniffOnStart: this.config.sniffOnStart,
           sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
+          ssl: getTlsOptions(this.config),
           name: 'wiki-js'
         })
         break
@@ -351,3 +354,21 @@ module.exports = {
     WIKI.logger.info(`(SEARCH/ELASTICSEARCH) Index rebuilt successfully.`)
   }
 }
+
+function getTlsOptions(conf) {
+  if (!conf.tlsCertPath) {
+    return {
+      rejectUnauthorized: conf.verifyTLSCertificate
+    }
+  }
+
+  const caList = []
+  if (conf.verifyTLSCertificate) {
+    caList.push(fs.readFileSync(conf.tlsCertPath))
+  }
+
+  return {
+    rejectUnauthorized: conf.verifyTLSCertificate,
+    ca: caList
+  }
+}