chore: review comments

2026-02-27 11:21:59 +00:00 · 2026-02-16 23:30:31 +02:00
parent e72c7acb5d
commit 5f9bf1cd80
2 changed files with 109 additions and 17 deletions
--- a/.env.example
+++ b/.env.example
@@ -2,151 +2,220 @@
 # The base URL where the app is hosted.
 TINYAUTH_APPURL=
 # The directory where resources are stored.
-TINYAUTH_RESOURCESDIR=./resources
+TINYAUTH_RESOURCESDIR="./resources"
 # The path to the database file.
-TINYAUTH_DATABASEPATH=./tinyauth.db
+TINYAUTH_DATABASEPATH="./tinyauth.db"
 # Disable analytics.
 TINYAUTH_DISABLEANALYTICS=false
 # Disable resources server.
 TINYAUTH_DISABLERESOURCES=false
 # The port on which the server listens.
 TINYAUTH_SERVER_PORT=3000
 # The address on which the server listens.
-TINYAUTH_SERVER_ADDRESS=0.0.0.0
+TINYAUTH_SERVER_ADDRESS="0.0.0.0"
 # The path to the Unix socket.
 TINYAUTH_SERVER_SOCKETPATH=
 # List of allowed IPs or CIDR ranges.
 TINYAUTH_AUTH_IP_ALLOW=
 # List of blocked IPs or CIDR ranges.
 TINYAUTH_AUTH_IP_BLOCK=
 # Comma-separated list of users (username:hashed_password).
 TINYAUTH_AUTH_USERS=
 # Path to the users file.
 TINYAUTH_AUTH_USERSFILE=
 # Enable secure cookies.
 TINYAUTH_AUTH_SECURECOOKIE=false
 # Session expiry time in seconds.
 TINYAUTH_AUTH_SESSIONEXPIRY=86400
 # Maximum session lifetime in seconds.
 TINYAUTH_AUTH_SESSIONMAXLIFETIME=0
 # Login timeout in seconds.
 TINYAUTH_AUTH_LOGINTIMEOUT=300
 # Maximum login retries.
 TINYAUTH_AUTH_LOGINMAXRETRIES=3
 # Comma-separated list of trusted proxy addresses.
 TINYAUTH_AUTH_TRUSTEDPROXIES=
 # The domain of the app.
 TINYAUTH_APPS_[NAME]_CONFIG_DOMAIN=
 # Comma-separated list of allowed users.
 TINYAUTH_APPS_[NAME]_USERS_ALLOW=
 # Comma-separated list of blocked users.
 TINYAUTH_APPS_[NAME]_USERS_BLOCK=
 # Comma-separated list of allowed OAuth groups.
 TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST=
 # Comma-separated list of required OAuth groups.
 TINYAUTH_APPS_[NAME]_OAUTH_GROUPS=
 # List of allowed IPs or CIDR ranges.
 TINYAUTH_APPS_[NAME]_IP_ALLOW=
 # List of blocked IPs or CIDR ranges.
 TINYAUTH_APPS_[NAME]_IP_BLOCK=
 # List of IPs or CIDR ranges that bypass authentication.
 TINYAUTH_APPS_[NAME]_IP_BYPASS=
 # Custom headers to add to the response.
 TINYAUTH_APPS_[NAME]_RESPONSE_HEADERS=
 # Basic auth username.
 TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_USERNAME=
 # Basic auth password.
 TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORD=
 # Path to the file containing the basic auth password.
 TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORDFILE=
 # Comma-separated list of allowed paths.
 TINYAUTH_APPS_[NAME]_PATH_ALLOW=
 # Comma-separated list of blocked paths.
 TINYAUTH_APPS_[NAME]_PATH_BLOCK=
 # Comma-separated list of required LDAP groups.
 TINYAUTH_APPS_[NAME]_LDAP_GROUPS=
 # Comma-separated list of allowed OAuth domains.
 TINYAUTH_OAUTH_WHITELIST=
 # The OAuth provider to use for automatic redirection.
 TINYAUTH_OAUTH_AUTOREDIRECT=
 # OAuth client ID.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTID=
 # OAuth client secret.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRET=
 # Path to the file containing the OAuth client secret.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRETFILE=
 # OAuth scopes.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_SCOPES=
 # OAuth redirect URL.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_REDIRECTURL=
 # OAuth authorization URL.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_AUTHURL=
 # OAuth token URL.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_TOKENURL=
 # OAuth userinfo URL.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_USERINFOURL=
 # Allow insecure OAuth connections.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_INSECURE=false
 # Provider name in UI.
 TINYAUTH_OAUTH_PROVIDERS_[NAME]_NAME=
 # Path to the private key file.
-TINYAUTH_OIDC_PRIVATEKEYPATH=./tinyauth_oidc_key
+TINYAUTH_OIDC_PRIVATEKEYPATH="./tinyauth_oidc_key"
 # Path to the public key file.
-TINYAUTH_OIDC_PUBLICKEYPATH=./tinyauth_oidc_key.pub
+TINYAUTH_OIDC_PUBLICKEYPATH="./tinyauth_oidc_key.pub"
-# OIDC client ID.
+
 TINYAUTH_OIDC_CLIENTS_[NAME]_ID=
 # OIDC client ID.
 TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTID=
 # OIDC client secret.
 TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRET=
 # Path to the file containing the OIDC client secret.
 TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRETFILE=
 # List of trusted redirect URIs.
 TINYAUTH_OIDC_CLIENTS_[NAME]_TRUSTEDREDIRECTURIS=
 # Client name in UI.
 TINYAUTH_OIDC_CLIENTS_[NAME]_NAME=
 # The title of the UI.
-TINYAUTH_UI_TITLE=Tinyauth
+TINYAUTH_UI_TITLE="Tinyauth"
 # Message displayed on the forgot password page.
-TINYAUTH_UI_FORGOTPASSWORDMESSAGE=You can change your password by changing the configuration.
+TINYAUTH_UI_FORGOTPASSWORDMESSAGE="You can change your password by changing the configuration."
 # Path to the background image.
-TINYAUTH_UI_BACKGROUNDIMAGE=/background.jpg
+TINYAUTH_UI_BACKGROUNDIMAGE="/background.jpg"
 # Disable UI warnings.
 TINYAUTH_UI_DISABLEWARNINGS=false
 # LDAP server address.
 TINYAUTH_LDAP_ADDRESS=
 # Bind DN for LDAP authentication.
 TINYAUTH_LDAP_BINDDN=
 # Bind password for LDAP authentication.
 TINYAUTH_LDAP_BINDPASSWORD=
 # Base DN for LDAP searches.
 TINYAUTH_LDAP_BASEDN=
 # Allow insecure LDAP connections.
 TINYAUTH_LDAP_INSECURE=false
 # LDAP search filter.
-TINYAUTH_LDAP_SEARCHFILTER=(uid=%s)
+TINYAUTH_LDAP_SEARCHFILTER="(uid=%s)"
 # Certificate for mTLS authentication.
 TINYAUTH_LDAP_AUTHCERT=
 # Certificate key for mTLS authentication.
 TINYAUTH_LDAP_AUTHKEY=
 # Cache duration for LDAP group membership in seconds.
 TINYAUTH_LDAP_GROUPCACHETTL=900
-# Path to config file.
+
 TINYAUTH_EXPERIMENTAL_CONFIGFILE=
 # Log level (trace, debug, info, warn, error).
-TINYAUTH_LOG_LEVEL=info
+TINYAUTH_LOG_LEVEL="info"
 # Enable JSON formatted logs.
 TINYAUTH_LOG_JSON=false
 # Enable this log stream.
 TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_HTTP_LEVEL=
 # Enable this log stream.
 TINYAUTH_LOG_STREAMS_APP_ENABLED=true
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_APP_LEVEL=
 # Enable this log stream.
 TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
 # Log level for this stream. Use global if empty.
 TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=
--- a/gen/gen_env.go
+++ b/gen/gen_env.go
@@ -62,19 +62,42 @@ func buildPaths(parent reflect.Type, parentValue reflect.Value, parentPath strin
 func buildPath(field reflect.StructField, fieldValue reflect.Value, parent string, paths *[]Path) {
 	desc := field.Tag.Get("description")
 	yamlTag := field.Tag.Get("yaml")
 	// probably internal logic, should be skipped
 	if yamlTag == "-" {
 		return
 	}
 	defaultValue := fieldValue.Interface()
 	path := Path{
 		Name:        parent + strings.ToUpper(field.Name),
 		Description: desc,
 		Value:       defaultValue,
 	}
-	if fieldValue.Kind() == reflect.Slice {
+
 	switch fieldValue.Kind() {
 	case reflect.Slice:
 		sl, ok := defaultValue.([]string)
 		if !ok {
 			slog.Error("invalid default value", "value", defaultValue)
 			return
 		}
 		path.Value = strings.Join(sl, ",")
 	case reflect.String:
 		st, ok := defaultValue.(string)
 		if !ok {
 			slog.Error("invalid default value", "value", defaultValue)
 			return
 		}
 		// good idea to escape strings probably
 		if st != "" {
 			path.Value = fmt.Sprintf(`"%s"`, st)
 		} else {
 			path.Value = ""
 		}
 	default:
 		path.Value = defaultValue
 	}
 	*paths = append(*paths, path)
 }
@@ -107,7 +130,7 @@ func compileEnv(paths []Path) []byte {
 		buffer.WriteString(path.Name)
 		buffer.WriteString("=")
 		fmt.Fprintf(&buffer, "%v", path.Value)
-		buffer.WriteString("\n")
+		buffer.WriteString("\n\n")
 	}
 	return buffer.Bytes()