From ad1eea98b1592dede902ef774ab6527b59ed7578 Mon Sep 17 00:00:00 2001
From: Francis Cao <franciscao@gmail.com>
Date: Tue, 20 Sep 2022 13:48:21 -0700
Subject: [PATCH] add ssl encryption to kafka client

---
 lib/kafka.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/kafka.js b/lib/kafka.js
index 6b6f315f..732e337f 100644
--- a/lib/kafka.js
+++ b/lib/kafka.js
@@ -8,11 +8,17 @@ const log = debug('umami:kafka');
 function getClient() {
   const { username, password } = new URL(process.env.KAFKA_URL);
   const brokers = process.env.KAFKA_BROKER.split(',');
+  const fs = require('fs');
 
   const ssl =
     username && password
       ? {
-          ssl: true,
+          ssl: {
+            checkServerIdentity: () => undefined,
+            ca: [fs.readFileSync('./cert/ca_cert.pem', 'utf-8')],
+            key: fs.readFileSync('./cert/client_key.pem', 'utf-8'),
+            cert: fs.readFileSync('./cert/client_cert.pem', 'utf-8'),
+          },
           sasl: {
             mechanism: 'plain',
             username,
@@ -63,7 +69,7 @@ async function sendMessage(params, topic) {
         value: JSON.stringify(params),
       },
     ],
-    acks: 0,
+    acks: 1,
   });
 }