fix(deploy): use valid base64 JWT secret in docker-compose
After a successful login the backend returned HTTP 500: io.jsonwebtoken.io.DecodingException: Illegal base64 character: '-'. JwtService.getSigningKey() does Decoders.BASE64.decode(secret) before building the HMAC key (JJWT 0.12 convention). The compose secret was the plaintext 'docker-dev-secret-key-minimum-32-characters-long-for-hmac', which contains hyphens and is not valid base64, so token signing threw once auth succeeded. Replace with a proper base64 value (openssl rand -base64 48). The base application.properties default was already correctly base64-encoded; only the docker override was wrong.
This commit is contained in:
Patrick Plate
+4
-1
@@ -28,7 +28,10 @@ services:
|
|||||||
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/cannamanage
|
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/cannamanage
|
||||||
SPRING_DATASOURCE_USERNAME: cannamanage
|
SPRING_DATASOURCE_USERNAME: cannamanage
|
||||||
SPRING_DATASOURCE_PASSWORD: cannamanage_dev
|
SPRING_DATASOURCE_PASSWORD: cannamanage_dev
|
||||||
CANNAMANAGE_SECURITY_JWT_SECRET: docker-dev-secret-key-minimum-32-characters-long-for-hmac
|
# JwtService base64-decodes this secret (Decoders.BASE64.decode) before using it as the
|
||||||
|
# HMAC-SHA key. It MUST be valid base64 — a plaintext string with hyphens throws
|
||||||
|
# "Illegal base64 character: '-'" at token-signing time (HTTP 500 after a successful login).
|
||||||
|
CANNAMANAGE_SECURITY_JWT_SECRET: hmSULRhmFYcOXDwYxb7bGXp7Bovh+hXgua/VqF44Ts/N+8YELWpWiqQ+aLrymCuM
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
|
|||||||
Reference in New Issue
Block a user