From 6764fa5e70b07934db588aac336637feb450e639 Mon Sep 17 00:00:00 2001
From: skiffer-git <72860476+skiffer-git@users.noreply.github.com>
Date: Thu, 4 Jan 2024 20:50:29 +0800
Subject: [PATCH 1/2] MongoDB supports non-root users (#1684)

* MongoDB supports non-root users

Signed-off-by: skiffer-git <44203734@qq.com>

* Update component.go

* Update env-template.yaml

* Update docker-compose.yml

* Update environment.sh

* Update openim.yaml

* Update mongo-init.sh

---------

Signed-off-by: skiffer-git <44203734@qq.com>
Co-authored-by: Xinwei Xiong <3293172751@qq.com>
---
 deployments/templates/env-template.yaml | 16 ++++++++++++----
 deployments/templates/openim.yaml       |  4 ++--
 docker-compose.yml                      | 16 +++++++---------
 pkg/common/db/unrelation/mongo.go       |  4 ++--
 scripts/install/environment.sh          |  9 +++++++--
 scripts/mongo-init.sh                   | 18 ++++++++++++------
 tools/component/component.go            | 11 +++++------
 7 files changed, 47 insertions(+), 31 deletions(-)

diff --git a/deployments/templates/env-template.yaml b/deployments/templates/env-template.yaml
index 1772af644..bdeda054f 100644
--- a/deployments/templates/env-template.yaml
+++ b/deployments/templates/env-template.yaml
@@ -84,19 +84,27 @@ OPENIM_IP=${OPENIM_IP}
 # Default: ZOOKEEPER_PORT=12181
 ZOOKEEPER_PORT=${ZOOKEEPER_PORT}
 
-# Port on which MongoDB service is running.
+# MongoDB service port configuration.
 # Default: MONGO_PORT=37017
 # MONGO_PORT=${MONGO_PORT}
 
-# Username to authenticate with the MongoDB service.
+# Username for MongoDB admin user. Used for service authentication.
 # Default: MONGO_USERNAME=root
 # MONGO_USERNAME=${MONGO_USERNAME}
 
-# Password to authenticate with the MongoDB service.
+# Password for MongoDB admin user. Used for service authentication.
 # Default: MONGO_PASSWORD=openIM123
 MONGO_PASSWORD=${MONGO_PASSWORD}
 
-# Name of the database in MongoDB to be used.
+# Username for a regular OpenIM user in MongoDB.
+# Default: MONGO_OPENIM_USERNAME=openIM
+MONGO_OPENIM_USERNAME=${MONGO_OPENIM_USERNAME}
+
+# Password for a regular OpenIM user in MongoDB.
+# Default: MONGO_OPENIM_PASSWORD=openIM123456
+MONGO_OPENIM_PASSWORD=${MONGO_OPENIM_PASSWORD}
+
+# Specifies the database name to be used within MongoDB.
 # Default: MONGO_DATABASE=openIM_v3
 MONGO_DATABASE=${MONGO_DATABASE}
 
diff --git a/deployments/templates/openim.yaml b/deployments/templates/openim.yaml
index 96d867e10..6880e4c4e 100644
--- a/deployments/templates/openim.yaml
+++ b/deployments/templates/openim.yaml
@@ -53,8 +53,8 @@ mongo:
 # Maximum connection pool size
   address: [ ${MONGO_ADDRESS}:${MONGO_PORT} ]
   database: ${MONGO_DATABASE}
-  username: ${MONGO_USERNAME}
-  password: ${MONGO_PASSWORD}
+  username: ${MONGO_OPENIM_USERNAME}
+  password: ${MONGO_OPENIM_PASSWORD}
   maxPoolSize: ${MONGO_MAX_POOL_SIZE}
 
 ###################### Redis configuration information ######################
diff --git a/docker-compose.yml b/docker-compose.yml
index fd71896a7..b5c80188c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,6 +10,8 @@ networks:
         - subnet: '${DOCKER_BRIDGE_SUBNET:-172.28.0.0/16}'
           gateway: '${DOCKER_BRIDGE_GATEWAY:-172.28.0.1}'
 
+
+
 services:
   mongodb:
     image: mongo:${MONGODB_IMAGE_VERSION-6.0.2}
@@ -21,13 +23,15 @@ services:
       - "${DATA_DIR:-./}/components/mongodb/data/db:/data/db"
       - "${DATA_DIR:-./}/components/mongodb/data/logs:/data/logs"
       - "${DATA_DIR:-./}/components/mongodb/data/conf:/etc/mongo"
-      - ./scripts/mongo-init.sh:/docker-entrypoint-initdb.d/mongo-init.sh:ro
+      - "./scripts/mongo-init.sh:/docker-entrypoint-initdb.d/mongo-init.sh:ro"
     environment:
       - TZ=Asia/Shanghai
       - wiredTigerCacheSizeGB=1
       - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME:-root}
       - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD:-openIM123}
       - MONGO_INITDB_DATABASE=${MONGO_DATABASE:-openIM_v3}
+      - MONGO_OPENIM_USERNAME=${MONGO_OPENIM_USERNAME:-openIM} # Non-root username
+      - MONGO_OPENIM_PASSWORD=${MONGO_OPENIM_PASSWORD:-openIM123456} # Non-root password
     restart: always
     networks:
       server:
@@ -122,9 +126,9 @@ services:
       server:
         ipv4_address: ${OPENIM_WEB_NETWORK_ADDRESS:-172.28.0.7}
 
-  ## Uncomment and configure the following services as needed
+  # Uncomment and configure the following services as needed
   # openim-admin:
-  #   image: ${IMAGE_REGISTRY:-ghcr.io/openimsdk}/openim-admin:toc-base-open-docker.35
+  #   image: ${IMAGE_REGISTRY:-ghcr.io/openimsdk}/openim-admin-front:v3.4.0
   #   container_name: openim-admin
   #   restart: always
   #   ports:
@@ -167,12 +171,6 @@ services:
   #   hostname: grafana
   #   user: root
   #   restart: always
-  #   environment:
-  #     - GF_SECURITY_ALLOW_EMBEDDING=true
-  #     - GF_SESSION_COOKIE_SAMESITE=none
-  #     - GF_SESSION_COOKIE_SECURE=true
-  #     - GF_AUTH_ANONYMOUS_ENABLED=true
-  #     - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
   #   ports:
   #     - "${GRAFANA_PORT:-13000}:3000"
   #   volumes:
diff --git a/pkg/common/db/unrelation/mongo.go b/pkg/common/db/unrelation/mongo.go
index 8cfb97a98..279a7901e 100644
--- a/pkg/common/db/unrelation/mongo.go
+++ b/pkg/common/db/unrelation/mongo.go
@@ -103,9 +103,9 @@ func buildMongoURI() string {
 		maxPoolSize = fmt.Sprint(config.Config.Mongo.MaxPoolSize)
 	}
 
-	uriFormat := "mongodb://%s/%s?maxPoolSize=%s&authSource=admin"
+	uriFormat := "mongodb://%s/%s?maxPoolSize=%s"
 	if username != "" && password != "" {
-		uriFormat = "mongodb://%s:%s@%s/%s?maxPoolSize=%s&authSource=admin"
+		uriFormat = "mongodb://%s:%s@%s/%s?maxPoolSize=%s"
 		return fmt.Sprintf(uriFormat, username, password, address, database, maxPoolSize)
 	}
 	return fmt.Sprintf(uriFormat, address, database, maxPoolSize)
diff --git a/scripts/install/environment.sh b/scripts/install/environment.sh
index 22a0996fc..a95bf6a93 100755
--- a/scripts/install/environment.sh
+++ b/scripts/install/environment.sh
@@ -171,9 +171,14 @@ def "MONGO_URI"                                # MongoDB的URI
 def "MONGO_PORT" "37017"                       # MongoDB的端口
 def "MONGO_ADDRESS" "${DOCKER_BRIDGE_GATEWAY}" # MongoDB的地址
 def "MONGO_DATABASE" "${DATABASE_NAME}"        # MongoDB的数据库名
-def "MONGO_USERNAME" "${OPENIM_USER}"                 # MongoDB的用户名
-# MongoDB的密码
+def "MONGO_USERNAME" "root"		       # MongoDB的管理员身份用户名
+# MongoDB的管理员身份密码
 readonly MONGO_PASSWORD=${MONGO_PASSWORD:-"${PASSWORD}"}
+# Mongo OpenIM 身份用户名
+def "MONGO_OPENIM_USERNAME" "openIM"
+# Mongo OpenIM 身份密码
+readonly MONGO_OPENIM_PASSWORD=${MONGO_OPENIM_PASSWORD:-'openIM123456'}
+
 def "MONGO_MAX_POOL_SIZE" "100"                # 最大连接池大小
 
 ###################### Object 配置信息 ######################
diff --git a/scripts/mongo-init.sh b/scripts/mongo-init.sh
index 07d0e3d03..bb9519648 100755
--- a/scripts/mongo-init.sh
+++ b/scripts/mongo-init.sh
@@ -12,15 +12,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-mongo -- "$MONGO_INITDB_DATABASE" <<EOF
-db = db.getSiblingDB('admin')
+set -e
+
+mongosh <<EOF
+use admin
 db.auth('$MONGO_INITDB_ROOT_USERNAME', '$MONGO_INITDB_ROOT_PASSWORD')
+
+
 db = db.getSiblingDB('$MONGO_INITDB_DATABASE')
 db.createUser({
-  user: "$MONGO_USERNAME",
-  pwd: "$MONGO_PASSWORD",
+  user: "$MONGO_OPENIM_USERNAME",
+  pwd: "$MONGO_OPENIM_PASSWORD",
   roles: [
-  { role: 'root', db: '$MONGO_INITDB_DATABASE' }
+    // Assign appropriate roles here
+    { role: 'readWrite', db: '$MONGO_INITDB_DATABASE' }
   ]
-})
+});
 EOF
+
diff --git a/tools/component/component.go b/tools/component/component.go
index e09fa11e6..62f2c60ac 100644
--- a/tools/component/component.go
+++ b/tools/component/component.go
@@ -25,10 +25,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/minio/minio-go/v7"
-	"github.com/redis/go-redis/v9"
-	"gopkg.in/yaml.v3"
-
 	"github.com/IBM/sarama"
 	"github.com/OpenIMSDK/tools/errs"
 	"github.com/go-zookeeper/zk"
@@ -38,6 +34,9 @@ import (
 	"github.com/openimsdk/open-im-server/v3/pkg/common/config"
 
 	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/minio/minio-go/v7"
+       "github.com/redis/go-redis/v9"
+       "gopkg.in/yaml.v3"
 )
 
 const (
@@ -172,10 +171,10 @@ func buildMongoURI() string {
 	mongodbHosts := strings.Join(config.Config.Mongo.Address, ",")
 
 	if username != "" && password != "" {
-		return fmt.Sprintf("mongodb://%s:%s@%s/%s?maxPoolSize=%d&authSource=admin",
+		return fmt.Sprintf("mongodb://%s:%s@%s/%s?maxPoolSize=%d",
 			username, password, mongodbHosts, database, maxPoolSize)
 	}
-	return fmt.Sprintf("mongodb://%s/%s?maxPoolSize=%d&authSource=admin",
+	return fmt.Sprintf("mongodb://%s/%s?maxPoolSize=%d",
 		mongodbHosts, database, maxPoolSize)
 }
 

From e0244d9ca7e8a7d8728bb915d094b11e7f8226f5 Mon Sep 17 00:00:00 2001
From: Xinwei Xiong <3293172751@qq.com>
Date: Thu, 4 Jan 2024 20:51:21 +0800
Subject: [PATCH 2/2] Update docker-start-all.sh fix MSG_TRANSFER_PROM_PORT
 (#1679)

* fix: fix the bug

* fix: fix the imAdmin permission and searchNoficitaion resp

* 2023 Annual Summary Reflections and Aspirations

Signed-off-by: Xinwei Xiong (cubxxw) <3293172751nss@gmail.com>

* fix: dissmissGroup and lack of keyword bug (#1678)

* Update docker-start-all.sh

* Update env-template.yaml

* Update docker-start-all.sh

---------

Signed-off-by: Xinwei Xiong (cubxxw) <3293172751nss@gmail.com>
Co-authored-by: luhaoling <2198702716@qq.com>
Co-authored-by: Brabem <69128477+luhaoling@users.noreply.github.com>
Co-authored-by: OpenIM Bot <124379614+kubbot@users.noreply.github.com>
---
 deployments/templates/env-template.yaml |  6 ------
 scripts/docker-start-all.sh             | 21 +--------------------
 2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/deployments/templates/env-template.yaml b/deployments/templates/env-template.yaml
index bdeda054f..09349aab0 100644
--- a/deployments/templates/env-template.yaml
+++ b/deployments/templates/env-template.yaml
@@ -195,18 +195,12 @@ CHAT_IMAGE_VERSION=${CHAT_IMAGE_VERSION}
 
 # Port for the OpenIM chat API.
 # Default: OPENIM_CHAT_API_PORT=10008
-# !!! TODO: Do not change the chat port https://github.com/openimsdk/chat/issues/365
 OPENIM_CHAT_API_PORT=${OPENIM_CHAT_API_PORT}
 
 # Port for the OpenIM admin API.
 # Default: OPENIM_ADMIN_API_PORT=10009
-# !!! TODO: Do not change the chat port https://github.com/openimsdk/chat/issues/365
 OPENIM_ADMIN_API_PORT=${OPENIM_ADMIN_API_PORT}
 
-# Directory path for storing data files or related information for OpenIM chat.
-# Default: OPENIM_CHAT_DATA_DIR=./openim-chat/main
-OPENIM_CHAT_DATA_DIR=${OPENIM_CHAT_DATA_DIR}
-
 # ======================================
 # ========== OpenIM Admin ==============
 # ======================================
diff --git a/scripts/docker-start-all.sh b/scripts/docker-start-all.sh
index 85954a677..2616b7bd1 100755
--- a/scripts/docker-start-all.sh
+++ b/scripts/docker-start-all.sh
@@ -21,25 +21,6 @@ set -o pipefail
 #fixme This scripts is the total startup scripts
 #fixme The full name of the shell scripts that needs to be started is placed in the need_to_start_server_shell array
 
-# Fixed ports inside the docker startup container
-export OPENIM_WS_PORT=10001
-export API_OPENIM_PORT=10002
-export API_PROM_PORT=20100
-export USER_PROM_PORT=20110
-export FRIEND_PROM_PORT=20120
-export MESSAGE_PROM_PORT=20130
-export MSG_GATEWAY_PROM_PORT=20140
-export GROUP_PROM_PORT=20150
-export AUTH_PROM_PORT=20160
-export PUSH_PROM_PORT=20170
-export CONVERSATION_PROM_PORT=20230
-export RTC_PROM_PORT=21300
-export THIRD_PROM_PORT=21301
-export MSG_TRANSFER_PROM_PORT=21400
-export MSG_TRANSFER_PROM_PORT=21401
-export MSG_TRANSFER_PROM_PORT=21402
-export MSG_TRANSFER_PROM_PORT=21403
-
 OPENIM_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
 source "${OPENIM_ROOT}/scripts/install/common.sh"
 
@@ -55,4 +36,4 @@ sleep 5
 
 "${OPENIM_ROOT}"/scripts/check-all.sh
 
-tail -f ${LOG_FILE}
\ No newline at end of file
+tail -f ${LOG_FILE}