refactor: use one struct for service deps

2026-06-28 06:10:17 +00:00 · 2026-06-13 17:14:47 +03:00
parent a0e74cd5f2
commit a7f5374acc
13 changed files with 183 additions and 165 deletions
@@ -13,19 +13,18 @@ type LabelProvider interface {

 type AccessControlsService struct {
 	log           *logger.Logger
-	config        model.Config
+	config        *model.Config
 	labelProvider *LabelProvider
 }

 func NewAccessControlsService(
-	log *logger.Logger,
-	config model.Config,
-	labelProvider *LabelProvider) *AccessControlsService {
+	deps *ServiceDependencies,
+) *AccessControlsService {

 	return &AccessControlsService{
-		log:           log,
-		config:        config,
-		labelProvider: labelProvider,
+		log:           deps.Log,
+		config:        deps.StaticConfig,
+		labelProvider: &deps.LabelProvider,
 	}
 }

@@ -57,8 +57,8 @@ type LoginAttempt struct {

 type AuthService struct {
 	log     *logger.Logger
-	config  model.Config
-	runtime model.RuntimeConfig
+	config  *model.Config
+	runtime *model.RuntimeConfig
 	ctx     context.Context

 	ldap         *LdapService
@@ -83,27 +83,18 @@ type AuthService struct {
 }

 func NewAuthService(
-	log *logger.Logger,
-	config model.Config,
-	runtime model.RuntimeConfig,
-	ctx context.Context,
-	dg *ding.Ding,
-	ldap *LdapService,
-	queries repository.Store,
-	oauthBroker *OAuthBrokerService,
-	tailscale *TailscaleService,
-	policy *PolicyEngine,
+	deps *ServiceDependencies,
 ) *AuthService {
 	service := &AuthService{
-		log:          log,
-		runtime:      runtime,
-		ctx:          ctx,
-		config:       config,
-		ldap:         ldap,
-		queries:      queries,
-		oauthBroker:  oauthBroker,
-		tailscale:    tailscale,
-		policyEngine: policy,
+		log:          deps.Log,
+		runtime:      deps.RuntimeConfig,
+		ctx:          deps.Ctx,
+		config:       deps.StaticConfig,
+		ldap:         deps.Services.LDAPService,
+		queries:      *deps.Queries,
+		oauthBroker:  deps.Services.OAuthBrokerService,
+		tailscale:    deps.Services.TailscaleService,
+		policyEngine: deps.Services.PolicyEngine,
 	}

 	// caches setup
@@ -115,7 +106,7 @@ func NewAuthService(
 	service.caches.login = loginCache
 	service.caches.ldap = ldapCache

-	dg.Go(func(ctx context.Context) {
+	deps.Ding.Go(func(ctx context.Context) {
 		ticker := time.NewTicker(1 * time.Minute)
 		defer ticker.Stop()

@@ -22,9 +22,7 @@ type DockerService struct {
 }

 func NewDockerService(
-	log *logger.Logger,
-	ctx context.Context,
-	dg *ding.Ding,
+	deps *ServiceDependencies,
 ) (*DockerService, error) {

 	client, err := client.NewClientWithOpts(client.FromEnv)
@@ -32,25 +30,25 @@ func NewDockerService(
 		return nil, err
 	}

-	client.NegotiateAPIVersion(ctx)
+	client.NegotiateAPIVersion(deps.Ctx)

-	_, err = client.Ping(ctx)
+	_, err = client.Ping(deps.Ctx)

 	if err != nil {
-		log.App.Debug().Err(err).Msg("Docker not connected")
+		deps.Log.App.Debug().Err(err).Msg("Docker not connected")
 		return nil, nil
 	}

 	service := &DockerService{
-		log:     log,
+		log:     deps.Log,
 		client:  client,
-		context: ctx,
+		context: deps.Ctx,
 	}

 	service.isConnected = true
 	service.log.App.Debug().Msg("Docker connected successfully")

-	dg.Go(service.watchAndClose, ding.RingMajor)
+	deps.Ding.Go(service.watchAndClose, ding.RingMajor)

 	return service, nil
 }
@@ -49,9 +49,7 @@ type KubernetesService struct {
 }

 func NewKubernetesService(
-	log *logger.Logger,
-	ctx context.Context,
-	dg *ding.Ding,
+	deps *ServiceDependencies,
 ) (*KubernetesService, error) {
 	cfg, err := rest.InClusterConfig()
 	if err != nil {
@@ -69,31 +67,31 @@ func NewKubernetesService(
 		Resource: "ingresses",
 	}

-	accessCtx, accessCancel := context.WithTimeout(ctx, 5*time.Second)
+	accessCtx, accessCancel := context.WithTimeout(deps.Ctx, 5*time.Second)
 	defer accessCancel()

 	_, err = client.Resource(gvr).List(accessCtx, metav1.ListOptions{Limit: 1})
 	if err != nil {
-		log.App.Warn().Err(err).Str("api", gvr.GroupVersion().String()).Msg("Failed to access Ingress API, Kubernetes label provider will be disabled")
+		deps.Log.App.Warn().Err(err).Str("api", gvr.GroupVersion().String()).Msg("Failed to access Ingress API, Kubernetes label provider will be disabled")
 		return nil, fmt.Errorf("failed to access ingress api: %w", err)
 	}

-	log.App.Debug().Str("api", gvr.GroupVersion().String()).Msg("Successfully accessed Ingress API, starting watcher")
+	deps.Log.App.Debug().Str("api", gvr.GroupVersion().String()).Msg("Successfully accessed Ingress API, starting watcher")

 	service := &KubernetesService{
-		log:          log,
+		log:          deps.Log,
 		client:       client,
 		ingressApps:  make(map[ingressKey][]ingressApp),
 		domainIndex:  make(map[string]ingressAppKey),
 		appNameIndex: make(map[string]ingressAppKey),
 	}

-	dg.Go(func(ctx context.Context) {
+	deps.Ding.Go(func(ctx context.Context) {
 		service.watchGVR(gvr, ctx)
 	}, ding.RingMajor)

 	service.started = true
-	log.App.Debug().Msg("Kubernetes label provider started successfully")
+	deps.Log.App.Debug().Msg("Kubernetes label provider started successfully")

 	return service, nil
 }
@@ -17,40 +17,38 @@ import (

 type LdapService struct {
 	log    *logger.Logger
-	config model.Config
+	config *model.Config

-	conn  *ldapgo.Conn
-	mutex sync.RWMutex
-	cert  *tls.Certificate
+	conn       *ldapgo.Conn
+	mutex      sync.RWMutex
+	cert       *tls.Certificate
+	ldapBindPw string
 }

 func NewLdapService(
-	log *logger.Logger,
-	config model.Config,
-	dg *ding.Ding,
+	deps *ServiceDependencies,
 ) (*LdapService, error) {
-	if config.LDAP.Address == "" {
+	if deps.StaticConfig.LDAP.Address == "" {
 		return nil, nil
 	}

-	secret := utils.GetSecret(config.LDAP.BindPassword, config.LDAP.BindPasswordFile)
-	config.LDAP.BindPassword = secret
-	config.LDAP.BindPasswordFile = ""
+	ldapBindPw := utils.GetSecret(deps.StaticConfig.LDAP.BindPassword, deps.StaticConfig.LDAP.BindPasswordFile)

 	ldap := &LdapService{
-		log:    log,
-		config: config,
+		log:        deps.Log,
+		config:     deps.StaticConfig,
+		ldapBindPw: ldapBindPw,
 	}

 	// Check whether authentication with client certificate is possible
-	if config.LDAP.AuthCert != "" && config.LDAP.AuthKey != "" {
-		cert, err := tls.LoadX509KeyPair(config.LDAP.AuthCert, config.LDAP.AuthKey)
+	if deps.StaticConfig.LDAP.AuthCert != "" && deps.StaticConfig.LDAP.AuthKey != "" {
+		cert, err := tls.LoadX509KeyPair(deps.StaticConfig.LDAP.AuthCert, deps.StaticConfig.LDAP.AuthKey)

 		if err != nil {
 			return nil, fmt.Errorf("failed to initialize LDAP with mTLS authentication: %w", err)
 		}

-		log.App.Info().Msg("LDAP mTLS authentication configured successfully")
+		ldap.log.App.Info().Msg("LDAP mTLS authentication configured successfully")

 		ldap.cert = &cert

@@ -72,7 +70,7 @@ func NewLdapService(
 		return nil, fmt.Errorf("failed to connect to ldap server: %w", err)
 	}

-	dg.Go(func(ctx context.Context) {
+	deps.Ding.Go(func(ctx context.Context) {
 		ldap.log.App.Debug().Msg("Starting LDAP connection heartbeat routine")

 		ticker := time.NewTicker(5 * time.Minute)
@@ -33,22 +33,20 @@ var presets = map[string]func(config model.OAuthServiceConfig, ctx context.Conte
 }

 func NewOAuthBrokerService(
-	log *logger.Logger,
-	configs map[string]model.OAuthServiceConfig,
-	ctx context.Context,
+	deps *ServiceDependencies,
 ) *OAuthBrokerService {
 	service := &OAuthBrokerService{
-		log:      log,
+		log:      deps.Log,
 		services: make(map[string]OAuthServiceImpl),
-		configs:  configs,
+		configs:  deps.RuntimeConfig.OAuthProviders,
 	}

-	for name, cfg := range configs {
+	for name, cfg := range service.configs {
 		if presetFunc, exists := presets[name]; exists {
-			service.services[name] = presetFunc(cfg, ctx)
+			service.services[name] = presetFunc(cfg, deps.Ctx)
 			service.log.App.Debug().Str("service", name).Msg("Loaded OAuth service from preset")
 		} else {
-			service.services[name] = NewOAuthService(cfg, name, ctx)
+			service.services[name] = NewOAuthService(cfg, name, deps.Ctx)
 			service.log.App.Debug().Str("service", name).Msg("Loaded OAuth service from custom config")
 		}
 	}
@@ -133,8 +133,8 @@ type UsedCodeEntry struct {

 type OIDCService struct {
 	log     *logger.Logger
-	config  model.Config
-	runtime model.RuntimeConfig
+	config  *model.Config
+	runtime *model.RuntimeConfig
 	queries repository.Store

 	clients    map[string]model.OIDCClientConfig
@@ -150,18 +150,15 @@ type OIDCService struct {
 }

 func NewOIDCService(
-	log *logger.Logger,
-	config model.Config,
-	runtime model.RuntimeConfig,
-	queries repository.Store,
-	dg *ding.Ding) (*OIDCService, error) {
+	deps *ServiceDependencies,
+) (*OIDCService, error) {
 	// If not configured, skip init
-	if len(runtime.OIDCClients) == 0 {
+	if len(deps.RuntimeConfig.OIDCClients) == 0 {
 		return nil, nil
 	}

 	// Ensure issuer is https
-	uissuer, err := url.Parse(runtime.AppURL)
+	uissuer, err := url.Parse(deps.RuntimeConfig.AppURL)

 	if err != nil {
 		return nil, fmt.Errorf("failed to parse app url: %w", err)
@@ -174,14 +171,14 @@ func NewOIDCService(
 	issuer := fmt.Sprintf("%s://%s", uissuer.Scheme, uissuer.Host)

 	// Create/load private and public keys
-	if strings.TrimSpace(config.OIDC.PrivateKeyPath) == "" ||
-		strings.TrimSpace(config.OIDC.PublicKeyPath) == "" {
+	if strings.TrimSpace(deps.StaticConfig.OIDC.PrivateKeyPath) == "" ||
+		strings.TrimSpace(deps.StaticConfig.OIDC.PublicKeyPath) == "" {
 		return nil, errors.New("private key path and public key path are required")
 	}

 	var privateKey *rsa.PrivateKey

-	fprivateKey, err := os.ReadFile(config.OIDC.PrivateKeyPath)
+	fprivateKey, err := os.ReadFile(deps.StaticConfig.OIDC.PrivateKeyPath)

 	if err != nil && !errors.Is(err, os.ErrNotExist) {
 		return nil, err
@@ -200,8 +197,8 @@ func NewOIDCService(
 			Type:  "RSA PRIVATE KEY",
 			Bytes: der,
 		})
-		log.App.Trace().Str("type", "RSA PRIVATE KEY").Msg("Generated private RSA key")
-		err = os.WriteFile(config.OIDC.PrivateKeyPath, encoded, 0600)
+		deps.Log.App.Trace().Str("type", "RSA PRIVATE KEY").Msg("Generated private RSA key")
+		err = os.WriteFile(deps.StaticConfig.OIDC.PrivateKeyPath, encoded, 0600)
 		if err != nil {
 			return nil, fmt.Errorf("failed to write private key to file: %w", err)
 		}
@@ -210,7 +207,7 @@ func NewOIDCService(
 		if block == nil {
 			return nil, errors.New("failed to decode private key")
 		}
-		log.App.Trace().Str("type", block.Type).Msg("Loaded private key")
+		deps.Log.App.Trace().Str("type", block.Type).Msg("Loaded private key")
 		privateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse private key: %w", err)
@@ -219,7 +216,7 @@ func NewOIDCService(

 	var publicKey crypto.PublicKey

-	fpublicKey, err := os.ReadFile(config.OIDC.PublicKeyPath)
+	fpublicKey, err := os.ReadFile(deps.StaticConfig.OIDC.PublicKeyPath)

 	if err != nil && !errors.Is(err, os.ErrNotExist) {
 		return nil, fmt.Errorf("failed to read public key: %w", err)
@@ -235,8 +232,8 @@ func NewOIDCService(
 			Type:  "RSA PUBLIC KEY",
 			Bytes: der,
 		})
-		log.App.Trace().Str("type", "RSA PUBLIC KEY").Msg("Generated public RSA key")
-		err = os.WriteFile(config.OIDC.PublicKeyPath, encoded, 0644)
+		deps.Log.App.Trace().Str("type", "RSA PUBLIC KEY").Msg("Generated public RSA key")
+		err = os.WriteFile(deps.StaticConfig.OIDC.PublicKeyPath, encoded, 0644)
 		if err != nil {
 			return nil, err
 		}
@@ -245,7 +242,7 @@ func NewOIDCService(
 		if block == nil {
 			return nil, errors.New("failed to decode public key")
 		}
-		log.App.Trace().Str("type", block.Type).Msg("Loaded public key")
+		deps.Log.App.Trace().Str("type", block.Type).Msg("Loaded public key")
 		switch block.Type {
 		case "RSA PUBLIC KEY":
 			publicKey, err = x509.ParsePKCS1PublicKey(block.Bytes)
@@ -275,7 +272,7 @@ func NewOIDCService(
 	// We will reorganize the client into a map with the client ID as the key
 	clients := make(map[string]model.OIDCClientConfig)

-	for id, client := range config.OIDC.Clients {
+	for id, client := range deps.StaticConfig.OIDC.Clients {
 		client.ID = id
 		if client.Name == "" {
 			client.Name = utils.Capitalize(client.ID)
@@ -291,15 +288,15 @@ func NewOIDCService(
 		}
 		client.ClientSecretFile = ""
 		clients[id] = client
-		log.App.Debug().Str("clientId", client.ClientID).Msg("Loaded OIDC client configuration")
+		deps.Log.App.Debug().Str("clientId", client.ClientID).Msg("Loaded OIDC client configuration")
 	}

 	// Initialize the service
 	service := &OIDCService{
-		log:     log,
-		config:  config,
-		runtime: runtime,
-		queries: queries,
+		log:     deps.Log,
+		config:  deps.StaticConfig,
+		runtime: deps.RuntimeConfig,
+		queries: *deps.Queries,

 		clients:    clients,
 		privateKey: privateKey,
@@ -308,7 +305,7 @@ func NewOIDCService(
 	}

 	// Start cleanup routine
-	dg.Go(service.cleanupRoutine, ding.RingMinor)
+	deps.Ding.Go(service.cleanupRoutine, ding.RingMinor)

 	// Create caches
 	codeCash := NewCacheStore[AuthorizeCodeEntry](256)
@@ -320,7 +317,7 @@ func NewOIDCService(
 	service.caches.authorize = authorize

 	// Start cache cleanup routine
-	dg.Go(func(ctx context.Context) {
+	deps.Ding.Go(func(ctx context.Context) {
 		ticker := time.NewTicker(1 * time.Minute)
 		defer ticker.Stop()

@@ -40,21 +40,23 @@ type PolicyEngine struct {
 	policy Policy
 }

-func NewPolicyEngine(config model.Config, log *logger.Logger) (*PolicyEngine, error) {
+func NewPolicyEngine(
+	deps *ServiceDependencies,
+) (*PolicyEngine, error) {
 	engine := PolicyEngine{
-		log:   log,
+		log:   deps.Log,
 		rules: make(map[RuleName]Rule),
 	}

-	switch config.Auth.ACLs.Policy {
+	switch deps.StaticConfig.Auth.ACLs.Policy {
 	case string(PolicyAllow):
-		log.App.Debug().Msg("Using 'allow' ACL policy: access to apps will be allowed by default unless explicitly blocked")
+		deps.Log.App.Debug().Msg("Using 'allow' ACL policy: access to apps will be allowed by default unless explicitly blocked")
 		engine.policy = PolicyAllow
 	case string(PolicyDeny):
-		log.App.Debug().Msg("Using 'deny' ACL policy: access to apps will be blocked by default unless explicitly allowed")
+		deps.Log.App.Debug().Msg("Using 'deny' ACL policy: access to apps will be blocked by default unless explicitly allowed")
 		engine.policy = PolicyDeny
 	default:
-		return nil, fmt.Errorf("invalid acl policy: %s", config.Auth.ACLs.Policy)
+		return nil, fmt.Errorf("invalid acl policy: %s", deps.StaticConfig.Auth.ACLs.Policy)
 	}

 	return &engine, nil
@@ -0,0 +1,33 @@
+package service
+
+import (
+	"context"
+
+	"github.com/steveiliop56/ding"
+	"github.com/tinyauthapp/tinyauth/internal/model"
+	"github.com/tinyauthapp/tinyauth/internal/repository"
+	"github.com/tinyauthapp/tinyauth/internal/utils/logger"
+)
+
+type Services struct {
+	AccessControlService *AccessControlsService
+	AuthService          *AuthService
+	DockerService        *DockerService
+	KubernetesService    *KubernetesService
+	LDAPService          *LdapService
+	OAuthBrokerService   *OAuthBrokerService
+	OIDCService          *OIDCService
+	TailscaleService     *TailscaleService
+	PolicyEngine         *PolicyEngine
+}
+
+type ServiceDependencies struct {
+	Log           *logger.Logger
+	StaticConfig  *model.Config
+	RuntimeConfig *model.RuntimeConfig
+	Ctx           context.Context
+	Ding          *ding.Ding
+	Services      *Services
+	LabelProvider LabelProvider
+	Queries       *repository.Store
+}
@@ -25,7 +25,7 @@ type TailscaleWhoisResponse struct {

 type TailscaleService struct {
 	log    *logger.Logger
-	config model.Config
+	config *model.Config
 	ctx    context.Context

 	srv *tsnet.Server
@@ -34,22 +34,24 @@ type TailscaleService struct {
 	mu  sync.Mutex
 }

-func NewTailscaleService(log *logger.Logger, config model.Config, ctx context.Context, dg *ding.Ding) (*TailscaleService, error) {
-	if !config.Tailscale.Enabled {
+func NewTailscaleService(
+	deps *ServiceDependencies,
+) (*TailscaleService, error) {
+	if !deps.StaticConfig.Tailscale.Enabled {
 		return nil, nil
 	}

 	srv := new(tsnet.Server)

 	// node options
-	srv.Dir = config.Tailscale.Dir
-	srv.Hostname = config.Tailscale.Hostname
-	srv.AuthKey = config.Tailscale.AuthKey
-	srv.Ephemeral = config.Tailscale.Ephemeral
+	srv.Dir = deps.StaticConfig.Tailscale.Dir
+	srv.Hostname = deps.StaticConfig.Tailscale.Hostname
+	srv.AuthKey = deps.StaticConfig.Tailscale.AuthKey
+	srv.Ephemeral = deps.StaticConfig.Tailscale.Ephemeral

 	// redirect logs to zerolog
-	srv.Logf = log.App.Printf
-	srv.UserLogf = log.App.Printf
+	srv.Logf = deps.Log.App.Printf
+	srv.UserLogf = deps.Log.App.Printf

 	err := srv.Start()

@@ -65,14 +67,14 @@ func NewTailscaleService(log *logger.Logger, config model.Config, ctx context.Co
 	}

 	service := &TailscaleService{
-		log:    log,
-		config: config,
-		ctx:    ctx,
+		log:    deps.Log,
+		config: deps.StaticConfig,
+		ctx:    deps.Ctx,
 		srv:    srv,
 		lc:     lc,
 	}

-	connectCtx, cancel := context.WithTimeout(ctx, 2*time.Minute) // large enough timeout to allow for user to manually authenticate with link if needed
+	connectCtx, cancel := context.WithTimeout(deps.Ctx, 2*time.Minute) // large enough timeout to allow for user to manually authenticate with link if needed
 	defer cancel()

 	err = service.waitForConn(connectCtx)
@@ -82,7 +84,7 @@ func NewTailscaleService(log *logger.Logger, config model.Config, ctx context.Co
 		return nil, fmt.Errorf("failed to connect to tailscale network: %w", err)
 	}

-	dg.Go(service.watchAndClose, ding.RingMajor)
+	deps.Ding.Go(service.watchAndClose, ding.RingMajor)

 	return service, nil
 }