refactor: remove tailscale oauth

internal/handlers/handlers.go

@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"fmt"
-	"math/rand/v2"
 	"net/http"
 	"strings"
 	"tinyauth/internal/auth"
@@ -531,32 +530,6 @@ func (h *Handlers) OauthUrlHandler(c *gin.Context) {
 		})
 	}
 
-	// Tailscale does not have an auth url so we create a random code (does not need to be secure) to avoid caching and send it
-	if request.Provider == "tailscale" {
-		// Build tailscale query
-		queries, err := query.Values(types.TailscaleQuery{
-			Code: (1000 + rand.IntN(9000)),
-		})
-
-		// Handle error
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to build queries")
-			c.JSON(500, gin.H{
-				"status":  500,
-				"message": "Internal Server Error",
-			})
-			return
-		}
-
-		// Return tailscale URL (immidiately redirects to the callback)
-		c.JSON(200, gin.H{
-			"status":  200,
-			"message": "OK",
-			"url":     fmt.Sprintf("%s/api/oauth/callback/tailscale?%s", h.Config.AppURL, queries.Encode()),
-		})
-		return
-	}
-
 	// Return auth URL
 	c.JSON(200, gin.H{
 		"status":  200,

internal/providers/providers.go

@@ -17,11 +17,10 @@ func NewProviders(config types.OAuthConfig) *Providers {
 }
 
 type Providers struct {
-	Config    types.OAuthConfig
-	Github    *oauth.OAuth
-	Google    *oauth.OAuth
-	Tailscale *oauth.OAuth
-	Generic   *oauth.OAuth
+	Config  types.OAuthConfig
+	Github  *oauth.OAuth
+	Google  *oauth.OAuth
+	Generic *oauth.OAuth
 }
 
 func (providers *Providers) Init() {
@@ -59,22 +58,6 @@ func (providers *Providers) Init() {
 		providers.Google.Init()
 	}
 
-	if providers.Config.TailscaleClientId != "" && providers.Config.TailscaleClientSecret != "" {
-		log.Info().Msg("Initializing Tailscale OAuth")
-
-		// Create a new oauth provider with the tailscale config
-		providers.Tailscale = oauth.NewOAuth(oauth2.Config{
-			ClientID:     providers.Config.TailscaleClientId,
-			ClientSecret: providers.Config.TailscaleClientSecret,
-			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/tailscale", providers.Config.AppURL),
-			Scopes:       TailscaleScopes(),
-			Endpoint:     TailscaleEndpoint,
-		})
-
-		// Initialize the oauth provider
-		providers.Tailscale.Init()
-	}
-
 	// If we have a client id and secret for generic oauth, initialize the oauth provider
 	if providers.Config.GenericClientId != "" && providers.Config.GenericClientSecret != "" {
 		log.Info().Msg("Initializing Generic OAuth")
@@ -103,8 +86,6 @@ func (providers *Providers) GetProvider(provider string) *oauth.OAuth {
 		return providers.Github
 	case "google":
 		return providers.Google
-	case "tailscale":
-		return providers.Tailscale
 	case "generic":
 		return providers.Generic
 	default:
@@ -161,30 +142,6 @@ func (providers *Providers) GetUser(provider string) (string, error) {
 
 		log.Debug().Msg("Got email from google")
 
-		// Return the email
-		return email, nil
-	case "tailscale":
-		// If the tailscale provider is not configured, return an error
-		if providers.Tailscale == nil {
-			log.Debug().Msg("Tailscale provider not configured")
-			return "", nil
-		}
-
-		// Get the client from the tailscale provider
-		client := providers.Tailscale.GetClient()
-
-		log.Debug().Msg("Got client from tailscale")
-
-		// Get the email from the tailscale provider
-		email, err := GetTailscaleEmail(client)
-
-		// Check if there was an error
-		if err != nil {
-			return "", err
-		}
-
-		log.Debug().Msg("Got email from tailscale")
-
 		// Return the email
 		return email, nil
 	case "generic":
@@ -225,9 +182,6 @@ func (provider *Providers) GetConfiguredProviders() []string {
 	if provider.Google != nil {
 		providers = append(providers, "google")
 	}
-	if provider.Tailscale != nil {
-		providers = append(providers, "tailscale")
-	}
 	if provider.Generic != nil {
 		providers = append(providers, "generic")
 	}

internal/providers/tailscale.go

@@ -1,68 +0,0 @@
-package providers
-
-import (
-	"encoding/json"
-	"io"
-	"net/http"
-
-	"github.com/rs/zerolog/log"
-	"golang.org/x/oauth2"
-)
-
-// The tailscale email is the loginName
-type TailscaleUser struct {
-	LoginName string `json:"loginName"`
-}
-
-// The response from the tailscale user info endpoint
-type TailscaleUserInfoResponse struct {
-	Users []TailscaleUser `json:"users"`
-}
-
-// The scopes required for the tailscale provider
-func TailscaleScopes() []string {
-	return []string{"users:read"}
-}
-
-// The tailscale endpoint
-var TailscaleEndpoint = oauth2.Endpoint{
-	TokenURL: "https://api.tailscale.com/api/v2/oauth/token",
-}
-
-func GetTailscaleEmail(client *http.Client) (string, error) {
-	// Get the user info from tailscale using the oauth http client
-	res, err := client.Get("https://api.tailscale.com/api/v2/tailnet/-/users")
-
-	// Check if there was an error
-	if err != nil {
-		return "", err
-	}
-
-	log.Debug().Msg("Got response from tailscale")
-
-	// Read the body of the response
-	body, err := io.ReadAll(res.Body)
-
-	// Check if there was an error
-	if err != nil {
-		return "", err
-	}
-
-	log.Debug().Msg("Read body from tailscale")
-
-	// Parse the body into a user struct
-	var users TailscaleUserInfoResponse
-
-	// Unmarshal the body into the user struct
-	err = json.Unmarshal(body, &users)
-
-	// Check if there was an error
-	if err != nil {
-		return "", err
-	}
-
-	log.Debug().Msg("Parsed users from tailscale")
-
-	// Return the email of the first user
-	return users.Users[0].LoginName, nil
-}

internal/types/api.go

@@ -22,11 +22,6 @@ type UnauthorizedQuery struct {
 	Resource string `url:"resource"`
 }
 
-// TailscaleQuery is the query parameters for the tailscale endpoint
-type TailscaleQuery struct {
-	Code int `url:"code"`
-}
-
 // Proxy is the uri parameters for the proxy endpoint
 type Proxy struct {
 	Proxy string `uri:"proxy" binding:"required"`

internal/types/config.go

@@ -2,39 +2,36 @@ package types
 
 // Config is the configuration for the tinyauth server
 type Config struct {
-	Port                      int    `mapstructure:"port" validate:"required"`
-	Address                   string `validate:"required,ip4_addr" mapstructure:"address"`
-	Secret                    string `validate:"required,len=32" mapstructure:"secret"`
-	SecretFile                string `mapstructure:"secret-file"`
-	AppURL                    string `validate:"required,url" mapstructure:"app-url"`
-	Users                     string `mapstructure:"users"`
-	UsersFile                 string `mapstructure:"users-file"`
-	CookieSecure              bool   `mapstructure:"cookie-secure"`
-	GithubClientId            string `mapstructure:"github-client-id"`
-	GithubClientSecret        string `mapstructure:"github-client-secret"`
-	GithubClientSecretFile    string `mapstructure:"github-client-secret-file"`
-	GoogleClientId            string `mapstructure:"google-client-id"`
-	GoogleClientSecret        string `mapstructure:"google-client-secret"`
-	GoogleClientSecretFile    string `mapstructure:"google-client-secret-file"`
-	TailscaleClientId         string `mapstructure:"tailscale-client-id"`
-	TailscaleClientSecret     string `mapstructure:"tailscale-client-secret"`
-	TailscaleClientSecretFile string `mapstructure:"tailscale-client-secret-file"`
-	GenericClientId           string `mapstructure:"generic-client-id"`
-	GenericClientSecret       string `mapstructure:"generic-client-secret"`
-	GenericClientSecretFile   string `mapstructure:"generic-client-secret-file"`
-	GenericScopes             string `mapstructure:"generic-scopes"`
-	GenericAuthURL            string `mapstructure:"generic-auth-url"`
-	GenericTokenURL           string `mapstructure:"generic-token-url"`
-	GenericUserURL            string `mapstructure:"generic-user-url"`
-	GenericName               string `mapstructure:"generic-name"`
-	DisableContinue           bool   `mapstructure:"disable-continue"`
-	OAuthWhitelist            string `mapstructure:"oauth-whitelist"`
-	SessionExpiry             int    `mapstructure:"session-expiry"`
-	LogLevel                  int8   `mapstructure:"log-level" validate:"min=-1,max=5"`
-	Title                     string `mapstructure:"app-title"`
-	EnvFile                   string `mapstructure:"env-file"`
-	LoginTimeout              int    `mapstructure:"login-timeout"`
-	LoginMaxRetries           int    `mapstructure:"login-max-retries"`
+	Port                    int    `mapstructure:"port" validate:"required"`
+	Address                 string `validate:"required,ip4_addr" mapstructure:"address"`
+	Secret                  string `validate:"required,len=32" mapstructure:"secret"`
+	SecretFile              string `mapstructure:"secret-file"`
+	AppURL                  string `validate:"required,url" mapstructure:"app-url"`
+	Users                   string `mapstructure:"users"`
+	UsersFile               string `mapstructure:"users-file"`
+	CookieSecure            bool   `mapstructure:"cookie-secure"`
+	GithubClientId          string `mapstructure:"github-client-id"`
+	GithubClientSecret      string `mapstructure:"github-client-secret"`
+	GithubClientSecretFile  string `mapstructure:"github-client-secret-file"`
+	GoogleClientId          string `mapstructure:"google-client-id"`
+	GoogleClientSecret      string `mapstructure:"google-client-secret"`
+	GoogleClientSecretFile  string `mapstructure:"google-client-secret-file"`
+	GenericClientId         string `mapstructure:"generic-client-id"`
+	GenericClientSecret     string `mapstructure:"generic-client-secret"`
+	GenericClientSecretFile string `mapstructure:"generic-client-secret-file"`
+	GenericScopes           string `mapstructure:"generic-scopes"`
+	GenericAuthURL          string `mapstructure:"generic-auth-url"`
+	GenericTokenURL         string `mapstructure:"generic-token-url"`
+	GenericUserURL          string `mapstructure:"generic-user-url"`
+	GenericName             string `mapstructure:"generic-name"`
+	DisableContinue         bool   `mapstructure:"disable-continue"`
+	OAuthWhitelist          string `mapstructure:"oauth-whitelist"`
+	SessionExpiry           int    `mapstructure:"session-expiry"`
+	LogLevel                int8   `mapstructure:"log-level" validate:"min=-1,max=5"`
+	Title                   string `mapstructure:"app-title"`
+	EnvFile                 string `mapstructure:"env-file"`
+	LoginTimeout            int    `mapstructure:"login-timeout"`
+	LoginMaxRetries         int    `mapstructure:"login-max-retries"`
 }
 
 // Server configuration
@@ -47,19 +44,17 @@ type HandlersConfig struct {
 
 // OAuthConfig is the configuration for the providers
 type OAuthConfig struct {
-	GithubClientId        string
-	GithubClientSecret    string
-	GoogleClientId        string
-	GoogleClientSecret    string
-	TailscaleClientId     string
-	TailscaleClientSecret string
-	GenericClientId       string
-	GenericClientSecret   string
-	GenericScopes         []string
-	GenericAuthURL        string
-	GenericTokenURL       string
-	GenericUserURL        string
-	AppURL                string
+	GithubClientId      string
+	GithubClientSecret  string
+	GoogleClientId      string
+	GoogleClientSecret  string
+	GenericClientId     string
+	GenericClientSecret string
+	GenericScopes       []string
+	GenericAuthURL      string
+	GenericTokenURL     string
+	GenericUserURL      string
+	AppURL              string
 }
 
 // APIConfig is the configuration for the API

internal/utils/utils.go

@@ -213,7 +213,7 @@ func GetTinyauthLabels(labels map[string]string) types.TinyauthLabels {
 
 // Check if any of the OAuth providers are configured based on the client id and secret
 func OAuthConfigured(config types.Config) bool {
-	return (config.GithubClientId != "" && config.GithubClientSecret != "") || (config.GoogleClientId != "" && config.GoogleClientSecret != "") || (config.GenericClientId != "" && config.GenericClientSecret != "") || (config.TailscaleClientId != "" && config.TailscaleClientSecret != "")
+	return (config.GithubClientId != "" && config.GithubClientSecret != "") || (config.GoogleClientId != "" && config.GoogleClientSecret != "") || (config.GenericClientId != "" && config.GenericClientSecret != "")
 }
 
 // Filter helper function