feat: add option to run tinyauth on a top-level domain (#710)

* Add TINYAUTH_AUTH_SUBDOMAINSENABLED option Setting it to false allows to use Tinyauth on top-level domain only, but forbids automatic cross-app authentication using Traefik/Nginx. * fix: inform services and controllers if subdomain cookie domain is enabled * chore: rabbit feedback * fix: deny ip addresses for standalone domain --------- Co-authored-by: Stavros <steveiliop56@gmail.com>
2026-05-08 05:18:11 +00:00 · 2026-05-07 15:12:24 +02:00
parent 1382ab41e7
commit ca6a7fa551
8 changed files with 103 additions and 5 deletions
@@ -18,6 +18,7 @@ func NewDefaultConfiguration() *Config {
 			Address: "0.0.0.0",
 		},
 		Auth: AuthConfig{
+			SubdomainsEnabled:  true,
 			SessionExpiry:      86400, // 1 day
 			SessionMaxLifetime: 0,     // disabled
 			LoginTimeout:       300,   // 5 minutes
@@ -102,6 +103,7 @@ type ServerConfig struct {
 type AuthConfig struct {
 	IP                 IPConfig                  `description:"IP whitelisting config options." yaml:"ip"`
 	Users              []string                  `description:"Comma-separated list of users (username:hashed_password)." yaml:"users"`
+	SubdomainsEnabled  bool                      `description:"Enable subdomains support." yaml:"subdomainsEnabled"`
 	UserAttributes     map[string]UserAttributes `description:"Map of per-user OIDC attributes (username -> attributes)." yaml:"userAttributes"`
 	UsersFile          string                    `description:"Path to the users file." yaml:"usersFile"`
 	SecureCookie       bool                      `description:"Enable secure cookies." yaml:"secureCookie"`