Merge pull request #4 from Titus-System/feat/password-management

pedro-fs-garcia · web-flow · commit cea1f4963ea8 · 2026-04-03T22:18:41.000-03:00
Configure Mongo auth end-to-end (Compose, env docs, and app connection string)
diff --git a/.dockerignore b/.dockerignore
@@ -27,3 +27,5 @@ docker-compose.yaml
 .vscode
 .idea
 *.DS_Store
+
+.digital-ocean
diff --git a/.env.example b/.env.example
@@ -4,7 +4,7 @@ PROJECT_VERSION=1.0.0
 
 ENVIRONMENT=development
 
-FRONTEND_URL=http://localhost:3000
+FRONTEND_URL=http://syncdesk.pro
 
 # CORS settings
 CORS_ALLOW_ORIGINS=["https://app.example.com","http://localhost:3000"]
@@ -20,8 +20,10 @@ POSTGRES_HOST=localhost
 POSTGRES_PORT=5432
 
 # Configurações do MongoDB
-# MONGO_USER=mongouser
-# MONGO_PASSWORD=mongopassword
+MONGO_INITDB_ROOT_USERNAME=mongouser # option to be used with docker compose
+MONGO_INITDB_ROOT_PASSWORD=mongopassword # to be used with docker compose
+MONGO_USER=mongouser
+MONGO_PASSWORD=mongopassword
 MONGO_HOST=localhost
 MONGO_PORT=27017
 MONGO_DB=syncdesk_db
diff --git a/.gitignore b/.gitignore
@@ -46,3 +46,6 @@ logs/*
 
 .github/*
 !/.github/workflows/
+
+
+.digital-ocean
diff --git a/README.md b/README.md
@@ -50,9 +50,10 @@ Each sub-module has its own README with detailed documentation:
 ## Prerequisites
 
 - **Python 3.12+**
+- **Poetry** (package manager) — [install guide](https://python-poetry.org/docs/#installation)
 - **PostgreSQL** (running locally or in a container)
 - **MongoDB** (running locally or in a container)
-- **Poetry** (package manager) — [install guide](https://python-poetry.org/docs/#installation)
+- **Docker + Docker Compose plugin** (recommended for quickest setup)
 
 ---
 
@@ -61,15 +62,21 @@ Each sub-module has its own README with detailed documentation:
 ### 1. Clone and install dependencies
 
 ```bash
-git clone <repository-url>
-cd backend
+git clone https://github.com/Titus-System/syncdesk-api.git
+cd syncdesk-api
 make install
 # or: poetry install
 ```
 
 ### 2. Configure environment variables
 
-Create a `.env` file in the project root. All variables have sensible defaults for local development, so a minimal `.env` can be empty — but you should at least set a proper JWT secret:
+Create a `.env` file in the project root:
+
+```bash
+cp .env.example .env
+```
+
+Use these values as a baseline for local development:
 
 ```dotenv
 # .env
@@ -85,13 +92,18 @@ POSTGRES_PORT=5432
 POSTGRES_DB=syncdesk_db
 
 # MongoDB
-MONGO_USER=
-MONGO_PASSWORD=
+MONGO_USER=mongouser
+MONGO_PASSWORD=mongopassword
 MONGO_HOST=localhost
 MONGO_PORT=27017
 MONGO_DB=syncdesk_db
 
+# Mongo root user (required when Mongo runs via docker compose)
+MONGO_INITDB_ROOT_USERNAME=mongouser
+MONGO_INITDB_ROOT_PASSWORD=mongopassword
+
 # JWT (change the secrets in any non-local environment)
+JWT_SECRET_KEY=change-me-in-production
 ACCESS_TOKEN_SIGNING_KEY=change-me-in-production
 REFRESH_TOKEN_SIGNING_KEY=change-me-in-production
 JWT_ALGORITHM=HS256
@@ -109,22 +121,32 @@ PROJECT_VERSION=0.1.0
 
 Full variable reference is in the [core/ docs](app/core/README.md#configuration-configpy).
 
+Important:
+
+- For Docker Compose, keep `MONGO_USER` / `MONGO_PASSWORD` equal to `MONGO_INITDB_ROOT_USERNAME` / `MONGO_INITDB_ROOT_PASSWORD`.
+- The app authenticates MongoDB using `authSource=admin` when credentials are present.
+
 ### 3. Set up the databases
 
-#### Option A: Development mode (auto-setup)
+#### Option A: Local API run (with local DB services)
 
 When `ENVIRONMENT=development`, the app:
 
 - connects to MongoDB on startup,
-- and **automatically creates the PostgreSQL database and all tables** (drops and recreates).
+- creates the PostgreSQL database if it does not exist,
+- and runs Alembic migrations if the schema is behind `head`.
 
-Make sure both PostgreSQL and MongoDB are running:
+Start databases first (one simple option is using Compose only for DB services):
 
 ```bash
-make dev
+docker compose up -d db mongo
 ```
 
-> **Warning:** Postgres auto-setup drops all tables every startup in development. Use only for local development.
+Then run the API locally:
+
+```bash
+make dev
+```
 
 #### Option B: Using Alembic migrations (recommended for staging/production)
 
@@ -207,19 +229,37 @@ POSTGRES_DB=syncdesk_db
 POSTGRES_HOST=localhost
 POSTGRES_PORT=5432
 
+MONGO_INITDB_ROOT_USERNAME=mongouser
+MONGO_INITDB_ROOT_PASSWORD=mongopassword
+MONGO_USER=mongouser
+MONGO_PASSWORD=mongopassword
 MONGO_HOST=localhost
 MONGO_PORT=27017
 MONGO_DB=syncdesk_db
 ```
 
 `POSTGRES_HOST` is automatically overridden to `db`, and `MONGO_HOST` to `mongo`, inside the API container.
 
+`MONGO_INITDB_ROOT_*` is used to create the MongoDB root user on first startup. The API connects with `MONGO_USER`/`MONGO_PASSWORD` and authenticates against `admin`.
+
 ### 2. Start all services
 
 ```bash
 docker compose up --build
 ```
 
+To run in detached mode:
+
+```bash
+docker compose up -d --build
+```
+
+To follow API logs:
+
+```bash
+docker compose logs -f api
+```
+
 What happens automatically:
 
 - PostgreSQL container starts and becomes healthy
@@ -229,6 +269,15 @@ What happens automatically:
 - Alembic runs: `alembic upgrade head`
 - FastAPI starts on `http://localhost:8000`
 
+If you previously changed Mongo credentials and still get `Authentication failed`, recreate containers and volumes once:
+
+```bash
+docker compose down -v
+docker compose up --build
+```
+
+If ports are already in use locally, adjust host ports in `docker-compose.yaml`.
+
 ### 3. Stop services
 
 ```bash
@@ -240,6 +289,21 @@ To also remove Postgres and Mongo persisted data:
 ```bash
 docker compose down -v
 ```
+
+Data persistence behavior:
+
+- `docker compose down` keeps DB data (named volumes are preserved)
+- `docker compose down -v` removes DB data
+
+Quick reset commands:
+
+```bash
+# Stop and keep data
+docker compose down
+
+# Stop and delete database data
+docker compose down -v
+```
 ---
 
 ## Code Quality
diff --git a/app/core/config.py b/app/core/config.py
@@ -78,16 +78,16 @@ def mongo_database_url(self) -> str:
         if self.MONGO_USER and self.MONGO_PASSWORD:
             return (
                 f"mongodb://{self.MONGO_USER}:{self.MONGO_PASSWORD}@"
-                f"{self.MONGO_HOST}:{self.MONGO_PORT}/{self.mongo_db_test}"
+                f"{self.MONGO_HOST}:{self.MONGO_PORT}/{self.MONGO_DB}?authSource=admin"
             )
-        return f"mongodb://{self.MONGO_HOST}:{self.MONGO_PORT}/{self.mongo_db_test}"
+        return f"mongodb://{self.MONGO_HOST}:{self.MONGO_PORT}/{self.MONGO_DB}"
 
     @property
     def test_mongo_bd_url(self) -> str:
         if self.MONGO_USER and self.MONGO_PASSWORD:
             return (
                 f"mongodb://{self.MONGO_USER}:{self.MONGO_PASSWORD}@"
-                f"{self.MONGO_HOST}:{self.MONGO_PORT}/{self.MONGO_DB}"
+                f"{self.MONGO_HOST}:{self.MONGO_PORT}/{self.mongo_db_test}?authSource=admin"
             )
         return f"mongodb://{self.MONGO_HOST}:{self.MONGO_PORT}/{self.mongo_db_test}"
 
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -24,12 +24,17 @@ services:
     image: mongo:7
     container_name: syncdesk_mongo_db
     restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
     ports:
       - "27017:27017"
     volumes:
       - mongo_data:/data/db
     healthcheck:
-      test: [ "CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping')" ]
+      test: [ "CMD", "mongosh", "--quiet", "-u", "${MONGO_INITDB_ROOT_USERNAME}", "-p", "${MONGO_INITDB_ROOT_PASSWORD}", "--authenticationDatabase", "admin", "--eval", "db.adminCommand('ping')" ]
       interval: 30s
       timeout: 5s
       retries: 5
