* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies
* feat: add Allow header for invalid methods in proxyHandler
* feat: add session max lifetime and fix refresh logic
* fix: set default value for created_at column and improve session expiration logic
* fix: correct ldapService reference in authService initialization
---------
Co-authored-by: Stavros <steveiliop56@gmail.com>
* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies
* feat: add Allow header for invalid methods in proxyHandler
* feat: add session max lifetime and fix refresh logic
* fix: set default value for created_at column and improve session expiration logic
---------
Co-authored-by: Stavros <steveiliop56@gmail.com>
* ldap: Add mTLS authentication support to LDAP backend
* ldap: Reuse BindService() for initial bind attempt
* ldap: Make LdapService.config private
Now that we have ldap.BindService(), we don't need to access any
members of LdapService.config externally.
* ldap: Add TODO note about STARTTLS/SASL authentication
* ldap: Add TODO note about mTLS and extra CA certificates
* chore: fix typo
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: Stavros <steveiliop56@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies
* feat: add Allow header for invalid methods in proxyHandler
* wip
* feat: add paerser as submodule and apply patch for nested maps
* refactor: update release workflows to include submodule and patches
* chore: update contributing instructions
* chore: add yaml config ref
* feat: add initial implementation of a traefik like cli
* refactor: remove dependency on traefik
* chore: update example env
* refactor: update build
* chore: remove unused code
* fix: fix translations not loading
* feat: add experimental config file support
* chore: mod tidy
* fix: review comments
* refactor: move tinyauth to separate package
* chore: add quotes to all env variables
* chore: resolve go mod and sum conflicts
* chore: go mod tidy
* fix: review comments
Previously IsRedirectSafe rejected redirects to the exact cookie domain
when AppURL had multiple subdomain levels, because it stripped the first
label twice.
