From fc73e25d51b031451402458796e2b3531620602a Mon Sep 17 00:00:00 2001 From: Stavros Date: Tue, 27 May 2025 16:42:20 +0300 Subject: [PATCH] feat: allow generic provider to use untrusted SSL certificates (#164) * feat: allow generic provider to use untrusted SSL certificates * chore: fix typo * chore: bot suggestion Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .env.example | 1 + cmd/root.go | 3 +++ internal/oauth/oauth.go | 34 ++++++++++++++++++++++++++------- internal/providers/providers.go | 6 +++--- internal/types/config.go | 2 ++ 5 files changed, 36 insertions(+), 10 deletions(-) diff --git a/.env.example b/.env.example index 4fb43a7..8edde7b 100644 --- a/.env.example +++ b/.env.example @@ -30,3 +30,4 @@ APP_TITLE=Tinyauth SSO FORGOT_PASSWORD_MESSAGE=Some message about resetting the password OAUTH_AUTO_REDIRECT=none BACKGROUND_IMAGE=some_image_url +GENERIC_SKIP_SSL=false \ No newline at end of file diff --git a/cmd/root.go b/cmd/root.go index 8212905..278a511 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -86,6 +86,7 @@ var rootCmd = &cobra.Command{ GenericAuthURL: config.GenericAuthURL, GenericTokenURL: config.GenericTokenURL, GenericUserURL: config.GenericUserURL, + GenericSkipSSL: config.GenericSkipSSL, AppURL: config.AppURL, } @@ -207,6 +208,7 @@ func init() { rootCmd.Flags().String("generic-token-url", "", "Generic OAuth token URL.") rootCmd.Flags().String("generic-user-url", "", "Generic OAuth user info URL.") rootCmd.Flags().String("generic-name", "Generic", "Generic OAuth provider name.") + rootCmd.Flags().Bool("generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider.") rootCmd.Flags().Bool("disable-continue", false, "Disable continue screen and redirect to app directly.") rootCmd.Flags().String("oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth.") rootCmd.Flags().String("oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)") @@ -241,6 +243,7 @@ func init() { viper.BindEnv("generic-token-url", "GENERIC_TOKEN_URL") viper.BindEnv("generic-user-url", "GENERIC_USER_URL") viper.BindEnv("generic-name", "GENERIC_NAME") + viper.BindEnv("generic-skip-ssl", "GENERIC_SKIP_SSL") viper.BindEnv("disable-continue", "DISABLE_CONTINUE") viper.BindEnv("oauth-whitelist", "OAUTH_WHITELIST") viper.BindEnv("oauth-auto-redirect", "OAUTH_AUTO_REDIRECT") diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index e37371f..3004f71 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -3,28 +3,48 @@ package oauth import ( "context" "crypto/rand" + "crypto/tls" "encoding/base64" "net/http" "golang.org/x/oauth2" ) -func NewOAuth(config oauth2.Config) *OAuth { +func NewOAuth(config oauth2.Config, insecureSkipVerify bool) *OAuth { return &OAuth{ - Config: config, + Config: config, + InsecureSkipVerify: insecureSkipVerify, } } type OAuth struct { - Config oauth2.Config - Context context.Context - Token *oauth2.Token - Verifier string + Config oauth2.Config + Context context.Context + Token *oauth2.Token + Verifier string + InsecureSkipVerify bool } func (oauth *OAuth) Init() { - // Create a new context and verifier + // Create transport with TLS + transport := &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: oauth.InsecureSkipVerify, + MinVersion: tls.VersionTLS12, + }, + } + + // Create a new context oauth.Context = context.Background() + + // Create the HTTP client with the transport + httpClient := &http.Client{ + Transport: transport, + } + + // Set the HTTP client in the context + oauth.Context = context.WithValue(oauth.Context, oauth2.HTTPClient, httpClient) + // Create the verifier oauth.Verifier = oauth2.GenerateVerifier() } diff --git a/internal/providers/providers.go b/internal/providers/providers.go index a22e83e..8369837 100644 --- a/internal/providers/providers.go +++ b/internal/providers/providers.go @@ -36,7 +36,7 @@ func (providers *Providers) Init() { RedirectURL: fmt.Sprintf("%s/api/oauth/callback/github", providers.Config.AppURL), Scopes: GithubScopes(), Endpoint: endpoints.GitHub, - }) + }, false) // Initialize the oauth provider providers.Github.Init() @@ -53,7 +53,7 @@ func (providers *Providers) Init() { RedirectURL: fmt.Sprintf("%s/api/oauth/callback/google", providers.Config.AppURL), Scopes: GoogleScopes(), Endpoint: endpoints.Google, - }) + }, false) // Initialize the oauth provider providers.Google.Init() @@ -73,7 +73,7 @@ func (providers *Providers) Init() { AuthURL: providers.Config.GenericAuthURL, TokenURL: providers.Config.GenericTokenURL, }, - }) + }, providers.Config.GenericSkipSSL) // Initialize the oauth provider providers.Generic.Init() diff --git a/internal/types/config.go b/internal/types/config.go index f448e7f..201ce57 100644 --- a/internal/types/config.go +++ b/internal/types/config.go @@ -24,6 +24,7 @@ type Config struct { GenericTokenURL string `mapstructure:"generic-token-url"` GenericUserURL string `mapstructure:"generic-user-url"` GenericName string `mapstructure:"generic-name"` + GenericSkipSSL bool `mapstructure:"generic-skip-ssl"` DisableContinue bool `mapstructure:"disable-continue"` OAuthWhitelist string `mapstructure:"oauth-whitelist"` OAuthAutoRedirect string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"` @@ -64,6 +65,7 @@ type OAuthConfig struct { GenericAuthURL string GenericTokenURL string GenericUserURL string + GenericSkipSSL bool AppURL string }