chore: review comments

This commit is contained in:
Stavros
2026-02-16 23:30:31 +02:00
parent e72c7acb5d
commit 5f9bf1cd80
2 changed files with 109 additions and 17 deletions

View File

@@ -2,151 +2,220 @@
# The base URL where the app is hosted. # The base URL where the app is hosted.
TINYAUTH_APPURL= TINYAUTH_APPURL=
# The directory where resources are stored. # The directory where resources are stored.
TINYAUTH_RESOURCESDIR=./resources TINYAUTH_RESOURCESDIR="./resources"
# The path to the database file. # The path to the database file.
TINYAUTH_DATABASEPATH=./tinyauth.db TINYAUTH_DATABASEPATH="./tinyauth.db"
# Disable analytics. # Disable analytics.
TINYAUTH_DISABLEANALYTICS=false TINYAUTH_DISABLEANALYTICS=false
# Disable resources server. # Disable resources server.
TINYAUTH_DISABLERESOURCES=false TINYAUTH_DISABLERESOURCES=false
# The port on which the server listens. # The port on which the server listens.
TINYAUTH_SERVER_PORT=3000 TINYAUTH_SERVER_PORT=3000
# The address on which the server listens. # The address on which the server listens.
TINYAUTH_SERVER_ADDRESS=0.0.0.0 TINYAUTH_SERVER_ADDRESS="0.0.0.0"
# The path to the Unix socket. # The path to the Unix socket.
TINYAUTH_SERVER_SOCKETPATH= TINYAUTH_SERVER_SOCKETPATH=
# List of allowed IPs or CIDR ranges. # List of allowed IPs or CIDR ranges.
TINYAUTH_AUTH_IP_ALLOW= TINYAUTH_AUTH_IP_ALLOW=
# List of blocked IPs or CIDR ranges. # List of blocked IPs or CIDR ranges.
TINYAUTH_AUTH_IP_BLOCK= TINYAUTH_AUTH_IP_BLOCK=
# Comma-separated list of users (username:hashed_password). # Comma-separated list of users (username:hashed_password).
TINYAUTH_AUTH_USERS= TINYAUTH_AUTH_USERS=
# Path to the users file. # Path to the users file.
TINYAUTH_AUTH_USERSFILE= TINYAUTH_AUTH_USERSFILE=
# Enable secure cookies. # Enable secure cookies.
TINYAUTH_AUTH_SECURECOOKIE=false TINYAUTH_AUTH_SECURECOOKIE=false
# Session expiry time in seconds. # Session expiry time in seconds.
TINYAUTH_AUTH_SESSIONEXPIRY=86400 TINYAUTH_AUTH_SESSIONEXPIRY=86400
# Maximum session lifetime in seconds. # Maximum session lifetime in seconds.
TINYAUTH_AUTH_SESSIONMAXLIFETIME=0 TINYAUTH_AUTH_SESSIONMAXLIFETIME=0
# Login timeout in seconds. # Login timeout in seconds.
TINYAUTH_AUTH_LOGINTIMEOUT=300 TINYAUTH_AUTH_LOGINTIMEOUT=300
# Maximum login retries. # Maximum login retries.
TINYAUTH_AUTH_LOGINMAXRETRIES=3 TINYAUTH_AUTH_LOGINMAXRETRIES=3
# Comma-separated list of trusted proxy addresses. # Comma-separated list of trusted proxy addresses.
TINYAUTH_AUTH_TRUSTEDPROXIES= TINYAUTH_AUTH_TRUSTEDPROXIES=
# The domain of the app. # The domain of the app.
TINYAUTH_APPS_[NAME]_CONFIG_DOMAIN= TINYAUTH_APPS_[NAME]_CONFIG_DOMAIN=
# Comma-separated list of allowed users. # Comma-separated list of allowed users.
TINYAUTH_APPS_[NAME]_USERS_ALLOW= TINYAUTH_APPS_[NAME]_USERS_ALLOW=
# Comma-separated list of blocked users. # Comma-separated list of blocked users.
TINYAUTH_APPS_[NAME]_USERS_BLOCK= TINYAUTH_APPS_[NAME]_USERS_BLOCK=
# Comma-separated list of allowed OAuth groups. # Comma-separated list of allowed OAuth groups.
TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST= TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST=
# Comma-separated list of required OAuth groups. # Comma-separated list of required OAuth groups.
TINYAUTH_APPS_[NAME]_OAUTH_GROUPS= TINYAUTH_APPS_[NAME]_OAUTH_GROUPS=
# List of allowed IPs or CIDR ranges. # List of allowed IPs or CIDR ranges.
TINYAUTH_APPS_[NAME]_IP_ALLOW= TINYAUTH_APPS_[NAME]_IP_ALLOW=
# List of blocked IPs or CIDR ranges. # List of blocked IPs or CIDR ranges.
TINYAUTH_APPS_[NAME]_IP_BLOCK= TINYAUTH_APPS_[NAME]_IP_BLOCK=
# List of IPs or CIDR ranges that bypass authentication. # List of IPs or CIDR ranges that bypass authentication.
TINYAUTH_APPS_[NAME]_IP_BYPASS= TINYAUTH_APPS_[NAME]_IP_BYPASS=
# Custom headers to add to the response. # Custom headers to add to the response.
TINYAUTH_APPS_[NAME]_RESPONSE_HEADERS= TINYAUTH_APPS_[NAME]_RESPONSE_HEADERS=
# Basic auth username. # Basic auth username.
TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_USERNAME= TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_USERNAME=
# Basic auth password. # Basic auth password.
TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORD= TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORD=
# Path to the file containing the basic auth password. # Path to the file containing the basic auth password.
TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORDFILE= TINYAUTH_APPS_[NAME]_RESPONSE_BASICAUTH_PASSWORDFILE=
# Comma-separated list of allowed paths. # Comma-separated list of allowed paths.
TINYAUTH_APPS_[NAME]_PATH_ALLOW= TINYAUTH_APPS_[NAME]_PATH_ALLOW=
# Comma-separated list of blocked paths. # Comma-separated list of blocked paths.
TINYAUTH_APPS_[NAME]_PATH_BLOCK= TINYAUTH_APPS_[NAME]_PATH_BLOCK=
# Comma-separated list of required LDAP groups. # Comma-separated list of required LDAP groups.
TINYAUTH_APPS_[NAME]_LDAP_GROUPS= TINYAUTH_APPS_[NAME]_LDAP_GROUPS=
# Comma-separated list of allowed OAuth domains. # Comma-separated list of allowed OAuth domains.
TINYAUTH_OAUTH_WHITELIST= TINYAUTH_OAUTH_WHITELIST=
# The OAuth provider to use for automatic redirection. # The OAuth provider to use for automatic redirection.
TINYAUTH_OAUTH_AUTOREDIRECT= TINYAUTH_OAUTH_AUTOREDIRECT=
# OAuth client ID. # OAuth client ID.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTID= TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTID=
# OAuth client secret. # OAuth client secret.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRET= TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRET=
# Path to the file containing the OAuth client secret. # Path to the file containing the OAuth client secret.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRETFILE= TINYAUTH_OAUTH_PROVIDERS_[NAME]_CLIENTSECRETFILE=
# OAuth scopes. # OAuth scopes.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_SCOPES= TINYAUTH_OAUTH_PROVIDERS_[NAME]_SCOPES=
# OAuth redirect URL. # OAuth redirect URL.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_REDIRECTURL= TINYAUTH_OAUTH_PROVIDERS_[NAME]_REDIRECTURL=
# OAuth authorization URL. # OAuth authorization URL.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_AUTHURL= TINYAUTH_OAUTH_PROVIDERS_[NAME]_AUTHURL=
# OAuth token URL. # OAuth token URL.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_TOKENURL= TINYAUTH_OAUTH_PROVIDERS_[NAME]_TOKENURL=
# OAuth userinfo URL. # OAuth userinfo URL.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_USERINFOURL= TINYAUTH_OAUTH_PROVIDERS_[NAME]_USERINFOURL=
# Allow insecure OAuth connections. # Allow insecure OAuth connections.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_INSECURE=false TINYAUTH_OAUTH_PROVIDERS_[NAME]_INSECURE=false
# Provider name in UI. # Provider name in UI.
TINYAUTH_OAUTH_PROVIDERS_[NAME]_NAME= TINYAUTH_OAUTH_PROVIDERS_[NAME]_NAME=
# Path to the private key file. # Path to the private key file.
TINYAUTH_OIDC_PRIVATEKEYPATH=./tinyauth_oidc_key TINYAUTH_OIDC_PRIVATEKEYPATH="./tinyauth_oidc_key"
# Path to the public key file. # Path to the public key file.
TINYAUTH_OIDC_PUBLICKEYPATH=./tinyauth_oidc_key.pub TINYAUTH_OIDC_PUBLICKEYPATH="./tinyauth_oidc_key.pub"
# OIDC client ID.
TINYAUTH_OIDC_CLIENTS_[NAME]_ID=
# OIDC client ID. # OIDC client ID.
TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTID= TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTID=
# OIDC client secret. # OIDC client secret.
TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRET= TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRET=
# Path to the file containing the OIDC client secret. # Path to the file containing the OIDC client secret.
TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRETFILE= TINYAUTH_OIDC_CLIENTS_[NAME]_CLIENTSECRETFILE=
# List of trusted redirect URIs. # List of trusted redirect URIs.
TINYAUTH_OIDC_CLIENTS_[NAME]_TRUSTEDREDIRECTURIS= TINYAUTH_OIDC_CLIENTS_[NAME]_TRUSTEDREDIRECTURIS=
# Client name in UI. # Client name in UI.
TINYAUTH_OIDC_CLIENTS_[NAME]_NAME= TINYAUTH_OIDC_CLIENTS_[NAME]_NAME=
# The title of the UI. # The title of the UI.
TINYAUTH_UI_TITLE=Tinyauth TINYAUTH_UI_TITLE="Tinyauth"
# Message displayed on the forgot password page. # Message displayed on the forgot password page.
TINYAUTH_UI_FORGOTPASSWORDMESSAGE=You can change your password by changing the configuration. TINYAUTH_UI_FORGOTPASSWORDMESSAGE="You can change your password by changing the configuration."
# Path to the background image. # Path to the background image.
TINYAUTH_UI_BACKGROUNDIMAGE=/background.jpg TINYAUTH_UI_BACKGROUNDIMAGE="/background.jpg"
# Disable UI warnings. # Disable UI warnings.
TINYAUTH_UI_DISABLEWARNINGS=false TINYAUTH_UI_DISABLEWARNINGS=false
# LDAP server address. # LDAP server address.
TINYAUTH_LDAP_ADDRESS= TINYAUTH_LDAP_ADDRESS=
# Bind DN for LDAP authentication. # Bind DN for LDAP authentication.
TINYAUTH_LDAP_BINDDN= TINYAUTH_LDAP_BINDDN=
# Bind password for LDAP authentication. # Bind password for LDAP authentication.
TINYAUTH_LDAP_BINDPASSWORD= TINYAUTH_LDAP_BINDPASSWORD=
# Base DN for LDAP searches. # Base DN for LDAP searches.
TINYAUTH_LDAP_BASEDN= TINYAUTH_LDAP_BASEDN=
# Allow insecure LDAP connections. # Allow insecure LDAP connections.
TINYAUTH_LDAP_INSECURE=false TINYAUTH_LDAP_INSECURE=false
# LDAP search filter. # LDAP search filter.
TINYAUTH_LDAP_SEARCHFILTER=(uid=%s) TINYAUTH_LDAP_SEARCHFILTER="(uid=%s)"
# Certificate for mTLS authentication. # Certificate for mTLS authentication.
TINYAUTH_LDAP_AUTHCERT= TINYAUTH_LDAP_AUTHCERT=
# Certificate key for mTLS authentication. # Certificate key for mTLS authentication.
TINYAUTH_LDAP_AUTHKEY= TINYAUTH_LDAP_AUTHKEY=
# Cache duration for LDAP group membership in seconds. # Cache duration for LDAP group membership in seconds.
TINYAUTH_LDAP_GROUPCACHETTL=900 TINYAUTH_LDAP_GROUPCACHETTL=900
# Path to config file.
TINYAUTH_EXPERIMENTAL_CONFIGFILE=
# Log level (trace, debug, info, warn, error). # Log level (trace, debug, info, warn, error).
TINYAUTH_LOG_LEVEL=info TINYAUTH_LOG_LEVEL="info"
# Enable JSON formatted logs. # Enable JSON formatted logs.
TINYAUTH_LOG_JSON=false TINYAUTH_LOG_JSON=false
# Enable this log stream. # Enable this log stream.
TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true
# Log level for this stream. Use global if empty. # Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_HTTP_LEVEL= TINYAUTH_LOG_STREAMS_HTTP_LEVEL=
# Enable this log stream. # Enable this log stream.
TINYAUTH_LOG_STREAMS_APP_ENABLED=true TINYAUTH_LOG_STREAMS_APP_ENABLED=true
# Log level for this stream. Use global if empty. # Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_APP_LEVEL= TINYAUTH_LOG_STREAMS_APP_LEVEL=
# Enable this log stream. # Enable this log stream.
TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
# Log level for this stream. Use global if empty. # Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_AUDIT_LEVEL= TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=

View File

@@ -62,19 +62,42 @@ func buildPaths(parent reflect.Type, parentValue reflect.Value, parentPath strin
func buildPath(field reflect.StructField, fieldValue reflect.Value, parent string, paths *[]Path) { func buildPath(field reflect.StructField, fieldValue reflect.Value, parent string, paths *[]Path) {
desc := field.Tag.Get("description") desc := field.Tag.Get("description")
yamlTag := field.Tag.Get("yaml")
// probably internal logic, should be skipped
if yamlTag == "-" {
return
}
defaultValue := fieldValue.Interface() defaultValue := fieldValue.Interface()
path := Path{ path := Path{
Name: parent + strings.ToUpper(field.Name), Name: parent + strings.ToUpper(field.Name),
Description: desc, Description: desc,
Value: defaultValue,
} }
if fieldValue.Kind() == reflect.Slice {
switch fieldValue.Kind() {
case reflect.Slice:
sl, ok := defaultValue.([]string) sl, ok := defaultValue.([]string)
if !ok { if !ok {
slog.Error("invalid default value", "value", defaultValue) slog.Error("invalid default value", "value", defaultValue)
return return
} }
path.Value = strings.Join(sl, ",") path.Value = strings.Join(sl, ",")
case reflect.String:
st, ok := defaultValue.(string)
if !ok {
slog.Error("invalid default value", "value", defaultValue)
return
}
// good idea to escape strings probably
if st != "" {
path.Value = fmt.Sprintf(`"%s"`, st)
} else {
path.Value = ""
}
default:
path.Value = defaultValue
} }
*paths = append(*paths, path) *paths = append(*paths, path)
} }
@@ -107,7 +130,7 @@ func compileEnv(paths []Path) []byte {
buffer.WriteString(path.Name) buffer.WriteString(path.Name)
buffer.WriteString("=") buffer.WriteString("=")
fmt.Fprintf(&buffer, "%v", path.Value) fmt.Fprintf(&buffer, "%v", path.Value)
buffer.WriteString("\n") buffer.WriteString("\n\n")
} }
return buffer.Bytes() return buffer.Bytes()