chore: bot suggestion

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
chore: fix typo
2025-10-28 12:45:47 +00:00 · 2025-05-27 16:39:01 +03:00 · 2025-05-25 12:50:49 +03:00 · 2025-05-25 12:48:57 +03:00
5 changed files with 36 additions and 10 deletions
--- a/.env.example
+++ b/.env.example
@@ -30,3 +30,4 @@ APP_TITLE=Tinyauth SSO
 FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
 OAUTH_AUTO_REDIRECT=none
 BACKGROUND_IMAGE=some_image_url
+GENERIC_SKIP_SSL=false
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -79,6 +79,7 @@ var rootCmd = &cobra.Command{
 			GenericAuthURL:      config.GenericAuthURL,
 			GenericTokenURL:     config.GenericTokenURL,
 			GenericUserURL:      config.GenericUserURL,
+			GenericSkipSSL:      config.GenericSkipSSL,
 			AppURL:              config.AppURL,
 		}

@@ -197,6 +198,7 @@ func init() {
 	rootCmd.Flags().String("generic-token-url", "", "Generic OAuth token URL.")
 	rootCmd.Flags().String("generic-user-url", "", "Generic OAuth user info URL.")
 	rootCmd.Flags().String("generic-name", "Generic", "Generic OAuth provider name.")
+	rootCmd.Flags().Bool("generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider.")
 	rootCmd.Flags().Bool("disable-continue", false, "Disable continue screen and redirect to app directly.")
 	rootCmd.Flags().String("oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth.")
 	rootCmd.Flags().String("oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)")
@@ -231,6 +233,7 @@ func init() {
 	viper.BindEnv("generic-token-url", "GENERIC_TOKEN_URL")
 	viper.BindEnv("generic-user-url", "GENERIC_USER_URL")
 	viper.BindEnv("generic-name", "GENERIC_NAME")
+	viper.BindEnv("generic-skip-ssl", "GENERIC_SKIP_SSL")
 	viper.BindEnv("disable-continue", "DISABLE_CONTINUE")
 	viper.BindEnv("oauth-whitelist", "OAUTH_WHITELIST")
 	viper.BindEnv("oauth-auto-redirect", "OAUTH_AUTO_REDIRECT")
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -3,15 +3,17 @@ package oauth
 import (
 	"context"
 	"crypto/rand"
+	"crypto/tls"
 	"encoding/base64"
 	"net/http"

 	"golang.org/x/oauth2"
 )

-func NewOAuth(config oauth2.Config) *OAuth {
+func NewOAuth(config oauth2.Config, insecureSkipVerify bool) *OAuth {
 	return &OAuth{
 		Config:             config,
+		InsecureSkipVerify: insecureSkipVerify,
 	}
 }

@@ -20,11 +22,29 @@ type OAuth struct {
 	Context            context.Context
 	Token              *oauth2.Token
 	Verifier           string
+	InsecureSkipVerify bool
 }

 func (oauth *OAuth) Init() {
-	// Create a new context and verifier
+	// Create transport with TLS
+	transport := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: oauth.InsecureSkipVerify,
+			MinVersion:         tls.VersionTLS12,
+		},
+	}
+
+	// Create a new context
 	oauth.Context = context.Background()
+
+	// Create the HTTP client with the transport
+	httpClient := &http.Client{
+		Transport: transport,
+	}
+
+	// Set the HTTP client in the context
+	oauth.Context = context.WithValue(oauth.Context, oauth2.HTTPClient, httpClient)
+	// Create the verifier
 	oauth.Verifier = oauth2.GenerateVerifier()
 }

--- a/internal/providers/providers.go
+++ b/internal/providers/providers.go
@@ -36,7 +36,7 @@ func (providers *Providers) Init() {
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/github", providers.Config.AppURL),
 			Scopes:       GithubScopes(),
 			Endpoint:     endpoints.GitHub,
-		})
+		}, false)

 		// Initialize the oauth provider
 		providers.Github.Init()
@@ -53,7 +53,7 @@ func (providers *Providers) Init() {
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/google", providers.Config.AppURL),
 			Scopes:       GoogleScopes(),
 			Endpoint:     endpoints.Google,
-		})
+		}, false)

 		// Initialize the oauth provider
 		providers.Google.Init()
@@ -73,7 +73,7 @@ func (providers *Providers) Init() {
 				AuthURL:  providers.Config.GenericAuthURL,
 				TokenURL: providers.Config.GenericTokenURL,
 			},
-		})
+		}, providers.Config.GenericSkipSSL)

 		// Initialize the oauth provider
 		providers.Generic.Init()
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	GenericTokenURL         string `mapstructure:"generic-token-url"`
 	GenericUserURL          string `mapstructure:"generic-user-url"`
 	GenericName             string `mapstructure:"generic-name"`
+	GenericSkipSSL          bool   `mapstructure:"generic-skip-ssl"`
 	DisableContinue         bool   `mapstructure:"disable-continue"`
 	OAuthWhitelist          string `mapstructure:"oauth-whitelist"`
 	OAuthAutoRedirect       string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
@@ -62,6 +63,7 @@ type OAuthConfig struct {
 	GenericAuthURL      string
 	GenericTokenURL     string
 	GenericUserURL      string
+	GenericSkipSSL      bool
 	AppURL              string
 }
Author	SHA1	Message	Date
Stavros	f441645e36	chore: bot suggestion Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>	2025-05-27 16:39:01 +03:00
Stavros	35ae69791c	chore: fix typo	2025-05-25 12:50:49 +03:00
Stavros	1dfa54305f	feat: allow generic provider to use untrusted SSL certificates	2025-05-25 12:48:57 +03:00