feat: map info from OIDC claims to headers (#122)

* refactor: return all values from body in the providers * refactor: only accept claims following the OIDC spec * feat: map info from OIDC claims to headers * feat: add support for required oauth groups * fix: bot suggestions * feat: get claims from github and google * fix: close body correctly
2025-10-28 12:45:47 +00:00 · 2025-04-30 19:57:49 +03:00
parent f824b84787
commit a9e8bf89a9
24 changed files with 528 additions and 210 deletions
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -204,6 +204,8 @@ func GetTinyauthLabels(labels map[string]string) types.TinyauthLabels {
 					}
 					tinyauthLabels.Headers[headerSplit[0]] = headerSplit[1]
 				}
+			case "tinyauth.oauth.groups":
+				tinyauthLabels.OAuthGroups = value
 			}
 		}
 	}
@@ -323,3 +325,22 @@ func CheckWhitelist(whitelist string, str string) bool {
 	// Return false if no match was found
 	return false
 }
+
+// Capitalize just the first letter of a string
+func Capitalize(str string) string {
+	if len(str) == 0 {
+		return ""
+	}
+	return strings.ToUpper(string([]rune(str)[0])) + string([]rune(str)[1:])
+}
+
+// Sanitize header removes all control characters from a string
+func SanitizeHeader(header string) string {
+	return strings.Map(func(r rune) rune {
+		// Allow only printable ASCII characters (32-126) and safe whitespace (space, tab)
+		if r == ' ' || r == '\t' || (r >= 32 && r <= 126) {
+			return r
+		}
+		return -1
+	}, header)
+}