barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-30 13:45:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add sqlite database for storing sessions (#326)

Browse Source 
* feat: add sqlite database for storing sessions

* refactor: use db instance instead of service in auth service

* fix: coderabbit suggestions
This commit is contained in:
Stavros
2025-08-29 12:35:11 +03:00
committed by GitHub
parent 87ca77d74c
commit 03d06cb0a7
20 changed files with 310 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/controller/oauth_controller.go
View File

@@ -144,7 +144,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
return
}
if !controller.Auth.EmailWhitelisted(user.Email) {
if !controller.Auth.IsEmailWhitelisted(user.Email) {
queries, err := query.Values(config.UnauthorizedQuery{
Username: user.Email,
})
@@ -169,8 +169,18 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
name = fmt.Sprintf("%s (%s)", utils.Capitalize(strings.Split(user.Email, "@")[0]), strings.Split(user.Email, "@")[1])
}
var usename string
if user.PreferredUsername != "" {
log.Debug().Msg("Using preferred username from OAuth provider")
usename = user.PreferredUsername
} else {
log.Debug().Msg("No preferred username from OAuth provider, using pseudo username")
usename = strings.Replace(user.Email, "@", "_", -1)
}
controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
Username: user.Email,
Username: usename,
Name: name,
Email: user.Email,
Provider: req.Provider,

8
internal/controller/proxy_controller.go
View File

@@ -89,7 +89,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
clientIP := c.ClientIP()
if controller.Auth.BypassedIP(labels, clientIP) {
if controller.Auth.IsBypassedIP(labels, clientIP) {
c.Header("Authorization", c.Request.Header.Get("Authorization"))
headers := utils.ParseHeaders(labels.Headers)
@@ -135,7 +135,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
return
}
authEnabled, err := controller.Auth.AuthEnabled(uri, labels)
authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels)
if err != nil {
log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
@@ -195,7 +195,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
}
if userContext.IsLoggedIn {
appAllowed := controller.Auth.ResourceAllowed(c, userContext, labels)
appAllowed := controller.Auth.IsResourceAllowed(c, userContext, labels)
if !appAllowed {
log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
@@ -229,7 +229,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
}
if userContext.OAuth {
groupOK := controller.Auth.OAuthGroup(c, userContext, labels)
groupOK := controller.Auth.IsInOAuthGroup(c, userContext, labels)
if !groupOK {
log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User OAuth groups do not match resource requirements")