barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-05-07 21:08:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
777 Commits 26 Branches 125 Tags
3eeabd36238ea762d1a46e598b2da012f9313d83
Commit Graph

35 Commits

Author SHA1 Message Date
Scott McKendry 04b8e9884b feat(db): add memory storage driver 
removes the sqlite dependency for tests, also brings back the option for
users to run zero persistence instances of tinyauth.

adds new mapErr fn for sqlc wrapper gen to prevent sql errors from
leaking out of the store implementation.
 2026-05-04 05:02:27 +12:00
Scott McKendry 1d0a4627a9 refactor(db): use new store interface 2026-04-30 19:18:33 +12:00
Contre 956d2f55c3 feat(access-control): Add support for Kubernetes Label (#627) 
* feat(access-control): Add support for Kubernetes Label

* feat(access-control): Defaults to Docker

* feat(access-control): Remove kubeconfig fallback

* feat(watcher): Watcher for kubernetes service

* feat(watcher): Merge with main + remove nightly fix redirect

* fix(go): Go mod + Go sum after sync with main

* fix(config): Ser default value for LabelProvider to Docker

* feat(go): go mod tidy

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): (Watcher) -> Wait 5s before breaking to outer loop again

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): Remove
var _ = unstructured.Unstructured{} + comments + msg edits

* feat(bootstrap): Remove dockerService from bootstrap svc

* feat(auth_svc): Remove dockerService from authservice

* feat(test): Add tests for kubernetes_services

* feat(test): Remove docker serivce form proxy/user test

* fix(refactor): Remove update logic from watcher and resync

* fix(refactor): Split watchGVR to make it more readable

* fix(refactor): Remove discovery + drop K 1.22 completely

* fix(refactor): Move interface to acess_controls_service

* feat: Autodetect labelprovider if TINYAUTH_LABELPROVIDER not set

* fix(test): Match testing scheme to the controllers

* fix: service bootstrap import after merge

* fix: service bootstrap import after merge
 2026-04-29 16:16:21 +03:00
Stavros a14d64c8ba chore: remove exp slices package and use stdlib 2026-04-29 15:56:35 +03:00
Ryc O'Chet f3186571cc Organisation update, steveiliop56 to tinyauthapp (#793) 
* infrastructure and docs

* code

* fix issue templates

* chore: fix scoreboard url

* chore: remove migration warning

* chore: fix readme docs link

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-04-26 17:13:53 +03:00
Stavros 2c1b62f464 feat: preserve oidc params in oauth flow (#772) 2026-04-10 15:58:31 +03:00
Stavros 5811218dbf refactor: tests (#731) 
* tests: rework tests for context controller

* tests: add tests for health controller

* tests: add tests for oidc controller

* tests: use testify assert in context and health controller

* tests: add tests for user controller

* tests: add tests for resources controller

* tests: add well known controller tests

* test: add proxy controller tests

* chore: review comments

* chore: more review comments

* chore: cancel lockdown in testing

* tests: fix get cookie domain tests

* chore: add comment for testing passwords
 2026-03-30 15:31:34 +03:00
Stavros d3cda06a75 feat: add lockdown mode on multiple login attempts (#727) 
* feat: add lockdown mode on multiple login attempts

* fix: review comments

* fix: fix typo
 2026-03-28 20:35:49 +02:00
Stavros f26c217161 refactor: oauth flow (#726) 
* wip

* feat: add oauth session impl in auth service

* feat: move oauth logic into auth service and handle multiple sessions

* tests: fix tests

* fix: review comments

* fix: prevent ddos attacks in oauth rate limit
 2026-03-22 21:03:32 +02:00
Stavros eff5fc8b71 refactor: use is configured check in ldap service 2026-02-01 19:05:42 +02:00
Stavros 4926e53409 feat: ldap group acls (#590) 
* wip

* refactor: remove useless session struct abstraction

* feat: retrieve and store groups from ldap provider

* chore: fix merge issue

* refactor: rework ldap group fetching logic

* feat: store ldap group results in cache

* fix: review nitpicks

* fix: review feedback
 2026-01-17 20:03:29 +02:00
Pushpinder Singh 53bd413046 feat: configurable component-level logging (#575) 
* Refactor logging to use centralized logger utility

- Removed direct usage of zerolog in multiple files and replaced it with a centralized logging utility in the `utils` package.
- Introduced `Loggers` struct to manage different loggers (Audit, HTTP, App) with configurable levels and outputs.
- Updated all relevant files to utilize the new logging structure, ensuring consistent logging practices across the application.
- Enhanced error handling and logging messages for better traceability and debugging.

* refactor: update logging implementation to use new logger structure

* Refactor logging to use tlog package

- Replaced instances of utils logging with tlog in various controllers, services, and middleware.
- Introduced audit logging for login success, login failure, and logout events.
- Created tlog package with structured logging capabilities using zerolog.
- Added tests for the new tlog logger functionality.

* refactor: update logging configuration in environment files

* fix: adding coderabbit suggestions

* fix: ensure correct audit caller

* fix: include reason in audit login failure logs
 2026-01-15 15:57:19 +02:00
Stavros e3f92ce4fc refactor: simplify user parsing (#571) 2026-01-08 16:03:37 +02:00
Stavros 1ffb838c0f feat: add support for global ip filters (#567) 2026-01-08 15:26:53 +02:00
Pushpinder Singh e7bd64d7a3 feat: add session max lifetime and fix refresh logic (#559) 
* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies

* feat: add Allow header for invalid methods in proxyHandler

* feat: add session max lifetime and fix refresh logic

* fix: set default value for created_at column and improve session expiration logic

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-01-07 13:37:23 +02:00
Priit Laes f564032a11 LDAP: Add mTLS / client certificate authentication support (#509) 
* ldap: Add mTLS authentication support to LDAP backend

* ldap: Reuse BindService() for initial bind attempt

* ldap: Make LdapService.config private

Now that we have ldap.BindService(), we don't need to access any
members of LdapService.config externally.

* ldap: Add TODO note about STARTTLS/SASL authentication

* ldap: Add TODO note about mTLS and extra CA certificates

* chore: fix typo

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-12-31 18:01:21 +02:00
Stavros 7e17a4ad86 refactor: replace gorm with vanilla sql and sqlc (#541) 
* refactor: replace gorm with vanilla sql and sqlc

* chore: go mod tidy

* refactor: rebase for main

* tests: fix tests

* fix: review comments
 2025-12-31 17:59:21 +02:00
Stavros 43487d44f7 feat: forward sub from oidc providers (#543) 
* feat: forward sub from oidc providers

* fix: review comments
 2025-12-26 19:02:51 +02:00
Stavros 2d8af0510e feat: refresh session cookie when session is active (#540) 
* feat: refresh session cookie when session is active

* refactor: use current time to set new expiry
 2025-12-26 17:55:54 +02:00
Stavros a1c3e416b6 refactor: use proper module name (#542) 
* chore: reorganize go mod

* refactor: use proper module name
 2025-12-26 17:53:24 +02:00
Stavros 6d663bb1e8 fix: use unix seconds in db cleanup 2025-11-15 11:45:19 +02:00
Chris Ellrich c5bb389258 feat: ACL labels from environment variables (#422) 
* feat: add LabelService to retrieve application labels from environment variables

* feat: allow usage of labels from docker and env variables simultaneously

Prioritize labels from environment variables over labels from docker
labels

* fix: handle error returned by label_serive.go/LoadLabels

see https://github.com/steveiliop56/tinyauth/pull/422#discussion_r2443443032

* refactor(label_service): use simple loop instead of slices.ContainsFunc to avoid experimental slices package
see https://github.com/steveiliop56/tinyauth/pull/422#pullrequestreview-3354632045

* refactor: merge acl logic into one service

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2025-10-21 16:02:31 +03:00
Stavros 6647c6cd78 refactor: use gorm generics api for database actions 2025-10-19 19:16:53 +03:00
Stavros 9b76a84ee2 feat: add trace logging 2025-10-11 15:27:01 +03:00
Stavros 085f6257c5 fix: fix oauth group provider check 2025-09-25 22:35:44 +03:00
Stavros 5c866bad1a feat: multiple oauth providers (#355) 
* feat: add flag decoder (candidate)

* refactor: finalize flags decoder

* feat: add env decoder

* feat: add oauth config parsing logic

* feat: implement backend logic for multiple oauth providers

* feat: implement multiple oauth providers in the frontend

* feat: add some default icons

* chore: add credits for parser

* feat: style oauth auto redirect screen

* fix: bot suggestions

* refactor: rework decoders using simpler and more efficient pattern

* refactor: rework oauth name database migration
 2025-09-16 13:28:28 +03:00
Stavros e03eaf4f08 feat: add psl check in cookie domain 2025-09-10 13:43:08 +03:00
Stavros f5ac7eff99 refactor: mode label decoder to separate package 2025-09-03 12:23:21 +03:00
Stavros f3eb7f69b4 Revert "feat: header based acls (#337)" (#340) 
This reverts commit f0d2da281a.
 2025-09-03 12:12:18 +03:00
Stavros f0d2da281a feat: header based acls (#337) 
* feat: add header decoder

* feat: allow for dash substitute over slash for environments like kubernetes

* feat: use decoded headers in proxy controller

* refactor: simplify decode header to node function

* refactor: use stdlib prefix check in header decoder

* fix: lowercase key and filter before comparing
 2025-09-02 19:06:52 +03:00
Stavros ad4fc7ef5f refactor: don't export non-needed fields (#336) 
* refactor: don't export non-needed fields

* feat: coderabbit suggestions

* fix: avoid queries panic
 2025-09-02 01:27:55 +03:00
Stavros b9e35716ac feat: invalid domain warning (#332) 
* wip

* refactor: update domain warning layout

* i18n: add domain warning translations

* refactor: rework hooks usage

* feat: clear timeouts

* fix: use useeffect to cleanup timeout

* refactor: rework redirects and history storage

* refactor: rename domain to root domain
 2025-09-01 18:22:42 +03:00
Stavros c7c3de4f78 refactor: unify labels (#329) 
* refactor: unify labels

* feat: implement path block and user block

Fixes #313

* fix: fix oauth group check logic

* chore: fix typo
 2025-08-29 17:04:34 +03:00
Stavros 03d06cb0a7 feat: add sqlite database for storing sessions (#326) 
* feat: add sqlite database for storing sessions

* refactor: use db instance instead of service in auth service

* fix: coderabbit suggestions
 2025-08-29 12:35:11 +03:00
Stavros 504a3b87b4 refactor: rework file structure (#325) 
* wip: add middlewares

* refactor: use context fom middleware in handlers

* refactor: use controller approach in handlers

* refactor: move oauth providers into services (non-working)

* feat: create oauth broker service

* refactor: use a boostrap service to bootstrap the app

* refactor: split utils into smaller files

* refactor: use more clear name for frontend assets

* feat: allow customizability of resources dir

* fix: fix typo in ui middleware

* fix: validate resource file paths in ui middleware

* refactor: move resource handling to a controller

* feat: add some logging

* fix: configure middlewares before groups

* fix: use correct api path in login mutation

* fix: coderabbit suggestions

* fix: further coderabbit suggestions
 2025-08-26 15:05:03 +03:00