barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-29 05:05:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: unify labels

Browse Source
This commit is contained in:
Stavros
2025-08-29 13:52:47 +03:00
parent 03d06cb0a7
commit 598abc5fe1
5 changed files with 138 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
internal/service/auth_service.go
View File

@@ -283,18 +283,18 @@ func (auth *AuthService) UserAuthConfigured() bool {
return len(auth.Config.Users) > 0 || auth.LDAP != nil
}
func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.Labels) bool {
func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.AppLabels) bool {
if context.OAuth {
log.Debug().Msg("Checking OAuth whitelist")
return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
}
log.Debug().Msg("Checking users")
return utils.CheckFilter(labels.Users, context.Username)
return utils.CheckFilter(labels.Users.Allow, context.Username)
}
func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, labels config.Labels) bool {
if labels.OAuth.Groups == "" {
func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, groups string) bool {
if groups == "" {
return true
}
@@ -304,10 +304,10 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
}
// No need to parse since they are from the API response
oauthGroups := strings.Split(context.OAuthGroups, ",")
groupsSplit := strings.Split(groups, ",")
for _, group := range oauthGroups {
if utils.CheckFilter(labels.OAuth.Groups, group) {
for _, group := range groupsSplit {
if utils.CheckFilter(groups, group) {
return true
}
}
@@ -316,12 +316,12 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
return false
}
func (auth *AuthService) IsAuthEnabled(uri string, labels config.Labels) (bool, error) {
if labels.Allowed == "" {
func (auth *AuthService) IsAuthEnabled(uri string, pathAllow string) (bool, error) {
if pathAllow == "" {
return true, nil
}
regex, err := regexp.Compile(labels.Allowed)
regex, err := regexp.Compile(pathAllow)
if err != nil {
return true, err
@@ -346,8 +346,8 @@ func (auth *AuthService) GetBasicAuth(c *gin.Context) *config.User {
}
}
func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
for _, blocked := range labels.IP.Block {
func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
for _, blocked := range labels.Block {
res, err := utils.FilterIP(blocked, ip)
if err != nil {
log.Warn().Err(err).Str("item", blocked).Msg("Invalid IP/CIDR in block list")
@@ -359,7 +359,7 @@ func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
}
}
for _, allowed := range labels.IP.Allow {
for _, allowed := range labels.Allow {
res, err := utils.FilterIP(allowed, ip)
if err != nil {
log.Warn().Err(err).Str("item", allowed).Msg("Invalid IP/CIDR in allow list")
@@ -371,7 +371,7 @@ func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
}
}
if len(labels.IP.Allow) > 0 {
if len(labels.Allow) > 0 {
log.Debug().Str("ip", ip).Msg("IP not in allow list, denying access")
return false
}
@@ -380,8 +380,8 @@ func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
return true
}
func (auth *AuthService) IsBypassedIP(labels config.Labels, ip string) bool {
for _, bypassed := range labels.IP.Bypass {
func (auth *AuthService) IsBypassedIP(labels config.IPLabels, ip string) bool {
for _, bypassed := range labels.Bypass {
res, err := utils.FilterIP(bypassed, ip)
if err != nil {
log.Warn().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")

27
internal/service/docker_service.go
View File

@@ -6,8 +6,6 @@ import (
"tinyauth/internal/config"
"tinyauth/internal/utils"
"slices"
container "github.com/docker/docker/api/types/container"
"github.com/docker/docker/client"
"github.com/rs/zerolog/log"
@@ -57,17 +55,17 @@ func (docker *DockerService) DockerConnected() bool {
return err == nil
}
func (docker *DockerService) GetLabels(app string, domain string) (config.Labels, error) {
func (docker *DockerService) GetLabels(app string, domain string) (config.AppLabels, error) {
isConnected := docker.DockerConnected()
if !isConnected {
log.Debug().Msg("Docker not connected, returning empty labels")
return config.Labels{}, nil
return config.AppLabels{}, nil
}
containers, err := docker.GetContainers()
if err != nil {
return config.Labels{}, err
return config.AppLabels{}, err
}
for _, container := range containers {
@@ -83,18 +81,19 @@ func (docker *DockerService) GetLabels(app string, domain string) (config.Labels
continue
}
// Check if the container matches the ID or domain
if slices.Contains(labels.Domain, domain) {
log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
return labels, nil
}
for appName, appLabels := range labels.Apps {
if appLabels.Config.Domain == domain {
log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
return appLabels, nil
}
if strings.TrimPrefix(inspect.Name, "/") == app {
log.Debug().Str("id", inspect.ID).Msg("Found matching container by name")
return labels, nil
if strings.TrimPrefix(inspect.Name, "/") == appName {
log.Debug().Str("id", inspect.ID).Msg("Found matching container by app name")
return appLabels, nil
}
}
}
log.Debug().Msg("No matching container found, returning empty labels")
return config.Labels{}, nil
return config.AppLabels{}, nil
}