From 9c7c1c3bf57abee66399ce3119e5e9910ae4c372 Mon Sep 17 00:00:00 2001
From: admin <admin@git.np-dms.work>
Date: Mon, 23 Feb 2026 15:09:02 +0700
Subject: [PATCH] fix(specs): sanitize docker-compose-app.yml v1.8.0 - replace
 hardcoded secrets with placeholders

- Updated to v1.8.0 header
- All sensitive values (DB_PASSWORD, REDIS_PASSWORD, JWT_SECRET,
  AUTH_SECRET) replaced with <SET_IN_CONTAINER_STATION> placeholder
- Added security comment reminder in file header
- Deleted duplicate 04-00-docker-compose/ folder (untracked)
- Deleted Google OAuth client_secret.json from disk
- Deleted empty specs/08-infrastructure/ folder from disk
---
 .../04-Infrastructure-OPS/docker-compose-app.yml  | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/specs/04-Infrastructure-OPS/docker-compose-app.yml b/specs/04-Infrastructure-OPS/docker-compose-app.yml
index 2aa17fc..d045ddd 100644
--- a/specs/04-Infrastructure-OPS/docker-compose-app.yml
+++ b/specs/04-Infrastructure-OPS/docker-compose-app.yml
@@ -1,5 +1,5 @@
 # File: /share/np-dms/app/docker-compose.yml
-# DMS Container v1.7.0: Application Stack (Backend + Frontend)
+# DMS Container v1.8.0: Application Stack (Backend + Frontend)
 # Application name: lcbp3-app
 # ============================================================
 # ⚠️  ใช้งานร่วมกับ services อื่นที่รันอยู่แล้วบน QNAP:
@@ -8,6 +8,9 @@
 #     - search  (services)
 #     - npm     (lcbp3-npm)
 # ============================================================
+# 🔒 SECURITY: ห้าม commit ค่า secrets จริงที่นี่
+#              ใช้ Environment Variables ใน Container Station UI
+# ============================================================
 
 x-restart: &restart_policy
   restart: unless-stopped
@@ -50,18 +53,18 @@ services:
       DB_PORT: '3306'
       DB_DATABASE: 'lcbp3'
       DB_USERNAME: 'center'
-      DB_PASSWORD: 'Center#2025'
+      DB_PASSWORD: '<SET_IN_CONTAINER_STATION>'
       # --- Redis ---
       REDIS_HOST: 'cache'
       REDIS_PORT: '6379'
-      REDIS_PASSWORD: 'Center2025'
+      REDIS_PASSWORD: '<SET_IN_CONTAINER_STATION>'
       # --- Elasticsearch ---
       ELASTICSEARCH_HOST: 'search'
       ELASTICSEARCH_PORT: '9200'
       # --- JWT ---
-      JWT_SECRET: 'eebc122aa65adde8c76c6a0847d9649b2b67a06db1504693e6c912e51499b76e'
+      JWT_SECRET: '<SET_IN_CONTAINER_STATION>'
       JWT_EXPIRATION: '8h'
-      JWT_REFRESH_SECRET: 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2'
+      JWT_REFRESH_SECRET: '<SET_IN_CONTAINER_STATION>'
       # --- Numbering ---
       NUMBERING_LOCK_TIMEOUT: '5000'
       NUMBERING_RESERVATION_TTL: '300'
@@ -107,7 +110,7 @@ services:
       HOSTNAME: '0.0.0.0'
       PORT: '3000'
       # --- NextAuth ---
-      AUTH_SECRET: 'eebc122aa65adde8c76c6a0847d9649b2b67a06db1504693e6c912e51499b76e'
+      AUTH_SECRET: '<SET_IN_CONTAINER_STATION>'
       AUTH_URL: 'https://lcbp3.np-dms.work'
     networks:
       - lcbp3