From f48bb65d7bf4780d22177f6bdde77eaed4ce0d43 Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Mon, 7 Jul 2025 23:31:51 +0300
Subject: [PATCH] feat: add support for using secret files for basic auth
 password

---
 internal/handlers/handlers.go | 8 ++++----
 internal/types/config.go      | 8 +++++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go
index f8de26f..87d1f8d 100644
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -154,9 +154,9 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 			log.Debug().Str("key", key).Msg("Setting header")
 			c.Header(key, value)
 		}
-		if labels.Basic.Username != "" && labels.Basic.Password != "" {
+		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
 			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
-			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, labels.Basic.Password)))
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
 		}
 		c.JSON(200, gin.H{
 			"status":  200,
@@ -283,9 +283,9 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		}
 
 		// Set basic auth headers if configured
-		if labels.Basic.Username != "" && labels.Basic.Password != "" {
+		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
 			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
-			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, labels.Basic.Password)))
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
 		}
 
 		// The user is allowed to access the app
diff --git a/internal/types/config.go b/internal/types/config.go
index 8e2e202..83dc8bb 100644
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -109,7 +109,13 @@ type OAuthLabels struct {
 // Basic auth labels for a tinyauth protected container
 type BasicLabels struct {
 	Username string
-	Password string
+	Password PassowrdLabels
+}
+
+// PassowrdLabels is a struct that contains the password labels for a tinyauth protected container
+type PassowrdLabels struct {
+	Plain string
+	File  string
 }
 
 // IP labels for a tinyauth protected container