Add docker env var for secret key + base64encode secret key (#446)

lowcoder-org · Oct 26, 2023 · bb83ac4 · bb83ac4
1 parent 1c82bb9
commit bb83ac4
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 8 deletions.
diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml
@@ -46,6 +46,7 @@ services:
       DEFAULT_ORG_GROUP_COUNT: 100
       DEFAULT_ORG_APP_COUNT: 1000
       DEFAULT_DEVELOPER_COUNT: 50
+      LOWCODER_API_KEY_SECRET: "123456789101112131415123456789101112131415123456789101112131415123456789101112131415"
     restart: unless-stopped
     depends_on:
       - mongodb

diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml
@@ -33,6 +33,7 @@ services:
       ENCRYPTION_PASSWORD: "lowcoder.org"
       ENCRYPTION_SALT: "lowcoder.org"
       CORS_ALLOWED_DOMAINS: "*"
+      LOWCODER_API_KEY_SECRET: "123456789101112131415123456789101112131415123456789101112131415123456789101112131415"
       # api and node service parameters
       LOWCODER_API_SERVICE_URL: "http://localhost:8080"
       LOWCODER_NODE_SERVICE_URL: "http://localhost:6060"

diff --git a/...-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JWTUtils.java b/...-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/util/JWTUtils.java
@@ -4,6 +4,7 @@
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Encoders;
 import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
 import org.lowcoder.domain.user.model.User;
@@ -12,8 +13,6 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;
 
-import java.util.Random;
-
 import java.util.Date;
 
 @Component
@@ -25,12 +24,17 @@ public class JWTUtils {
 
     private JwtParser jwtParser;
 
+    private String base64EncodedSecret;
+
     private final String TOKEN_HEADER = "Authorization";
     private final String TOKEN_PREFIX = "Bearer ";
 
     @PostConstruct
     public void setup(){
-        this.jwtParser = Jwts.parser().setSigningKey(authProperties.getApiKey().getSecret());
+        base64EncodedSecret = Encoders.BASE64.encode(authProperties.getApiKey().getSecret().getBytes());
+        this.jwtParser = Jwts.parserBuilder()
+                .setSigningKey(base64EncodedSecret)
+                .build();
     }
 
     public String createToken(User user) {
@@ -39,10 +43,9 @@ public String createToken(User user) {
                 .setIssuedAt(new Date());
         claims.put("userId", user.getId() );
         claims.put("createdBy", user.getName());
-        String randomFactor = String.valueOf(new Random().nextLong(100000000L));
         return Jwts.builder()
                 .setClaims(claims)
-                .signWith(SignatureAlgorithm.HS256, authProperties.getApiKey().getSecret() + randomFactor)
+                .signWith(SignatureAlgorithm.HS256, base64EncodedSecret)
                 .compact();
     }
 

diff --git a/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml b/server/api-service/lowcoder-server/src/main/resources/application-lowcoder.yml
@@ -3,9 +3,9 @@ spring:
     mongodb:
       authentication-database: admin
       auto-index-creation: false
-      uri: mongodb://192.168.8.100:27017/lowcoder?authSource=admin
+      uri: mongodb://192.168.1.111:27017/lowcoder?authSource=admin
     redis:
-      url: redis://192.168.8.100:6379
+      url: redis://192.168.1.111:6379
   main:
     allow-bean-definition-overriding: true
     allow-circular-references: true
@@ -60,4 +60,4 @@ auth:
     secret: 123456789101112131415123456789101112131415123456789101112131415123456789101112131415
   email:
     enable: true
-    enable-register: false
+    enable-register: true
diff --git a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application-selfhost.yml b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application-selfhost.yml
@@ -8,6 +8,8 @@ common:
     mode: ENTERPRISE
 
 auth:
+  api-key:
+    secret: ${LOWCODER_API_KEY_SECRET:123456789101112131415123456789101112131415123456789101112131415123456789101112131415}
   email:
     enable: ${LOGIN_CHANNEL_EMAIL:true}
     enable-register: ${ENABLE_USER_SIGN_UP:true}

diff --git a/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml b/server/api-service/lowcoder-server/src/main/resources/selfhost/ce/application.yml
@@ -1,4 +1,6 @@
 auth:
+  api-key:
+    secret: ${LOWCODER_API_KEY_SECRET:123456789101112131415123456789101112131415123456789101112131415123456789101112131415}
   email:
     enable: true
     enable-register: ${ENABLE_USER_SIGN_UP:true}