From 1ad5dfa6aebc4c6298fbec183d77927881353ed3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Fri, 14 Nov 2025 13:14:03 +0100 Subject: [PATCH] Make sure this PostgreSQL database password gets changed and removed from the code --- development/README.md | 23 ++++++++++++++++++----- development/dev-setup.sh | 13 ++++++++++++- development/docker-compose.yml | 4 ++-- development/docker-entrypoint-dev.sh | 3 ++- 4 files changed, 34 insertions(+), 9 deletions(-) diff --git a/development/README.md b/development/README.md index 79528b7..99f34f9 100644 --- a/development/README.md +++ b/development/README.md @@ -53,7 +53,7 @@ docker-compose exec api-manager-web bash docker-compose exec api-manager-web bash -c 'cd apimanager && python manage.py shell' # Database shell -docker-compose exec api-manager-db psql -U apimanager -d apimanager +docker-compose exec api-manager-db psql -U ${POSTGRES_USER:-apimanager} -d ${POSTGRES_DB:-apimanager} # Stop services docker-compose down @@ -66,18 +66,31 @@ The setup uses environment variables defined in `.env`: - `OAUTH_CONSUMER_KEY` - OAuth consumer key from OBP API - `OAUTH_CONSUMER_SECRET` - OAuth consumer secret from OBP API - `API_HOST` - OBP API server URL (default: http://host.docker.internal:8080) +- `POSTGRES_PASSWORD` - Database password (IMPORTANT: Change from default!) +- `POSTGRES_USER` - Database username (default: apimanager) +- `POSTGRES_DB` - Database name (default: apimanager) + +### 🔒 Security Note + +**IMPORTANT**: The default database password is `CHANGE_THIS_PASSWORD` and must be changed before deployment. Set a strong password in your `.env` file: + +```bash +POSTGRES_PASSWORD=your_secure_password_here +``` ## Testing OAuth Integration -1. Ensure OBP API is running on http://127.0.0.1:8080/ (accessible as host.docker.internal:8080 from containers) -2. Start the development environment -3. Navigate to http://localhost:8000 -4. Click "Proceed to authentication server" to test OAuth flow +1. **First, set a secure database password** in your `.env` file +2. Ensure OBP API is running on http://127.0.0.1:8080/ (accessible as host.docker.internal:8080 from containers) +3. Start the development environment +4. Navigate to http://localhost:8000 +5. Click "Proceed to authentication server" to test OAuth flow ## Troubleshooting - **Port conflicts**: Database uses port 5434 to avoid conflicts - **OAuth errors**: Verify OAUTH_CONSUMER_KEY and OAUTH_CONSUMER_SECRET in .env +- **Database connection errors**: Ensure POSTGRES_PASSWORD is set in .env and matches between services - **Connection refused to OBP API**: The setup uses `host.docker.internal:8080` to reach the host machine's OBP API from containers - **Static files missing**: Restart containers with `docker-compose down && docker-compose up -d` diff --git a/development/dev-setup.sh b/development/dev-setup.sh index cc9d2ab..d3be82f 100755 --- a/development/dev-setup.sh +++ b/development/dev-setup.sh @@ -49,6 +49,17 @@ if [ ! -f .env ]; then echo "❌ .env file not found. Please run this script from the development directory." exit 1 fi + +# Check database password security +if [ "$POSTGRES_PASSWORD" = "CHANGE_THIS_PASSWORD" ] || [ -z "$POSTGRES_PASSWORD" ]; then + echo "🔒 SECURITY WARNING: Database password not properly set!" + echo " Please update POSTGRES_PASSWORD in .env file with a secure password" + echo " The default password 'CHANGE_THIS_PASSWORD' should not be used" + echo "" +else + echo "✅ Database password configured" +fi + if [ "$OAUTH_CONSUMER_KEY" = "your-oauth-consumer-key" ] || [ "$OAUTH_CONSUMER_SECRET" = "your-oauth-consumer-secret" ] || [ -z "$OAUTH_CONSUMER_KEY" ] || [ -z "$OAUTH_CONSUMER_SECRET" ]; then echo "⚠️ WARNING: OAuth credentials not properly set!" echo " Please update OAUTH_CONSUMER_KEY and OAUTH_CONSUMER_SECRET in .env file" @@ -91,7 +102,7 @@ if docker-compose ps | grep -q "Up"; then echo " - View logs: docker-compose logs api-manager-web" echo " - Access shell: docker-compose exec api-manager-web bash" echo " - Django shell: docker-compose exec api-manager-web bash -c 'cd apimanager && python manage.py shell'" - echo " - Database shell: docker-compose exec api-manager-db psql -U apimanager -d apimanager" + echo " - Database shell: docker-compose exec api-manager-db psql -U \${POSTGRES_USER:-apimanager} -d \${POSTGRES_DB:-apimanager}" echo "" # Test if the application is responding diff --git a/development/docker-compose.yml b/development/docker-compose.yml index eb013f0..a3701fb 100644 --- a/development/docker-compose.yml +++ b/development/docker-compose.yml @@ -11,7 +11,7 @@ services: - ..:/app - ../logs:/app/logs environment: - - DATABASE_URL=postgresql://apimanager:apimanager@127.0.0.1:5434/apimanager + - DATABASE_URL=postgresql://${POSTGRES_USER:-apimanager}:${POSTGRES_PASSWORD:-CHANGE_THIS_PASSWORD}@127.0.0.1:5434/${POSTGRES_DB:-apimanager} - API_HOST=http://127.0.0.1:8080 - CALLBACK_BASE_URL=http://127.0.0.1:8000 - ALLOW_DIRECT_LOGIN=True @@ -27,7 +27,7 @@ services: environment: - POSTGRES_DB=${POSTGRES_DB:-apimanager} - POSTGRES_USER=${POSTGRES_USER:-apimanager} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-apimanager} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-CHANGE_THIS_PASSWORD} volumes: - api_manager_postgres_data:/var/lib/postgresql/data ports: diff --git a/development/docker-entrypoint-dev.sh b/development/docker-entrypoint-dev.sh index 641318e..9757fca 100755 --- a/development/docker-entrypoint-dev.sh +++ b/development/docker-entrypoint-dev.sh @@ -7,7 +7,8 @@ set -e # Wait for database to be ready echo "Waiting for database to be ready..." -while ! pg_isready -h 127.0.0.1 -p 5434 -U apimanager -q; do +DB_USER=${POSTGRES_USER:-apimanager} +while ! pg_isready -h 127.0.0.1 -p 5434 -U "$DB_USER" -q; do echo "Database is unavailable - sleeping" sleep 2 done