From c9337da4d4efceab49ea244eb458637a81196644 Mon Sep 17 00:00:00 2001 From: Stavros Date: Sun, 21 Jun 2026 18:29:51 +0300 Subject: [PATCH] chore: review comments --- internal/bootstrap/app_bootstrap.go | 6 +++++- internal/bootstrap/router_bootstrap.go | 13 ++++++++----- internal/controller/oauth_controller.go | 14 +++++++------- internal/service/auth_service.go | 4 ++-- internal/service/tailscale_service.go | 4 ++++ 5 files changed, 26 insertions(+), 15 deletions(-) diff --git a/internal/bootstrap/app_bootstrap.go b/internal/bootstrap/app_bootstrap.go index f347f552..55a5f082 100644 --- a/internal/bootstrap/app_bootstrap.go +++ b/internal/bootstrap/app_bootstrap.go @@ -316,7 +316,11 @@ func (app *BootstrapApp) Setup() error { } // get listener - listenerFunc := app.getListenerFunc() + listenerFunc, err := app.getListenerFunc() + + if err != nil { + return fmt.Errorf("failed to get listener function: %w", err) + } // run listener lec := make(chan error, 1) diff --git a/internal/bootstrap/router_bootstrap.go b/internal/bootstrap/router_bootstrap.go index 121d8f14..bb3d1df6 100644 --- a/internal/bootstrap/router_bootstrap.go +++ b/internal/bootstrap/router_bootstrap.go @@ -129,16 +129,19 @@ func (app *BootstrapApp) setupRouter() error { // 1. Tailscale (if tailscale.listen) // 2. Unix socket (if server.socketPath) // 3. HTTP - default -func (app *BootstrapApp) getListenerFunc() func(ctx context.Context) error { - if app.services.tailscaleService != nil && app.config.Tailscale.Listen { - return app.serveTailscale +func (app *BootstrapApp) getListenerFunc() (func(ctx context.Context) error, error) { + if app.config.Tailscale.Listen { + if app.services.tailscaleService == nil { + return nil, fmt.Errorf("tailscale.listen is enabled but tailscale service is not initialized") + } + return app.serveTailscale, nil } if app.config.Server.SocketPath != "" { - return app.serveUnix + return app.serveUnix, nil } - return app.serveHTTP + return app.serveHTTP, nil } func (app *BootstrapApp) serveHTTP(ctx context.Context) error { diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go index 93e4e9bc..79f77dec 100644 --- a/internal/controller/oauth_controller.go +++ b/internal/controller/oauth_controller.go @@ -304,8 +304,8 @@ func (controller *OAuthController) isOidcRequest(params service.OAuthCallbackPar } func (controller *OAuthController) getCookieDomain() string { - if controller.config.Auth.SubdomainsEnabled { - return "." + controller.runtime.CookieDomain + if !controller.config.Auth.SubdomainsEnabled { + return "" } return controller.runtime.CookieDomain } @@ -314,29 +314,29 @@ func (controller *OAuthController) isRedirectSafe(redirectURI string) bool { u, err := url.Parse(redirectURI) if err != nil { - controller.log.App.Error().Err(err).Str("redirectUri", redirectURI).Msg("Failed to parse redirect URI") + controller.log.App.Error().Err(err).Msg("Failed to parse redirect URI") return false } if u.Scheme == "" || u.Host == "" { - controller.log.App.Warn().Str("redirectUri", redirectURI).Msg("Redirect URI has invalid scheme or host") + controller.log.App.Warn().Msg("Redirect URI has invalid scheme or host") return false } au, err := url.Parse(controller.runtime.AppURL) if err != nil { - controller.log.App.Error().Err(err).Str("appUrl", controller.runtime.AppURL).Msg("Failed to parse app URL") + controller.log.App.Error().Err(err).Msg("Failed to parse app URL") return false } if u.Scheme != au.Scheme { - controller.log.App.Warn().Str("redirectUri", redirectURI).Str("appUrl", controller.runtime.AppURL).Msg("Redirect URI scheme does not match app URL scheme") + controller.log.App.Warn().Msg("Redirect URI scheme does not match app URL scheme") return false } if u.Port() != au.Port() { - controller.log.App.Warn().Str("redirectUri", redirectURI).Str("appUrl", controller.runtime.AppURL).Msg("Redirect URI port does not match app URL port") + controller.log.App.Warn().Msg("Redirect URI port does not match app URL port") return false } diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go index e616cee3..3ab4e0d9 100644 --- a/internal/service/auth_service.go +++ b/internal/service/auth_service.go @@ -706,8 +706,8 @@ func (auth *AuthService) calculateLockdownLimit() int { } func (auth *AuthService) getCookieDomain() string { - if auth.config.Auth.SubdomainsEnabled { - return "." + auth.runtime.CookieDomain + if !auth.config.Auth.SubdomainsEnabled { + return "" } return auth.runtime.CookieDomain } diff --git a/internal/service/tailscale_service.go b/internal/service/tailscale_service.go index bf6c70cd..183f6f27 100644 --- a/internal/service/tailscale_service.go +++ b/internal/service/tailscale_service.go @@ -94,6 +94,10 @@ func NewTailscaleService(i TailscaleServiceInput) (*TailscaleService, error) { i.Ding.Go(service.watchAndClose, ding.RingMajor) + if i.Config.Tailscale.Funnel && !i.Config.Tailscale.Listen { + service.log.App.Warn().Msg("Tailscale Funnel is enabled but listen is disabled. Funnel will not work without listen enabled.") + } + return service, nil }