feat: allow generic provider to use untrusted SSL certificates (#164)

* feat: allow generic provider to use untrusted SSL certificates * chore: fix typo * chore: bot suggestion Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2025-10-28 12:45:47 +00:00 · 2025-05-27 16:42:20 +03:00
parent e50ffe7907
commit fc73e25d51
5 changed files with 36 additions and 10 deletions
--- a/.env.example
+++ b/.env.example
@@ -30,3 +30,4 @@ APP_TITLE=Tinyauth SSO
 FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
 OAUTH_AUTO_REDIRECT=none
 BACKGROUND_IMAGE=some_image_url
 GENERIC_SKIP_SSL=false
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -86,6 +86,7 @@ var rootCmd = &cobra.Command{
 			GenericAuthURL:      config.GenericAuthURL,
 			GenericTokenURL:     config.GenericTokenURL,
 			GenericUserURL:      config.GenericUserURL,
 			GenericSkipSSL:      config.GenericSkipSSL,
 			AppURL:              config.AppURL,
 		}
@@ -207,6 +208,7 @@ func init() {
 	rootCmd.Flags().String("generic-token-url", "", "Generic OAuth token URL.")
 	rootCmd.Flags().String("generic-user-url", "", "Generic OAuth user info URL.")
 	rootCmd.Flags().String("generic-name", "Generic", "Generic OAuth provider name.")
 	rootCmd.Flags().Bool("generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider.")
 	rootCmd.Flags().Bool("disable-continue", false, "Disable continue screen and redirect to app directly.")
 	rootCmd.Flags().String("oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth.")
 	rootCmd.Flags().String("oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)")
@@ -241,6 +243,7 @@ func init() {
 	viper.BindEnv("generic-token-url", "GENERIC_TOKEN_URL")
 	viper.BindEnv("generic-user-url", "GENERIC_USER_URL")
 	viper.BindEnv("generic-name", "GENERIC_NAME")
 	viper.BindEnv("generic-skip-ssl", "GENERIC_SKIP_SSL")
 	viper.BindEnv("disable-continue", "DISABLE_CONTINUE")
 	viper.BindEnv("oauth-whitelist", "OAUTH_WHITELIST")
 	viper.BindEnv("oauth-auto-redirect", "OAUTH_AUTO_REDIRECT")
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -3,15 +3,17 @@ package oauth
 import (
 	"context"
 	"crypto/rand"
 	"crypto/tls"
 	"encoding/base64"
 	"net/http"
 	"golang.org/x/oauth2"
 )
-func NewOAuth(config oauth2.Config) *OAuth {
+func NewOAuth(config oauth2.Config, insecureSkipVerify bool) *OAuth {
 	return &OAuth{
 		Config:             config,
 		InsecureSkipVerify: insecureSkipVerify,
 	}
 }
@@ -20,11 +22,29 @@ type OAuth struct {
 	Context            context.Context
 	Token              *oauth2.Token
 	Verifier           string
 	InsecureSkipVerify bool
 }
 func (oauth *OAuth) Init() {
-	// Create a new context and verifier
+	// Create transport with TLS
 	transport := &http.Transport{
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: oauth.InsecureSkipVerify,
 			MinVersion:         tls.VersionTLS12,
 		},
 	}
 	// Create a new context
 	oauth.Context = context.Background()
 	// Create the HTTP client with the transport
 	httpClient := &http.Client{
 		Transport: transport,
 	}
 	// Set the HTTP client in the context
 	oauth.Context = context.WithValue(oauth.Context, oauth2.HTTPClient, httpClient)
 	// Create the verifier
 	oauth.Verifier = oauth2.GenerateVerifier()
 }
--- a/internal/providers/providers.go
+++ b/internal/providers/providers.go
@@ -36,7 +36,7 @@ func (providers *Providers) Init() {
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/github", providers.Config.AppURL),
 			Scopes:       GithubScopes(),
 			Endpoint:     endpoints.GitHub,
-		})
+		}, false)
 		// Initialize the oauth provider
 		providers.Github.Init()
@@ -53,7 +53,7 @@ func (providers *Providers) Init() {
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/google", providers.Config.AppURL),
 			Scopes:       GoogleScopes(),
 			Endpoint:     endpoints.Google,
-		})
+		}, false)
 		// Initialize the oauth provider
 		providers.Google.Init()
@@ -73,7 +73,7 @@ func (providers *Providers) Init() {
 				AuthURL:  providers.Config.GenericAuthURL,
 				TokenURL: providers.Config.GenericTokenURL,
 			},
-		})
+		}, providers.Config.GenericSkipSSL)
 		// Initialize the oauth provider
 		providers.Generic.Init()
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	GenericTokenURL         string `mapstructure:"generic-token-url"`
 	GenericUserURL          string `mapstructure:"generic-user-url"`
 	GenericName             string `mapstructure:"generic-name"`
 	GenericSkipSSL          bool   `mapstructure:"generic-skip-ssl"`
 	DisableContinue         bool   `mapstructure:"disable-continue"`
 	OAuthWhitelist          string `mapstructure:"oauth-whitelist"`
 	OAuthAutoRedirect       string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
@@ -64,6 +65,7 @@ type OAuthConfig struct {
 	GenericAuthURL      string
 	GenericTokenURL     string
 	GenericUserURL      string
 	GenericSkipSSL      bool
 	AppURL              string
 }