chore(api): remove default db password

sunshinesmilelk · Oct 28, 2024 · 3eebca5 · 3eebca5
1 parent c00abd4
commit 3eebca5
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -21,10 +21,10 @@ PEER 多智能体对话
 
 #### 后续计划
 
-- 9 月
-  - [x] 支持 agent/tool/knowledge 产品化创建
-  - [x] 支持 flow 方式研发 agent
-  - [ ] 支持 peer 多智能体的表单编排
+- 11 月
+  - [ ] 工作流节点支持代码节点
+  - [ ] 工作流节点支持意图识别
+  - [ ] 更清晰的调试信息
 
 #### 配置
 

diff --git a/api/README.md b/api/README.md
@@ -1 +1,7 @@
 # magent-platform
+
+## 启动
+
+```shell
+echo "your_strong_password" | docker secret create postgres_password -
+```
diff --git a/api/api_config.py b/api/api_config.py
@@ -1,11 +1,12 @@
 import warnings
-from pydantic_settings import BaseSettings
+from pydantic_settings import BaseSettings, SettingsConfigDict
 from pydantic_core import MultiHostUrl
 from typing import Literal
 from typing_extensions import Self
 
 from pydantic import (
     PostgresDsn,
+    SecretStr,
     computed_field,
     model_validator,
 )
@@ -26,11 +27,10 @@ class Settings(BaseSettings):
     POSTGRES_SERVER: str = 'localhost'
     POSTGRES_PORT: int = 5432
     POSTGRES_USER: str = 'postgres'
-    POSTGRES_PASSWORD: str = 'magent123456'
+    POSTGRES_PASSWORD: SecretStr
     POSTGRES_DB: str = 'magent'
 
     FIRST_SUPERUSER: str = '[email protected]'
-    FIRST_SUPERUSER_PASSWORD: str = 'magent123456'
     FIRST_SUPERUSER_AVATAR: str = 'https://api.dicebear.com/7.x/miniavs/svg?seed=1'
 
     @computed_field  # type: ignore[misc]
@@ -39,7 +39,7 @@ def SQLALCHEMY_DATABASE_URI(self) -> PostgresDsn:
         return MultiHostUrl.build(
             scheme="postgresql+psycopg2",
             username=self.POSTGRES_USER,
-            password=self.POSTGRES_PASSWORD,
+            password=self.POSTGRES_PASSWORD.get_secret_value(),
             host=self.POSTGRES_SERVER,
             port=self.POSTGRES_PORT,
             path=self.POSTGRES_DB,
@@ -58,12 +58,17 @@ def _check_default_secret(self, var_name: str, value: str | None) -> None:
 
     @model_validator(mode="after")
     def _enforce_non_default_secrets(self) -> Self:
-        self._check_default_secret("POSTGRES_PASSWORD", self.POSTGRES_PASSWORD)
         self._check_default_secret(
-            "FIRST_SUPERUSER_PASSWORD", self.FIRST_SUPERUSER_PASSWORD
-        )
-
+            "POSTGRES_PASSWORD", self.POSTGRES_PASSWORD.get_secret_value())
         return self
 
+    class Config:
+        # 指定 Docker Secrets 的目录
+        secrets_dir = '/run/secrets'
+
 
-settings = Settings()
+try:
+    # 创建配置实例
+    settings = Settings()  # type: ignore
+except Exception as e:
+    print(f"Error loading settings: {e}")
diff --git a/api/dao/account.py b/api/dao/account.py
@@ -49,7 +49,7 @@ def init_db(session: Session) -> None:
     if not user:
         user_in = AccountCreate(
             email=settings.FIRST_SUPERUSER,
-            password=settings.FIRST_SUPERUSER_PASSWORD,
+            password=settings.POSTGRES_PASSWORD.get_secret_value(),
             name=settings.FIRST_SUPERUSER,
             avatar=settings.FIRST_SUPERUSER_AVATAR
         )

diff --git a/docker/docker-compose-dev.yaml b/docker/docker-compose-dev.yaml
@@ -7,11 +7,13 @@ services:
     environment:
       PGUSER: postgres
       # The password for the default postgres user.
-      POSTGRES_PASSWORD: magent123456
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
       # The name of the default postgres database.
       POSTGRES_DB: magent
       # postgres data directory
       PGDATA: /var/lib/postgresql/data/pgdata
+    secrets:
+      - postgres_password
     volumes:
       - ./volumes/db/data:/var/lib/postgresql/data
     # uncomment to expose db(postgresql) port to host
@@ -22,3 +24,8 @@ services:
       interval: 1s
       timeout: 3s
       retries: 30
+
+
+secrets:
+  postgres_password:
+    external: true
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
@@ -10,10 +10,12 @@ services:
       # The configurations of postgres database connection.
       # It is consistent with the configuration in the 'db' service below.
       DB_USERNAME: postgres
-      DB_PASSWORD: magent123456
+      DB_PASSWORD_FILE: /run/secrets/postgres_password
       DB_HOST: db
       DB_PORT: 5432
       DB_DATABASE: magent
+    secrets:
+      - db_password
 
     depends_on:
       - db
@@ -32,11 +34,13 @@ services:
     environment:
       PGUSER: postgres
       # The password for the default postgres user.
-      POSTGRES_PASSWORD: magent123456
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
       # The name of the default postgres database.
       POSTGRES_DB: magent
       # postgres data directory
       PGDATA: /var/lib/postgresql/data/pgdata
+    secrets:
+      - postgres_password
     volumes:
       - ./volumes/db/data:/var/lib/postgresql/data
     # uncomment to expose db(postgresql) port to host
@@ -64,3 +68,6 @@ services:
     ports:
       - '8080:8080'
       #- "443:443"
+secrets:
+  postgres_password:
+    external: true