From 9014be90aa574499f47b746ed90abba374501202 Mon Sep 17 00:00:00 2001
From: Nicolas Meienberger <github@thisprops.com>
Date: Wed, 29 Oct 2025 18:39:58 +0100
Subject: [PATCH] refactor: ignore unknown flags instead of filtering manually

---
 cmd/root.go                                 | 24 +-----
 internal/utils/decoders/acl_decoder_test.go | 92 ---------------------
 2 files changed, 3 insertions(+), 113 deletions(-)
 delete mode 100644 internal/utils/decoders/acl_decoder_test.go

diff --git a/cmd/root.go b/cmd/root.go
index 334d918..5629c69 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -34,6 +34,9 @@ func (c *rootCmd) Register() {
 		Short: "The simplest way to protect your apps with a login screen",
 		Long:  `Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your docker apps.`,
 		Run:   c.run,
+		FParseErrWhitelist: cobra.FParseErrWhitelist{
+			UnknownFlags: true,
+		},
 	}
 
 	c.viper.AutomaticEnv()
@@ -129,7 +132,6 @@ func (c *rootCmd) run(cmd *cobra.Command, args []string) {
 func Run() {
 	rootCmd := newRootCmd()
 	rootCmd.aclFlags = utils.ExtractACLFlags(os.Args[1:])
-	os.Args = filterACLFlags(os.Args)
 
 	rootCmd.Register()
 	root := rootCmd.GetCmd()
@@ -160,23 +162,3 @@ func Run() {
 		log.Fatal().Err(err).Msg("Failed to execute root command")
 	}
 }
-
-func filterACLFlags(args []string) []string {
-	filtered := make([]string, 0)
-
-	for i, arg := range args {
-		// Program name
-		if i == 0 {
-			filtered = append(filtered, arg)
-			continue
-		}
-
-		if strings.HasPrefix(arg, "--apps-") || strings.HasPrefix(arg, "--tinyauth-apps-") {
-			continue
-		}
-
-		filtered = append(filtered, arg)
-	}
-
-	return filtered
-}
diff --git a/internal/utils/decoders/acl_decoder_test.go b/internal/utils/decoders/acl_decoder_test.go
deleted file mode 100644
index 3d0bb3c..0000000
--- a/internal/utils/decoders/acl_decoder_test.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package decoders_test
-
-import (
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/utils/decoders"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestDecodeACLEnv(t *testing.T) {
-	env := map[string]string{
-		"TINYAUTH_APPS_MY_COOL_APP_CONFIG_DOMAIN":   "example.com",
-		"TINYAUTH_APPS_MY_COOL_APP_USERS_ALLOW":     "user1,user2",
-		"TINYAUTH_APPS_MY_COOL_APP_USERS_BLOCK":     "user3",
-		"TINYAUTH_APPS_MY_COOL_APP_OAUTH_WHITELIST": "provider1",
-		"TINYAUTH_APPS_MY_COOL_APP_OAUTH_GROUPS":    "group1,group2",
-		"TINYAUTH_APPS_OTHERAPP_CONFIG_DOMAIN":      "test.com",
-		"TINYAUTH_APPS_OTHERAPP_USERS_ALLOW":        "admin",
-	}
-
-	expected := config.Apps{
-		Apps: map[string]config.App{
-			"my_cool_app": {
-				Config: config.AppConfig{
-					Domain: "example.com",
-				},
-				Users: config.AppUsers{
-					Allow: "user1,user2",
-					Block: "user3",
-				},
-				OAuth: config.AppOAuth{
-					Whitelist: "provider1",
-					Groups:    "group1,group2",
-				},
-			},
-			"otherapp": {
-				Config: config.AppConfig{
-					Domain: "test.com",
-				},
-				Users: config.AppUsers{
-					Allow: "admin",
-				},
-			},
-		},
-	}
-
-	// Execute
-	result, err := decoders.DecodeACLEnv[config.Apps](env, "apps")
-	assert.NilError(t, err)
-	assert.DeepEqual(t, result, expected)
-}
-
-func TestDecodeACLFlags(t *testing.T) {
-	// Setup
-	flags := map[string]string{
-		"tinyauth-apps-webapp-config-domain":   "webapp.example.com",
-		"tinyauth-apps-webapp-users-allow":     "alice,bob",
-		"tinyauth-apps-webapp-oauth-whitelist": "google",
-		"tinyauth-apps-api-config-domain":      "api.example.com",
-		"tinyauth-apps-api-users-block":        "banned",
-	}
-
-	expected := config.Apps{
-		Apps: map[string]config.App{
-			"webapp": {
-				Config: config.AppConfig{
-					Domain: "webapp.example.com",
-				},
-				Users: config.AppUsers{
-					Allow: "alice,bob",
-				},
-				OAuth: config.AppOAuth{
-					Whitelist: "google",
-				},
-			},
-			"api": {
-				Config: config.AppConfig{
-					Domain: "api.example.com",
-				},
-				Users: config.AppUsers{
-					Block: "banned",
-				},
-			},
-		},
-	}
-
-	// Execute
-	result, err := decoders.DecodeACLFlags[config.Apps](flags, "apps")
-	assert.NilError(t, err)
-	assert.DeepEqual(t, result, expected)
-}