barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-27 20:25:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: invalid domain warning (#332)

Browse Source 
* wip

* refactor: update domain warning layout

* i18n: add domain warning translations

* refactor: rework hooks usage

* feat: clear timeouts

* fix: use useeffect to cleanup timeout

* refactor: rework redirects and history storage

* refactor: rename domain to root domain
This commit is contained in:
Stavros
2025-09-01 18:22:42 +03:00
committed by GitHub
parent 17048d94b6
commit b9e35716ac
24 changed files with 339 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/bootstrap/app_bootstrap.go
View File

@@ -2,6 +2,7 @@ package bootstrap
import (
"fmt"
"net/url"
"strings"
"tinyauth/internal/config"
"tinyauth/internal/controller"
@@ -44,15 +45,16 @@ func (app *BootstrapApp) Setup() error {
return err
}
// Get domain
domain, err := utils.GetUpperDomain(app.Config.AppURL)
// Get root domain
rootDomain, err := utils.GetRootDomain(app.Config.AppURL)
if err != nil {
return err
}
// Cookie names
cookieId := utils.GenerateIdentifier(strings.Split(domain, ".")[0])
appUrl, _ := url.Parse(app.Config.AppURL) // Already validated
cookieId := utils.GenerateIdentifier(appUrl.Hostname())
sessionCookieName := fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
csrfCookieName := fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
redirectCookieName := fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
@@ -63,7 +65,7 @@ func (app *BootstrapApp) Setup() error {
OauthWhitelist: app.Config.OAuthWhitelist,
SessionExpiry: app.Config.SessionExpiry,
SecureCookie: app.Config.SecureCookie,
Domain: domain,
RootDomain: rootDomain,
LoginTimeout: app.Config.LoginTimeout,
LoginMaxRetries: app.Config.LoginMaxRetries,
SessionCookieName: sessionCookieName,
@@ -153,7 +155,7 @@ func (app *BootstrapApp) Setup() error {
var middlewares []Middleware
contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
Domain: domain,
RootDomain: rootDomain,
}, authService, oauthBrokerService)
uiMiddleware := middleware.NewUIMiddleware()
@@ -177,10 +179,10 @@ func (app *BootstrapApp) Setup() error {
// Create controllers
contextController := controller.NewContextController(controller.ContextControllerConfig{
ConfiguredProviders: configuredProviders,
DisableContinue: app.Config.DisableContinue,
Title: app.Config.Title,
GenericName: app.Config.GenericName,
Domain: domain,
AppURL: app.Config.AppURL,
RootDomain: rootDomain,
ForgotPasswordMessage: app.Config.ForgotPasswordMessage,
BackgroundImage: app.Config.BackgroundImage,
OAuthAutoRedirect: app.Config.OAuthAutoRedirect,
@@ -191,7 +193,7 @@ func (app *BootstrapApp) Setup() error {
SecureCookie: app.Config.SecureCookie,
CSRFCookieName: csrfCookieName,
RedirectCookieName: redirectCookieName,
Domain: domain,
RootDomain: rootDomain,
}, apiRouter, authService, oauthBrokerService)
proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
@@ -199,7 +201,7 @@ func (app *BootstrapApp) Setup() error {
}, apiRouter, dockerService, authService)
userController := controller.NewUserController(controller.UserControllerConfig{
Domain: domain,
RootDomain: rootDomain,
}, apiRouter, authService)
resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{

1
internal/config/config.go
View File

@@ -36,7 +36,6 @@ type Config struct {
GenericUserURL string `mapstructure:"generic-user-url"`
GenericName string `mapstructure:"generic-name"`
GenericSkipSSL bool `mapstructure:"generic-skip-ssl"`
DisableContinue bool `mapstructure:"disable-continue"`
OAuthWhitelist string `mapstructure:"oauth-whitelist"`
OAuthAutoRedirect string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
SessionExpiry int `mapstructure:"session-expiry"`

20
internal/controller/context_controller.go
View File

@@ -1,6 +1,8 @@
package controller
import (
"fmt"
"net/url"
"tinyauth/internal/utils"
"github.com/gin-gonic/gin"
@@ -15,7 +17,7 @@ type UserContextResponse struct {
Name string `json:"name"`
Email string `json:"email"`
Provider string `json:"provider"`
Oauth bool `json:"oauth"`
OAuth bool `json:"oauth"`
TotpPending bool `json:"totpPending"`
}
@@ -23,10 +25,10 @@ type AppContextResponse struct {
Status int `json:"status"`
Message string `json:"message"`
ConfiguredProviders []string `json:"configuredProviders"`
DisableContinue bool `json:"disableContinue"`
Title string `json:"title"`
GenericName string `json:"genericName"`
Domain string `json:"domain"`
AppURL string `json:"appUrl"`
RootDomain string `json:"rootDomain"`
ForgotPasswordMessage string `json:"forgotPasswordMessage"`
BackgroundImage string `json:"backgroundImage"`
OAuthAutoRedirect string `json:"oauthAutoRedirect"`
@@ -34,10 +36,10 @@ type AppContextResponse struct {
type ContextControllerConfig struct {
ConfiguredProviders []string
DisableContinue bool
Title string
GenericName string
Domain string
AppURL string
RootDomain string
ForgotPasswordMessage string
BackgroundImage string
OAuthAutoRedirect string
@@ -72,7 +74,7 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
Name: context.Name,
Email: context.Email,
Provider: context.Provider,
Oauth: context.OAuth,
OAuth: context.OAuth,
TotpPending: context.TotpPending,
}
@@ -89,14 +91,16 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
}
func (controller *ContextController) appContextHandler(c *gin.Context) {
appUrl, _ := url.Parse(controller.Config.AppURL) // no need to check error, validated on startup
c.JSON(200, AppContextResponse{
Status: 200,
Message: "Success",
ConfiguredProviders: controller.Config.ConfiguredProviders,
DisableContinue: controller.Config.DisableContinue,
Title: controller.Config.Title,
GenericName: controller.Config.GenericName,
Domain: controller.Config.Domain,
AppURL: fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
RootDomain: controller.Config.RootDomain,
ForgotPasswordMessage: controller.Config.ForgotPasswordMessage,
BackgroundImage: controller.Config.BackgroundImage,
OAuthAutoRedirect: controller.Config.OAuthAutoRedirect,

14
internal/controller/oauth_controller.go
View File

@@ -23,7 +23,7 @@ type OAuthControllerConfig struct {
RedirectCookieName string
SecureCookie bool
AppURL string
Domain string
RootDomain string
}
type OAuthController struct {
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
state := service.GenerateState()
authURL := service.GetAuthURL(state)
c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
redirectURI := c.Query("redirect_uri")
if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
log.Debug().Msg("Setting redirect URI cookie")
c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
}
c.JSON(200, gin.H{
@@ -112,7 +112,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
return
}
c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
code := c.Query("code")
service, exists := controller.Broker.GetService(req.Provider)
@@ -189,7 +189,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
redirectURI, err := c.Cookie(controller.Config.RedirectCookieName)
if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
c.Redirect(http.StatusTemporaryRedirect, controller.Config.AppURL)
return
@@ -205,6 +205,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
return
}
c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.Config.AppURL, queries.Encode()))
}

8
internal/controller/user_controller.go
View File

@@ -22,7 +22,7 @@ type TotpRequest struct {
}
type UserControllerConfig struct {
Domain string
RootDomain string
}
type UserController struct {
@@ -115,7 +115,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
Username: user.Username,
Name: utils.Capitalize(req.Username),
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
Provider: "username",
TotpPending: true,
})
@@ -141,7 +141,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
Username: req.Username,
Name: utils.Capitalize(req.Username),
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
Provider: "username",
})
@@ -246,7 +246,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
Username: user.Username,
Name: utils.Capitalize(user.Username),
Email: fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.Domain),
Email: fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.RootDomain),
Provider: "username",
})

6
internal/middleware/context_middleware.go
View File

@@ -12,7 +12,7 @@ import (
)
type ContextMiddlewareConfig struct {
Domain string
RootDomain string
}
type ContextMiddleware struct {
@@ -134,7 +134,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
c.Set("context", &config.UserContext{
Username: user.Username,
Name: utils.Capitalize(user.Username),
Email: fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.Domain),
Email: fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.RootDomain),
Provider: "basic",
IsLoggedIn: true,
TotpEnabled: user.TotpSecret != "",
@@ -146,7 +146,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
c.Set("context", &config.UserContext{
Username: basic.Username,
Name: utils.Capitalize(basic.Username),
Email: fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.Domain),
Email: fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.RootDomain),
Provider: "basic",
IsLoggedIn: true,
})

6
internal/service/auth_service.go
View File

@@ -28,7 +28,7 @@ type AuthServiceConfig struct {
OauthWhitelist string
SessionExpiry int
SecureCookie bool
Domain string
RootDomain string
LoginTimeout int
LoginMaxRetries int
SessionCookieName string
@@ -216,7 +216,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
return err
}
c.SetCookie(auth.Config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.SecureCookie, true)
c.SetCookie(auth.Config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.Config.RootDomain), auth.Config.SecureCookie, true)
return nil
}
@@ -234,7 +234,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
return res.Error
}
c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.SecureCookie, true)
c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.RootDomain), auth.Config.SecureCookie, true)
return nil
}

6
internal/utils/app_utils.go
View File

@@ -12,8 +12,8 @@ import (
"github.com/rs/zerolog"
)
// Get upper domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
func GetUpperDomain(appUrl string) (string, error) {
// Get root domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
func GetRootDomain(appUrl string) (string, error) {
appUrlParsed, err := url.Parse(appUrl)
if err != nil {
return "", err
@@ -88,7 +88,7 @@ func IsRedirectSafe(redirectURL string, domain string) bool {
return false
}
upper, err := GetUpperDomain(redirectURL)
upper, err := GetRootDomain(redirectURL)
if err != nil {
return false