refactor: don't create new client everytime

.env.example

@@ -4,6 +4,20 @@ APP_URL=http://localhost:3000
 USERS=your_user_password_hash
 USERS_FILE=users_file
 SECURE_COOKIE=false
+GITHUB_CLIENT_ID=github_client_id
+GITHUB_CLIENT_SECRET=github_client_secret
+GITHUB_CLIENT_SECRET_FILE=github_client_secret_file
+GOOGLE_CLIENT_ID=google_client_id
+GOOGLE_CLIENT_SECRET=google_client_secret
+GOOGLE_CLIENT_SECRET_FILE=google_client_secret_file
+GENERIC_CLIENT_ID=generic_client_id
+GENERIC_CLIENT_SECRET=generic_client_secret
+GENERIC_CLIENT_SECRET_FILE=generic_client_secret_file
+GENERIC_SCOPES=generic_scopes
+GENERIC_AUTH_URL=generic_auth_url
+GENERIC_TOKEN_URL=generic_token_url
+GENERIC_USER_URL=generic_user_url
+DISABLE_CONTINUE=false
 OAUTH_WHITELIST=
 GENERIC_NAME=My OAuth
 SESSION_EXPIRY=7200
@@ -17,6 +31,3 @@ BACKGROUND_IMAGE=some_image_url
 GENERIC_SKIP_SSL=false
 RESOURCES_DIR=/data/resources
 DATABASE_PATH=/data/tinyauth.db
-DISABLE_ANALYTICS=false
-DISABLE_RESOURCES=false
-TRUSTED_PROXIES=

.github/workflows/nightly.yml

@@ -80,7 +80,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
         env:
           CGO_ENABLED: 0
 
@@ -126,7 +126,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
         env:
           CGO_ENABLED: 0
 

.github/workflows/release.yml

@@ -58,7 +58,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
         env:
           CGO_ENABLED: 0
 
@@ -101,7 +101,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
         env:
           CGO_ENABLED: 0
 

Dockerfile

@@ -38,7 +38,7 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${VERSION} -X tinyauth/internal/constants.CommitHash=${COMMIT_HASH} -X tinyauth/internal/constants.BuildTimestamp=${BUILD_TIMESTAMP}" 
  
 # Runner
 FROM alpine:3.22 AS runner

cmd/root.go

@@ -95,7 +95,6 @@ func init() {
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
 		{"trusted-proxies", "", "Comma separated list of trusted proxies (IP addresses or CIDRs) for correct client IP detection."},
 		{"disable-analytics", false, "Disable anonymous version collection."},
-		{"disable-resources", false, "Disable the resources server."},
 	}
 
 	for _, opt := range configOptions {

cmd/user/verify/verify.go

@@ -70,7 +70,7 @@ var VerifyCmd = &cobra.Command{
 
 		err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
 		if err != nil {
-			log.Fatal().Msg("Password is incorrect")
+			log.Fatal().Msg("Ppassword is incorrect")
 		}
 
 		if user.TotpSecret == "" {

docker-compose.dev.yml

@@ -34,10 +34,6 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.dev
-      args:
-        - VERSION=development
-        - COMMIT_HASH=development
-        - BUILD_TIMESTAMP=000-00-00T00:00:00Z
     env_file: .env
     volumes:
       - ./internal:/tinyauth/internal

internal/bootstrap/app_bootstrap.go

@@ -147,6 +147,10 @@ func (app *BootstrapApp) Setup() error {
 	}
 
 	// Configured providers
+	babysit := map[string]string{
+		"google": "Google",
+		"github": "GitHub",
+	}
 	configuredProviders := make([]controller.Provider, 0)
 
 	for id, provider := range oauthProviders {
@@ -155,7 +159,7 @@ func (app *BootstrapApp) Setup() error {
 		}
 
 		if provider.Name == "" {
-			if name, ok := config.OverrideProviders[id]; ok {
+			if name, ok := babysit[id]; ok {
 				provider.Name = name
 			} else {
 				provider.Name = utils.Capitalize(id)
@@ -184,18 +188,14 @@ func (app *BootstrapApp) Setup() error {
 	}
 
 	// Create engine
-	if config.Version != "development" {
-		gin.SetMode(gin.ReleaseMode)
-	}
-
 	engine := gin.New()
 
 	if len(app.config.TrustedProxies) > 0 {
-		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
+		engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
+	}
 
-		if err != nil {
+	if config.Version != "development" {
-			return fmt.Errorf("failed to set trusted proxies: %w", err)
+		gin.SetMode(gin.ReleaseMode)
-		}
 	}
 
 	// Create middlewares
@@ -251,8 +251,7 @@ func (app *BootstrapApp) Setup() error {
 	}, apiRouter, authService)
 
 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
-		ResourcesDir:      app.config.ResourcesDir,
+		ResourcesDir: app.config.ResourcesDir,
-		ResourcesDisabled: app.config.DisableResources,
 	}, mainRouter)
 
 	healthController := controller.NewHealthController(apiRouter)
@@ -334,8 +333,8 @@ func (app *BootstrapApp) heartbeat() {
 
 		res.Body.Close()
 
-		if res.StatusCode != 200 && res.StatusCode != 201 {
+		if res.StatusCode != 200 {
-			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200/201 status")
+			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200 status")
 		}
 	}
 }

internal/config/config.go

@@ -3,8 +3,8 @@ package config
 // Version information, set at build time
 
 var Version = "development"
-var CommitHash = "development"
+var CommitHash = "n/a"
-var BuildTimestamp = "0000-00-00T00:00:00Z"
+var BuildTimestamp = "n/a"
 
 // Cookie name templates
 
@@ -40,7 +40,6 @@ type Config struct {
 	DatabasePath          string `mapstructure:"database-path" validate:"required"`
 	TrustedProxies        string `mapstructure:"trusted-proxies"`
 	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
-	DisableResources      bool   `mapstructure:"disable-resources"`
 }
 
 // OAuth/OIDC config
@@ -65,11 +64,6 @@ type OAuthServiceConfig struct {
 	Name               string   `key:"name"`
 }
 
-var OverrideProviders = map[string]string{
-	"google": "Google",
-	"github": "GitHub",
-}
-
 // User/session related stuff
 
 type User struct {

internal/controller/resources_controller.go

@@ -7,8 +7,7 @@ import (
 )
 
 type ResourcesControllerConfig struct {
-	ResourcesDir      string
+	ResourcesDir string
-	ResourcesDisabled bool
 }
 
 type ResourcesController struct {
@@ -39,12 +38,5 @@ func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
 		})
 		return
 	}
-	if controller.config.ResourcesDisabled {
-		c.JSON(403, gin.H{
-			"status":  403,
-			"message": "Resources are disabled",
-		})
-		return
-	}
 	controller.fileServer.ServeHTTP(c.Writer, c.Request)
 }

internal/service/auth_service.go

@@ -309,14 +309,12 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 		return true
 	}
 
-	for id := range config.OverrideProviders {
+	if context.Provider != "generic" {
-		if context.Provider == id {
+		log.Debug().Msg("Not using generic provider, skipping group check")
-			log.Info().Str("provider", id).Msg("OAuth groups not supported for this provider")
+		return true
-			return true
-		}
 	}
 
-	for userGroup := range strings.SplitSeq(context.OAuthGroups, ",") {
+	for _, userGroup := range strings.Split(context.OAuthGroups, ",") {
 		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
 			return true
 		}

internal/service/oauth_broker_service.go

@@ -50,7 +50,7 @@ func (broker *OAuthBrokerService) Init() error {
 			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
 			return err
 		}
-		log.Info().Str("service", service.GetName()).Msg("Initialized OAuth service")
+		log.Info().Msgf("Initialized OAuth service: %T", name)
 	}
 
 	return nil

internal/utils/app_utils.go

@@ -183,13 +183,14 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 		providers[name] = provider
 	}
 
-	// If we have google/github providers and no redirect URL then set a default
+	// If we have google/github providers and no redirect URL babysit them
+	babysitProviders := []string{"google", "github"}
 
-	for id := range config.OverrideProviders {
+	for _, name := range babysitProviders {
-		if provider, exists := providers[id]; exists {
+		if provider, exists := providers[name]; exists {
 			if provider.RedirectURL == "" {
-				provider.RedirectURL = appUrl + "/api/oauth/callback/" + id
+				provider.RedirectURL = appUrl + "/api/oauth/callback/" + name
-				providers[id] = provider
+				providers[name] = provider
 			}
 		}
 	}

internal/utils/decoders/decoders.go

@@ -18,14 +18,10 @@ func NormalizeKeys(keys map[string]string, rootName string, sep string) map[stri
 
 		finalKey = append(finalKey, rootName)
 		finalKey = append(finalKey, "providers")
-		lowerKey := strings.ToLower(k)
+		cebabKey := strings.ToLower(k)
-
-		if !strings.HasPrefix(lowerKey, "providers"+sep) {
-			continue
-		}
 
 		for _, known := range knownKeys {
-			if strings.HasSuffix(lowerKey, strings.ReplaceAll(known, "-", sep)) {
+			if strings.HasSuffix(cebabKey, strings.ReplaceAll(known, "-", sep)) {
 				suffix = known
 				break
 			}
@@ -35,11 +31,7 @@ func NormalizeKeys(keys map[string]string, rootName string, sep string) map[stri
 			continue
 		}
 
-		if strings.TrimSpace(strings.TrimSuffix(strings.TrimPrefix(lowerKey, "providers"+sep), strings.ReplaceAll(suffix, "-", sep))) == "" {
+		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(cebabKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)
-			continue
-		}
-
-		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(lowerKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)
 
 		for i, p := range clientNameParts {
 			if i == 0 {
@@ -54,9 +46,9 @@ func NormalizeKeys(keys map[string]string, rootName string, sep string) map[stri
 
 		finalKey = append(finalKey, camelClientName)
 
-		fieldParts := strings.Split(suffix, "-")
+		filedParts := strings.Split(suffix, "-")
 
-		for i, p := range fieldParts {
+		for i, p := range filedParts {
 			if i == 0 {
 				camelField += p
 				continue

internal/utils/decoders/decoders_test.go

@@ -14,8 +14,6 @@ func TestNormalizeKeys(t *testing.T) {
 		"PROVIDERS_CLIENT1_CLIENT_SECRET":                "my-client-secret",
 		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_ID":          "my-awesome-client-id",
 		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_SECRET_FILE": "/path/to/secret",
-		"I_LOOK_LIKE_A_KEY_CLIENT_ID":                    "should-not-appear",
-		"PROVIDERS_CLIENT_ID":                            "should-not-appear",
 	}
 	expected := map[string]string{
 		"tinyauth.providers.client1.clientId":                 "my-client-id",
@@ -33,9 +31,6 @@ func TestNormalizeKeys(t *testing.T) {
 		"providers-client1-client-secret":                "my-client-secret",
 		"providers-my-awesome-client-client-id":          "my-awesome-client-id",
 		"providers-my-awesome-client-client-secret-file": "/path/to/secret",
-		"providers-should-not-appear-client":             "should-not-appear",
-		"i-look-like-a-key-client-id":                    "should-not-appear",
-		"providers-client-id":                            "should-not-appear",
 	}
 	expected = map[string]string{
 		"tinyauth.providers.client1.clientId":                 "my-client-id",