mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-05-09 13:58:11 +00:00
Merge branch 'main' into feat/oauth-whitelist-file
This commit is contained in:
Stavros
@@ -12,15 +12,15 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/tinyauthapp/tinyauth/internal/config"
|
||||
"github.com/tinyauthapp/tinyauth/internal/controller"
|
||||
"github.com/tinyauthapp/tinyauth/internal/model"
|
||||
"github.com/tinyauthapp/tinyauth/internal/repository"
|
||||
"github.com/tinyauthapp/tinyauth/internal/utils"
|
||||
"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
|
||||
)
|
||||
|
||||
type BootstrapApp struct {
|
||||
config config.Config
|
||||
config model.Config
|
||||
context struct {
|
||||
appUrl string
|
||||
uuid string
|
||||
@@ -29,16 +29,21 @@ type BootstrapApp struct {
|
||||
csrfCookieName string
|
||||
redirectCookieName string
|
||||
oauthSessionCookieName string
|
||||
<<<<<<< HEAD
|
||||
users []config.User
|
||||
oauthWhitelist []string
|
||||
oauthProviders map[string]config.OAuthServiceConfig
|
||||
=======
|
||||
localUsers *[]model.LocalUser
|
||||
oauthProviders map[string]model.OAuthServiceConfig
|
||||
>>>>>>> main
|
||||
configuredProviders []controller.Provider
|
||||
oidcClients []config.OIDCClientConfig
|
||||
oidcClients []model.OIDCClientConfig
|
||||
}
|
||||
services Services
|
||||
}
|
||||
|
||||
func NewBootstrapApp(config config.Config) *BootstrapApp {
|
||||
func NewBootstrapApp(config model.Config) *BootstrapApp {
|
||||
return &BootstrapApp{
|
||||
config: config,
|
||||
}
|
||||
@@ -70,7 +75,7 @@ func (app *BootstrapApp) Setup() error {
|
||||
return err
|
||||
}
|
||||
|
||||
app.context.users = users
|
||||
app.context.localUsers = users
|
||||
|
||||
oauthWhitelist, err := utils.GetStringList(app.config.OAuth.Whitelist, app.config.OAuth.WhitelistFile)
|
||||
if err != nil {
|
||||
@@ -96,7 +101,7 @@ func (app *BootstrapApp) Setup() error {
|
||||
|
||||
for id, provider := range app.context.oauthProviders {
|
||||
if provider.Name == "" {
|
||||
if name, ok := config.OverrideProviders[id]; ok {
|
||||
if name, ok := model.OverrideProviders[id]; ok {
|
||||
provider.Name = name
|
||||
} else {
|
||||
provider.Name = utils.Capitalize(id)
|
||||
@@ -112,7 +117,13 @@ func (app *BootstrapApp) Setup() error {
|
||||
}
|
||||
|
||||
// Get cookie domain
|
||||
cookieDomain, err := utils.GetCookieDomain(app.context.appUrl)
|
||||
cookieDomainResolver := utils.GetCookieDomain
|
||||
if !app.config.Auth.SubdomainsEnabled {
|
||||
tlog.App.Info().Msg("Subdomains disabled, automatic authentication for proxied apps will not work")
|
||||
cookieDomainResolver = utils.GetStandaloneCookieDomain
|
||||
}
|
||||
|
||||
cookieDomain, err := cookieDomainResolver(app.context.appUrl)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -123,14 +134,14 @@ func (app *BootstrapApp) Setup() error {
|
||||
// Cookie names
|
||||
app.context.uuid = utils.GenerateUUID(appUrl.Hostname())
|
||||
cookieId := strings.Split(app.context.uuid, "-")[0]
|
||||
app.context.sessionCookieName = fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
|
||||
app.context.csrfCookieName = fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
|
||||
app.context.redirectCookieName = fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
|
||||
app.context.oauthSessionCookieName = fmt.Sprintf("%s-%s", config.OAuthSessionCookieName, cookieId)
|
||||
app.context.sessionCookieName = fmt.Sprintf("%s-%s", model.SessionCookieName, cookieId)
|
||||
app.context.csrfCookieName = fmt.Sprintf("%s-%s", model.CSRFCookieName, cookieId)
|
||||
app.context.redirectCookieName = fmt.Sprintf("%s-%s", model.RedirectCookieName, cookieId)
|
||||
app.context.oauthSessionCookieName = fmt.Sprintf("%s-%s", model.OAuthSessionCookieName, cookieId)
|
||||
|
||||
// Dumps
|
||||
tlog.App.Trace().Interface("config", app.config).Msg("Config dump")
|
||||
tlog.App.Trace().Interface("users", app.context.users).Msg("Users dump")
|
||||
tlog.App.Trace().Interface("users", app.context.localUsers).Msg("Users dump")
|
||||
tlog.App.Trace().Interface("oauthProviders", app.context.oauthProviders).Msg("OAuth providers dump")
|
||||
tlog.App.Trace().Str("cookieDomain", app.context.cookieDomain).Msg("Cookie domain")
|
||||
tlog.App.Trace().Str("sessionCookieName", app.context.sessionCookieName).Msg("Session cookie name")
|
||||
@@ -179,7 +190,7 @@ func (app *BootstrapApp) Setup() error {
|
||||
})
|
||||
}
|
||||
|
||||
if services.authService.LdapAuthConfigured() {
|
||||
if services.authService.LDAPAuthConfigured() {
|
||||
configuredProviders = append(configuredProviders, controller.Provider{
|
||||
Name: "LDAP",
|
||||
ID: "ldap",
|
||||
@@ -252,7 +263,7 @@ func (app *BootstrapApp) heartbeatRoutine() {
|
||||
var body heartbeat
|
||||
|
||||
body.UUID = app.context.uuid
|
||||
body.Version = config.Version
|
||||
body.Version = model.Version
|
||||
|
||||
bodyJson, err := json.Marshal(body)
|
||||
|
||||
@@ -265,7 +276,7 @@ func (app *BootstrapApp) heartbeatRoutine() {
|
||||
Timeout: 30 * time.Second, // The server should never take more than 30 seconds to respond
|
||||
}
|
||||
|
||||
heartbeatURL := config.ApiServer + "/v1/instances/heartbeat"
|
||||
heartbeatURL := model.APIServer + "/v1/instances/heartbeat"
|
||||
|
||||
for range ticker.C {
|
||||
tlog.App.Debug().Msg("Sending heartbeat")
|
||||
|
||||
@@ -4,9 +4,9 @@ import (
|
||||
"fmt"
|
||||
"slices"
|
||||
|
||||
"github.com/tinyauthapp/tinyauth/internal/config"
|
||||
"github.com/tinyauthapp/tinyauth/internal/controller"
|
||||
"github.com/tinyauthapp/tinyauth/internal/middleware"
|
||||
"github.com/tinyauthapp/tinyauth/internal/model"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
@@ -14,7 +14,7 @@ import (
|
||||
var DEV_MODES = []string{"main", "test", "development"}
|
||||
|
||||
func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
|
||||
if !slices.Contains(DEV_MODES, config.Version) {
|
||||
if !slices.Contains(DEV_MODES, model.Version) {
|
||||
gin.SetMode(gin.ReleaseMode)
|
||||
}
|
||||
|
||||
@@ -30,7 +30,8 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
|
||||
}
|
||||
|
||||
contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
|
||||
CookieDomain: app.context.cookieDomain,
|
||||
CookieDomain: app.context.cookieDomain,
|
||||
SessionCookieName: app.context.sessionCookieName,
|
||||
}, app.services.authService, app.services.oauthBrokerService)
|
||||
|
||||
err := contextMiddleware.Init()
|
||||
@@ -83,6 +84,7 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
|
||||
RedirectCookieName: app.context.redirectCookieName,
|
||||
CookieDomain: app.context.cookieDomain,
|
||||
OAuthSessionCookieName: app.context.oauthSessionCookieName,
|
||||
SubdomainsEnabled: app.config.Auth.SubdomainsEnabled,
|
||||
}, apiRouter, app.services.authService)
|
||||
|
||||
oauthController.SetupRoutes()
|
||||
@@ -98,7 +100,8 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
|
||||
proxyController.SetupRoutes()
|
||||
|
||||
userController := controller.NewUserController(controller.UserControllerConfig{
|
||||
CookieDomain: app.context.cookieDomain,
|
||||
CookieDomain: app.context.cookieDomain,
|
||||
SessionCookieName: app.context.sessionCookieName,
|
||||
}, apiRouter, app.services.authService)
|
||||
|
||||
userController.SetupRoutes()
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package bootstrap
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/tinyauthapp/tinyauth/internal/repository"
|
||||
"github.com/tinyauthapp/tinyauth/internal/service"
|
||||
"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
|
||||
@@ -10,6 +12,7 @@ type Services struct {
|
||||
accessControlService *service.AccessControlsService
|
||||
authService *service.AuthService
|
||||
dockerService *service.DockerService
|
||||
kubernetesService *service.KubernetesService
|
||||
ldapService *service.LdapService
|
||||
oauthBrokerService *service.OAuthBrokerService
|
||||
oidcService *service.OIDCService
|
||||
@@ -19,14 +22,14 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
|
||||
services := Services{}
|
||||
|
||||
ldapService := service.NewLdapService(service.LdapServiceConfig{
|
||||
Address: app.config.Ldap.Address,
|
||||
BindDN: app.config.Ldap.BindDN,
|
||||
BindPassword: app.config.Ldap.BindPassword,
|
||||
BaseDN: app.config.Ldap.BaseDN,
|
||||
Insecure: app.config.Ldap.Insecure,
|
||||
SearchFilter: app.config.Ldap.SearchFilter,
|
||||
AuthCert: app.config.Ldap.AuthCert,
|
||||
AuthKey: app.config.Ldap.AuthKey,
|
||||
Address: app.config.LDAP.Address,
|
||||
BindDN: app.config.LDAP.BindDN,
|
||||
BindPassword: app.config.LDAP.BindPassword,
|
||||
BaseDN: app.config.LDAP.BaseDN,
|
||||
Insecure: app.config.LDAP.Insecure,
|
||||
SearchFilter: app.config.LDAP.SearchFilter,
|
||||
AuthCert: app.config.LDAP.AuthCert,
|
||||
AuthKey: app.config.LDAP.AuthKey,
|
||||
})
|
||||
|
||||
err := ldapService.Init()
|
||||
@@ -38,17 +41,34 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
|
||||
|
||||
services.ldapService = ldapService
|
||||
|
||||
dockerService := service.NewDockerService()
|
||||
var labelProvider service.LabelProvider
|
||||
var dockerService *service.DockerService
|
||||
var kubernetesService *service.KubernetesService
|
||||
|
||||
err = dockerService.Init()
|
||||
useKubernetes := app.config.LabelProvider == "kubernetes" ||
|
||||
(app.config.LabelProvider == "auto" && os.Getenv("KUBERNETES_SERVICE_HOST") != "")
|
||||
|
||||
if err != nil {
|
||||
return Services{}, err
|
||||
if useKubernetes {
|
||||
tlog.App.Debug().Msg("Using Kubernetes label provider")
|
||||
kubernetesService = service.NewKubernetesService()
|
||||
err = kubernetesService.Init()
|
||||
if err != nil {
|
||||
return Services{}, err
|
||||
}
|
||||
services.kubernetesService = kubernetesService
|
||||
labelProvider = kubernetesService
|
||||
} else {
|
||||
tlog.App.Debug().Msg("Using Docker label provider")
|
||||
dockerService = service.NewDockerService()
|
||||
err = dockerService.Init()
|
||||
if err != nil {
|
||||
return Services{}, err
|
||||
}
|
||||
services.dockerService = dockerService
|
||||
labelProvider = dockerService
|
||||
}
|
||||
|
||||
services.dockerService = dockerService
|
||||
|
||||
accessControlsService := service.NewAccessControlsService(dockerService, app.config.Apps)
|
||||
accessControlsService := service.NewAccessControlsService(labelProvider, app.config.Apps)
|
||||
|
||||
err = accessControlsService.Init()
|
||||
|
||||
@@ -69,8 +89,13 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
|
||||
services.oauthBrokerService = oauthBrokerService
|
||||
|
||||
authService := service.NewAuthService(service.AuthServiceConfig{
|
||||
<<<<<<< HEAD
|
||||
Users: app.context.users,
|
||||
OauthWhitelist: app.context.oauthWhitelist,
|
||||
=======
|
||||
LocalUsers: app.context.localUsers,
|
||||
OauthWhitelist: app.config.OAuth.Whitelist,
|
||||
>>>>>>> main
|
||||
SessionExpiry: app.config.Auth.SessionExpiry,
|
||||
SessionMaxLifetime: app.config.Auth.SessionMaxLifetime,
|
||||
SecureCookie: app.config.Auth.SecureCookie,
|
||||
@@ -79,8 +104,9 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
|
||||
LoginMaxRetries: app.config.Auth.LoginMaxRetries,
|
||||
SessionCookieName: app.context.sessionCookieName,
|
||||
IP: app.config.Auth.IP,
|
||||
LDAPGroupsCacheTTL: app.config.Ldap.GroupCacheTTL,
|
||||
}, dockerService, services.ldapService, queries, services.oauthBrokerService)
|
||||
LDAPGroupsCacheTTL: app.config.LDAP.GroupCacheTTL,
|
||||
SubdomainsEnabled: app.config.Auth.SubdomainsEnabled,
|
||||
}, services.ldapService, queries, services.oauthBrokerService)
|
||||
|
||||
err = authService.Init()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user