fix: review comments batch 2

internal/service/access_controls_service.go

@@ -28,18 +28,21 @@ func (acls *AccessControlsService) Init() error {
 }
 
 func (acls *AccessControlsService) lookupStaticACLs(domain string) *model.App {
+	var appAcls *model.App
 	for app, config := range acls.static {
 		if config.Config.Domain == domain {
 			tlog.App.Debug().Str("name", app).Msg("Found matching container by domain")
-			return &config
+			appAcls = &config
+			break // If we find a match by domain, we can stop searching
 		}
 
 		if strings.SplitN(domain, ".", 2)[0] == app {
 			tlog.App.Debug().Str("name", app).Msg("Found matching container by app name")
-			return &config
+			appAcls = &config
+			break // If we find a match by app name, we can stop searching
 		}
 	}
-	return nil
+	return appAcls
 }
 
 func (acls *AccessControlsService) GetAccessControls(domain string) (*model.App, error) {

internal/service/auth_service.go

@@ -73,7 +73,7 @@ type Lockdown struct {
 }
 
 type AuthServiceConfig struct {
-	LocalUsers         []model.LocalUser
+	LocalUsers         *[]model.LocalUser
 	OauthWhitelist     []string
 	SessionExpiry      int
 	SessionMaxLifetime int
@@ -147,6 +147,9 @@ func (auth *AuthService) CheckUserPassword(search model.UserSearch, password str
 	switch search.Type {
 	case model.UserLocal:
 		user := auth.GetLocalUser(search.Username)
+		if user == nil {
+			return ErrUserNotFound
+		}
 		return bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
 	case model.UserLDAP:
 		if auth.ldap.IsConfigured() {
@@ -169,7 +172,10 @@ func (auth *AuthService) CheckUserPassword(search model.UserSearch, password str
 }
 
 func (auth *AuthService) GetLocalUser(username string) *model.LocalUser {
-	for _, user := range auth.config.LocalUsers {
+	if auth.config.LocalUsers == nil {
+		return nil
+	}
+	for _, user := range *auth.config.LocalUsers {
 		if user.Username == username {
 			return &user
 		}
@@ -438,7 +444,7 @@ func (auth *AuthService) GetSession(ctx context.Context, uuid string) (*reposito
 }
 
 func (auth *AuthService) LocalAuthConfigured() bool {
-	return len(auth.config.LocalUsers) > 0
+	return auth.config.LocalUsers != nil && len(*auth.config.LocalUsers) > 0
 }
 
 func (auth *AuthService) LDAPAuthConfigured() bool {

internal/service/kubernetes_service.go

@@ -95,7 +95,8 @@ func (k *KubernetesService) getByDomain(domain string) *model.App {
 
 	if appKey, ok := k.domainIndex[domain]; ok {
 		if apps, ok := k.ingressApps[appKey.ingressKey]; ok {
-			for _, app := range apps {
+			for i := range apps {
+				app := &apps[i]
 				if app.domain == domain && app.appName == appKey.appName {
 					return &app.app
 				}
@@ -111,7 +112,8 @@ func (k *KubernetesService) getByAppName(appName string) *model.App {
 
 	if appKey, ok := k.appNameIndex[appName]; ok {
 		if apps, ok := k.ingressApps[appKey.ingressKey]; ok {
-			for _, app := range apps {
+			for i := range apps {
+				app := &apps[i]
 				if app.appName == appName {
 					return &app.app
 				}