feat: add initial implementation of a traefik like cli

2025-12-19 14:42:27 +00:00 · 2025-12-17 16:40:54 +02:00
parent 3555569a97
commit e4e99f4805
16 changed files with 1105 additions and 713 deletions
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -43,7 +43,7 @@ func NewBootstrapApp(config config.Config) *BootstrapApp {

 func (app *BootstrapApp) Setup() error {
 	// Parse users
-	users, err := utils.GetUsers(app.config.Users, app.config.UsersFile)
+	users, err := utils.GetUsers(app.config.Auth.Users, app.config.Auth.UsersFile)

 	if err != nil {
 		return err
@@ -144,17 +144,17 @@ func (app *BootstrapApp) Setup() error {
 	}

 	// If we have an socket path, bind to it
-	if app.config.SocketPath != "" {
-		if _, err := os.Stat(app.config.SocketPath); err == nil {
-			log.Info().Msgf("Removing existing socket file %s", app.config.SocketPath)
-			err := os.Remove(app.config.SocketPath)
+	if app.config.Server.SocketPath != "" {
+		if _, err := os.Stat(app.config.Server.SocketPath); err == nil {
+			log.Info().Msgf("Removing existing socket file %s", app.config.Server.SocketPath)
+			err := os.Remove(app.config.Server.SocketPath)
 			if err != nil {
 				return fmt.Errorf("failed to remove existing socket file: %w", err)
 			}
 		}

-		log.Info().Msgf("Starting server on unix socket %s", app.config.SocketPath)
-		if err := router.RunUnix(app.config.SocketPath); err != nil {
+		log.Info().Msgf("Starting server on unix socket %s", app.config.Server.SocketPath)
+		if err := router.RunUnix(app.config.Server.SocketPath); err != nil {
 			log.Fatal().Err(err).Msg("Failed to start server")
 		}

@@ -162,7 +162,7 @@ func (app *BootstrapApp) Setup() error {
 	}

 	// Start server
-	address := fmt.Sprintf("%s:%d", app.config.Address, app.config.Port)
+	address := fmt.Sprintf("%s:%d", app.config.Server.Address, app.config.Server.Port)
 	log.Info().Msgf("Starting server on %s", address)
 	if err := router.Run(address); err != nil {
 		log.Fatal().Err(err).Msg("Failed to start server")
--- a/internal/bootstrap/router_bootstrap.go
+++ b/internal/bootstrap/router_bootstrap.go
@@ -13,8 +13,8 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 	engine := gin.New()
 	engine.Use(gin.Recovery())

-	if len(app.config.TrustedProxies) > 0 {
-		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
+	if len(app.config.Server.TrustedProxies) > 0 {
+		err := engine.SetTrustedProxies(strings.Split(app.config.Server.TrustedProxies, ","))

 		if err != nil {
 			return nil, fmt.Errorf("failed to set trusted proxies: %w", err)
@@ -57,12 +57,12 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {

 	contextController := controller.NewContextController(controller.ContextControllerConfig{
 		Providers:             app.context.configuredProviders,
-		Title:                 app.config.Title,
+		Title:                 app.config.UI.Title,
 		AppURL:                app.config.AppURL,
 		CookieDomain:          app.context.cookieDomain,
-		ForgotPasswordMessage: app.config.ForgotPasswordMessage,
-		BackgroundImage:       app.config.BackgroundImage,
-		OAuthAutoRedirect:     app.config.OAuthAutoRedirect,
+		ForgotPasswordMessage: app.config.UI.ForgotPasswordMessage,
+		BackgroundImage:       app.config.UI.BackgroundImage,
+		OAuthAutoRedirect:     app.config.OAuth.AutoRedirect,
 		DisableUIWarnings:     app.config.DisableUIWarnings,
 	}, apiRouter)

@@ -70,7 +70,7 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {

 	oauthController := controller.NewOAuthController(controller.OAuthControllerConfig{
 		AppURL:             app.config.AppURL,
-		SecureCookie:       app.config.SecureCookie,
+		SecureCookie:       app.config.Auth.SecureCookie,
 		CSRFCookieName:     app.context.csrfCookieName,
 		RedirectCookieName: app.context.redirectCookieName,
 		CookieDomain:       app.context.cookieDomain,
--- a/internal/bootstrap/service_bootstrap.go
+++ b/internal/bootstrap/service_bootstrap.go
@@ -31,12 +31,12 @@ func (app *BootstrapApp) initServices() (Services, error) {
 	services.databaseService = databaseService

 	ldapService := service.NewLdapService(service.LdapServiceConfig{
-		Address:      app.config.LdapAddress,
-		BindDN:       app.config.LdapBindDN,
-		BindPassword: app.config.LdapBindPassword,
-		BaseDN:       app.config.LdapBaseDN,
-		Insecure:     app.config.LdapInsecure,
-		SearchFilter: app.config.LdapSearchFilter,
+		Address:      app.config.Ldap.Address,
+		BindDN:       app.config.Ldap.BindDN,
+		BindPassword: app.config.Ldap.BindPassword,
+		BaseDN:       app.config.Ldap.BaseDN,
+		Insecure:     app.config.Ldap.Insecure,
+		SearchFilter: app.config.Ldap.SearchFilter,
 	})

 	err = ldapService.Init()
@@ -69,12 +69,12 @@ func (app *BootstrapApp) initServices() (Services, error) {

 	authService := service.NewAuthService(service.AuthServiceConfig{
 		Users:             app.context.users,
-		OauthWhitelist:    app.config.OAuthWhitelist,
-		SessionExpiry:     app.config.SessionExpiry,
-		SecureCookie:      app.config.SecureCookie,
+		OauthWhitelist:    app.config.OAuth.Whitelist,
+		SessionExpiry:     app.config.Auth.SessionExpiry,
+		SecureCookie:      app.config.Auth.SecureCookie,
 		CookieDomain:      app.context.cookieDomain,
-		LoginTimeout:      app.config.LoginTimeout,
-		LoginMaxRetries:   app.config.LoginMaxRetries,
+		LoginTimeout:      app.config.Auth.LoginTimeout,
+		LoginMaxRetries:   app.config.Auth.LoginMaxRetries,
 		SessionCookieName: app.context.sessionCookieName,
 	}, dockerService, ldapService, databaseService.GetDatabase())

--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -15,34 +15,55 @@ var RedirectCookieName = "tinyauth-redirect"
 // Main app config

 type Config struct {
-	Port                  int    `mapstructure:"port" validate:"required"`
-	Address               string `validate:"required,ip4_addr" mapstructure:"address"`
-	AppURL                string `validate:"required,url" mapstructure:"app-url"`
-	Users                 string `mapstructure:"users"`
-	UsersFile             string `mapstructure:"users-file"`
-	SecureCookie          bool   `mapstructure:"secure-cookie"`
-	OAuthWhitelist        string `mapstructure:"oauth-whitelist"`
-	OAuthAutoRedirect     string `mapstructure:"oauth-auto-redirect"`
-	SessionExpiry         int    `mapstructure:"session-expiry"`
-	LogLevel              string `mapstructure:"log-level" validate:"oneof=trace debug info warn error fatal panic"`
-	Title                 string `mapstructure:"app-title"`
-	LoginTimeout          int    `mapstructure:"login-timeout"`
-	LoginMaxRetries       int    `mapstructure:"login-max-retries"`
-	ForgotPasswordMessage string `mapstructure:"forgot-password-message"`
-	BackgroundImage       string `mapstructure:"background-image" validate:"required"`
-	LdapAddress           string `mapstructure:"ldap-address"`
-	LdapBindDN            string `mapstructure:"ldap-bind-dn"`
-	LdapBindPassword      string `mapstructure:"ldap-bind-password"`
-	LdapBaseDN            string `mapstructure:"ldap-base-dn"`
-	LdapInsecure          bool   `mapstructure:"ldap-insecure"`
-	LdapSearchFilter      string `mapstructure:"ldap-search-filter"`
-	ResourcesDir          string `mapstructure:"resources-dir"`
-	DatabasePath          string `mapstructure:"database-path"`
-	TrustedProxies        string `mapstructure:"trusted-proxies"`
-	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
-	DisableResources      bool   `mapstructure:"disable-resources"`
-	DisableUIWarnings     bool   `mapstructure:"disable-ui-warnings"`
-	SocketPath            string `mapstructure:"socket-path"`
+	AppURL            string `description:"The base URL where the app is hosted."`
+	LogLevel          string `description:"Log level (trace, debug, info, warn, error)."`
+	ResourcesDir      string `description:"The directory where resources are stored."`
+	DatabasePath      string `description:"The path to the database file."`
+	DisableAnalytics  bool   `description:"Disable analytics."`
+	DisableResources  bool   `description:"Disable resources server."`
+	DisableUIWarnings bool   `description:"Disable UI warnings."`
+	Server            ServerConfig
+	Auth              AuthConfig
+	OAuth             OAuthConfig
+	UI                UIConfig
+	Ldap              LdapConfig
+}
+
+type ServerConfig struct {
+	Port           int    `description:"The port on which the server listens."`
+	Address        string `description:"The address on which the server listens."`
+	SocketPath     string `description:"The path to the Unix socket."`
+	TrustedProxies string `description:"Comma-separated list of trusted proxy addresses."`
+}
+
+type AuthConfig struct {
+	Users           string `description:"Comma-separated list of users (username:hashed_password)."`
+	UsersFile       string `description:"Path to the users file."`
+	SecureCookie    bool   `description:"Enable secure cookies."`
+	SessionExpiry   int    `description:"Session expiry time in seconds."`
+	LoginTimeout    int    `description:"Login timeout in seconds."`
+	LoginMaxRetries int    `description:"Maximum login retries."`
+}
+
+type OAuthConfig struct {
+	Whitelist    string `description:"Comma-separated list of allowed OAuth domains."`
+	AutoRedirect string `description:"The OAuth provider to use for automatic redirection."`
+	Providers    map[string]OAuthServiceConfig
+}
+
+type UIConfig struct {
+	Title                 string `description:"The title of the UI."`
+	ForgotPasswordMessage string `description:"Message displayed on the forgot password page."`
+	BackgroundImage       string `description:"Path to the background image."`
+}
+
+type LdapConfig struct {
+	Address      string `description:"LDAP server address."`
+	BindDN       string `description:"Bind DN for LDAP authentication."`
+	BindPassword string `description:"Bind password for LDAP authentication."`
+	BaseDN       string `description:"Base DN for LDAP searches."`
+	Insecure     bool   `description:"Allow insecure LDAP connections."`
+	SearchFilter string `description:"LDAP search filter."`
 }

 // OAuth/OIDC config
@@ -55,16 +76,16 @@ type Claims struct {
 }

 type OAuthServiceConfig struct {
-	ClientID           string `field:"client-id"`
-	ClientSecret       string
-	ClientSecretFile   string
-	Scopes             []string
-	RedirectURL        string `field:"redirect-url"`
-	AuthURL            string `field:"auth-url"`
-	TokenURL           string `field:"token-url"`
-	UserinfoURL        string `field:"user-info-url"`
-	InsecureSkipVerify bool
-	Name               string
+	ClientID         string   `description:"OAuth client ID."`
+	ClientSecret     string   `description:"OAuth client secret."`
+	ClientSecretFile string   `description:"Path to the file containing the OAuth client secret."`
+	Scopes           []string `description:"OAuth scopes."`
+	RedirectURL      string   `description:"OAuth redirect URL."`
+	AuthURL          string   `description:"OAuth authorization URL."`
+	TokenURL         string   `description:"OAuth token URL."`
+	UserinfoURL      string   `description:"OAuth userinfo URL."`
+	Insecure         bool     `description:"Allow insecure OAuth connections."`
+	Name             string   `description:"Provider name in UI."`
 }

 var OverrideProviders = map[string]string{
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -38,7 +38,7 @@ func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthServi
 				TokenURL: config.TokenURL,
 			},
 		},
-		insecureSkipVerify: config.InsecureSkipVerify,
+		insecureSkipVerify: config.Insecure,
 		userinfoUrl:        config.UserinfoURL,
 		name:               config.Name,
 	}