chore: rabbit comments

internal/bootstrap/app_bootstrap.go

@@ -163,12 +163,6 @@ func (app *BootstrapApp) Setup() error {
 		app.runtime.OAuthProviders[id] = provider
 	}
 
-	// setup oidc clients
-	for id, client := range app.config.OIDC.Clients {
-		client.ID = id
-		app.runtime.OIDCClients = append(app.runtime.OIDCClients, client)
-	}
-
 	// cookie domain
 	cookieDomainResolver := utils.GetCookieDomain
 

internal/bootstrap/service_bootstrap.go

@@ -71,13 +71,11 @@ func (app *BootstrapApp) setupServices() error {
 	}
 
 	err = app.dig.Invoke(func(i svcInput) error {
-		app.services = Services{
-			accessControlService: i.AccessControlService,
-			authService:          i.AuthService,
-			ldapService:          i.LDAPService,
-			oauthBrokerService:   i.OAuthBrokerService,
-			tailscaleService:     i.TailscaleService,
-		}
+		app.services.accessControlService = i.AccessControlService
+		app.services.authService = i.AuthService
+		app.services.ldapService = i.LDAPService
+		app.services.oauthBrokerService = i.OAuthBrokerService
+		app.services.tailscaleService = i.TailscaleService
 		return nil
 	})
 

internal/controller/well_known_controller.go

@@ -35,7 +35,7 @@ type WellKnownControllerInput struct {
 	dig.In
 
 	OIDCService *service.OIDCService
-	RouterGroup *gin.RouterGroup `name:"apiRouterGroup"`
+	RouterGroup *gin.RouterGroup `name:"mainRouterGroup"`
 }
 
 func NewWellKnownController(i WellKnownControllerInput) *WellKnownController {

internal/model/runtime.go

@@ -12,7 +12,6 @@ type RuntimeConfig struct {
 	OAuthProviders         map[string]OAuthServiceConfig
 	OAuthWhitelist         []string
 	ConfiguredProviders    []Provider
-	OIDCClients            []OIDCClientConfig
 	TrustedDomains         []string
 }
 

internal/service/auth_service_test.go

@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/tinyauthapp/tinyauth/internal/model"
 	"github.com/tinyauthapp/tinyauth/internal/utils/logger"
 )
@@ -12,6 +13,19 @@ func TestIsEmailWhitelistedUsesProviderSpecificList(t *testing.T) {
 	log := logger.NewLogger().WithTestConfig()
 	log.Init()
 
+	policyEngine, err := NewPolicyEngine(PolicyEngineInput{
+		Log: log,
+		Config: &model.Config{
+			Auth: model.AuthConfig{
+				ACLs: model.ACLsConfig{
+					Policy: string(PolicyAllow),
+				},
+			},
+		},
+	})
+
+	require.NoError(t, err)
+
 	auth := &AuthService{
 		log: log,
 		runtime: &model.RuntimeConfig{
@@ -28,6 +42,7 @@ func TestIsEmailWhitelistedUsesProviderSpecificList(t *testing.T) {
 				},
 			},
 		},
+		policyEngine: policyEngine,
 	}
 
 	assert.True(t, auth.IsEmailWhitelisted("github", "github@example.com"))

internal/service/oidc_service.go

@@ -163,7 +163,7 @@ type OIDCServiceInput struct {
 
 func NewOIDCService(i OIDCServiceInput) (*OIDCService, error) {
 	// If not configured, skip init
-	if len(i.Runtime.OIDCClients) == 0 {
+	if len(i.Config.OIDC.Clients) == 0 {
 		return nil, nil
 	}
 

internal/test/test.go

@@ -121,14 +121,6 @@ func CreateTestConfigs(t *testing.T) (model.Config, model.RuntimeConfig) {
 		CookieDomain:      "example.com",
 		AppURL:            "https://tinyauth.example.com",
 		SessionCookieName: "tinyauth-session",
-		OIDCClients: func() []model.OIDCClientConfig {
-			var clients []model.OIDCClientConfig
-			for id, client := range config.OIDC.Clients {
-				client.ID = id
-				clients = append(clients, client)
-			}
-			return clients
-		}(),
 	}
 
 	return config, runtime