From 95f8a95fd361e47e334948755922d87b01510c49 Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Mon, 1 Sep 2025 18:19:57 +0300
Subject: [PATCH] refactor: rename domain to root domain

---
 internal/bootstrap/app_bootstrap.go       | 18 ++++++++++--------
 internal/controller/oauth_controller.go   | 14 +++++++-------
 internal/controller/user_controller.go    |  8 ++++----
 internal/middleware/context_middleware.go |  6 +++---
 internal/service/auth_service.go          |  6 +++---
 internal/utils/app_utils.go               |  6 +++---
 6 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/internal/bootstrap/app_bootstrap.go b/internal/bootstrap/app_bootstrap.go
index e941772..d2ac1b0 100644
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -2,6 +2,7 @@ package bootstrap
 
 import (
 	"fmt"
+	"net/url"
 	"strings"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
@@ -44,15 +45,16 @@ func (app *BootstrapApp) Setup() error {
 		return err
 	}
 
-	// Get domain
-	domain, err := utils.GetUpperDomain(app.Config.AppURL)
+	// Get root domain
+	rootDomain, err := utils.GetRootDomain(app.Config.AppURL)
 
 	if err != nil {
 		return err
 	}
 
 	// Cookie names
-	cookieId := utils.GenerateIdentifier(strings.Split(domain, ".")[0])
+	appUrl, _ := url.Parse(app.Config.AppURL) // Already validated
+	cookieId := utils.GenerateIdentifier(appUrl.Hostname())
 	sessionCookieName := fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
 	csrfCookieName := fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
 	redirectCookieName := fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
@@ -63,7 +65,7 @@ func (app *BootstrapApp) Setup() error {
 		OauthWhitelist:    app.Config.OAuthWhitelist,
 		SessionExpiry:     app.Config.SessionExpiry,
 		SecureCookie:      app.Config.SecureCookie,
-		Domain:            domain,
+		RootDomain:        rootDomain,
 		LoginTimeout:      app.Config.LoginTimeout,
 		LoginMaxRetries:   app.Config.LoginMaxRetries,
 		SessionCookieName: sessionCookieName,
@@ -153,7 +155,7 @@ func (app *BootstrapApp) Setup() error {
 	var middlewares []Middleware
 
 	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
-		Domain: domain,
+		RootDomain: rootDomain,
 	}, authService, oauthBrokerService)
 
 	uiMiddleware := middleware.NewUIMiddleware()
@@ -180,7 +182,7 @@ func (app *BootstrapApp) Setup() error {
 		Title:                 app.Config.Title,
 		GenericName:           app.Config.GenericName,
 		AppURL:                app.Config.AppURL,
-		RootDomain:            domain,
+		RootDomain:            rootDomain,
 		ForgotPasswordMessage: app.Config.ForgotPasswordMessage,
 		BackgroundImage:       app.Config.BackgroundImage,
 		OAuthAutoRedirect:     app.Config.OAuthAutoRedirect,
@@ -191,7 +193,7 @@ func (app *BootstrapApp) Setup() error {
 		SecureCookie:       app.Config.SecureCookie,
 		CSRFCookieName:     csrfCookieName,
 		RedirectCookieName: redirectCookieName,
-		Domain:             domain,
+		RootDomain:         rootDomain,
 	}, apiRouter, authService, oauthBrokerService)
 
 	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
@@ -199,7 +201,7 @@ func (app *BootstrapApp) Setup() error {
 	}, apiRouter, dockerService, authService)
 
 	userController := controller.NewUserController(controller.UserControllerConfig{
-		Domain: domain,
+		RootDomain: rootDomain,
 	}, apiRouter, authService)
 
 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
index 31b21f0..cfac656 100644
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -23,7 +23,7 @@ type OAuthControllerConfig struct {
 	RedirectCookieName string
 	SecureCookie       bool
 	AppURL             string
-	Domain             string
+	RootDomain         string
 }
 
 type OAuthController struct {
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
-	c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 
 	redirectURI := c.Query("redirect_uri")
 
-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
 		log.Debug().Msg("Setting redirect URI cookie")
-		c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+		c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 	}
 
 	c.JSON(200, gin.H{
@@ -112,7 +112,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}
 
-	c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 
 	code := c.Query("code")
 	service, exists := controller.Broker.GetService(req.Provider)
@@ -189,7 +189,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 
 	redirectURI, err := c.Cookie(controller.Config.RedirectCookieName)
 
-	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
 		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
 		c.Redirect(http.StatusTemporaryRedirect, controller.Config.AppURL)
 		return
@@ -205,6 +205,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}
 
-	c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+	c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.Config.AppURL, queries.Encode()))
 }
diff --git a/internal/controller/user_controller.go b/internal/controller/user_controller.go
index f7f7c9e..f3b7b51 100644
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -22,7 +22,7 @@ type TotpRequest struct {
 }
 
 type UserControllerConfig struct {
-	Domain string
+	RootDomain string
 }
 
 type UserController struct {
@@ -115,7 +115,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 			err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
 				Provider:    "username",
 				TotpPending: true,
 			})
@@ -141,7 +141,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
 		Provider: "username",
 	})
 
@@ -246,7 +246,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.Domain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.RootDomain),
 		Provider: "username",
 	})
 
diff --git a/internal/middleware/context_middleware.go b/internal/middleware/context_middleware.go
index ee8932a..bca0400 100644
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -12,7 +12,7 @@ import (
 )
 
 type ContextMiddlewareConfig struct {
-	Domain string
+	RootDomain string
 }
 
 type ContextMiddleware struct {
@@ -134,7 +134,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:    user.Username,
 				Name:        utils.Capitalize(user.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.Domain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.RootDomain),
 				Provider:    "basic",
 				IsLoggedIn:  true,
 				TotpEnabled: user.TotpSecret != "",
@@ -146,7 +146,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:   basic.Username,
 				Name:       utils.Capitalize(basic.Username),
-				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.Domain),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.RootDomain),
 				Provider:   "basic",
 				IsLoggedIn: true,
 			})
diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go
index c7a27c1..f028149 100644
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -28,7 +28,7 @@ type AuthServiceConfig struct {
 	OauthWhitelist    string
 	SessionExpiry     int
 	SecureCookie      bool
-	Domain            string
+	RootDomain        string
 	LoginTimeout      int
 	LoginMaxRetries   int
 	SessionCookieName string
@@ -216,7 +216,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		return err
 	}
 
-	c.SetCookie(auth.Config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.SecureCookie, true)
+	c.SetCookie(auth.Config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.Config.RootDomain), auth.Config.SecureCookie, true)
 
 	return nil
 }
@@ -234,7 +234,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return res.Error
 	}
 
-	c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.SecureCookie, true)
+	c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.RootDomain), auth.Config.SecureCookie, true)
 
 	return nil
 }
diff --git a/internal/utils/app_utils.go b/internal/utils/app_utils.go
index 85a8754..62b9592 100644
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -12,8 +12,8 @@ import (
 	"github.com/rs/zerolog"
 )
 
-// Get upper domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
-func GetUpperDomain(appUrl string) (string, error) {
+// Get root domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
+func GetRootDomain(appUrl string) (string, error) {
 	appUrlParsed, err := url.Parse(appUrl)
 	if err != nil {
 		return "", err
@@ -88,7 +88,7 @@ func IsRedirectSafe(redirectURL string, domain string) bool {
 		return false
 	}
 
-	upper, err := GetUpperDomain(redirectURL)
+	upper, err := GetRootDomain(redirectURL)
 
 	if err != nil {
 		return false