barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-03-07 15:22:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
668 Commits 62 Branches 108 Tags
1d76cb84b9c982efdab80401d99182f0bb0a0b26
Commit Graph

51 Commits

Author SHA1 Message Date
Stavros
69c6c0ba1d fix: add cache control header to token response 2026-03-04 19:38:52 +02:00
Stavros
a71f61df8d feat: add email verified claim 2026-03-04 15:52:31 +02:00
Stavros
6bf444010b feat: add nonce claim support to oidc server (#686) 
* feat: add nonce claim support to oidc server

* fix: review feedback
 2026-03-04 15:34:11 +02:00
Stavros
cd410b6cdf refactor: categorize leftover config options (#682) 
* refactor: categorize leftover config options

* chore: update config description
 2026-03-02 19:49:59 +02:00
Stavros
43e0f3e713 chore: add correct oidc service documetation url 2026-02-26 17:37:47 +02:00
Stavros
4a1889c20b feat: oidc client create command (#672) 
* feat: add oidc client create command

* refactor: use own utility for creating random strings (more flexible
than stdlib)

* feat: validate client name to avoid config errors

* refactor: limit to only alphanumeric characters and hyphens

* refactor: remove the need of the logger in the create oidc client cmd
 2026-02-26 17:28:58 +02:00
Stavros
22c4c262ea feat: add support for client secret post auth to oidc token endpoint 2026-02-07 21:04:58 +02:00
Stavros
51d95fa455 fix: do not append domains to users that have an email as the username 2026-02-02 16:25:49 +02:00
Stavros
fd16f91011 fix: ensure oidc service is configured before performing any actions 2026-02-02 16:25:49 +02:00
Stavros
671343f677 feat: oidc (#605) 
* chore: add oidc base config

* wip: authorize page

* feat: implement basic oidc functionality

* refactor: implement oidc following tinyauth patterns

* feat: adapt frontend to oidc flow

* fix: review comments

* fix: oidc review comments

* feat: refresh token grant type support

* feat: cleanup expired oidc sessions

* feat: frontend i18n

* fix: fix typo in error screen

* tests: add basic testing

* fix: more review comments

* refactor: rework oidc error messages

* feat: openid discovery endpoint

* feat: jwk endpoint

* i18n: fix typo

* fix: more rabbit nitpicks

* fix: final review comments

* i18n: authorize page error messages
 2026-02-01 19:00:59 +02:00
Stavros
4926e53409 feat: ldap group acls (#590) 
* wip

* refactor: remove useless session struct abstraction

* feat: retrieve and store groups from ldap provider

* chore: fix merge issue

* refactor: rework ldap group fetching logic

* feat: store ldap group results in cache

* fix: review nitpicks

* fix: review feedback
 2026-01-17 20:03:29 +02:00
Pushpinder Singh
53bd413046 feat: configurable component-level logging (#575) 
* Refactor logging to use centralized logger utility

- Removed direct usage of zerolog in multiple files and replaced it with a centralized logging utility in the `utils` package.
- Introduced `Loggers` struct to manage different loggers (Audit, HTTP, App) with configurable levels and outputs.
- Updated all relevant files to utilize the new logging structure, ensuring consistent logging practices across the application.
- Enhanced error handling and logging messages for better traceability and debugging.

* refactor: update logging implementation to use new logger structure

* Refactor logging to use tlog package

- Replaced instances of utils logging with tlog in various controllers, services, and middleware.
- Introduced audit logging for login success, login failure, and logout events.
- Created tlog package with structured logging capabilities using zerolog.
- Added tests for the new tlog logger functionality.

* refactor: update logging configuration in environment files

* fix: adding coderabbit suggestions

* fix: ensure correct audit caller

* fix: include reason in audit login failure logs
 2026-01-15 15:57:19 +02:00
Stavros
e3f92ce4fc refactor: simplify user parsing (#571) 2026-01-08 16:03:37 +02:00
Stavros
1ffb838c0f feat: add support for global ip filters (#567) 2026-01-08 15:26:53 +02:00
Pushpinder Singh
e7bd64d7a3 feat: add session max lifetime and fix refresh logic (#559) 
* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies

* feat: add Allow header for invalid methods in proxyHandler

* feat: add session max lifetime and fix refresh logic

* fix: set default value for created_at column and improve session expiration logic

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-01-07 13:37:23 +02:00
Stavros
f1e2b55cd1 fix: add rate limiting in the forward auth endpoint (#555) 2025-12-31 21:04:08 +02:00
Stavros
7e17a4ad86 refactor: replace gorm with vanilla sql and sqlc (#541) 
* refactor: replace gorm with vanilla sql and sqlc

* chore: go mod tidy

* refactor: rebase for main

* tests: fix tests

* fix: review comments
 2025-12-31 17:59:21 +02:00
Pushpinder Singh
974f2a67f0 fix: allow any HTTP method for /api/auth/envoy (#551) 
* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies

* feat: add Allow header for invalid methods in proxyHandler
 2025-12-31 11:34:25 +02:00
Stavros
9a3fecd565 feat: non-docker acls (#549) 
* wip

* feat: add paerser as submodule and apply patch for nested maps

* refactor: update release workflows to include submodule and patches

* chore: update contributing instructions
 2025-12-30 18:26:57 +02:00
Stavros
43487d44f7 feat: forward sub from oidc providers (#543) 
* feat: forward sub from oidc providers

* fix: review comments
 2025-12-26 19:02:51 +02:00
Stavros
2d8af0510e feat: refresh session cookie when session is active (#540) 
* feat: refresh session cookie when session is active

* refactor: use current time to set new expiry
 2025-12-26 17:55:54 +02:00
Stavros
a1c3e416b6 refactor: use proper module name (#542) 
* chore: reorganize go mod

* refactor: use proper module name
 2025-12-26 17:53:24 +02:00
Stavros
ef25872fc3 feat: add support for Envoy proxy (#538) 
* feat: add support for 'envoy' proxy in proxyHandler validation

* refactor: simplify proxy route setup by consolidating envoy handling

* feat(proxy): add method validation for proxy authentication

* fix(proxy): reorder method validation for proxy authentication

* refactor: use a slice to check for supported proxies

---------

Co-authored-by: pushpinderbal <me@s1ngh.ca>
Co-authored-by: Pushpinder Singh <53684951+pushpinderbal@users.noreply.github.com>
Co-authored-by: Pushpinder Singh <pushpinder.singh@arcticwolf.com>
 2025-12-22 22:28:34 +02:00
Stavros
641b9aa531 feat: log unsafe redirect uri in oauth controller 2025-11-23 14:06:35 +02:00
Stavros
6c90046343 feat: add option to disable ui warnings 2025-11-21 17:37:08 +02:00
Stavros
2af036b38e feat: add logging for session creation 2025-11-06 16:18:01 +02:00
Stavros
60dada86a6 feat: add support for listening on unix sockets 2025-11-04 18:42:04 +02:00
Chris Ellrich
c5bb389258 feat: ACL labels from environment variables (#422) 
* feat: add LabelService to retrieve application labels from environment variables

* feat: allow usage of labels from docker and env variables simultaneously

Prioritize labels from environment variables over labels from docker
labels

* fix: handle error returned by label_serive.go/LoadLabels

see https://github.com/steveiliop56/tinyauth/pull/422#discussion_r2443443032

* refactor(label_service): use simple loop instead of slices.ContainsFunc to avoid experimental slices package
see https://github.com/steveiliop56/tinyauth/pull/422#pullrequestreview-3354632045

* refactor: merge acl logic into one service

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2025-10-21 16:02:31 +03:00
Stavros
5482430907 refactor: generate a verifier on every oauth auth session 2025-10-19 19:03:38 +03:00
Stavros
9b76a84ee2 feat: add trace logging 2025-10-11 15:27:01 +03:00
Stavros
a1ec4a69cf fix: remove spaces before checking oauth name and username 2025-10-10 16:28:52 +03:00
Stavros
f0a48cc91c feat: add health check command 2025-10-06 21:45:23 +03:00
Stavros
f8047a6c2e feat: add option to disable resources server 2025-09-22 15:52:43 +03:00
Stavros
5c866bad1a feat: multiple oauth providers (#355) 
* feat: add flag decoder (candidate)

* refactor: finalize flags decoder

* feat: add env decoder

* feat: add oauth config parsing logic

* feat: implement backend logic for multiple oauth providers

* feat: implement multiple oauth providers in the frontend

* feat: add some default icons

* chore: add credits for parser

* feat: style oauth auto redirect screen

* fix: bot suggestions

* refactor: rework decoders using simpler and more efficient pattern

* refactor: rework oauth name database migration
 2025-09-16 13:28:28 +03:00
Stavros
2d78e6b598 feat: add cookie domain back to context controller 2025-09-10 13:47:48 +03:00
Stavros
e03eaf4f08 feat: add psl check in cookie domain 2025-09-10 13:43:08 +03:00
Stavros
ba46493a7b tests: add proxy controller tests 2025-09-03 15:30:24 +03:00
Stavros
bb0373758a tests: add resources controller test 2025-09-03 14:58:24 +03:00
Stavros
f8836fc964 tests: test user context handler with no context 2025-09-03 13:36:11 +03:00
Stavros
53856e0a70 tests: test invalid json in user controller 2025-09-03 13:31:45 +03:00
Stavros
9b7dcfd86f tests: add user controller tests 2025-09-03 13:28:27 +03:00
Stavros
7afea8b3fc tests: add tests for context controller 2025-09-03 12:45:23 +03:00
Stavros
f5ac7eff99 refactor: mode label decoder to separate package 2025-09-03 12:23:21 +03:00
Stavros
f3eb7f69b4 Revert "feat: header based acls (#337)" (#340) 
This reverts commit f0d2da281a.
 2025-09-03 12:12:18 +03:00
Stavros
f0d2da281a feat: header based acls (#337) 
* feat: add header decoder

* feat: allow for dash substitute over slash for environments like kubernetes

* feat: use decoded headers in proxy controller

* refactor: simplify decode header to node function

* refactor: use stdlib prefix check in header decoder

* fix: lowercase key and filter before comparing
 2025-09-02 19:06:52 +03:00
Stavros
9ce16c9652 fix: expire csrf cookie if it's invalid 2025-09-02 18:38:11 +03:00
Stavros
ad4fc7ef5f refactor: don't export non-needed fields (#336) 
* refactor: don't export non-needed fields

* feat: coderabbit suggestions

* fix: avoid queries panic
 2025-09-02 01:27:55 +03:00
Stavros
b9e35716ac feat: invalid domain warning (#332) 
* wip

* refactor: update domain warning layout

* i18n: add domain warning translations

* refactor: rework hooks usage

* feat: clear timeouts

* fix: use useeffect to cleanup timeout

* refactor: rework redirects and history storage

* refactor: rename domain to root domain
 2025-09-01 18:22:42 +03:00
Stavros
c7c3de4f78 refactor: unify labels (#329) 
* refactor: unify labels

* feat: implement path block and user block

Fixes #313

* fix: fix oauth group check logic

* chore: fix typo
 2025-08-29 17:04:34 +03:00
Stavros
03d06cb0a7 feat: add sqlite database for storing sessions (#326) 
* feat: add sqlite database for storing sessions

* refactor: use db instance instead of service in auth service

* fix: coderabbit suggestions
 2025-08-29 12:35:11 +03:00