N
Neon2y ago
fair-rose

Crystal Lang DB Connection Issues

Hey, there! I'm trying to move my production applications written in Crystal (using the Lucky web framework) from Render to Neon. Got everything migrated from a data perspective, but when I went to actually change the DB connection string I got a weird error: Caused by: server asked for disabled authentication method: cleartext I chased things down through the Crystal PG shard that most frameworks use for their connections to this issue: https://github.com/will/crystal-pg/issues/192 Basically - is there any way to not use cleartext for the Neon auth? It seems that there's quite a lot of potential risk based on the driver being used. I'm really wanting to move all of my paid projects to Neon to support the app as it grows, so I'm hoping I'm just looking past something! For the record, I was able to use the auth_methods=cleartext parameter (even though I'd rather not use cleartext at all), but then the driver doesn't seem to support the Endpoint ID option, so I'm stuck again since the driver doesn't support SNI. Appreciate any help!
GitHub
Cleartext auth is not supported · Issue #192 · will/crystal-pg
I came across a problem with the database connection. A standard piece of code: DB.open "postgres://myuser:mypasswd@remoteserver/mydb" do |db| # code end throws an exception: "(DB::C...
4 Replies
xenial-black
xenial-black2y ago
Basically - is there any way to not use cleartext for the Neon auth? It seems that there's quite a lot of potential risk based on the driver being used.
Neon downgrades to cleartext only in the event there's neither SNI nor the endpoint option specified. (Obviously, still over TLS). If SNI is supported or the endpoint ID is given in the options string, it will use SCRAM-SHA-256(-PLUS) Does this method not work? I'll try run crystal-pg locally and see if I can work around it
Neon
Connection errors - Neon Docs
This topic describes how to resolve connection errors you may encounter when using Neon. The errors covered include The endpoint ID is not specified Password authentication failed for user Couldn't co...
xenial-black
xenial-black2y ago
Unfortunately it doesn't seem like it does support options https://github.com/will/crystal-pg/blob/74dd9b64c3f53c772ff80e92212c4208aa5ad733/src/pq/conninfo.cr#L44-L53 Ok, I have a fix, I will submit a PR to crystal to enable SNI. Hopefully it gets merged and released quickly for you
xenial-black
xenial-black2y ago
https://github.com/will/crystal-pg/pull/282 If you need to use it now, you can point your shard to my commit 
dependencies:
  pg:
    github: conradludgate/crystal-pg
    commit: 5a47419a7e202f1a70d9dbfcff90edb99ee8d42a
    version: 0.28.0
dependencies:
  pg:
    github: conradludgate/crystal-pg
    commit: 5a47419a7e202f1a70d9dbfcff90edb99ee8d42a
    version: 0.28.0
GitHub
fix: enable SNI by conradludgate · Pull Request #282 · will/crystal...
👋 At Neon, we use SNI to know which database endpoint is being requested to connect to. Our fallback options are using options which this library also doesn't support, or using cleartext passwo...
fair-rose
fair-roseOP2y ago
Wow, that was fast! I’m using the Lucky framework, and will play with the best way to use your change there. Thanks so much, Conrad!

Did you find this page helpful?