From 5f9bf1cd80e56cd5b2db3686fcceff1791539f9a Mon Sep 17 00:00:00 2001 From: Stavros Date: Mon, 16 Feb 2026 23:30:31 +0200 Subject: [PATCH] chore: review comments --- .env.example | 97 ++++++++++++++++++++++++++++++++++++++++++-------- gen/gen_env.go | 29 +++++++++++++-- 2 files changed, 109 insertions(+), 17 deletions(-) diff --git a/.env.example b/.env.example index bac8786..5d3e284 100644 --- a/.env.example +++ b/.env.example @@ -2,151 +2,220 @@ # The base URL where the app is hosted. TINYAUTH_APPURL= + # The directory where resources are stored. -TINYAUTH_RESOURCESDIR=./resources +TINYAUTH_RESOURCESDIR="./resources" + # The path to the database file. -TINYAUTH_DATABASEPATH=./tinyauth.db +TINYAUTH_DATABASEPATH="./tinyauth.db" + # Disable analytics. TINYAUTH_DISABLEANALYTICS=false + # Disable resources server. TINYAUTH_DISABLERESOURCES=false + # The port on which the server listens. TINYAUTH_SERVER_PORT=3000 + # The address on which the server listens. -TINYAUTH_SERVER_ADDRESS=0.0.0.0 +TINYAUTH_SERVER_ADDRESS="0.0.0.0" + # The path to the Unix socket. TINYAUTH_SERVER_SOCKETPATH= + # List of allowed IPs or CIDR ranges. TINYAUTH_AUTH_IP_ALLOW= + # List of blocked IPs or CIDR ranges. TINYAUTH_AUTH_IP_BLOCK= + # Comma-separated list of users (username:hashed_password). TINYAUTH_AUTH_USERS= + # Path to the users file. TINYAUTH_AUTH_USERSFILE= + # Enable secure cookies. TINYAUTH_AUTH_SECURECOOKIE=false + # Session expiry time in seconds. TINYAUTH_AUTH_SESSIONEXPIRY=86400 + # Maximum session lifetime in seconds. TINYAUTH_AUTH_SESSIONMAXLIFETIME=0 + # Login timeout in seconds. TINYAUTH_AUTH_LOGINTIMEOUT=300 + # Maximum login retries. TINYAUTH_AUTH_LOGINMAXRETRIES=3 + # Comma-separated list of trusted proxy addresses. TINYAUTH_AUTH_TRUSTEDPROXIES= + # The domain of the app. TINYAUTH_APPS_[NAME]_CONFIG_DOMAIN= + # Comma-separated list of allowed users. TINYAUTH_APPS_[NAME]_USERS_ALLOW= + # Comma-separated list of blocked users. TINYAUTH_APPS_[NAME]_USERS_BLOCK= + # Comma-separated list of allowed OAuth groups. TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST= + # Comma-separated list of required OAuth groups. TINYAUTH_APPS_[NAME]_OAUTH_GROUPS= + # List of allowed IPs or CIDR ranges. TINYAUTH_APPS_[NAME]_IP_ALLOW= + # List of blocked IPs or CIDR ranges. TINYAUTH_APPS_[NAME]_IP_BLOCK= + # List of IPs or CIDR ranges that bypass authentication. TINYAUTH_APPS_[NAME]_IP_BYPASS= + # Custom headers to add to the response. TINYAUTH_APPS_[NAME]_RESPONSE_HEADERS= + # Basic auth username. TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_USERNAME= + # Basic auth password. TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORD= + # Path to the file containing the basic auth password. TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORDFILE= + # Comma-separated list of allowed paths. TINYAUTH_APPS_[NAME]_PATH_ALLOW= + # Comma-separated list of blocked paths. TINYAUTH_APPS_[NAME]_PATH_BLOCK= + # Comma-separated list of required LDAP groups. TINYAUTH_APPS_[NAME]_LDAP_GROUPS= + # Comma-separated list of allowed OAuth domains. TINYAUTH_OAUTH_WHITELIST= + # The OAuth provider to use for automatic redirection. TINYAUTH_OAUTH_AUTOREDIRECT= + # OAuth client ID. TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTID= + # OAuth client secret. TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRET= + # Path to the file containing the OAuth client secret. TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRETFILE= + # OAuth scopes. TINYAUTH_OAUTH_PROVIDERS_[NAME]_SCOPES= + # OAuth redirect URL. TINYAUTH_OAUTH_PROVIDERS_[NAME]_REDIRECTURL= + # OAuth authorization URL. TINYAUTH_OAUTH_PROVIDERS_[NAME]_AUTHURL= + # OAuth token URL. TINYAUTH_OAUTH_PROVIDERS_[NAME]_TOKENURL= + # OAuth userinfo URL. TINYAUTH_OAUTH_PROVIDERS_[NAME]_USERINFOURL= + # Allow insecure OAuth connections. TINYAUTH_OAUTH_PROVIDERS_[NAME]_INSECURE=false + # Provider name in UI. TINYAUTH_OAUTH_PROVIDERS_[NAME]_NAME= + # Path to the private key file. -TINYAUTH_OIDC_PRIVATEKEYPATH=./tinyauth_oidc_key +TINYAUTH_OIDC_PRIVATEKEYPATH="./tinyauth_oidc_key" + # Path to the public key file. -TINYAUTH_OIDC_PUBLICKEYPATH=./tinyauth_oidc_key.pub -# OIDC client ID. -TINYAUTH_OIDC_CLIENTS_[NAME]_ID= +TINYAUTH_OIDC_PUBLICKEYPATH="./tinyauth_oidc_key.pub" + # OIDC client ID. TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTID= + # OIDC client secret. TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRET= + # Path to the file containing the OIDC client secret. TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRETFILE= + # List of trusted redirect URIs. TINYAUTH_OIDC_CLIENTS_[NAME]_TRUSTEDREDIRECTURIS= + # Client name in UI. TINYAUTH_OIDC_CLIENTS_[NAME]_NAME= + # The title of the UI. -TINYAUTH_UI_TITLE=Tinyauth +TINYAUTH_UI_TITLE="Tinyauth" + # Message displayed on the forgot password page. -TINYAUTH_UI_FORGOTPASSWORDMESSAGE=You can change your password by changing the configuration. +TINYAUTH_UI_FORGOTPASSWORDMESSAGE="You can change your password by changing the configuration." + # Path to the background image. -TINYAUTH_UI_BACKGROUNDIMAGE=/background.jpg +TINYAUTH_UI_BACKGROUNDIMAGE="/background.jpg" + # Disable UI warnings. TINYAUTH_UI_DISABLEWARNINGS=false + # LDAP server address. TINYAUTH_LDAP_ADDRESS= + # Bind DN for LDAP authentication. TINYAUTH_LDAP_BINDDN= + # Bind password for LDAP authentication. TINYAUTH_LDAP_BINDPASSWORD= + # Base DN for LDAP searches. TINYAUTH_LDAP_BASEDN= + # Allow insecure LDAP connections. TINYAUTH_LDAP_INSECURE=false + # LDAP search filter. -TINYAUTH_LDAP_SEARCHFILTER=(uid=%s) +TINYAUTH_LDAP_SEARCHFILTER="(uid=%s)" + # Certificate for mTLS authentication. TINYAUTH_LDAP_AUTHCERT= + # Certificate key for mTLS authentication. TINYAUTH_LDAP_AUTHKEY= + # Cache duration for LDAP group membership in seconds. TINYAUTH_LDAP_GROUPCACHETTL=900 -# Path to config file. -TINYAUTH_EXPERIMENTAL_CONFIGFILE= + # Log level (trace, debug, info, warn, error). -TINYAUTH_LOG_LEVEL=info +TINYAUTH_LOG_LEVEL="info" + # Enable JSON formatted logs. TINYAUTH_LOG_JSON=false + # Enable this log stream. TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true + # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_HTTP_LEVEL= + # Enable this log stream. TINYAUTH_LOG_STREAMS_APP_ENABLED=true + # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_APP_LEVEL= + # Enable this log stream. TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false + # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_AUDIT_LEVEL= + diff --git a/gen/gen_env.go b/gen/gen_env.go index 60612ef..f952452 100644 --- a/gen/gen_env.go +++ b/gen/gen_env.go @@ -62,19 +62,42 @@ func buildPaths(parent reflect.Type, parentValue reflect.Value, parentPath strin func buildPath(field reflect.StructField, fieldValue reflect.Value, parent string, paths *[]Path) { desc := field.Tag.Get("description") + yamlTag := field.Tag.Get("yaml") + + // probably internal logic, should be skipped + if yamlTag == "-" { + return + } + defaultValue := fieldValue.Interface() + path := Path{ Name: parent + strings.ToUpper(field.Name), Description: desc, - Value: defaultValue, } - if fieldValue.Kind() == reflect.Slice { + + switch fieldValue.Kind() { + case reflect.Slice: sl, ok := defaultValue.([]string) if !ok { slog.Error("invalid default value", "value", defaultValue) return } path.Value = strings.Join(sl, ",") + case reflect.String: + st, ok := defaultValue.(string) + if !ok { + slog.Error("invalid default value", "value", defaultValue) + return + } + // good idea to escape strings probably + if st != "" { + path.Value = fmt.Sprintf(`"%s"`, st) + } else { + path.Value = "" + } + default: + path.Value = defaultValue } *paths = append(*paths, path) } @@ -107,7 +130,7 @@ func compileEnv(paths []Path) []byte { buffer.WriteString(path.Name) buffer.WriteString("=") fmt.Fprintf(&buffer, "%v", path.Value) - buffer.WriteString("\n") + buffer.WriteString("\n\n") } return buffer.Bytes()