refactor: unify labels (#329)

* refactor: unify labels * feat: implement path block and user block Fixes #313 * fix: fix oauth group check logic * chore: fix typo
2025-10-28 04:35:40 +00:00 · 2025-08-29 17:04:34 +03:00
parent 03d06cb0a7
commit c7c3de4f78
6 changed files with 164 additions and 114 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -1,20 +1,19 @@
 package config

-type Claims struct {
-	Name              string `json:"name"`
-	Email             string `json:"email"`
-	PreferredUsername string `json:"preferred_username"`
-	Groups            any    `json:"groups"`
-}
+// Version information, set at build time

 var Version = "development"
 var CommitHash = "n/a"
 var BuildTimestamp = "n/a"

+// Cookie name templates
+
 var SessionCookieName = "tinyauth-session"
 var CSRFCookieName = "tinyauth-csrf"
 var RedirectCookieName = "tinyauth-redirect"

+// Main app config
+
 type Config struct {
 	Port                    int    `mapstructure:"port" validate:"required"`
 	Address                 string `validate:"required,ip4_addr" mapstructure:"address"`
@@ -45,7 +44,7 @@ type Config struct {
 	Title                   string `mapstructure:"app-title"`
 	LoginTimeout            int    `mapstructure:"login-timeout"`
 	LoginMaxRetries         int    `mapstructure:"login-max-retries"`
-	FogotPasswordMessage    string `mapstructure:"forgot-password-message"`
+	ForgotPasswordMessage   string `mapstructure:"forgot-password-message"`
 	BackgroundImage         string `mapstructure:"background-image" validate:"required"`
 	LdapAddress             string `mapstructure:"ldap-address"`
 	LdapBindDN              string `mapstructure:"ldap-bind-dn"`
@@ -57,35 +56,13 @@ type Config struct {
 	DatabasePath            string `mapstructure:"database-path" validate:"required"`
 }

-type OAuthLabels struct {
-	Whitelist string
-	Groups    string
-}
+// OAuth/OIDC config

-type BasicLabels struct {
-	Username string
-	Password PasswordLabels
-}
-
-type PasswordLabels struct {
-	Plain string
-	File  string
-}
-
-type IPLabels struct {
-	Allow  []string
-	Block  []string
-	Bypass []string
-}
-
-type Labels struct {
-	Users   string
-	Allowed string
-	Headers []string
-	Domain  []string
-	Basic   BasicLabels
-	OAuth   OAuthLabels
-	IP      IPLabels
+type Claims struct {
+	Name              string `json:"name"`
+	Email             string `json:"email"`
+	PreferredUsername string `json:"preferred_username"`
+	Groups            any    `json:"groups"`
 }

 type OAuthServiceConfig struct {
@@ -99,6 +76,8 @@ type OAuthServiceConfig struct {
 	InsecureSkipVerify bool
 }

+// User/session related stuff
+
 type User struct {
 	Username   string
 	Password   string
@@ -132,6 +111,8 @@ type UserContext struct {
 	TotpEnabled bool
 }

+// API responses and queries
+
 type UnauthorizedQuery struct {
 	Username string `url:"username"`
 	Resource string `url:"resource"`
@@ -142,3 +123,54 @@ type UnauthorizedQuery struct {
 type RedirectQuery struct {
 	RedirectURI string `url:"redirect_uri"`
 }
+
+// Labels
+
+type Labels struct {
+	Apps map[string]AppLabels
+}
+
+type AppLabels struct {
+	Config   ConfigLabels
+	Users    UsersLabels
+	OAuth    OAuthLabels
+	IP       IPLabels
+	Response ResponseLabels
+	Path     PathLabels
+}
+
+type ConfigLabels struct {
+	Domain string
+}
+
+type UsersLabels struct {
+	Allow string
+	Block string
+}
+
+type OAuthLabels struct {
+	Whitelist string
+	Groups    string
+}
+
+type IPLabels struct {
+	Allow  []string
+	Block  []string
+	Bypass []string
+}
+
+type ResponseLabels struct {
+	Headers   []string
+	BasicAuth BasicAuthLabels
+}
+
+type BasicAuthLabels struct {
+	Username     string
+	Password     string
+	PasswordFile string
+}
+
+type PathLabels struct {
+	Allow string
+	Block string
+}