From 2c4cc5a7080151d2625632523584844669cc5a2b Mon Sep 17 00:00:00 2001 From: Abdul Qadir Date: Thu, 26 Oct 2023 16:46:29 +0500 Subject: [PATCH] Add docker env var for secret key + base64encode secret key --- deploy/docker/docker-compose-multi.yaml | 1 + deploy/docker/docker-compose.yaml | 1 + .../lowcoder/api/authentication/util/JWTUtils.java | 13 ++++++++----- .../src/main/resources/application-lowcoder.yml | 6 +++--- .../resources/selfhost/ce/application-selfhost.yml | 2 ++ .../src/main/resources/selfhost/ce/application.yml | 2 ++ 6 files changed, 17 insertions(+), 8 deletions(-) diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml index 74155454b3..dee958d515 100644 --- a/deploy/docker/docker-compose-multi.yaml +++ b/deploy/docker/docker-compose-multi.yaml @@ -46,6 +46,7 @@ services: DEFAULT_ORG_GROUP_COUNT: 100 DEFAULT_ORG_APP_COUNT: 1000 DEFAULT_DEVELOPER_COUNT: 50 + LOWCODER_API_KEY_SECRET: "123456789101112131415123456789101112131415123456789101112131415123456789101112131415" restart: unless-stopped depends_on: - mongodb diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml index 860808aee8..94c82905c3 100644 --- a/deploy/docker/docker-compose.yaml +++ b/deploy/docker/docker-compose.yaml @@ -33,6 +33,7 @@ services: ENCRYPTION_PASSWORD: "lowcoder.org" ENCRYPTION_SALT: "lowcoder.org" CORS_ALLOWED_DOMAINS: "*" + LOWCODER_API_KEY_SECRET: "123456789101112131415123456789101112131415123456789101112131415123456789101112131415" # api and node service parameters LOWCODER_API_SERVICE_URL: "http://localhost:8080" LOWCODER_NODE_SERVICE_URL: "http://localhost:6060" diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JWTUtils.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JWTUtils.java index c5c746b793..47bfd83808 100644 --- a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JWTUtils.java +++ b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JWTUtils.java @@ -4,6 +4,7 @@ import io.jsonwebtoken.JwtParser; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.io.Encoders; import jakarta.annotation.PostConstruct; import lombok.extern.slf4j.Slf4j; import org.lowcoder.domain.user.model.User; @@ -12,8 +13,6 @@ import org.springframework.stereotype.Component; import org.springframework.web.server.ServerWebExchange; -import java.util.Random; - import java.util.Date; @Component @@ -25,12 +24,17 @@ public class JWTUtils { private JwtParser jwtParser; + private String base64EncodedSecret; + private final String TOKEN_HEADER = "Authorization"; private final String TOKEN_PREFIX = "Bearer "; @PostConstruct public void setup(){ - this.jwtParser = Jwts.parser().setSigningKey(authProperties.getApiKey().getSecret()); + base64EncodedSecret = Encoders.BASE64.encode(authProperties.getApiKey().getSecret().getBytes()); + this.jwtParser = Jwts.parserBuilder() + .setSigningKey(base64EncodedSecret) + .build(); } public String createToken(User user) { @@ -39,10 +43,9 @@ public String createToken(User user) { .setIssuedAt(new Date()); claims.put("userId", user.getId() ); claims.put("createdBy", user.getName()); - String randomFactor = String.valueOf(new Random().nextLong(100000000L)); return Jwts.builder() .setClaims(claims) - .signWith(SignatureAlgorithm.HS256, authProperties.getApiKey().getSecret() + randomFactor) + .signWith(SignatureAlgorithm.HS256, base64EncodedSecret) .compact(); } diff --git a/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml b/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml index 223e127ceb..5abb729cd2 100644 --- a/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml +++ b/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml @@ -3,9 +3,9 @@ spring: mongodb: authentication-database: admin auto-index-creation: false - uri: mongodb://192.168.8.100:27017/lowcoder?authSource=admin + uri: mongodb://192.168.1.111:27017/lowcoder?authSource=admin redis: - url: redis://192.168.8.100:6379 + url: redis://192.168.1.111:6379 main: allow-bean-definition-overriding: true allow-circular-references: true @@ -60,4 +60,4 @@ auth: secret: 123456789101112131415123456789101112131415123456789101112131415123456789101112131415 email: enable: true - enable-register: false \ No newline at end of file + enable-register: true \ No newline at end of file diff --git a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application-selfhost.yml b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application-selfhost.yml index 53df2ac7e1..8dc5a265bf 100644 --- a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application-selfhost.yml +++ b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application-selfhost.yml @@ -8,6 +8,8 @@ common: mode: ENTERPRISE auth: + api-key: + secret: ${LOWCODER_API_KEY_SECRET:123456789101112131415123456789101112131415123456789101112131415123456789101112131415} email: enable: ${LOGIN_CHANNEL_EMAIL:true} enable-register: ${ENABLE_USER_SIGN_UP:true} diff --git a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml index ce06180585..ec0b162e8c 100644 --- a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml +++ b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml @@ -1,4 +1,6 @@ auth: + api-key: + secret: ${LOWCODER_API_KEY_SECRET:123456789101112131415123456789101112131415123456789101112131415123456789101112131415} email: enable: true enable-register: ${ENABLE_USER_SIGN_UP:true}