Skip to content

Issue #000 feat: User service docker compose file with postgres #415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vaivk369 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Issue #000 feat: User service docker compose file with postgres #415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
05aac59
Merge pull request #321 from tekdi/sdbv_rbac_changes
Shubham4026 Jun 13, 2025
d52d50d
Issue #000 feat: User service docker compose file with postgres
Jul 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .env.docker
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
SERVER_PORT=3000
PORT=3010
IMAGEPATH=./uploads
ADAPTERSOURCE=postgres
KEYCLOAK=https://keycloak-tekdi.org/auth/
KEYCLOAK_ADMIN=admin/realms/master/users
KEYCLOAK_ADMIN=admin/realms/tekdi/users #creation in realm
KEYCLOAK_USER_TOKEN=realms/tekdi/protocol/openid-connect/token
Comment on lines +6 to +8
Copy link

@coderabbitai coderabbitai bot Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Duplicate KEYCLOAK_ADMIN silently overwrites the first value

Line 7 defines the same key a second time, so the first assignment on line 6 is discarded at runtime. This is extremely easy to miss and can break user-management calls that still expect the master-realm URL.

-KEYCLOAK_ADMIN=admin/realms/master/users
-KEYCLOAK_ADMIN=admin/realms/tekdi/users #creation in realm
+# KEYCLOAK_ADMIN points to the realm where users are managed.
+# If you need both, use separate, uniquely-named variables.
+KEYCLOAK_ADMIN=admin/realms/tekdi/users
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
KEYCLOAK_ADMIN=admin/realms/master/users
KEYCLOAK_ADMIN=admin/realms/tekdi/users #creation in realm
KEYCLOAK_USER_TOKEN=realms/tekdi/protocol/openid-connect/token
# KEYCLOAK_ADMIN points to the realm where users are managed.
# If you need both, use separate, uniquely-named variables.
KEYCLOAK_ADMIN=admin/realms/tekdi/users
KEYCLOAK_USER_TOKEN=realms/tekdi/protocol/openid-connect/token
🧰 Tools
🪛 dotenv-linter (3.3.0)

[warning] 6-6: [UnorderedKey] The KEYCLOAK_ADMIN key should go before the PORT key

[warning] 7-7: [DuplicatedKey] The KEYCLOAK_ADMIN key is duplicated

[warning] 7-7: [UnorderedKey] The KEYCLOAK_ADMIN key should go before the KEYCLOAK_ADMIN key

[warning] 7-7: [ValueWithoutQuotes] This value needs to be surrounded in quotes

[warning] 8-8: [UnorderedKey] The KEYCLOAK_USER_TOKEN key should go before the PORT key

🤖 Prompt for AI Agents 
In the .env.docker file between lines 6 and 8, there are duplicate definitions
of the KEYCLOAK_ADMIN variable, causing the first value to be overwritten and
lost. To fix this, remove or rename one of the duplicate KEYCLOAK_ADMIN entries
to ensure each environment variable key is unique and the intended value is
preserved for runtime usage.

KEYCLOAK_CLIENT_ID=Tekdi
KEYCLOAK_REALM=Tekdi
KEYCLOAK_CLIENT_SECRET=*************
KEYCLOAK_USERNAME=admin
KEYCLOAK_PASSWORD='**************'
KEYCLOAK_ADMIN_TOKEN=realms/master/protocol/openid-connect/token
RBAC_JWT_EXPIRES_IN=864000
RBAC_JWT_SECRET=3609eeeab5d80e87****692139123****87872******
KEYCLOAK_REALM_RSA_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\/l3ctlyzVq+8uiQMCW/**********++/+GHuPy+/\n-----END PUBLIC KEY-----"
Comment on lines +11 to +17
Copy link

@coderabbitai coderabbitai bot Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Hard-coding secrets in VCS → high risk of credential leakage

Client secrets, JWT keys and database passwords are committed in plain text. Even in private repos this is dangerous and complicates rotation.

Move secrets to Docker/Swarm/K8s “secrets”, or at least mount an external, un-tracked env file:

# docker-compose.yml
secrets:
  keycloak_client_secret:
    file: ./secrets/keycloak_client_secret
...
  env_file:
    - .env.docker          # non-sensitive values
  secrets:
    - keycloak_client_secret

Also applies to: 24-24

🧰 Tools
🪛 dotenv-linter (3.3.0)

[warning] 11-11: [UnorderedKey] The KEYCLOAK_CLIENT_SECRET key should go before the KEYCLOAK_REALM key

[warning] 12-12: [UnorderedKey] The KEYCLOAK_USERNAME key should go before the KEYCLOAK_USER_TOKEN key

[warning] 13-13: [QuoteCharacter] The value has quote characters (', ")

[warning] 13-13: [UnorderedKey] The KEYCLOAK_PASSWORD key should go before the KEYCLOAK_REALM key

[warning] 14-14: [UnorderedKey] The KEYCLOAK_ADMIN_TOKEN key should go before the KEYCLOAK_CLIENT_ID key

[warning] 15-15: [UnorderedKey] The RBAC_JWT_EXPIRES_IN key should go before the SERVER_PORT key

[warning] 16-16: [UnorderedKey] The RBAC_JWT_SECRET key should go before the SERVER_PORT key

[warning] 17-17: [TrailingWhitespace] Trailing whitespace detected

[warning] 17-17: [UnorderedKey] The KEYCLOAK_REALM_RSA_PUBLIC_KEY key should go before the KEYCLOAK_USERNAME key

🤖 Prompt for AI Agents 
In the .env.docker file around lines 11 to 17 and line 24, sensitive secrets
like client secrets, JWT keys, and passwords are hard-coded, which risks
credential leakage. To fix this, remove these secrets from the file and instead
store them securely using Docker secrets, Swarm secrets, or Kubernetes secrets.
Update your docker-compose.yml to reference these secrets via the secrets key
and mount them as external files, keeping the .env.docker file for non-sensitive
environment variables only.

NOTIFICATION_URL=http://localhost:4001
PASSWORD_RESET_JWT_EXPIRES_IN=3600000
POSTGRES_HOST=postgres #Do not change this as postgres runs in a container with this name
POSTGRES_PORT=5431
POSTGRES_DATABASE=postgresdb
Comment on lines +20 to +22
Copy link

@coderabbitai coderabbitai bot Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

❓ Verification inconclusive

POSTGRES_PORT is inconsistent with the running container → connection will fail

The compose service exposes the database on the default container port 5432, but this env file hard-codes 5431. Unless the application explicitly remaps, the connection will be refused.

-POSTGRES_PORT=5431
+POSTGRES_PORT=5432

Verify the app’s datasource configuration after changing the port.

Update .env.docker to use the container’s internal Postgres port (5432)

When services communicate over Docker’s internal network, they use the container port (5432), not the host-published port. Please adjust the environment file accordingly:

• File: .env.docker (line 21)

-POSTGRES_PORT=5431
+POSTGRES_PORT=5432

After updating, verify your application’s datasource configuration connects successfully to the postgres service.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
POSTGRES_HOST=postgres #Do not change this as postgres runs in a container with this name
POSTGRES_PORT=5431
POSTGRES_DATABASE=postgresdb
POSTGRES_HOST=postgres #Do not change this as postgres runs in a container with this name
POSTGRES_PORT=5432
POSTGRES_DATABASE=postgresdb
🧰 Tools
🪛 dotenv-linter (3.3.0)

[warning] 20-20: [UnorderedKey] The POSTGRES_HOST key should go before the RBAC_JWT_EXPIRES_IN key

[warning] 20-20: [ValueWithoutQuotes] This value needs to be surrounded in quotes

[warning] 21-21: [UnorderedKey] The POSTGRES_PORT key should go before the RBAC_JWT_EXPIRES_IN key

[warning] 22-22: [UnorderedKey] The POSTGRES_DATABASE key should go before the POSTGRES_HOST key

🤖 Prompt for AI Agents 
In the .env.docker file at line 21, the POSTGRES_PORT is set to 5431, which is
the host-published port. Change this value to 5432 to use the container's
internal Postgres port for inter-container communication. After updating, verify
that the application's datasource configuration connects successfully to the
postgres service.

POSTGRES_USERNAME=tekdi
POSTGRES_PASSWORD="*******"
11 changes: 9 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
# Stage 1: Install dependencies
FROM node:20 as dependencies
WORKDIR usr/src/app
COPY package*.json ./
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install

# Stage 2: Build and run
FROM node:20 as runner
WORKDIR /usr/src/app
COPY --from=dependencies /usr/src/app/node_modules ./node_modules
COPY . .
RUN npm run build

EXPOSE 3000
CMD ["npm", "start"]
30 changes: 23 additions & 7 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,27 @@
version: "3.6"
version: '3.6'

services:
backend:
image: shiksha-backend-2.0
container_name: "shiksha-backend-2.0"
restart: always
user-service:
image: vaishali007/user-microservice:latest
ports:
- 3000:3000
- "3000:3000"
env_file:
- /home/ubuntu-backend-shiksha2.0/.env
- .env.docker
depends_on:
- postgres

postgres:
image: postgres:14
container_name: postgres
restart: always
ports:
- "15432:5432"
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: oblf
volumes:
- pgdata:/var/lib/postgresql/data

volumes:
pgdata: