From 0c7c70b1b1d9c05df43d2a48ab76b3d520dce71c Mon Sep 17 00:00:00 2001 From: Benjamin Admin Date: Mon, 27 Apr 2026 08:07:10 +0200 Subject: [PATCH] fix: Self-Signed SSL Zertifikat in SDK State Store akzeptieren MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Die Hetzner PostgreSQL nutzt ein Self-Signed Zertifikat. Der Node.js pg Pool lehnte es ab (DEPTH_ZERO_SELF_SIGNED_CERT), wodurch der SDK State nicht laden konnte → Application Error in ALLEN Modulen. Fix: rejectUnauthorized: false wenn sslmode=require in der URL. Co-Authored-By: Claude Opus 4.6 (1M context) --- admin-compliance/app/api/sdk/v1/state/route.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/admin-compliance/app/api/sdk/v1/state/route.ts b/admin-compliance/app/api/sdk/v1/state/route.ts index 93b1b19..c13a06e 100644 --- a/admin-compliance/app/api/sdk/v1/state/route.ts +++ b/admin-compliance/app/api/sdk/v1/state/route.ts @@ -92,11 +92,17 @@ class PostgreSQLStateStore implements StateStore { private pool: Pool constructor(connectionString: string) { + // Strip sslmode from URL — pg driver overrides our ssl config if it's in the URL. + // We handle SSL ourselves via the ssl option below. + const cleanUrl = connectionString.replace(/[?&]sslmode=[^&]*/g, '').replace(/\?$/, '') + const needsSsl = connectionString.includes('sslmode=require') || connectionString.includes('sslmode=verify') this.pool = new Pool({ - connectionString, + connectionString: cleanUrl, max: 5, // Set search_path for compliance schema options: '-c search_path=compliance,core,public', + // Accept self-signed certificates (Hetzner PostgreSQL) + ssl: needsSsl ? { rejectUnauthorized: false } : false, }) }