barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-04-30 01:18:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
774 Commits 23 Branches 125 Tags
c299c3ef955da7735e6447624f41967c5437c360
Commit Graph

33 Commits

Author SHA1 Message Date
Contre 956d2f55c3 feat(access-control): Add support for Kubernetes Label (#627) 
* feat(access-control): Add support for Kubernetes Label

* feat(access-control): Defaults to Docker

* feat(access-control): Remove kubeconfig fallback

* feat(watcher): Watcher for kubernetes service

* feat(watcher): Merge with main + remove nightly fix redirect

* fix(go): Go mod + Go sum after sync with main

* fix(config): Ser default value for LabelProvider to Docker

* feat(go): go mod tidy

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): (Watcher) -> Wait 5s before breaking to outer loop again

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22

* feat(k8s_service): Remove
var _ = unstructured.Unstructured{} + comments + msg edits

* feat(bootstrap): Remove dockerService from bootstrap svc

* feat(auth_svc): Remove dockerService from authservice

* feat(test): Add tests for kubernetes_services

* feat(test): Remove docker serivce form proxy/user test

* fix(refactor): Remove update logic from watcher and resync

* fix(refactor): Split watchGVR to make it more readable

* fix(refactor): Remove discovery + drop K 1.22 completely

* fix(refactor): Move interface to acess_controls_service

* feat: Autodetect labelprovider if TINYAUTH_LABELPROVIDER not set

* fix(test): Match testing scheme to the controllers

* fix: service bootstrap import after merge

* fix: service bootstrap import after merge
 2026-04-29 16:16:21 +03:00
Stavros a14d64c8ba chore: remove exp slices package and use stdlib 2026-04-29 15:56:35 +03:00
Ryc O'Chet f3186571cc Organisation update, steveiliop56 to tinyauthapp (#793) 
* infrastructure and docs

* code

* fix issue templates

* chore: fix scoreboard url

* chore: remove migration warning

* chore: fix readme docs link

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-04-26 17:13:53 +03:00
Stavros 2c1b62f464 feat: preserve oidc params in oauth flow (#772) 2026-04-10 15:58:31 +03:00
Stavros 5811218dbf refactor: tests (#731) 
* tests: rework tests for context controller

* tests: add tests for health controller

* tests: add tests for oidc controller

* tests: use testify assert in context and health controller

* tests: add tests for user controller

* tests: add tests for resources controller

* tests: add well known controller tests

* test: add proxy controller tests

* chore: review comments

* chore: more review comments

* chore: cancel lockdown in testing

* tests: fix get cookie domain tests

* chore: add comment for testing passwords
 2026-03-30 15:31:34 +03:00
Stavros d3cda06a75 feat: add lockdown mode on multiple login attempts (#727) 
* feat: add lockdown mode on multiple login attempts

* fix: review comments

* fix: fix typo
 2026-03-28 20:35:49 +02:00
Stavros f26c217161 refactor: oauth flow (#726) 
* wip

* feat: add oauth session impl in auth service

* feat: move oauth logic into auth service and handle multiple sessions

* tests: fix tests

* fix: review comments

* fix: prevent ddos attacks in oauth rate limit
 2026-03-22 21:03:32 +02:00
Stavros eff5fc8b71 refactor: use is configured check in ldap service 2026-02-01 19:05:42 +02:00
Stavros 4926e53409 feat: ldap group acls (#590) 
* wip

* refactor: remove useless session struct abstraction

* feat: retrieve and store groups from ldap provider

* chore: fix merge issue

* refactor: rework ldap group fetching logic

* feat: store ldap group results in cache

* fix: review nitpicks

* fix: review feedback
 2026-01-17 20:03:29 +02:00
Pushpinder Singh 53bd413046 feat: configurable component-level logging (#575) 
* Refactor logging to use centralized logger utility

- Removed direct usage of zerolog in multiple files and replaced it with a centralized logging utility in the `utils` package.
- Introduced `Loggers` struct to manage different loggers (Audit, HTTP, App) with configurable levels and outputs.
- Updated all relevant files to utilize the new logging structure, ensuring consistent logging practices across the application.
- Enhanced error handling and logging messages for better traceability and debugging.

* refactor: update logging implementation to use new logger structure

* Refactor logging to use tlog package

- Replaced instances of utils logging with tlog in various controllers, services, and middleware.
- Introduced audit logging for login success, login failure, and logout events.
- Created tlog package with structured logging capabilities using zerolog.
- Added tests for the new tlog logger functionality.

* refactor: update logging configuration in environment files

* fix: adding coderabbit suggestions

* fix: ensure correct audit caller

* fix: include reason in audit login failure logs
 2026-01-15 15:57:19 +02:00
Stavros e3f92ce4fc refactor: simplify user parsing (#571) 2026-01-08 16:03:37 +02:00
Stavros 1ffb838c0f feat: add support for global ip filters (#567) 2026-01-08 15:26:53 +02:00
Pushpinder Singh e7bd64d7a3 feat: add session max lifetime and fix refresh logic (#559) 
* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies

* feat: add Allow header for invalid methods in proxyHandler

* feat: add session max lifetime and fix refresh logic

* fix: set default value for created_at column and improve session expiration logic

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-01-07 13:37:23 +02:00
Priit Laes f564032a11 LDAP: Add mTLS / client certificate authentication support (#509) 
* ldap: Add mTLS authentication support to LDAP backend

* ldap: Reuse BindService() for initial bind attempt

* ldap: Make LdapService.config private

Now that we have ldap.BindService(), we don't need to access any
members of LdapService.config externally.

* ldap: Add TODO note about STARTTLS/SASL authentication

* ldap: Add TODO note about mTLS and extra CA certificates

* chore: fix typo

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-12-31 18:01:21 +02:00
Stavros 7e17a4ad86 refactor: replace gorm with vanilla sql and sqlc (#541) 
* refactor: replace gorm with vanilla sql and sqlc

* chore: go mod tidy

* refactor: rebase for main

* tests: fix tests

* fix: review comments
 2025-12-31 17:59:21 +02:00
Stavros 43487d44f7 feat: forward sub from oidc providers (#543) 
* feat: forward sub from oidc providers

* fix: review comments
 2025-12-26 19:02:51 +02:00
Stavros 2d8af0510e feat: refresh session cookie when session is active (#540) 
* feat: refresh session cookie when session is active

* refactor: use current time to set new expiry
 2025-12-26 17:55:54 +02:00
Stavros a1c3e416b6 refactor: use proper module name (#542) 
* chore: reorganize go mod

* refactor: use proper module name
 2025-12-26 17:53:24 +02:00
Stavros 6d663bb1e8 fix: use unix seconds in db cleanup 2025-11-15 11:45:19 +02:00
Chris Ellrich c5bb389258 feat: ACL labels from environment variables (#422) 
* feat: add LabelService to retrieve application labels from environment variables

* feat: allow usage of labels from docker and env variables simultaneously

Prioritize labels from environment variables over labels from docker
labels

* fix: handle error returned by label_serive.go/LoadLabels

see https://github.com/steveiliop56/tinyauth/pull/422#discussion_r2443443032

* refactor(label_service): use simple loop instead of slices.ContainsFunc to avoid experimental slices package
see https://github.com/steveiliop56/tinyauth/pull/422#pullrequestreview-3354632045

* refactor: merge acl logic into one service

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>
 2025-10-21 16:02:31 +03:00
Stavros 6647c6cd78 refactor: use gorm generics api for database actions 2025-10-19 19:16:53 +03:00
Stavros 9b76a84ee2 feat: add trace logging 2025-10-11 15:27:01 +03:00
Stavros 085f6257c5 fix: fix oauth group provider check 2025-09-25 22:35:44 +03:00
Stavros 5c866bad1a feat: multiple oauth providers (#355) 
* feat: add flag decoder (candidate)

* refactor: finalize flags decoder

* feat: add env decoder

* feat: add oauth config parsing logic

* feat: implement backend logic for multiple oauth providers

* feat: implement multiple oauth providers in the frontend

* feat: add some default icons

* chore: add credits for parser

* feat: style oauth auto redirect screen

* fix: bot suggestions

* refactor: rework decoders using simpler and more efficient pattern

* refactor: rework oauth name database migration
 2025-09-16 13:28:28 +03:00
Stavros e03eaf4f08 feat: add psl check in cookie domain 2025-09-10 13:43:08 +03:00
Stavros f5ac7eff99 refactor: mode label decoder to separate package 2025-09-03 12:23:21 +03:00
Stavros f3eb7f69b4 Revert "feat: header based acls (#337)" (#340) 
This reverts commit f0d2da281a.
 2025-09-03 12:12:18 +03:00
Stavros f0d2da281a feat: header based acls (#337) 
* feat: add header decoder

* feat: allow for dash substitute over slash for environments like kubernetes

* feat: use decoded headers in proxy controller

* refactor: simplify decode header to node function

* refactor: use stdlib prefix check in header decoder

* fix: lowercase key and filter before comparing
 2025-09-02 19:06:52 +03:00
Stavros ad4fc7ef5f refactor: don't export non-needed fields (#336) 
* refactor: don't export non-needed fields

* feat: coderabbit suggestions

* fix: avoid queries panic
 2025-09-02 01:27:55 +03:00
Stavros b9e35716ac feat: invalid domain warning (#332) 
* wip

* refactor: update domain warning layout

* i18n: add domain warning translations

* refactor: rework hooks usage

* feat: clear timeouts

* fix: use useeffect to cleanup timeout

* refactor: rework redirects and history storage

* refactor: rename domain to root domain
 2025-09-01 18:22:42 +03:00
Stavros c7c3de4f78 refactor: unify labels (#329) 
* refactor: unify labels

* feat: implement path block and user block

Fixes #313

* fix: fix oauth group check logic

* chore: fix typo
 2025-08-29 17:04:34 +03:00
Stavros 03d06cb0a7 feat: add sqlite database for storing sessions (#326) 
* feat: add sqlite database for storing sessions

* refactor: use db instance instead of service in auth service

* fix: coderabbit suggestions
 2025-08-29 12:35:11 +03:00
Stavros 504a3b87b4 refactor: rework file structure (#325) 
* wip: add middlewares

* refactor: use context fom middleware in handlers

* refactor: use controller approach in handlers

* refactor: move oauth providers into services (non-working)

* feat: create oauth broker service

* refactor: use a boostrap service to bootstrap the app

* refactor: split utils into smaller files

* refactor: use more clear name for frontend assets

* feat: allow customizability of resources dir

* fix: fix typo in ui middleware

* fix: validate resource file paths in ui middleware

* refactor: move resource handling to a controller

* feat: add some logging

* fix: configure middlewares before groups

* fix: use correct api path in login mutation

* fix: coderabbit suggestions

* fix: further coderabbit suggestions
 2025-08-26 15:05:03 +03:00