From ea86ac5f73bf46b95757b9d0d7318ac55724de34 Mon Sep 17 00:00:00 2001
From: Ludo Mikula <ludovit.mikula@mikori.sk>
Date: Fri, 27 Oct 2023 00:07:41 +0200
Subject: [PATCH] fix: update API key hash, add comments to docker compose
 files

---
 deploy/docker/docker-compose-multi.yaml              | 12 +++++++++++-
 deploy/docker/docker-compose.yaml                    | 12 +++++++++++-
 .../src/main/resources/application-lowcoder.yml      |  2 +-
 .../src/main/resources/selfhost/ce/application.yml   |  2 +-
 4 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml
index dee958d51..eac29ec5d 100644
--- a/deploy/docker/docker-compose-multi.yaml
+++ b/deploy/docker/docker-compose-multi.yaml
@@ -38,6 +38,12 @@ services:
       LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
       LOWCODER_MAX_QUERY_TIMEOUT: 120
       ENABLE_USER_SIGN_UP: "true"
+      #
+      # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
+      # 
+      #    ENCRYPTION_PASSWORD and ENCRYPTION_SALT is used to encrypt sensitive 
+      #    data in database so it is important to change the defaults
+      #
       ENCRYPTION_PASSWORD: "lowcoder.org"
       ENCRYPTION_SALT: "lowcoder.org"
       CORS_ALLOWED_DOMAINS: "*"
@@ -46,7 +52,11 @@ services:
       DEFAULT_ORG_GROUP_COUNT: 100
       DEFAULT_ORG_APP_COUNT: 1000
       DEFAULT_DEVELOPER_COUNT: 50
-      LOWCODER_API_KEY_SECRET: "123456789101112131415123456789101112131415123456789101112131415123456789101112131415"
+      #
+      # API-KEY secret - should be a string of at least 32 random characters
+      #    - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+      #
+      LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
     restart: unless-stopped
     depends_on:
       - mongodb
diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml
index 94c82905c..2cbeb6dce 100644
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -30,10 +30,20 @@ services:
       MONGODB_URL: "mongodb://localhost:27017/lowcoder?authSource=admin"
       REDIS_URL: "redis://localhost:6379"
       ENABLE_USER_SIGN_UP: "true"
+      #
+      # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
+      # 
+      #    ENCRYPTION_PASSWORD and ENCRYPTION_SALT is used to encrypt sensitive 
+      #    data in database so it is important to change the defaults
+      #
       ENCRYPTION_PASSWORD: "lowcoder.org"
       ENCRYPTION_SALT: "lowcoder.org"
       CORS_ALLOWED_DOMAINS: "*"
-      LOWCODER_API_KEY_SECRET: "123456789101112131415123456789101112131415123456789101112131415123456789101112131415"
+      #
+      # API-KEY secret - should be a string of at least 32 random characters
+      #    - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+      #
+      LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
       # api and node service parameters
       LOWCODER_API_SERVICE_URL: "http://localhost:8080"
       LOWCODER_NODE_SERVICE_URL: "http://localhost:6060"
diff --git a/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml b/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml
index 5abb729cd..ad2ea40c8 100644
--- a/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml
+++ b/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml
@@ -57,7 +57,7 @@ springdoc:
 
 auth:
   api-key:
-    secret: 123456789101112131415123456789101112131415123456789101112131415123456789101112131415
+    secret: 5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b
   email:
     enable: true
     enable-register: true
\ No newline at end of file
diff --git a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml
index ec0b162e8..cc3ed4be8 100644
--- a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml
+++ b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml
@@ -1,6 +1,6 @@
 auth:
   api-key:
-    secret: ${LOWCODER_API_KEY_SECRET:123456789101112131415123456789101112131415123456789101112131415123456789101112131415}
+    secret: ${LOWCODER_API_KEY_SECRET:5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b}
   email:
     enable: true
     enable-register: ${ENABLE_USER_SIGN_UP:true}