Issue #000 feat: User service docker compose file with postgres

[vaivk369]

Summary by CodeRabbit

• New Features

  • Added a new environment configuration file for Docker deployments.
  • Introduced a docker-compose setup with dedicated user and PostgreSQL services, persistent storage, and environment variable management.

• Refactor

  • Updated the Dockerfile to use a multi-stage build process for improved efficiency and maintainability.
  • Replaced the previous backend service with a user microservice and refactored service definitions in docker-compose.

[coderabbitai]

Walkthrough

A new .env.docker file was introduced to provide environment variables for Docker deployments. The Dockerfile was refactored to use a multi-stage build process and correct working directory paths. The docker-compose.yml was overhauled: the "backend" service was replaced with a "user-service" and a new "postgres" service, along with persistent storage configuration.

Changes

File(s)	Change Summary
.env.docker	Added environment configuration file with 24 variables for server, database, Keycloak, JWT, and notification setup.
Dockerfile	Refactored to a multi-stage build, fixed working directory, separated dependency install from build/runtime stages.
docker-compose.yml	Replaced "backend" with "user-service" and "postgres" services, added persistent volume, revised environment setup.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch vk-1.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (5)

.env.docker (1)

13-13: Inconsistent quoting may sneak stray quote characters into runtime values

KEYCLOAK_PASSWORD and POSTGRES_PASSWORD are wrapped in quotes while other sensitive fields aren’t. Shell parsers treat the quotes as part of the value when the file is consumed by Docker Compose (it does not strip them).

Strip the quotes for consistency unless you rely on embedded spaces:

-KEYCLOAK_PASSWORD='**************'
-POSTGRES_PASSWORD="*******"
+KEYCLOAK_PASSWORD=**************
+POSTGRES_PASSWORD=*******

Also applies to: 20-24

Dockerfile (2)

3-6: Use npm ci for repeatable production builds

npm install may mutate package-lock.json and yields non-deterministic dependency trees. npm ci is faster and guarantees the lockfile is respected.

-RUN npm install
+RUN npm ci --omit=dev

---

10-12: Potentially overwriting optimised node_modules with host copy

COPY . . runs after you copied node_modules from the first stage.
If the build context accidentally contains a local node_modules (when .dockerignore is missing or wrong), the layer will overwrite the optimised dependency tree and bloat image size.

Ensure .dockerignore excludes node_modules, or copy source before the dependency layer:

- COPY --from=dependencies /usr/src/app/node_modules ./node_modules
- COPY . .
+ COPY . .
+ COPY --from=dependencies /usr/src/app/node_modules ./node_modules

docker-compose.yml (2)

4-9: Image tag vs. local Dockerfile – build source of truth is unclear

user-service pulls vaishali007/user-microservice:latest, but this PR ships a Dockerfile in the same repo. If developers expect local changes to be reflected, replace image: with a build: context or pin the image tag to an immutable digest.

  user-service:
-   image: vaishali007/user-microservice:latest
+   build:
+     context: .
+     dockerfile: Dockerfile
    ports:
      - "3000:3000"

---

18-18: Publicly exposing Postgres on host port 15432 may be unnecessary

If the database is only consumed by internal containers, omit the host mapping to reduce attack surface:

    ports:
-     - "15432:5432"
+#     - "15432:5432"   # comment out unless external access is required

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between d5db76d and d52d50d.

📒 Files selected for processing (3)

• .env.docker (1 hunks)
• Dockerfile (1 hunks)
• docker-compose.yml (1 hunks)

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.docker

[warning] 2-2: [UnorderedKey] The PORT key should go before the SERVER_PORT key

---

[warning] 3-3: [UnorderedKey] The IMAGEPATH key should go before the PORT key

---

[warning] 4-4: [UnorderedKey] The ADAPTERSOURCE key should go before the IMAGEPATH key

---

[warning] 5-5: [UnorderedKey] The KEYCLOAK key should go before the PORT key

---

[warning] 6-6: [UnorderedKey] The KEYCLOAK_ADMIN key should go before the PORT key

---

[warning] 7-7: [DuplicatedKey] The KEYCLOAK_ADMIN key is duplicated

---

[warning] 7-7: [UnorderedKey] The KEYCLOAK_ADMIN key should go before the KEYCLOAK_ADMIN key

---

[warning] 7-7: [ValueWithoutQuotes] This value needs to be surrounded in quotes

---

[warning] 8-8: [UnorderedKey] The KEYCLOAK_USER_TOKEN key should go before the PORT key

---

[warning] 9-9: [UnorderedKey] The KEYCLOAK_CLIENT_ID key should go before the KEYCLOAK_USER_TOKEN key

---

[warning] 10-10: [UnorderedKey] The KEYCLOAK_REALM key should go before the KEYCLOAK_USER_TOKEN key

---

[warning] 11-11: [UnorderedKey] The KEYCLOAK_CLIENT_SECRET key should go before the KEYCLOAK_REALM key

---

[warning] 12-12: [UnorderedKey] The KEYCLOAK_USERNAME key should go before the KEYCLOAK_USER_TOKEN key

---

[warning] 13-13: [QuoteCharacter] The value has quote characters (', ")

---

[warning] 13-13: [UnorderedKey] The KEYCLOAK_PASSWORD key should go before the KEYCLOAK_REALM key

---

[warning] 14-14: [UnorderedKey] The KEYCLOAK_ADMIN_TOKEN key should go before the KEYCLOAK_CLIENT_ID key

---

[warning] 15-15: [UnorderedKey] The RBAC_JWT_EXPIRES_IN key should go before the SERVER_PORT key

---

[warning] 16-16: [UnorderedKey] The RBAC_JWT_SECRET key should go before the SERVER_PORT key

---

[warning] 17-17: [TrailingWhitespace] Trailing whitespace detected

---

[warning] 17-17: [UnorderedKey] The KEYCLOAK_REALM_RSA_PUBLIC_KEY key should go before the KEYCLOAK_USERNAME key

---

[warning] 18-18: [UnorderedKey] The NOTIFICATION_URL key should go before the PORT key

---

[warning] 19-19: [UnorderedKey] The PASSWORD_RESET_JWT_EXPIRES_IN key should go before the PORT key

---

[warning] 20-20: [UnorderedKey] The POSTGRES_HOST key should go before the RBAC_JWT_EXPIRES_IN key

---

[warning] 20-20: [ValueWithoutQuotes] This value needs to be surrounded in quotes

---

[warning] 21-21: [UnorderedKey] The POSTGRES_PORT key should go before the RBAC_JWT_EXPIRES_IN key

---

[warning] 22-22: [UnorderedKey] The POSTGRES_DATABASE key should go before the POSTGRES_HOST key

---

[warning] 23-23: [UnorderedKey] The POSTGRES_USERNAME key should go before the RBAC_JWT_EXPIRES_IN key

---

[warning] 24-24: [EndingBlankLine] No blank line at the end of the file

---

[warning] 24-24: [QuoteCharacter] The value has quote characters (', ")

---

[warning] 24-24: [UnorderedKey] The POSTGRES_PASSWORD key should go before the POSTGRES_PORT key

🔇 Additional comments (2)

.env.docker (1)

20-24: Database name & credentials diverge from docker-compose defaults

docker-compose.yml spins up Postgres with
POSTGRES_USER=postgres, POSTGRES_PASSWORD=postgres, POSTGRES_DB=oblf, yet this file declares tekdi / postgresdb.

Unless the user-service rewrites these at runtime, migrations will target the wrong database, or auth will fail. Make the two files consistent (env-file takes precedence).

docker-compose.yml (1)

18-22: Keep Postgres credentials single-sourced

The service sets POSTGRES_USER=postgres, POSTGRES_PASSWORD=postgres, but .env.docker passes different values to the app. Mismatched credentials cause immediate auth failures.

Align the compose file with the env file or vice-versa.

[coderabbitai]

⚠️ Potential issue

Duplicate KEYCLOAK_ADMIN silently overwrites the first value

Line 7 defines the same key a second time, so the first assignment on line 6 is discarded at runtime. This is extremely easy to miss and can break user-management calls that still expect the master-realm URL.

-KEYCLOAK_ADMIN=admin/realms/master/users
-KEYCLOAK_ADMIN=admin/realms/tekdi/users #creation in realm
+# KEYCLOAK_ADMIN points to the realm where users are managed.
+# If you need both, use separate, uniquely-named variables.
+KEYCLOAK_ADMIN=admin/realms/tekdi/users

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	KEYCLOAK_ADMIN=admin/realms/master/users
	KEYCLOAK_ADMIN=admin/realms/tekdi/users #creation in realm
	KEYCLOAK_USER_TOKEN=realms/tekdi/protocol/openid-connect/token
	# KEYCLOAK_ADMIN points to the realm where users are managed.
	# If you need both, use separate, uniquely-named variables.
	KEYCLOAK_ADMIN=admin/realms/tekdi/users
	KEYCLOAK_USER_TOKEN=realms/tekdi/protocol/openid-connect/token

🧰 Tools

🪛 dotenv-linter (3.3.0)

[warning] 6-6: [UnorderedKey] The KEYCLOAK_ADMIN key should go before the PORT key

---

[warning] 7-7: [DuplicatedKey] The KEYCLOAK_ADMIN key is duplicated

---

[warning] 7-7: [UnorderedKey] The KEYCLOAK_ADMIN key should go before the KEYCLOAK_ADMIN key

---

[warning] 7-7: [ValueWithoutQuotes] This value needs to be surrounded in quotes

---

[warning] 8-8: [UnorderedKey] The KEYCLOAK_USER_TOKEN key should go before the PORT key

🤖 Prompt for AI Agents

In the .env.docker file between lines 6 and 8, there are duplicate definitions
of the KEYCLOAK_ADMIN variable, causing the first value to be overwritten and
lost. To fix this, remove or rename one of the duplicate KEYCLOAK_ADMIN entries
to ensure each environment variable key is unique and the intended value is
preserved for runtime usage.

[coderabbitai]

🛠️ Refactor suggestion

Hard-coding secrets in VCS → high risk of credential leakage

Client secrets, JWT keys and database passwords are committed in plain text. Even in private repos this is dangerous and complicates rotation.

Move secrets to Docker/Swarm/K8s “secrets”, or at least mount an external, un-tracked env file:

# docker-compose.yml
secrets:
  keycloak_client_secret:
    file: ./secrets/keycloak_client_secret
...
  env_file:
    - .env.docker          # non-sensitive values
  secrets:
    - keycloak_client_secret

Also applies to: 24-24

🧰 Tools

🪛 dotenv-linter (3.3.0)

[warning] 11-11: [UnorderedKey] The KEYCLOAK_CLIENT_SECRET key should go before the KEYCLOAK_REALM key

---

[warning] 12-12: [UnorderedKey] The KEYCLOAK_USERNAME key should go before the KEYCLOAK_USER_TOKEN key

---

[warning] 13-13: [QuoteCharacter] The value has quote characters (', ")

---

[warning] 13-13: [UnorderedKey] The KEYCLOAK_PASSWORD key should go before the KEYCLOAK_REALM key

---

[warning] 14-14: [UnorderedKey] The KEYCLOAK_ADMIN_TOKEN key should go before the KEYCLOAK_CLIENT_ID key

---

[warning] 15-15: [UnorderedKey] The RBAC_JWT_EXPIRES_IN key should go before the SERVER_PORT key

---

[warning] 16-16: [UnorderedKey] The RBAC_JWT_SECRET key should go before the SERVER_PORT key

---

[warning] 17-17: [TrailingWhitespace] Trailing whitespace detected

---

[warning] 17-17: [UnorderedKey] The KEYCLOAK_REALM_RSA_PUBLIC_KEY key should go before the KEYCLOAK_USERNAME key

🤖 Prompt for AI Agents

In the .env.docker file around lines 11 to 17 and line 24, sensitive secrets
like client secrets, JWT keys, and passwords are hard-coded, which risks
credential leakage. To fix this, remove these secrets from the file and instead
store them securely using Docker secrets, Swarm secrets, or Kubernetes secrets.
Update your docker-compose.yml to reference these secrets via the secrets key
and mount them as external files, keeping the .env.docker file for non-sensitive
environment variables only.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

POSTGRES_PORT is inconsistent with the running container → connection will fail

The compose service exposes the database on the default container port 5432, but this env file hard-codes 5431. Unless the application explicitly remaps, the connection will be refused.

-POSTGRES_PORT=5431
+POSTGRES_PORT=5432

Verify the app’s datasource configuration after changing the port.

---

Update .env.docker to use the container’s internal Postgres port (5432)

When services communicate over Docker’s internal network, they use the container port (5432), not the host-published port. Please adjust the environment file accordingly:

• File: .env.docker (line 21)

-POSTGRES_PORT=5431
+POSTGRES_PORT=5432

After updating, verify your application’s datasource configuration connects successfully to the postgres service.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	POSTGRES_HOST=postgres #Do not change this as postgres runs in a container with this name
	POSTGRES_PORT=5431
	POSTGRES_DATABASE=postgresdb
	POSTGRES_HOST=postgres #Do not change this as postgres runs in a container with this name
	POSTGRES_PORT=5432
	POSTGRES_DATABASE=postgresdb

🧰 Tools

🪛 dotenv-linter (3.3.0)

[warning] 20-20: [UnorderedKey] The POSTGRES_HOST key should go before the RBAC_JWT_EXPIRES_IN key

---

[warning] 20-20: [ValueWithoutQuotes] This value needs to be surrounded in quotes

---

[warning] 21-21: [UnorderedKey] The POSTGRES_PORT key should go before the RBAC_JWT_EXPIRES_IN key

---

[warning] 22-22: [UnorderedKey] The POSTGRES_DATABASE key should go before the POSTGRES_HOST key

🤖 Prompt for AI Agents

In the .env.docker file at line 21, the POSTGRES_PORT is set to 5431, which is
the host-published port. Change this value to 5432 to use the container's
internal Postgres port for inter-container communication. After updating, verify
that the application's datasource configuration connects successfully to the
postgres service.