refactor: rename domain to root domain

.github/workflows/nightly.yml

@@ -80,7 +80,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
         env:
           CGO_ENABLED: 0
 
@@ -126,7 +126,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
         env:
           CGO_ENABLED: 0
 

.github/workflows/release.yml

@@ -58,7 +58,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
         env:
           CGO_ENABLED: 0
 
@@ -101,7 +101,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
         env:
           CGO_ENABLED: 0
 

Dockerfile

@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.2.22-alpine AS frontend-builder
+FROM oven/bun:1.2.21-alpine AS frontend-builder
 
 WORKDIR /frontend
 
@@ -38,7 +38,7 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${VERSION} -X tinyauth/internal/constants.CommitHash=${COMMIT_HASH} -X tinyauth/internal/constants.BuildTimestamp=${BUILD_TIMESTAMP}" 
  
 # Runner
 FROM alpine:3.22 AS runner

cmd/root.go

@@ -27,6 +27,11 @@ var rootCmd = &cobra.Command{
 			log.Fatal().Err(err).Msg("Failed to parse config")
 		}
 
+		// Check if secrets have a file associated with them
+		conf.GithubClientSecret = utils.GetSecret(conf.GithubClientSecret, conf.GithubClientSecretFile)
+		conf.GoogleClientSecret = utils.GetSecret(conf.GoogleClientSecret, conf.GoogleClientSecretFile)
+		conf.GenericClientSecret = utils.GetSecret(conf.GenericClientSecret, conf.GenericClientSecretFile)
+
 		// Validate config
 		v := validator.New()
 
@@ -52,7 +57,6 @@ var rootCmd = &cobra.Command{
 }
 
 func Execute() {
-	rootCmd.FParseErrWhitelist.UnknownFlags = true
 	err := rootCmd.Execute()
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to execute command")
@@ -76,6 +80,21 @@ func init() {
 		{"users", "", "Comma separated list of users in the format username:hash."},
 		{"users-file", "", "Path to a file containing users in the format username:hash."},
 		{"secure-cookie", false, "Send cookie over secure connection only."},
+		{"github-client-id", "", "Github OAuth client ID."},
+		{"github-client-secret", "", "Github OAuth client secret."},
+		{"github-client-secret-file", "", "Github OAuth client secret file."},
+		{"google-client-id", "", "Google OAuth client ID."},
+		{"google-client-secret", "", "Google OAuth client secret."},
+		{"google-client-secret-file", "", "Google OAuth client secret file."},
+		{"generic-client-id", "", "Generic OAuth client ID."},
+		{"generic-client-secret", "", "Generic OAuth client secret."},
+		{"generic-client-secret-file", "", "Generic OAuth client secret file."},
+		{"generic-scopes", "", "Generic OAuth scopes."},
+		{"generic-auth-url", "", "Generic OAuth auth URL."},
+		{"generic-token-url", "", "Generic OAuth token URL."},
+		{"generic-user-url", "", "Generic OAuth user info URL."},
+		{"generic-name", "Generic", "Generic OAuth provider name."},
+		{"generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider."},
 		{"oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth."},
 		{"oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)"},
 		{"session-expiry", 86400, "Session (cookie) expiration time in seconds."},
@@ -93,8 +112,6 @@ func init() {
 		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
 		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
-		{"trusted-proxies", "", "Comma separated list of trusted proxies (IP addresses or CIDRs) for correct client IP detection."},
-		{"disable-analytics", false, "Disable anonymous version collection."},
 	}
 
 	for _, opt := range configOptions {

docker-compose.dev.yml

@@ -34,10 +34,6 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.dev
-      args:
-        - VERSION=development
-        - COMMIT_HASH=development
-        - BUILD_TIMESTAMP=000-00-00T00:00:00Z
     env_file: .env
     volumes:
       - ./internal:/tinyauth/internal

frontend/bun.lock

@@ -4,58 +4,60 @@
     "": {
       "name": "tinyauth-shadcn",
       "dependencies": {
-        "@hookform/resolvers": "^5.2.2",
+        "@hookform/resolvers": "^5.2.1",
         "@radix-ui/react-label": "^2.1.7",
         "@radix-ui/react-select": "^2.2.6",
         "@radix-ui/react-separator": "^1.1.7",
         "@radix-ui/react-slot": "^1.2.3",
-        "@tailwindcss/vite": "^4.1.13",
+        "@tailwindcss/vite": "^4.1.12",
-        "@tanstack/react-query": "^5.89.0",
+        "@tanstack/react-query": "^5.85.5",
-        "axios": "^1.12.2",
+        "axios": "^1.11.0",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
-        "i18next": "^25.5.2",
+        "i18next": "^25.4.2",
         "i18next-browser-languagedetector": "^8.2.0",
         "i18next-resources-to-backend": "^1.2.1",
         "input-otp": "^1.4.2",
-        "lucide-react": "^0.544.0",
+        "lucide-react": "^0.541.0",
         "next-themes": "^0.4.6",
         "react": "^19.1.1",
         "react-dom": "^19.1.1",
         "react-hook-form": "^7.62.0",
-        "react-i18next": "^15.7.3",
+        "react-i18next": "^15.7.2",
         "react-markdown": "^10.1.0",
-        "react-router": "^7.9.1",
+        "react-router": "^7.8.2",
         "sonner": "^2.0.7",
         "tailwind-merge": "^3.3.1",
-        "tailwindcss": "^4.1.13",
+        "tailwindcss": "^4.1.12",
-        "zod": "^4.1.9",
+        "zod": "^4.1.3",
       },
       "devDependencies": {
-        "@eslint/js": "^9.35.0",
+        "@eslint/js": "^9.34.0",
-        "@tanstack/eslint-plugin-query": "^5.89.0",
+        "@tanstack/eslint-plugin-query": "^5.83.1",
-        "@types/node": "^24.5.2",
+        "@types/node": "^24.3.0",
-        "@types/react": "^19.1.13",
+        "@types/react": "^19.1.11",
-        "@types/react-dom": "^19.1.9",
+        "@types/react-dom": "^19.1.8",
-        "@vitejs/plugin-react": "^5.0.3",
+        "@vitejs/plugin-react": "^5.0.1",
-        "eslint": "^9.35.0",
+        "eslint": "^9.34.0",
         "eslint-plugin-react-hooks": "^5.2.0",
         "eslint-plugin-react-refresh": "^0.4.19",
-        "globals": "^16.4.0",
+        "globals": "^16.3.0",
         "prettier": "3.6.2",
-        "tw-animate-css": "^1.3.8",
+        "tw-animate-css": "^1.3.7",
         "typescript": "~5.9.2",
-        "typescript-eslint": "^8.44.0",
+        "typescript-eslint": "^8.41.0",
-        "vite": "^7.1.6",
+        "vite": "^7.1.3",
       },
     },
   },
   "packages": {
+    "@ampproject/remapping": ["@ampproject/remapping@2.3.0", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="],
+
     "@babel/code-frame": ["@babel/code-frame@7.27.1", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.27.1", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg=="],
 
     "@babel/compat-data": ["@babel/compat-data@7.27.2", "", {}, "sha512-TUtMJYRPyUb/9aU8f3K0mjmjf6M9N5Woshn2CS6nqJSeJtTtQcpLUXjGt9vbF8ZGff0El99sWkLgzwW3VXnxZQ=="],
 
-    "@babel/core": ["@babel/core@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.4", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.4", "@babel/types": "^7.28.4", "@jridgewell/remapping": "^2.3.5", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA=="],
+    "@babel/core": ["@babel/core@7.28.3", "", { "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.3", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.3", "@babel/types": "^7.28.2", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-yDBHV9kQNcr2/sUr9jghVyz9C3Y5G2zUM2H2lo+9mKv4sFgbA8s8Z9t8D1jiTkGoO/NoIfKMyKWr4s6CN23ZwQ=="],
 
     "@babel/generator": ["@babel/generator@7.28.3", "", { "dependencies": { "@babel/parser": "^7.28.3", "@babel/types": "^7.28.2", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" } }, "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw=="],
 
@@ -75,9 +77,9 @@
 
     "@babel/helper-validator-option": ["@babel/helper-validator-option@7.27.1", "", {}, "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg=="],
 
-    "@babel/helpers": ["@babel/helpers@7.28.4", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.28.4" } }, "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w=="],
+    "@babel/helpers": ["@babel/helpers@7.28.3", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.28.2" } }, "sha512-PTNtvUQihsAsDHMOP5pfobP8C6CM4JWXmP8DrEIt46c3r2bf87Ua1zoqevsMo9g+tWDwgWrFP5EIxuBx5RudAw=="],
 
-    "@babel/parser": ["@babel/parser@7.28.4", "", { "dependencies": { "@babel/types": "^7.28.4" }, "bin": "./bin/babel-parser.js" }, "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg=="],
+    "@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
 
     "@babel/plugin-transform-react-jsx-self": ["@babel/plugin-transform-react-jsx-self@7.27.1", "", { "dependencies": { "@babel/helper-plugin-utils": "^7.27.1" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw=="],
 
@@ -87,9 +89,9 @@
 
     "@babel/template": ["@babel/template@7.27.2", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/parser": "^7.27.2", "@babel/types": "^7.27.1" } }, "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw=="],
 
-    "@babel/traverse": ["@babel/traverse@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/types": "^7.28.4", "debug": "^4.3.1" } }, "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ=="],
+    "@babel/traverse": ["@babel/traverse@7.28.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/types": "^7.28.2", "debug": "^4.3.1" } }, "sha512-7w4kZYHneL3A6NP2nxzHvT3HCZ7puDZZjFMqDpBPECub79sTtSO5CGXDkKrTQq8ksAwfD/XI2MRFX23njdDaIQ=="],
 
-    "@babel/types": ["@babel/types@7.28.4", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q=="],
+    "@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
 
     "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.4", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q=="],
 
@@ -141,7 +143,7 @@
 
     "@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.4", "", { "os": "win32", "cpu": "x64" }, "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ=="],
 
-    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g=="],
+    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.7.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw=="],
 
     "@eslint-community/regexpp": ["@eslint-community/regexpp@4.12.1", "", {}, "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ=="],
 
@@ -153,7 +155,7 @@
 
     "@eslint/eslintrc": ["@eslint/eslintrc@3.3.1", "", { "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^10.0.1", "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" } }, "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ=="],
 
-    "@eslint/js": ["@eslint/js@9.35.0", "", {}, "sha512-30iXE9whjlILfWobBkNerJo+TXYsgVM5ERQwMcMKCHckHflCmf7wXDAHlARoWnh0s1U72WqlbeyE7iAcCzuCPw=="],
+    "@eslint/js": ["@eslint/js@9.34.0", "", {}, "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw=="],
 
     "@eslint/object-schema": ["@eslint/object-schema@2.1.6", "", {}, "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA=="],
 
@@ -167,7 +169,7 @@
 
     "@floating-ui/utils": ["@floating-ui/utils@0.2.9", "", {}, "sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg=="],
 
-    "@hookform/resolvers": ["@hookform/resolvers@5.2.2", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-A/IxlMLShx3KjV/HeTcTfaMxdwy690+L/ZADoeaTltLx+CVuzkeVIPuybK3jrRfw7YZnmdKsVVHAlEPIAEUNlA=="],
+    "@hookform/resolvers": ["@hookform/resolvers@5.2.1", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-u0+6X58gkjMcxur1wRWokA7XsiiBJ6aK17aPZxhkoYiK5J+HcTx0Vhu9ovXe6H+dVpO6cjrn2FkJTryXEMlryQ=="],
 
     "@humanfs/core": ["@humanfs/core@0.19.1", "", {}, "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA=="],
 
@@ -179,7 +181,7 @@
 
     "@isaacs/fs-minipass": ["@isaacs/fs-minipass@4.0.1", "", { "dependencies": { "minipass": "^7.0.4" } }, "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w=="],
 
-    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
+    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
 
     "@jridgewell/remapping": ["@jridgewell/remapping@2.3.5", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ=="],
 
@@ -187,9 +189,9 @@
 
     "@jridgewell/set-array": ["@jridgewell/set-array@1.2.1", "", {}, "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A=="],
 
-    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.5", "", {}, "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="],
+    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
 
-    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
+    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
 
     "@nodelib/fs.scandir": ["@nodelib/fs.scandir@2.1.5", "", { "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" } }, "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g=="],
 
@@ -253,7 +255,7 @@
 
     "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],
 
-    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.35", "", {}, "sha512-slYrCpoxJUqzFDDNlvrOYRazQUNRvWPjXA17dAOISY3rDMxX6k8K4cj2H+hEYMHF81HO3uNd5rHVigAWRM5dSg=="],
+    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.32", "", {}, "sha512-QReCdvxiUZAPkvp1xpAg62IeNzykOFA6syH2CnClif4YmALN1XKpB39XneL80008UbtMShthSVDKmrx05N1q/g=="],
 
     "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.46.2", "", { "os": "android", "cpu": "arm" }, "sha512-Zj3Hl6sN34xJtMv7Anwb5Gu01yujyE/cLBDB2gnHTAHaWS1Z38L7kuSG+oAh0giZMqG060f/YBStXtMH6FvPMA=="],
 
@@ -297,41 +299,41 @@
 
     "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
 
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.13", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.18", "source-map-js": "^1.2.1", "tailwindcss": "4.1.13" } }, "sha512-eq3ouolC1oEFOAvOMOBAmfCIqZBJuvWvvYWh5h5iOYfe1HFC6+GZ6EIL0JdM3/niGRJmnrOc+8gl9/HGUaaptw=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.12", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.12" } }, "sha512-3hm9brwvQkZFe++SBt+oLjo4OLDtkvlE8q2WalaD/7QWaeM7KEJbAiY/LJZUaCs7Xa8aUu4xy3uoyX4q54UVdQ=="],
 
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.13", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.13", "@tailwindcss/oxide-darwin-arm64": "4.1.13", "@tailwindcss/oxide-darwin-x64": "4.1.13", "@tailwindcss/oxide-freebsd-x64": "4.1.13", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.13", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.13", "@tailwindcss/oxide-linux-arm64-musl": "4.1.13", "@tailwindcss/oxide-linux-x64-gnu": "4.1.13", "@tailwindcss/oxide-linux-x64-musl": "4.1.13", "@tailwindcss/oxide-wasm32-wasi": "4.1.13", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.13", "@tailwindcss/oxide-win32-x64-msvc": "4.1.13" } }, "sha512-CPgsM1IpGRa880sMbYmG1s4xhAy3xEt1QULgTJGQmZUeNgXFR7s1YxYygmJyBGtou4SyEosGAGEeYqY7R53bIA=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.12", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.12", "@tailwindcss/oxide-darwin-arm64": "4.1.12", "@tailwindcss/oxide-darwin-x64": "4.1.12", "@tailwindcss/oxide-freebsd-x64": "4.1.12", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.12", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.12", "@tailwindcss/oxide-linux-arm64-musl": "4.1.12", "@tailwindcss/oxide-linux-x64-gnu": "4.1.12", "@tailwindcss/oxide-linux-x64-musl": "4.1.12", "@tailwindcss/oxide-wasm32-wasi": "4.1.12", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.12", "@tailwindcss/oxide-win32-x64-msvc": "4.1.12" } }, "sha512-gM5EoKHW/ukmlEtphNwaGx45fGoEmP10v51t9unv55voWh6WrOL19hfuIdo2FjxIaZzw776/BUQg7Pck++cIVw=="],
 
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.13", "", { "os": "android", "cpu": "arm64" }, "sha512-BrpTrVYyejbgGo57yc8ieE+D6VT9GOgnNdmh5Sac6+t0m+v+sKQevpFVpwX3pBrM2qKrQwJ0c5eDbtjouY/+ew=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.12", "", { "os": "android", "cpu": "arm64" }, "sha512-oNY5pq+1gc4T6QVTsZKwZaGpBb2N1H1fsc1GD4o7yinFySqIuRZ2E4NvGasWc6PhYJwGK2+5YT1f9Tp80zUQZQ=="],
 
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.13", "", { "os": "darwin", "cpu": "arm64" }, "sha512-YP+Jksc4U0KHcu76UhRDHq9bx4qtBftp9ShK/7UGfq0wpaP96YVnnjFnj3ZFrUAjc5iECzODl/Ts0AN7ZPOANQ=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.12", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cq1qmq2HEtDV9HvZlTtrj671mCdGB93bVY6J29mwCyaMYCP/JaUBXxrQQQm7Qn33AXXASPUb2HFZlWiiHWFytw=="],
 
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.13", "", { "os": "darwin", "cpu": "x64" }, "sha512-aAJ3bbwrn/PQHDxCto9sxwQfT30PzyYJFG0u/BWZGeVXi5Hx6uuUOQEI2Fa43qvmUjTRQNZnGqe9t0Zntexeuw=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.12", "", { "os": "darwin", "cpu": "x64" }, "sha512-6UCsIeFUcBfpangqlXay9Ffty9XhFH1QuUFn0WV83W8lGdX8cD5/+2ONLluALJD5+yJ7k8mVtwy3zMZmzEfbLg=="],
 
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.13", "", { "os": "freebsd", "cpu": "x64" }, "sha512-Wt8KvASHwSXhKE/dJLCCWcTSVmBj3xhVhp/aF3RpAhGeZ3sVo7+NTfgiN8Vey/Fi8prRClDs6/f0KXPDTZE6nQ=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.12", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JOH/f7j6+nYXIrHobRYCtoArJdMJh5zy5lr0FV0Qu47MID/vqJAY3r/OElPzx1C/wdT1uS7cPq+xdYYelny1ww=="],
 
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.13", "", { "os": "linux", "cpu": "arm" }, "sha512-mbVbcAsW3Gkm2MGwA93eLtWrwajz91aXZCNSkGTx/R5eb6KpKD5q8Ueckkh9YNboU8RH7jiv+ol/I7ZyQ9H7Bw=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.12", "", { "os": "linux", "cpu": "arm" }, "sha512-v4Ghvi9AU1SYgGr3/j38PD8PEe6bRfTnNSUE3YCMIRrrNigCFtHZ2TCm8142X8fcSqHBZBceDx+JlFJEfNg5zQ=="],
 
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-wdtfkmpXiwej/yoAkrCP2DNzRXCALq9NVLgLELgLim1QpSfhQM5+ZxQQF8fkOiEpuNoKLp4nKZ6RC4kmeFH0HQ=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-YP5s1LmetL9UsvVAKusHSyPlzSRqYyRB0f+Kl/xcYQSPLEw/BvGfxzbH+ihUciePDjiXwHh+p+qbSP3SlJw+6g=="],
 
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-hZQrmtLdhyqzXHB7mkXfq0IYbxegaqTmfa1p9MBj72WPoDD3oNOh1Lnxf6xZLY9C3OV6qiCYkO1i/LrzEdW2mg=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-V8pAM3s8gsrXcCv6kCHSuwyb/gPsd863iT+v1PGXC4fSL/OJqsKhfK//v8P+w9ThKIoqNbEnsZqNy+WDnwQqCA=="],
 
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.13", "", { "os": "linux", "cpu": "x64" }, "sha512-uaZTYWxSXyMWDJZNY1Ul7XkJTCBRFZ5Fo6wtjrgBKzZLoJNrG+WderJwAjPzuNZOnmdrVg260DKwXCFtJ/hWRQ=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-xYfqYLjvm2UQ3TZggTGrwxjYaLB62b1Wiysw/YE3Yqbh86sOMoTn0feF98PonP7LtjsWOWcXEbGqDL7zv0uW8Q=="],
 
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.13", "", { "os": "linux", "cpu": "x64" }, "sha512-oXiPj5mi4Hdn50v5RdnuuIms0PVPI/EG4fxAfFiIKQh5TgQgX7oSuDWntHW7WNIi/yVLAiS+CRGW4RkoGSSgVQ=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-ha0pHPamN+fWZY7GCzz5rKunlv9L5R8kdh+YNvP5awe3LtuXb5nRi/H27GeL2U+TdhDOptU7T6Is7mdwh5Ar3A=="],
 
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.13", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-+LC2nNtPovtrDwBc/nqnIKYh/W2+R69FA0hgoeOn64BdCX522u19ryLh3Vf3F8W49XBcMIxSe665kwy21FkhvA=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.12", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-4tSyu3dW+ktzdEpuk6g49KdEangu3eCYoqPhWNsZgUhyegEda3M9rG0/j1GV/JjVVsj+lG7jWAyrTlLzd/WEBg=="],
 
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.13", "", { "os": "win32", "cpu": "arm64" }, "sha512-dziTNeQXtoQ2KBXmrjCxsuPk3F3CQ/yb7ZNZNA+UkNTeiTGgfeh+gH5Pi7mRncVgcPD2xgHvkFCh/MhZWSgyQg=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.12", "", { "os": "win32", "cpu": "arm64" }, "sha512-iGLyD/cVP724+FGtMWslhcFyg4xyYyM+5F4hGvKA7eifPkXHRAUDFaimu53fpNg9X8dfP75pXx/zFt/jlNF+lg=="],
 
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.13", "", { "os": "win32", "cpu": "x64" }, "sha512-3+LKesjXydTkHk5zXX01b5KMzLV1xl2mcktBJkje7rhFUpUlYJy7IMOLqjIRQncLTa1WZZiFY/foAeB5nmaiTw=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.12", "", { "os": "win32", "cpu": "x64" }, "sha512-NKIh5rzw6CpEodv/++r0hGLlfgT/gFN+5WNdZtvh6wpU2BpGNgdjvj6H2oFc8nCM839QM1YOhjpgbAONUb4IxA=="],
 
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.13", "", { "dependencies": { "@tailwindcss/node": "4.1.13", "@tailwindcss/oxide": "4.1.13", "tailwindcss": "4.1.13" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-0PmqLQ010N58SbMTJ7BVJ4I2xopiQn/5i6nlb4JmxzQf8zcS5+m2Cv6tqh+sfDwtIdjoEnOvwsGQ1hkUi8QEHQ=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.12", "", { "dependencies": { "@tailwindcss/node": "4.1.12", "@tailwindcss/oxide": "4.1.12", "tailwindcss": "4.1.12" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4pt0AMFDx7gzIrAOIYgYP0KCBuKWqyW8ayrdiLEjoJTT4pKTjrzG/e4uzWtTLDziC+66R9wbUqZBccJalSE5vQ=="],
 
-    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.89.0", "", { "dependencies": { "@typescript-eslint/utils": "^8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-vz8TEuw9GO0xXIdreMpcofvOY17T3cjgob9bSFln8yQsKsbsUvtpvV3F8pVC3tZEDq0IwO++3/e0/+7YKEarNA=="],
+    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.83.1", "", { "dependencies": { "@typescript-eslint/utils": "^8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-tdkpPFfzkTksN9BIlT/qjixSAtKrsW6PUVRwdKWaOcag7DrD1vpki3UzzdfMQGDRGeg1Ue1Dg+rcl5FJGembNg=="],
 
-    "@tanstack/query-core": ["@tanstack/query-core@5.89.0", "", {}, "sha512-joFV1MuPhSLsKfTzwjmPDrp8ENfZ9N23ymFu07nLfn3JCkSHy0CFgsyhHTJOmWaumC/WiNIKM0EJyduCF/Ih/Q=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.85.5", "", {}, "sha512-KO0WTob4JEApv69iYp1eGvfMSUkgw//IpMnq+//cORBzXf0smyRwPLrUvEe5qtAEGjwZTXrjxg+oJNP/C00t6w=="],
 
-    "@tanstack/react-query": ["@tanstack/react-query@5.89.0", "", { "dependencies": { "@tanstack/query-core": "5.89.0" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-SXbtWSTSRXyBOe80mszPxpEbaN4XPRUp/i0EfQK1uyj3KCk/c8FuPJNIRwzOVe/OU3rzxrYtiNabsAmk1l714A=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.85.5", "", { "dependencies": { "@tanstack/query-core": "5.85.5" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/X4EFNcnPiSs8wM2v+b6DqS5mmGeuJQvxBglmDxl6ZQb5V26ouD2SJYAcC3VjbNwqhY2zjxVD15rDA5nGbMn3A=="],
 
     "@types/babel__core": ["@types/babel__core@7.20.5", "", { "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", "@types/babel__template": "*", "@types/babel__traverse": "*" } }, "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA=="],
 
@@ -355,37 +357,37 @@
 
     "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],
 
-    "@types/node": ["@types/node@24.5.2", "", { "dependencies": { "undici-types": "~7.12.0" } }, "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ=="],
+    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
 
-    "@types/react": ["@types/react@19.1.13", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-hHkbU/eoO3EG5/MZkuFSKmYqPbSVk5byPFa3e7y/8TybHiLMACgI8seVYlicwk7H5K/rI2px9xrQp/C+AUDTiQ=="],
+    "@types/react": ["@types/react@19.1.11", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-lr3jdBw/BGj49Eps7EvqlUaoeA0xpj3pc0RoJkHpYaCHkVK7i28dKyImLQb3JVlqs3aYSXf7qYuWOW/fgZnTXQ=="],
 
-    "@types/react-dom": ["@types/react-dom@19.1.9", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-qXRuZaOsAdXKFyOhRBg6Lqqc0yay13vN7KrIg4L7N4aaHN68ma9OK3NE1BoDFgFOTfM7zg+3/8+2n8rLUH3OKQ=="],
+    "@types/react-dom": ["@types/react-dom@19.1.8", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-xG7xaBMJCpcK0RpN8jDbAACQo54ycO6h4dSSmgv8+fu6ZIAdANkx/WsawASUjVXYfy+J9AbUpRMNNEsXCDfDBQ=="],
 
     "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],
 
-    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.44.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.44.0", "@typescript-eslint/type-utils": "8.44.0", "@typescript-eslint/utils": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.44.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-EGDAOGX+uwwekcS0iyxVDmRV9HX6FLSM5kzrAToLTsr9OWCIKG/y3lQheCq18yZ5Xh78rRKJiEpP0ZaCs4ryOQ=="],
+    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.41.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/type-utils": "8.41.0", "@typescript-eslint/utils": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.41.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-8fz6oa6wEKZrhXWro/S3n2eRJqlRcIa6SlDh59FXJ5Wp5XRZ8B9ixpJDcjadHq47hMx0u+HW6SNa6LjJQ6NLtw=="],
 
-    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.44.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.44.0", "@typescript-eslint/types": "8.44.0", "@typescript-eslint/typescript-estree": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-VGMpFQGUQWYT9LfnPcX8ouFojyrZ/2w3K5BucvxL/spdNehccKhB4jUyB1yBCXpr2XFm0jkECxgrpXBW2ipoAw=="],
+    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.41.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-gTtSdWX9xiMPA/7MV9STjJOOYtWwIJIYxkQxnSV1U3xcE+mnJSH3f6zI0RYP+ew66WSlZ5ed+h0VCxsvdC1jJg=="],
 
-    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.44.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.44.0", "@typescript-eslint/types": "^8.44.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-ZeaGNraRsq10GuEohKTo4295Z/SuGcSq2LzfGlqiuEvfArzo/VRrT0ZaJsVPuKZ55lVbNk8U6FcL+ZMH8CoyVA=="],
+    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.41.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.41.0", "@typescript-eslint/types": "^8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ=="],
 
-    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0" } }, "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg=="],
+    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0" } }, "sha512-WJw3AVlFFcdT9Ri1xs/lg8LwDqgekWXWhH3iAF+1ZM+QPd7oxQ6jvtW/JPwzAScxitILUIFs0/AnQ/UWHzbATQ=="],
 
-    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.44.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-x5Y0+AuEPqAInc6yd0n5DAcvtoQ/vyaGwuX5HE9n6qAefk1GaedqrLQF8kQGylLUb9pnZyLf+iEiL9fr8APDtQ=="],
+    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.41.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw=="],
 
-    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.44.0", "", { "dependencies": { "@typescript-eslint/types": "8.44.0", "@typescript-eslint/typescript-estree": "8.44.0", "@typescript-eslint/utils": "8.44.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-9cwsoSxJ8Sak67Be/hD2RNt/fsqmWnNE1iHohG8lxqLSNY8xNfyY7wloo5zpW3Nu9hxVgURevqfcH6vvKCt6yg=="],
+    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-63qt1h91vg3KsjVVonFJWjgSK7pZHSQFKH6uwqxAH9bBrsyRhO6ONoKyXxyVBzG1lJnFAJcKAcxLS54N1ee1OQ=="],
 
-    "@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],
+    "@typescript-eslint/types": ["@typescript-eslint/types@8.38.0", "", {}, "sha512-wzkUfX3plUqij4YwWaJyqhiPE5UCRVlFpKn1oCRn2O1bJ592XxWJj8ROQ3JD5MYXLORW84063z3tZTb/cs4Tyw=="],
 
-    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.44.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.44.0", "@typescript-eslint/tsconfig-utils": "8.44.0", "@typescript-eslint/types": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-lqNj6SgnGcQZwL4/SBJ3xdPEfcBuhCG8zdcwCPgYcmiPLgokiNDKlbPzCwEwu7m279J/lBYWtDYL+87OEfn8Jw=="],
+    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.41.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.41.0", "@typescript-eslint/tsconfig-utils": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ=="],
 
-    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.43.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g=="],
+    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.38.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/typescript-estree": "8.38.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-hHcMA86Hgt+ijJlrD8fX0j1j8w4C92zue/8LOPAFioIno+W0+L7KqE8QZKCcPGc/92Vs9x36w/4MPTJhqXdyvg=="],
 
-    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.44.0", "", { "dependencies": { "@typescript-eslint/types": "8.44.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-zaz9u8EJ4GBmnehlrpoKvj/E3dNbuQ7q0ucyZImm3cLqJ8INTc970B1qEqDX/Rzq65r3TvVTN7kHWPBoyW7DWw=="],
+    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg=="],
 
     "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],
 
-    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.3", "", { "dependencies": { "@babel/core": "^7.28.4", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.35", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-PFVHhosKkofGH0Yzrw1BipSedTH68BFF8ZWy1kfUpCtJcouXXY0+racG8sExw7hw0HoX36813ga5o3LTWZ4FUg=="],
+    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.1", "", { "dependencies": { "@babel/core": "^7.28.3", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.32", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-DE4UNaBXwtVoDJ0ccBdLVjFTWL70NRuWNCxEieTI3lrq9ORB9aOCQEKstwDXBl87NvFdbqh/p7eINGyj0BthJA=="],
 
     "acorn": ["acorn@8.15.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg=="],
 
@@ -401,7 +403,7 @@
 
     "asynckit": ["asynckit@0.4.0", "", {}, "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="],
 
-    "axios": ["axios@1.12.2", "", { "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.4", "proxy-from-env": "^1.1.0" } }, "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw=="],
+    "axios": ["axios@1.11.0", "", { "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.4", "proxy-from-env": "^1.1.0" } }, "sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA=="],
 
     "bail": ["bail@2.0.2", "", {}, "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw=="],
 
@@ -491,7 +493,7 @@
 
     "escape-string-regexp": ["escape-string-regexp@4.0.0", "", {}, "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="],
 
-    "eslint": ["eslint@9.35.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.35.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-QePbBFMJFjgmlE+cXAlbHZbHpdFVS2E/6vzCy7aKlebddvl1vadiC4JFV5u/wqTkNUwEV8WrQi257jf5f06hrg=="],
+    "eslint": ["eslint@9.34.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.34.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg=="],
 
     "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@5.2.0", "", { "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-+f15FfK64YQwZdJNELETdn5ibXEUQmW1DZL6KXhNnc2heoy/sg9VJJeT7n8TlMWouzWqSWavFkIhHyIbIAEapg=="],
 
@@ -555,7 +557,7 @@
 
     "glob-parent": ["glob-parent@6.0.2", "", { "dependencies": { "is-glob": "^4.0.3" } }, "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A=="],
 
-    "globals": ["globals@16.4.0", "", {}, "sha512-ob/2LcVVaVGCYN+r14cnwnoDPUufjiYgSqRhiFD0Q1iI4Odora5RE8Iv1D24hAz5oMophRGkGz+yuvQmmUMnMw=="],
+    "globals": ["globals@16.3.0", "", {}, "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ=="],
 
     "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="],
 
@@ -579,7 +581,7 @@
 
     "html-url-attributes": ["html-url-attributes@3.0.1", "", {}, "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ=="],
 
-    "i18next": ["i18next@25.5.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-lW8Zeh37i/o0zVr+NoCHfNnfvVw+M6FQbRp36ZZ/NyHDJ3NJVpp2HhAUyU9WafL5AssymNoOjMRB48mmx2P6Hw=="],
+    "i18next": ["i18next@25.4.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-gD4T25a6ovNXsfXY1TwHXXXLnD/K2t99jyYMCSimSCBnBRJVQr5j+VAaU83RJCPzrTGhVQ6dqIga66xO2rtd5g=="],
 
     "i18next-browser-languagedetector": ["i18next-browser-languagedetector@8.2.0", "", { "dependencies": { "@babel/runtime": "^7.23.2" } }, "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g=="],
 
@@ -663,9 +665,9 @@
 
     "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
 
-    "lucide-react": ["lucide-react@0.544.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-t5tS44bqd825zAW45UQxpG2CvcC4urOwn2TrwSH8u+MjeE+1NnWl6QqeQ/6NdjMqdOygyiT9p3Ev0p1NJykxjw=="],
+    "lucide-react": ["lucide-react@0.541.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-s0Vircsu5WaGv2KoJZ5+SoxiAJ3UXV5KqEM3eIFDHaHkcLIFdIWgXtZ412+Gh02UsdS7Was+jvEpBvPCWQISlg=="],
 
-    "magic-string": ["magic-string@0.30.19", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw=="],
+    "magic-string": ["magic-string@0.30.17", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0" } }, "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA=="],
 
     "math-intrinsics": ["math-intrinsics@1.1.0", "", {}, "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="],
 
@@ -791,7 +793,7 @@
 
     "react-hook-form": ["react-hook-form@7.62.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-7KWFejc98xqG/F4bAxpL41NB3o1nnvQO1RWZT3TqRZYL8RryQETGfEdVnJN2fy1crCiBLLjkRBVK05j24FxJGA=="],
 
-    "react-i18next": ["react-i18next@15.7.3", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-AANws4tOE+QSq/IeMF/ncoHlMNZaVLxpa5uUGW1wjike68elVYr0018L9xYoqBr1OFO7G7boDPrbn0HpMCJxTw=="],
+    "react-i18next": ["react-i18next@15.7.2", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-xJxq7ibnhUlMvd82lNC4te1GxGUMoM1A05KKyqoqsBXVZtEvZg/fz/fnVzdlY/hhQ3SpP/79qCocZOtICGhd3g=="],
 
     "react-markdown": ["react-markdown@10.1.0", "", { "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", "devlop": "^1.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "html-url-attributes": "^3.0.0", "mdast-util-to-hast": "^13.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "unified": "^11.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" }, "peerDependencies": { "@types/react": ">=18", "react": ">=18" } }, "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ=="],
 
@@ -801,7 +803,7 @@
 
     "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
 
-    "react-router": ["react-router@7.9.1", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-pfAByjcTpX55mqSDGwGnY9vDCpxqBLASg0BMNAuMmpSGESo/TaOUG6BllhAtAkCGx8Rnohik/XtaqiYUJtgW2g=="],
+    "react-router": ["react-router@7.8.2", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-7M2fR1JbIZ/jFWqelpvSZx+7vd7UlBTfdZqf6OSdF9g6+sfdqJDAWcak6ervbHph200ePlu+7G8LdoiC3ReyAQ=="],
 
     "react-style-singleton": ["react-style-singleton@2.2.3", "", { "dependencies": { "get-nonce": "^1.0.0", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ=="],
 
@@ -845,13 +847,13 @@
 
     "tailwind-merge": ["tailwind-merge@3.3.1", "", {}, "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g=="],
 
-    "tailwindcss": ["tailwindcss@4.1.13", "", {}, "sha512-i+zidfmTqtwquj4hMEwdjshYYgMbOrPzb9a0M3ZgNa0JMoZeFC6bxZvO8yr8ozS6ix2SDz0+mvryPeBs2TFE+w=="],
+    "tailwindcss": ["tailwindcss@4.1.12", "", {}, "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA=="],
 
     "tapable": ["tapable@2.2.1", "", {}, "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="],
 
     "tar": ["tar@7.4.3", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.0.1", "mkdirp": "^3.0.1", "yallist": "^5.0.0" } }, "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw=="],
 
-    "tinyglobby": ["tinyglobby@0.2.15", "", { "dependencies": { "fdir": "^6.5.0", "picomatch": "^4.0.3" } }, "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ=="],
+    "tinyglobby": ["tinyglobby@0.2.14", "", { "dependencies": { "fdir": "^6.4.4", "picomatch": "^4.0.2" } }, "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ=="],
 
     "to-regex-range": ["to-regex-range@5.0.1", "", { "dependencies": { "is-number": "^7.0.0" } }, "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="],
 
@@ -863,15 +865,15 @@
 
     "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
 
-    "tw-animate-css": ["tw-animate-css@1.3.8", "", {}, "sha512-Qrk3PZ7l7wUcGYhwZloqfkWCmaXZAoqjkdbIDvzfGshwGtexa/DAs9koXxIkrpEasyevandomzCBAV1Yyop5rw=="],
+    "tw-animate-css": ["tw-animate-css@1.3.7", "", {}, "sha512-lvLb3hTIpB5oGsk8JmLoAjeCHV58nKa2zHYn8yWOoG5JJusH3bhJlF2DLAZ/5NmJ+jyH3ssiAx/2KmbhavJy/A=="],
 
     "type-check": ["type-check@0.4.0", "", { "dependencies": { "prelude-ls": "^1.2.1" } }, "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew=="],
 
     "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
 
-    "typescript-eslint": ["typescript-eslint@8.44.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.44.0", "@typescript-eslint/parser": "8.44.0", "@typescript-eslint/typescript-estree": "8.44.0", "@typescript-eslint/utils": "8.44.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-ib7mCkYuIzYonCq9XWF5XNw+fkj2zg629PSa9KNIQ47RXFF763S5BIX4wqz1+FLPogTZoiw8KmCiRPRa8bL3qw=="],
+    "typescript-eslint": ["typescript-eslint@8.41.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.41.0", "@typescript-eslint/parser": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-n66rzs5OBXW3SFSnZHr2T685q1i4ODm2nulFJhMZBotaTavsS8TrI3d7bDlRSs9yWo7HmyWrN9qDu14Qv7Y0Dw=="],
 
-    "undici-types": ["undici-types@7.12.0", "", {}, "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ=="],
+    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],
 
     "unified": ["unified@11.0.5", "", { "dependencies": { "@types/unist": "^3.0.0", "bail": "^2.0.0", "devlop": "^1.0.0", "extend": "^3.0.0", "is-plain-obj": "^4.0.0", "trough": "^2.0.0", "vfile": "^6.0.0" } }, "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA=="],
 
@@ -897,7 +899,7 @@
 
     "vfile-message": ["vfile-message@4.0.2", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" } }, "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw=="],
 
-    "vite": ["vite@7.1.6", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-SRYIB8t/isTwNn8vMB3MR6E+EQZM/WG1aKmmIUCfDXfVvKfc20ZpamngWHKzAmmu9ppsgxsg4b2I7c90JZudIQ=="],
+    "vite": ["vite@7.1.3", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.14" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-OOUi5zjkDxYrKhTV3V7iKsoS37VUM7v40+HuwEmcrsf11Cdx9y3DIr2Px6liIcZFwt3XSRpQvFpL3WVy7ApkGw=="],
 
     "void-elements": ["void-elements@3.1.0", "", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],
 
@@ -909,20 +911,18 @@
 
     "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],
 
-    "zod": ["zod@4.1.9", "", {}, "sha512-HI32jTq0AUAC125z30E8bQNz0RQ+9Uc+4J7V97gLYjZVKRjeydPgGt6dvQzFrav7MYOUGFqqOGiHpA/fdbd0cQ=="],
+    "zod": ["zod@4.1.3", "", {}, "sha512-1neef4bMce1hNTrxvHVKxWjKfGDn0oAli3Wy1Uwb7TRO1+wEwoZUZNP1NXIEESybOBiFnBOhI6a4m6tCLE8dog=="],
 
     "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
 
-    "@babel/generator/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
+    "@babel/generator/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
 
-    "@babel/generator/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
+    "@babel/generator/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
 
     "@babel/helper-module-imports/@babel/traverse": ["@babel/traverse@7.27.1", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.1", "@babel/parser": "^7.27.1", "@babel/template": "^7.27.1", "@babel/types": "^7.27.1", "debug": "^4.3.1", "globals": "^11.1.0" } }, "sha512-ZCYtZciz1IWJB4U61UPu4KEaqyfj+r5T1Q5mqPo+IBpcG9kHv30Z0aD8LXPgC1trYa6rK0orRyAhqUgk4MjmEg=="],
 
     "@babel/helper-module-imports/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
 
-    "@babel/helper-module-transforms/@babel/traverse": ["@babel/traverse@7.28.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/types": "^7.28.2", "debug": "^4.3.1" } }, "sha512-7w4kZYHneL3A6NP2nxzHvT3HCZ7puDZZjFMqDpBPECub79sTtSO5CGXDkKrTQq8ksAwfD/XI2MRFX23njdDaIQ=="],
-
     "@babel/template/@babel/parser": ["@babel/parser@7.27.2", "", { "dependencies": { "@babel/types": "^7.27.1" }, "bin": "./bin/babel-parser.js" }, "sha512-QYLs8299NA7WM/bZAdp+CviYYkVoYXlDW2rzliy3chxd1PQjej7JORuMJDJXJUb9g0TT+B99EwaVLKmX+sPXWw=="],
 
     "@babel/template/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
@@ -935,9 +935,9 @@
 
     "@humanfs/node/@humanwhocodes/retry": ["@humanwhocodes/retry@0.3.1", "", {}, "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA=="],
 
-    "@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+    "@jridgewell/remapping/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
 
-    "@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+    "@jridgewell/remapping/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
 
     "@tailwindcss/node/jiti": ["jiti@2.5.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w=="],
 
@@ -967,33 +967,33 @@
 
     "@types/estree-jsx/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
 
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.44.0", "", { "dependencies": { "@typescript-eslint/types": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0" } }, "sha512-87Jv3E+al8wpD+rIdVJm/ItDBe/Im09zXIjFoipOjr5gHUhJmTzfFLuTJ/nPTMc2Srsroy4IBXwcTCHyRR7KzA=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
 
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.44.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.44.0", "@typescript-eslint/types": "8.44.0", "@typescript-eslint/typescript-estree": "8.44.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-nktOlVcg3ALo0mYlV+L7sWUD58KG4CMj1rb2HUVOO4aL3K/6wcD+NERqd0rrA5Vg06b42YhF6cFxeixsp9Riqg=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
 
     "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.4", "", {}, "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A=="],
 
-    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.44.0", "", { "dependencies": { "@typescript-eslint/types": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0" } }, "sha512-87Jv3E+al8wpD+rIdVJm/ItDBe/Im09zXIjFoipOjr5gHUhJmTzfFLuTJ/nPTMc2Srsroy4IBXwcTCHyRR7KzA=="],
+    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
 
-    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
-    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
-    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw=="],
+    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
 
-    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
-    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.44.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.44.0", "@typescript-eslint/types": "8.44.0", "@typescript-eslint/typescript-estree": "8.44.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-nktOlVcg3ALo0mYlV+L7sWUD58KG4CMj1rb2HUVOO4aL3K/6wcD+NERqd0rrA5Vg06b42YhF6cFxeixsp9Riqg=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
 
-    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
     "@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
 
     "@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.43.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.43.0", "@typescript-eslint/tsconfig-utils": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.38.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.38.0", "@typescript-eslint/tsconfig-utils": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-fooELKcAKzxux6fA6pxOflpNS0jc+nOQEEOipXFNjSlBS6fqrJOVY/whSn70SScHrcJ2LDsxWrneFoWYSVfqhQ=="],
 
-    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
     "fast-glob/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],
 
@@ -1009,7 +1009,11 @@
 
     "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],
 
-    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.44.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.44.0", "@typescript-eslint/types": "8.44.0", "@typescript-eslint/typescript-estree": "8.44.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-nktOlVcg3ALo0mYlV+L7sWUD58KG4CMj1rb2HUVOO4aL3K/6wcD+NERqd0rrA5Vg06b42YhF6cFxeixsp9Riqg=="],
+    "tinyglobby/fdir": ["fdir@6.4.6", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w=="],
+
+    "tinyglobby/picomatch": ["picomatch@4.0.2", "", {}, "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg=="],
+
+    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
 
     "@babel/helper-module-imports/@babel/traverse/@babel/generator": ["@babel/generator@7.27.1", "", { "dependencies": { "@babel/parser": "^7.27.1", "@babel/types": "^7.27.1", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w=="],
 
@@ -1017,44 +1021,32 @@
 
     "@babel/helper-module-imports/@babel/traverse/globals": ["globals@11.12.0", "", {}, "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="],
 
-    "@babel/helper-module-transforms/@babel/traverse/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
-
-    "@babel/helper-module-transforms/@babel/traverse/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
-
     "@eslint/eslintrc/espree/acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
 
     "@eslint/eslintrc/espree/eslint-visitor-keys": ["eslint-visitor-keys@4.2.0", "", {}, "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw=="],
 
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
 
-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.44.0", "", { "dependencies": { "@typescript-eslint/types": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0" } }, "sha512-87Jv3E+al8wpD+rIdVJm/ItDBe/Im09zXIjFoipOjr5gHUhJmTzfFLuTJ/nPTMc2Srsroy4IBXwcTCHyRR7KzA=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
 
     "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.43.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.43.0", "@typescript-eslint/types": "^8.43.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-htB/+D/BIGoNTQYffZw4uM4NzzuolCoaA/BusuSIcC8YjmBYQioew5VUZAYdAETPjeed0hqCaW7EHg+Robq8uw=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.38.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.38.0", "@typescript-eslint/types": "^8.38.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-dbK7Jvqcb8c9QfH01YB6pORpqX1mn5gDZc9n63Ak/+jD67oWXn3Gs0M6vddAN+eDXBCS5EmNWzbSxsn9SzFWWg=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.43.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-ALC2prjZcj2YqqL5X/bwWQmHA2em6/94GcbB/KKu5SX3EBDOsqztmmX1kMkvAJHzxk7TazKzJfFiEIagNV3qEA=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.38.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-Lum9RtSE3EroKk/bYns+sPOodqb2Fv50XOl/gMviMKNvanETUuUcC9ObRbzrJ4VSd2JalPqgSAavwrPiPvnAiQ=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
 
     "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
 
     "@typescript-eslint/utils/@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
 
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.44.0", "", { "dependencies": { "@typescript-eslint/types": "8.44.0", "@typescript-eslint/visitor-keys": "8.44.0" } }, "sha512-87Jv3E+al8wpD+rIdVJm/ItDBe/Im09zXIjFoipOjr5gHUhJmTzfFLuTJ/nPTMc2Srsroy4IBXwcTCHyRR7KzA=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
 
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.44.0", "", {}, "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
-
-    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
-
-    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
 
     "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
-
-    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
-
-    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
   }
 }

frontend/package.json

@@ -10,48 +10,48 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@hookform/resolvers": "^5.2.2",
+    "@hookform/resolvers": "^5.2.1",
     "@radix-ui/react-label": "^2.1.7",
     "@radix-ui/react-select": "^2.2.6",
     "@radix-ui/react-separator": "^1.1.7",
     "@radix-ui/react-slot": "^1.2.3",
-    "@tailwindcss/vite": "^4.1.13",
+    "@tailwindcss/vite": "^4.1.12",
-    "@tanstack/react-query": "^5.89.0",
+    "@tanstack/react-query": "^5.85.5",
-    "axios": "^1.12.2",
+    "axios": "^1.11.0",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
-    "i18next": "^25.5.2",
+    "i18next": "^25.4.2",
     "i18next-browser-languagedetector": "^8.2.0",
     "i18next-resources-to-backend": "^1.2.1",
     "input-otp": "^1.4.2",
-    "lucide-react": "^0.544.0",
+    "lucide-react": "^0.541.0",
     "next-themes": "^0.4.6",
     "react": "^19.1.1",
     "react-dom": "^19.1.1",
     "react-hook-form": "^7.62.0",
-    "react-i18next": "^15.7.3",
+    "react-i18next": "^15.7.2",
     "react-markdown": "^10.1.0",
-    "react-router": "^7.9.1",
+    "react-router": "^7.8.2",
     "sonner": "^2.0.7",
     "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.13",
+    "tailwindcss": "^4.1.12",
-    "zod": "^4.1.9"
+    "zod": "^4.1.3"
   },
   "devDependencies": {
-    "@eslint/js": "^9.35.0",
+    "@eslint/js": "^9.34.0",
-    "@tanstack/eslint-plugin-query": "^5.89.0",
+    "@tanstack/eslint-plugin-query": "^5.83.1",
-    "@types/node": "^24.5.2",
+    "@types/node": "^24.3.0",
-    "@types/react": "^19.1.13",
+    "@types/react": "^19.1.11",
-    "@types/react-dom": "^19.1.9",
+    "@types/react-dom": "^19.1.8",
-    "@vitejs/plugin-react": "^5.0.3",
+    "@vitejs/plugin-react": "^5.0.1",
-    "eslint": "^9.35.0",
+    "eslint": "^9.34.0",
     "eslint-plugin-react-hooks": "^5.2.0",
     "eslint-plugin-react-refresh": "^0.4.19",
-    "globals": "^16.4.0",
+    "globals": "^16.3.0",
     "prettier": "3.6.2",
-    "tw-animate-css": "^1.3.8",
+    "tw-animate-css": "^1.3.7",
     "typescript": "~5.9.2",
-    "typescript-eslint": "^8.44.0",
+    "typescript-eslint": "^8.41.0",
-    "vite": "^7.1.6"
+    "vite": "^7.1.3"
   }
 }

frontend/src/components/icons/generic.tsx

@@ -1,6 +1,6 @@
 import type { SVGProps } from "react";
 
-export function OAuthIcon(props: SVGProps<SVGSVGElement>) {
+export function GenericIcon(props: SVGProps<SVGSVGElement>) {
   return (
     <svg
       xmlns="http://www.w3.org/2000/svg"

frontend/src/components/icons/microsoft.tsx

@@ -1,18 +0,0 @@
-import type { SVGProps } from "react";
-
-export function MicrosoftIcon(props: SVGProps<SVGSVGElement>) {
-  return (
-    <svg
-      xmlns="http://www.w3.org/2000/svg"
-      width="2em"
-      height="2em"
-      viewBox="0 0 256 256"
-      {...props}
-    >
-      <path fill="#f1511b" d="M121.666 121.666H0V0h121.666z"></path>
-      <path fill="#80cc28" d="M256 121.666H134.335V0H256z"></path>
-      <path fill="#00adef" d="M121.663 256.002H0V134.336h121.663z"></path>
-      <path fill="#fbbc09" d="M256 256.002H134.335V134.336H256z"></path>
-    </svg>
-  );
-}

frontend/src/components/icons/pocket-id.tsx

@@ -1,20 +0,0 @@
-import type { SVGProps } from "react";
-
-export function PocketIDIcon(props: SVGProps<SVGSVGElement>) {
-  return (
-    <svg
-      xmlns="http://www.w3.org/2000/svg"
-      xmlSpace="preserve"
-      width={512}
-      height={512}
-      viewBox="0 0 512 512"
-      {...props}
-    >
-      <circle cx="256" cy="256" r="256" />
-      <path
-        d="M268.6 102.4c64.4 0 116.8 52.4 116.8 116.7 0 25.3-8 49.4-23 69.6-14.8 19.9-35 34.3-58.4 41.7l-6.5 2-15.5-76.2 4.3-2c14-6.7 23-21.1 23-36.6 0-22.4-18.2-40.6-40.6-40.6S228 195.2 228 217.6c0 15.5 9 29.8 23 36.6l4.2 2-25 153.4h-69.5V102.4z"
-        className="fill-white"
-      />
-    </svg>
-  );
-}

frontend/src/components/icons/tailscale.tsx

@@ -1,26 +0,0 @@
-import type { SVGProps } from "react";
-
-export function TailscaleIcon(props: SVGProps<SVGSVGElement>) {
-  return (
-    <svg
-      xmlns="http://www.w3.org/2000/svg"
-      xmlSpace="preserve"
-      width={512}
-      height={512}
-      viewBox="0 0 512 512"
-      {...props}
-    >
-      <path
-        className="opacity-80"
-        fill="currentColor"
-        d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9m191.6 0c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m189.2-193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
-      />
-
-      <path
-        d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512m191.6-384.3c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
-        className="opacity-20"
-        fill="currentColor"
-      />
-    </svg>
-  );
-}

frontend/src/lib/i18n/locales/en-US.json

@@ -14,9 +14,6 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
-    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
-    "loginOauthAutoRedirectButton": "Redirect now",
     "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
@@ -24,7 +21,7 @@
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
     "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",

frontend/src/lib/i18n/locales/en.json

@@ -14,9 +14,6 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
-    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
-    "loginOauthAutoRedirectButton": "Redirect now",
     "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
@@ -24,7 +21,7 @@
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
     "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",

frontend/src/pages/continue-page.tsx

@@ -14,7 +14,7 @@ import { Navigate, useLocation, useNavigate } from "react-router";
 import { useEffect, useState } from "react";
 
 export const ContinuePage = () => {
-  const { cookieDomain } = useAppContext();
+  const { rootDomain } = useAppContext();
   const { isLoggedIn } = useUserContext();
   const { search } = useLocation();
   const { t } = useTranslation();
@@ -33,8 +33,8 @@ export const ContinuePage = () => {
     : null;
   const isTrustedRedirectUri =
     redirectUriObj !== null
-      ? redirectUriObj.hostname === cookieDomain ||
+      ? redirectUriObj.hostname === rootDomain ||
-        redirectUriObj.hostname.endsWith(`.${cookieDomain}`)
+        redirectUriObj.hostname.endsWith(`.${rootDomain}`)
       : false;
   const isAllowedRedirectProto =
     redirectUriObj !== null
@@ -70,7 +70,7 @@ export const ContinuePage = () => {
     const reveal = setTimeout(() => {
       setLoading(false);
       setShowRedirectButton(true);
-    }, 5000);
+    }, 1000);
 
     return () => {
       clearTimeout(auto);
@@ -105,7 +105,7 @@ export const ContinuePage = () => {
               components={{
                 code: <code />,
               }}
-              values={{ cookieDomain }}
+              values={{ rootDomain }}
             />
           </CardDescription>
         </CardHeader>

frontend/src/pages/login-page.tsx

@@ -1,18 +1,13 @@
 import { LoginForm } from "@/components/auth/login-form";
+import { GenericIcon } from "@/components/icons/generic";
 import { GithubIcon } from "@/components/icons/github";
 import { GoogleIcon } from "@/components/icons/google";
-import { MicrosoftIcon } from "@/components/icons/microsoft";
-import { OAuthIcon } from "@/components/icons/oauth";
-import { PocketIDIcon } from "@/components/icons/pocket-id";
-import { TailscaleIcon } from "@/components/icons/tailscale";
-import { Button } from "@/components/ui/button";
 import {
   Card,
   CardHeader,
   CardTitle,
   CardDescription,
   CardContent,
-  CardFooter,
 } from "@/components/ui/card";
 import { OAuthButton } from "@/components/ui/oauth-button";
 import { SeperatorWithChildren } from "@/components/ui/separator";
@@ -22,40 +17,28 @@ import { useIsMounted } from "@/lib/hooks/use-is-mounted";
 import { LoginSchema } from "@/schemas/login-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios, { AxiosError } from "axios";
-import { useEffect, useRef, useState } from "react";
+import { useEffect, useRef } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 
-const iconMap: Record<string, React.ReactNode> = {
-  google: <GoogleIcon />,
-  github: <GithubIcon />,
-  tailscale: <TailscaleIcon />,
-  microsoft: <MicrosoftIcon />,
-  pocketid: <PocketIDIcon />,
-};
-
 export const LoginPage = () => {
   const { isLoggedIn } = useUserContext();
-  const { providers, title, oauthAutoRedirect } = useAppContext();
+  const { configuredProviders, title, oauthAutoRedirect, genericName } =
+    useAppContext();
   const { search } = useLocation();
   const { t } = useTranslation();
   const isMounted = useIsMounted();
-  const [oauthAutoRedirectHandover, setOauthAutoRedirectHandover] =
-    useState(false);
-  const [showRedirectButton, setShowRedirectButton] = useState(false);
 
   const redirectTimer = useRef<number | null>(null);
-  const redirectButtonTimer = useRef<number | null>(null);
 
   const searchParams = new URLSearchParams(search);
   const redirectUri = searchParams.get("redirect_uri");
 
-  const oauthProviders = providers.filter(
+  const oauthConfigured =
-    (provider) => provider.id !== "username",
+    configuredProviders.filter((provider) => provider !== "username").length >
-  );
+    0;
-  const userAuthConfigured =
+  const userAuthConfigured = configuredProviders.includes("username");
-    providers.find((provider) => provider.id === "username") !== undefined;
 
   const oauthMutation = useMutation({
     mutationFn: (provider: string) =>
@@ -73,7 +56,6 @@ export const LoginPage = () => {
       }, 500);
     },
     onError: () => {
-      setOauthAutoRedirectHandover(false);
       toast.error(t("loginOauthFailTitle"), {
         description: t("loginOauthFailSubtitle"),
       });
@@ -114,16 +96,12 @@ export const LoginPage = () => {
   useEffect(() => {
     if (isMounted()) {
       if (
-        oauthProviders.length !== 0 &&
+        oauthConfigured &&
-        providers.find((provider) => provider.id === oauthAutoRedirect) &&
+        configuredProviders.includes(oauthAutoRedirect) &&
         !isLoggedIn &&
         redirectUri
       ) {
-        setOauthAutoRedirectHandover(true);
         oauthMutation.mutate(oauthAutoRedirect);
-        redirectButtonTimer.current = window.setTimeout(() => {
-          setShowRedirectButton(true);
-        }, 5000);
       }
     }
   }, []);
@@ -131,8 +109,6 @@ export const LoginPage = () => {
   useEffect(
     () => () => {
       if (redirectTimer.current) clearTimeout(redirectTimer.current);
-      if (redirectButtonTimer.current)
-        clearTimeout(redirectButtonTimer.current);
     },
     [],
   );
@@ -150,63 +126,61 @@ export const LoginPage = () => {
     return <Navigate to="/logout" replace />;
   }
 
-  if (oauthAutoRedirectHandover) {
-    return (
-      <Card className="min-w-xs sm:min-w-sm">
-        <CardHeader>
-          <CardTitle className="text-3xl">
-            {t("loginOauthAutoRedirectTitle")}
-          </CardTitle>
-          <CardDescription>
-            {t("loginOauthAutoRedirectSubtitle")}
-          </CardDescription>
-        </CardHeader>
-        {showRedirectButton && (
-          <CardFooter className="flex flex-col items-stretch">
-            <Button
-              onClick={() => {
-                window.location.replace(oauthMutation.data?.data.url);
-              }}
-            >
-              {t("loginOauthAutoRedirectButton")}
-            </Button>
-          </CardFooter>
-        )}
-      </Card>
-    );
-  }
   return (
     <Card className="min-w-xs sm:min-w-sm">
       <CardHeader>
         <CardTitle className="text-center text-3xl">{title}</CardTitle>
-        {providers.length > 0 && (
+        {configuredProviders.length > 0 && (
           <CardDescription className="text-center">
-            {oauthProviders.length !== 0
+            {oauthConfigured ? t("loginTitle") : t("loginTitleSimple")}
-              ? t("loginTitle")
-              : t("loginTitleSimple")}
           </CardDescription>
         )}
       </CardHeader>
       <CardContent className="flex flex-col gap-4">
-        {oauthProviders.length !== 0 && (
+        {oauthConfigured && (
           <div className="flex flex-col gap-2 items-center justify-center">
-            {oauthProviders.map((provider) => (
+            {configuredProviders.includes("google") && (
               <OAuthButton
-                key={provider.id}
+                title="Google"
-                title={provider.name}
+                icon={<GoogleIcon />}
-                icon={iconMap[provider.id] ?? <OAuthIcon />}
                 className="w-full"
-                onClick={() => oauthMutation.mutate(provider.id)}
+                onClick={() => oauthMutation.mutate("google")}
                 loading={
                   oauthMutation.isPending &&
-                  oauthMutation.variables === provider.id
+                  oauthMutation.variables === "google"
                 }
                 disabled={oauthMutation.isPending || loginMutation.isPending}
               />
-            ))}
+            )}
+            {configuredProviders.includes("github") && (
+              <OAuthButton
+                title="Github"
+                icon={<GithubIcon />}
+                className="w-full"
+                onClick={() => oauthMutation.mutate("github")}
+                loading={
+                  oauthMutation.isPending &&
+                  oauthMutation.variables === "github"
+                }
+                disabled={oauthMutation.isPending || loginMutation.isPending}
+              />
+            )}
+            {configuredProviders.includes("generic") && (
+              <OAuthButton
+                title={genericName}
+                icon={<GenericIcon />}
+                className="w-full"
+                onClick={() => oauthMutation.mutate("generic")}
+                loading={
+                  oauthMutation.isPending &&
+                  oauthMutation.variables === "generic"
+                }
+                disabled={oauthMutation.isPending || loginMutation.isPending}
+              />
+            )}
           </div>
         )}
-        {userAuthConfigured && oauthProviders.length !== 0 && (
+        {userAuthConfigured && oauthConfigured && (
           <SeperatorWithChildren>{t("loginDivider")}</SeperatorWithChildren>
         )}
         {userAuthConfigured && (
@@ -215,7 +189,7 @@ export const LoginPage = () => {
             loading={loginMutation.isPending || oauthMutation.isPending}
           />
         )}
-        {providers.length == 0 && (
+        {configuredProviders.length == 0 && (
           <p className="text-center text-red-600 max-w-sm">
             {t("failedToFetchProvidersTitle")}
           </p>

frontend/src/pages/logout-page.tsx

@@ -6,7 +6,9 @@ import {
   CardHeader,
   CardTitle,
 } from "@/components/ui/card";
+import { useAppContext } from "@/context/app-context";
 import { useUserContext } from "@/context/user-context";
+import { capitalize } from "@/lib/utils";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
 import { useEffect, useRef } from "react";
@@ -15,7 +17,8 @@ import { Navigate } from "react-router";
 import { toast } from "sonner";
 
 export const LogoutPage = () => {
-  const { provider, username, isLoggedIn, email, oauthName } = useUserContext();
+  const { provider, username, isLoggedIn, email } = useUserContext();
+  const { genericName } = useAppContext();
   const { t } = useTranslation();
 
   const redirectTimer = useRef<number | null>(null);
@@ -64,7 +67,8 @@ export const LogoutPage = () => {
               }}
               values={{
                 username: email,
-                provider: oauthName,
+                provider:
+                  provider === "generic" ? genericName : capitalize(provider),
               }}
             />
           ) : (

frontend/src/schemas/app-context-schema.ts

@@ -1,19 +1,14 @@
 import { z } from "zod";
 
-export const providerSchema = z.object({
-  id: z.string(),
-  name: z.string(),
-  oauth: z.boolean(),
-});
-
 export const appContextSchema = z.object({
-  providers: z.array(providerSchema),
+  configuredProviders: z.array(z.string()),
   title: z.string(),
+  genericName: z.string(),
   appUrl: z.string(),
-  cookieDomain: z.string(),
+  rootDomain: z.string(),
   forgotPasswordMessage: z.string(),
+  oauthAutoRedirect: z.enum(["none", "github", "google", "generic"]),
   backgroundImage: z.string(),
-  oauthAutoRedirect: z.string(),
 });
 
 export type AppContextSchema = z.infer<typeof appContextSchema>;

frontend/src/schemas/user-context-schema.ts

@@ -8,7 +8,6 @@ export const userContextSchema = z.object({
   provider: z.string(),
   oauth: z.boolean(),
   totpPending: z.boolean(),
-  oauthName: z.string(),
 });
 
 export type UserContextSchema = z.infer<typeof userContextSchema>;

go.mod

@@ -1,27 +1,23 @@
 module tinyauth
 
-go 1.24.0
+go 1.23.2
-
-toolchain go1.24.3
 
 require (
 	github.com/cenkalti/backoff/v5 v5.0.3
 	github.com/gin-gonic/gin v1.10.1
-	github.com/glebarez/sqlite v1.11.0
 	github.com/go-playground/validator/v10 v10.27.0
-	github.com/golang-migrate/migrate/v4 v4.19.0
+	github.com/golang-migrate/migrate/v4 v4.18.3
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
 	github.com/rs/zerolog v1.34.0
-	github.com/spf13/cobra v1.10.1
+	github.com/spf13/cobra v1.9.1
-	github.com/spf13/viper v1.21.0
+	github.com/spf13/viper v1.20.1
 	github.com/traefik/paerser v0.2.2
-	github.com/weppos/publicsuffix-go v0.50.0
+	golang.org/x/crypto v0.41.0
-	golang.org/x/crypto v0.42.0
+	gorm.io/driver/sqlite v1.6.0
-	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
+	gorm.io/gorm v1.30.1
-	gorm.io/gorm v1.31.0
+	modernc.org/sqlite v1.38.2
-	gotest.tools/v3 v3.5.2
 )
 
 require (
@@ -32,9 +28,9 @@ require (
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
+	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
-	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
@@ -48,12 +44,12 @@ require (
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
-	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
-	golang.org/x/term v0.35.0 // indirect
+	golang.org/x/term v0.34.0 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
-	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
 
@@ -74,21 +70,24 @@ require (
 	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v28.4.0+incompatible
+	github.com/docker/docker v28.3.3+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/gin-contrib/sse v1.0.0 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.11
-	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/gorilla/sessions v1.4.0
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
@@ -107,28 +106,30 @@ require (
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pquerna/otp v1.5.0
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/sagikazarmark/locafero v0.11.0 // indirect
+	github.com/sagikazarmark/locafero v0.7.0 // indirect
-	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
-	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.37.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/arch v0.13.0 // indirect
-	golang.org/x/net v0.44.0 // indirect
+	golang.org/x/net v0.42.0 // indirect
-	golang.org/x/oauth2 v0.31.0
+	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.29.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
 	google.golang.org/protobuf v1.36.3 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -74,8 +74,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk=
+github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=
-github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -88,8 +88,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
@@ -105,8 +105,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:h
 github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
 github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@@ -122,18 +122,26 @@ github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlnd
 github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
 github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/golang-migrate/migrate/v4 v4.19.0 h1:RcjOnCGz3Or6HQYEJ/EEVLfWnmw9KnoigPSjzhCuaSE=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/golang-migrate/migrate/v4 v4.19.0/go.mod h1:9dyEcu+hO+G9hPSw8AIg50yg622pXJsoHItQnDGZkI0=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-migrate/migrate/v4 v4.18.3 h1:EYGkoOsvgHHfm5U/naS1RP/6PL/Xv3S4B/swMiAmDLs=
+github.com/golang-migrate/migrate/v4 v4.18.3/go.mod h1:99BKpIi6ruaaXRM1A77eqZ+FWPQ3cfRa+ZVy5bmWMaY=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -163,6 +171,8 @@ github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
 github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
@@ -221,8 +231,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
-github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -240,23 +250,22 @@ github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
+github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
-github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
+github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
-github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
+github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
-github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
+github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
-github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
+github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
-github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
-github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
+github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
-github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -267,9 +276,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/traefik/paerser v0.2.2 h1:cpzW/ZrQrBh3mdwD/jnp6aXASiUFKOVr6ldP+keJTcQ=
@@ -278,60 +286,86 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/weppos/publicsuffix-go v0.50.0 h1:M178k6l8cnh9T1c1cStkhytVxdk5zPd6gGZf8ySIuVo=
-github.com/weppos/publicsuffix-go v0.50.0/go.mod h1:VXhClBYMlDrUsome4pOTpe68Ui0p6iQRAbyHQD1yKoU=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
-go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
+go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
-go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
+go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 h1:BEj3SPM81McUZHYjRS5pEgNgnmzGJ5tRpU5krWnV8Bs=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0/go.mod h1:9cKLGBDzI/F3NoHLQGm4ZrYdIHsvGt6ej6hUowxY0J4=
-go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
+go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
-go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
+go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
 go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
 go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
-go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
+go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
-go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
+go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
 go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
 go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
-go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
+go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
 golang.org/x/arch v0.13.0 h1:KCkqVVV1kGg0X87TFysjCJ8MxtZEIU4Ja/yXGeoECdA=
 golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
-golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
-golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
-golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
-golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
-golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
+golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA=
 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI=
@@ -346,8 +380,10 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
+gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
-gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
+gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
+gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
+gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=

internal/assets/migrations/000002_oauth_name.down.sql

@@ -1 +0,0 @@
-ALTER TABLE "sessions" DROP COLUMN "oauth_name";

internal/assets/migrations/000002_oauth_name.up.sql

@@ -1,10 +0,0 @@
-ALTER TABLE "sessions" ADD COLUMN "oauth_name" TEXT;
-
-UPDATE "sessions"
-SET "oauth_name" = CASE
-  WHEN LOWER("provider") = 'github' THEN 'GitHub'
-  WHEN LOWER("provider") = 'google' THEN 'Google'
-  ELSE UPPER(SUBSTR("provider", 1, 1)) || SUBSTR("provider", 2)
-END
-WHERE "oauth_name" IS NULL AND "provider" IS NOT NULL;
-

internal/bootstrap/app_bootstrap.go

@@ -1,14 +1,9 @@
 package bootstrap
 
 import (
-	"bytes"
-	"encoding/json"
 	"fmt"
-	"net/http"
 	"net/url"
-	"os"
 	"strings"
-	"time"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
 	"tinyauth/internal/middleware"
@@ -33,43 +28,33 @@ type Service interface {
 }
 
 type BootstrapApp struct {
-	config config.Config
+	Config config.Config
-	uuid   string
 }
 
 func NewBootstrapApp(config config.Config) *BootstrapApp {
 	return &BootstrapApp{
-		config: config,
+		Config: config,
 	}
 }
 
 func (app *BootstrapApp) Setup() error {
 	// Parse users
-	users, err := utils.GetUsers(app.config.Users, app.config.UsersFile)
+	users, err := utils.GetUsers(app.Config.Users, app.Config.UsersFile)
 
 	if err != nil {
 		return err
 	}
 
-	// Get OAuth configs
+	// Get root domain
-	oauthProviders, err := utils.GetOAuthProvidersConfig(os.Environ(), os.Args, app.config.AppURL)
+	rootDomain, err := utils.GetRootDomain(app.Config.AppURL)
-
-	if err != nil {
-		return err
-	}
-
-	// Get cookie domain
-	cookieDomain, err := utils.GetCookieDomain(app.config.AppURL)
 
 	if err != nil {
 		return err
 	}
 
 	// Cookie names
-	appUrl, _ := url.Parse(app.config.AppURL) // Already validated
+	appUrl, _ := url.Parse(app.Config.AppURL) // Already validated
-	uuid := utils.GenerateUUID(appUrl.Hostname())
+	cookieId := utils.GenerateIdentifier(appUrl.Hostname())
-	app.uuid = uuid
-	cookieId := strings.Split(uuid, "-")[0]
 	sessionCookieName := fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
 	csrfCookieName := fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
 	redirectCookieName := fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
@@ -77,26 +62,26 @@ func (app *BootstrapApp) Setup() error {
 	// Create configs
 	authConfig := service.AuthServiceConfig{
 		Users:             users,
-		OauthWhitelist:    app.config.OAuthWhitelist,
+		OauthWhitelist:    app.Config.OAuthWhitelist,
-		SessionExpiry:     app.config.SessionExpiry,
+		SessionExpiry:     app.Config.SessionExpiry,
-		SecureCookie:      app.config.SecureCookie,
+		SecureCookie:      app.Config.SecureCookie,
-		CookieDomain:      cookieDomain,
+		RootDomain:        rootDomain,
-		LoginTimeout:      app.config.LoginTimeout,
+		LoginTimeout:      app.Config.LoginTimeout,
-		LoginMaxRetries:   app.config.LoginMaxRetries,
+		LoginMaxRetries:   app.Config.LoginMaxRetries,
 		SessionCookieName: sessionCookieName,
 	}
 
 	// Setup services
 	var ldapService *service.LdapService
 
-	if app.config.LdapAddress != "" {
+	if app.Config.LdapAddress != "" {
 		ldapConfig := service.LdapServiceConfig{
-			Address:      app.config.LdapAddress,
+			Address:      app.Config.LdapAddress,
-			BindDN:       app.config.LdapBindDN,
+			BindDN:       app.Config.LdapBindDN,
-			BindPassword: app.config.LdapBindPassword,
+			BindPassword: app.Config.LdapBindPassword,
-			BaseDN:       app.config.LdapBaseDN,
+			BaseDN:       app.Config.LdapBaseDN,
-			Insecure:     app.config.LdapInsecure,
+			Insecure:     app.Config.LdapInsecure,
-			SearchFilter: app.config.LdapSearchFilter,
+			SearchFilter: app.Config.LdapSearchFilter,
 		}
 
 		ldapService = service.NewLdapService(ldapConfig)
@@ -111,7 +96,7 @@ func (app *BootstrapApp) Setup() error {
 
 	// Bootstrap database
 	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
-		DatabasePath: app.config.DatabasePath,
+		DatabasePath: app.Config.DatabasePath,
 	})
 
 	log.Debug().Str("service", fmt.Sprintf("%T", databaseService)).Msg("Initializing service")
@@ -127,7 +112,7 @@ func (app *BootstrapApp) Setup() error {
 	// Create services
 	dockerService := service.NewDockerService()
 	authService := service.NewAuthService(authConfig, dockerService, ldapService, database)
-	oauthBrokerService := service.NewOAuthBrokerService(oauthProviders)
+	oauthBrokerService := service.NewOAuthBrokerService(app.getOAuthBrokerConfig())
 
 	// Initialize services
 	services := []Service{
@@ -147,41 +132,13 @@ func (app *BootstrapApp) Setup() error {
 	}
 
 	// Configured providers
-	babysit := map[string]string{
+	var configuredProviders []string
-		"google": "Google",
-		"github": "GitHub",
-	}
-	configuredProviders := make([]controller.Provider, 0)
-
-	for id, provider := range oauthProviders {
-		if id == "" {
-			continue
-		}
-
-		if provider.Name == "" {
-			if name, ok := babysit[id]; ok {
-				provider.Name = name
-			} else {
-				provider.Name = utils.Capitalize(id)
-			}
-		}
-
-		configuredProviders = append(configuredProviders, controller.Provider{
-			Name:  provider.Name,
-			ID:    id,
-			OAuth: true,
-		})
-	}
 
 	if authService.UserAuthConfigured() || ldapService != nil {
-		configuredProviders = append(configuredProviders, controller.Provider{
+		configuredProviders = append(configuredProviders, "username")
-			Name:  "Username",
-			ID:    "username",
-			OAuth: false,
-		})
 	}
 
-	log.Debug().Interface("providers", configuredProviders).Msg("Authentication providers")
+	configuredProviders = append(configuredProviders, oauthBrokerService.GetConfiguredServices()...)
 
 	if len(configuredProviders) == 0 {
 		return fmt.Errorf("no authentication providers configured")
@@ -190,14 +147,6 @@ func (app *BootstrapApp) Setup() error {
 	// Create engine
 	engine := gin.New()
 
-	if len(app.config.TrustedProxies) > 0 {
-		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
-
-		if err != nil {
-			return fmt.Errorf("failed to set trusted proxies: %w", err)
-		}
-	}
-
 	if config.Version != "development" {
 		gin.SetMode(gin.ReleaseMode)
 	}
@@ -206,7 +155,7 @@ func (app *BootstrapApp) Setup() error {
 	var middlewares []Middleware
 
 	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
-		CookieDomain: cookieDomain,
+		RootDomain: rootDomain,
 	}, authService, oauthBrokerService)
 
 	uiMiddleware := middleware.NewUIMiddleware()
@@ -229,33 +178,34 @@ func (app *BootstrapApp) Setup() error {
 
 	// Create controllers
 	contextController := controller.NewContextController(controller.ContextControllerConfig{
-		Providers:             configuredProviders,
+		ConfiguredProviders:   configuredProviders,
-		Title:                 app.config.Title,
+		Title:                 app.Config.Title,
-		AppURL:                app.config.AppURL,
+		GenericName:           app.Config.GenericName,
-		CookieDomain:          cookieDomain,
+		AppURL:                app.Config.AppURL,
-		ForgotPasswordMessage: app.config.ForgotPasswordMessage,
+		RootDomain:            rootDomain,
-		BackgroundImage:       app.config.BackgroundImage,
+		ForgotPasswordMessage: app.Config.ForgotPasswordMessage,
-		OAuthAutoRedirect:     app.config.OAuthAutoRedirect,
+		BackgroundImage:       app.Config.BackgroundImage,
+		OAuthAutoRedirect:     app.Config.OAuthAutoRedirect,
 	}, apiRouter)
 
 	oauthController := controller.NewOAuthController(controller.OAuthControllerConfig{
-		AppURL:             app.config.AppURL,
+		AppURL:             app.Config.AppURL,
-		SecureCookie:       app.config.SecureCookie,
+		SecureCookie:       app.Config.SecureCookie,
 		CSRFCookieName:     csrfCookieName,
 		RedirectCookieName: redirectCookieName,
-		CookieDomain:       cookieDomain,
+		RootDomain:         rootDomain,
 	}, apiRouter, authService, oauthBrokerService)
 
 	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
-		AppURL: app.config.AppURL,
+		AppURL: app.Config.AppURL,
 	}, apiRouter, dockerService, authService)
 
 	userController := controller.NewUserController(controller.UserControllerConfig{
-		CookieDomain: cookieDomain,
+		RootDomain: rootDomain,
 	}, apiRouter, authService)
 
 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
-		ResourcesDir: app.config.ResourcesDir,
+		ResourcesDir: app.Config.ResourcesDir,
 	}, mainRouter)
 
 	healthController := controller.NewHealthController(apiRouter)
@@ -275,14 +225,8 @@ func (app *BootstrapApp) Setup() error {
 		ctrl.SetupRoutes()
 	}
 
-	// If analytics are not disabled, start heartbeat
-	if !app.config.DisableAnalytics {
-		log.Debug().Msg("Starting heartbeat routine")
-		go app.heartbeat()
-	}
-
 	// Start server
-	address := fmt.Sprintf("%s:%d", app.config.Address, app.config.Port)
+	address := fmt.Sprintf("%s:%d", app.Config.Address, app.Config.Port)
 	log.Info().Msgf("Starting server on %s", address)
 	if err := engine.Run(address); err != nil {
 		log.Fatal().Err(err).Msg("Failed to start server")
@@ -291,54 +235,29 @@ func (app *BootstrapApp) Setup() error {
 	return nil
 }
 
-func (app *BootstrapApp) heartbeat() {
+// Temporary
-	ticker := time.NewTicker(time.Duration(12) * time.Hour)
+func (app *BootstrapApp) getOAuthBrokerConfig() map[string]config.OAuthServiceConfig {
-	defer ticker.Stop()
+	return map[string]config.OAuthServiceConfig{
-
+		"google": {
-	type heartbeat struct {
+			ClientID:     app.Config.GoogleClientId,
-		UUID    string `json:"uuid"`
+			ClientSecret: app.Config.GoogleClientSecret,
-		Version string `json:"version"`
+			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/google", app.Config.AppURL),
+		},
+		"github": {
+			ClientID:     app.Config.GithubClientId,
+			ClientSecret: app.Config.GithubClientSecret,
+			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/github", app.Config.AppURL),
+		},
+		"generic": {
+			ClientID:           app.Config.GenericClientId,
+			ClientSecret:       app.Config.GenericClientSecret,
+			RedirectURL:        fmt.Sprintf("%s/api/oauth/callback/generic", app.Config.AppURL),
+			Scopes:             strings.Split(app.Config.GenericScopes, ","),
+			AuthURL:            app.Config.GenericAuthURL,
+			TokenURL:           app.Config.GenericTokenURL,
+			UserinfoURL:        app.Config.GenericUserURL,
+			InsecureSkipVerify: app.Config.GenericSkipSSL,
+		},
 	}
 
-	var body heartbeat
-
-	body.UUID = app.uuid
-	body.Version = config.Version
-
-	bodyJson, err := json.Marshal(body)
-
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to marshal heartbeat body")
-		return
-	}
-
-	client := &http.Client{}
-
-	heartbeatURL := config.ApiServer + "/v1/instances/heartbeat"
-
-	for ; true; <-ticker.C {
-		log.Debug().Msg("Sending heartbeat")
-
-		req, err := http.NewRequest(http.MethodPost, heartbeatURL, bytes.NewReader(bodyJson))
-
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to create heartbeat request")
-			continue
-		}
-
-		req.Header.Add("Content-Type", "application/json")
-
-		res, err := client.Do(req)
-
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to send heartbeat")
-			continue
-		}
-
-		res.Body.Close()
-
-		if res.StatusCode != 200 {
-			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200 status")
-		}
-	}
 }

internal/config/config.go

@@ -3,8 +3,8 @@ package config
 // Version information, set at build time
 
 var Version = "development"
-var CommitHash = "development"
+var CommitHash = "n/a"
-var BuildTimestamp = "0000-00-00T00:00:00Z"
+var BuildTimestamp = "n/a"
 
 // Cookie name templates
 
@@ -21,8 +21,23 @@ type Config struct {
 	Users                   string `mapstructure:"users"`
 	UsersFile               string `mapstructure:"users-file"`
 	SecureCookie            bool   `mapstructure:"secure-cookie"`
+	GithubClientId          string `mapstructure:"github-client-id"`
+	GithubClientSecret      string `mapstructure:"github-client-secret"`
+	GithubClientSecretFile  string `mapstructure:"github-client-secret-file"`
+	GoogleClientId          string `mapstructure:"google-client-id"`
+	GoogleClientSecret      string `mapstructure:"google-client-secret"`
+	GoogleClientSecretFile  string `mapstructure:"google-client-secret-file"`
+	GenericClientId         string `mapstructure:"generic-client-id"`
+	GenericClientSecret     string `mapstructure:"generic-client-secret"`
+	GenericClientSecretFile string `mapstructure:"generic-client-secret-file"`
+	GenericScopes           string `mapstructure:"generic-scopes"`
+	GenericAuthURL          string `mapstructure:"generic-auth-url"`
+	GenericTokenURL         string `mapstructure:"generic-token-url"`
+	GenericUserURL          string `mapstructure:"generic-user-url"`
+	GenericName             string `mapstructure:"generic-name"`
+	GenericSkipSSL          bool   `mapstructure:"generic-skip-ssl"`
 	OAuthWhitelist          string `mapstructure:"oauth-whitelist"`
-	OAuthAutoRedirect     string `mapstructure:"oauth-auto-redirect"`
+	OAuthAutoRedirect       string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
 	SessionExpiry           int    `mapstructure:"session-expiry"`
 	LogLevel                string `mapstructure:"log-level" validate:"oneof=trace debug info warn error fatal panic"`
 	Title                   string `mapstructure:"app-title"`
@@ -38,8 +53,6 @@ type Config struct {
 	LdapSearchFilter        string `mapstructure:"ldap-search-filter"`
 	ResourcesDir            string `mapstructure:"resources-dir"`
 	DatabasePath            string `mapstructure:"database-path" validate:"required"`
-	TrustedProxies        string `mapstructure:"trusted-proxies"`
-	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
 }
 
 // OAuth/OIDC config
@@ -52,16 +65,14 @@ type Claims struct {
 }
 
 type OAuthServiceConfig struct {
-	ClientID           string   `key:"client-id"`
+	ClientID           string
-	ClientSecret       string   `key:"client-secret"`
+	ClientSecret       string
-	ClientSecretFile   string   `key:"client-secret-file"`
+	Scopes             []string
-	Scopes             []string `key:"scopes"`
+	RedirectURL        string
-	RedirectURL        string   `key:"redirect-url"`
+	AuthURL            string
-	AuthURL            string   `key:"auth-url"`
+	TokenURL           string
-	TokenURL           string   `key:"token-url"`
+	UserinfoURL        string
-	UserinfoURL        string   `key:"user-info-url"`
+	InsecureSkipVerify bool
-	InsecureSkipVerify bool     `key:"insecure-skip-verify"`
-	Name               string   `key:"name"`
 }
 
 // User/session related stuff
@@ -85,7 +96,6 @@ type SessionCookie struct {
 	Provider    string
 	TotpPending bool
 	OAuthGroups string
-	OAuthName   string
 }
 
 type UserContext struct {
@@ -98,7 +108,6 @@ type UserContext struct {
 	TotpPending bool
 	OAuthGroups string
 	TotpEnabled bool
-	OAuthName   string
 }
 
 // API responses and queries
@@ -116,61 +125,51 @@ type RedirectQuery struct {
 
 // Labels
 
-type Apps struct {
+type Labels struct {
-	Apps map[string]App
+	Apps map[string]AppLabels
 }
 
-type App struct {
+type AppLabels struct {
-	Config   AppConfig
+	Config   ConfigLabels
-	Users    AppUsers
+	Users    UsersLabels
-	OAuth    AppOAuth
+	OAuth    OAuthLabels
-	IP       AppIP
+	IP       IPLabels
-	Response AppResponse
+	Response ResponseLabels
-	Path     AppPath
+	Path     PathLabels
 }
 
-type AppConfig struct {
+type ConfigLabels struct {
 	Domain string
 }
 
-type AppUsers struct {
+type UsersLabels struct {
 	Allow string
 	Block string
 }
 
-type AppOAuth struct {
+type OAuthLabels struct {
 	Whitelist string
 	Groups    string
 }
 
-type AppIP struct {
+type IPLabels struct {
 	Allow  []string
 	Block  []string
 	Bypass []string
 }
 
-type AppResponse struct {
+type ResponseLabels struct {
 	Headers   []string
-	BasicAuth AppBasicAuth
+	BasicAuth BasicAuthLabels
 }
 
-type AppBasicAuth struct {
+type BasicAuthLabels struct {
 	Username     string
 	Password     string
 	PasswordFile string
 }
 
-type AppPath struct {
+type PathLabels struct {
 	Allow string
 	Block string
 }
-
-// Flags
-
-type Providers struct {
-	Providers map[string]OAuthServiceConfig
-}
-
-// API server
-
-var ApiServer = "https://api.tinyauth.app"

internal/controller/context_controller.go

@@ -19,51 +19,46 @@ type UserContextResponse struct {
 	Provider    string `json:"provider"`
 	OAuth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
-	OAuthName   string `json:"oauthName"`
 }
 
 type AppContextResponse struct {
 	Status                int      `json:"status"`
 	Message               string   `json:"message"`
-	Providers             []Provider `json:"providers"`
+	ConfiguredProviders   []string `json:"configuredProviders"`
 	Title                 string   `json:"title"`
+	GenericName           string   `json:"genericName"`
 	AppURL                string   `json:"appUrl"`
-	CookieDomain          string     `json:"cookieDomain"`
+	RootDomain            string   `json:"rootDomain"`
 	ForgotPasswordMessage string   `json:"forgotPasswordMessage"`
 	BackgroundImage       string   `json:"backgroundImage"`
 	OAuthAutoRedirect     string   `json:"oauthAutoRedirect"`
 }
 
-type Provider struct {
-	Name  string `json:"name"`
-	ID    string `json:"id"`
-	OAuth bool   `json:"oauth"`
-}
-
 type ContextControllerConfig struct {
-	Providers             []Provider
+	ConfiguredProviders   []string
 	Title                 string
+	GenericName           string
 	AppURL                string
-	CookieDomain          string
+	RootDomain            string
 	ForgotPasswordMessage string
 	BackgroundImage       string
 	OAuthAutoRedirect     string
 }
 
 type ContextController struct {
-	config ContextControllerConfig
+	Config ContextControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
 }
 
 func NewContextController(config ContextControllerConfig, router *gin.RouterGroup) *ContextController {
 	return &ContextController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
 	}
 }
 
 func (controller *ContextController) SetupRoutes() {
-	contextGroup := controller.router.Group("/context")
+	contextGroup := controller.Router.Group("/context")
 	contextGroup.GET("/user", controller.userContextHandler)
 	contextGroup.GET("/app", controller.appContextHandler)
 }
@@ -81,7 +76,6 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		Provider:    context.Provider,
 		OAuth:       context.OAuth,
 		TotpPending: context.TotpPending,
-		OAuthName:   context.OAuthName,
 	}
 
 	if err != nil {
@@ -97,17 +91,18 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 }
 
 func (controller *ContextController) appContextHandler(c *gin.Context) {
-	appUrl, _ := url.Parse(controller.config.AppURL) // no need to check error, validated on startup
+	appUrl, _ := url.Parse(controller.Config.AppURL) // no need to check error, validated on startup
 
 	c.JSON(200, AppContextResponse{
 		Status:                200,
 		Message:               "Success",
-		Providers:             controller.config.Providers,
+		ConfiguredProviders:   controller.Config.ConfiguredProviders,
-		Title:                 controller.config.Title,
+		Title:                 controller.Config.Title,
+		GenericName:           controller.Config.GenericName,
 		AppURL:                fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
-		CookieDomain:          controller.config.CookieDomain,
+		RootDomain:            controller.Config.RootDomain,
-		ForgotPasswordMessage: controller.config.ForgotPasswordMessage,
+		ForgotPasswordMessage: controller.Config.ForgotPasswordMessage,
-		BackgroundImage:       controller.config.BackgroundImage,
+		BackgroundImage:       controller.Config.BackgroundImage,
-		OAuthAutoRedirect:     controller.config.OAuthAutoRedirect,
+		OAuthAutoRedirect:     controller.Config.OAuthAutoRedirect,
 	})
 }

internal/controller/context_controller_test.go

@@ -1,144 +0,0 @@
-package controller_test
-
-import (
-	"encoding/json"
-	"net/http/httptest"
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/controller"
-
-	"github.com/gin-gonic/gin"
-	"gotest.tools/v3/assert"
-)
-
-var controllerCfg = controller.ContextControllerConfig{
-	Providers: []controller.Provider{
-		{
-			Name:  "Username",
-			ID:    "username",
-			OAuth: false,
-		},
-		{
-			Name:  "Google",
-			ID:    "google",
-			OAuth: true,
-		},
-	},
-	Title:                 "Test App",
-	AppURL:                "http://localhost:8080",
-	CookieDomain:          "localhost",
-	ForgotPasswordMessage: "Contact admin to reset your password.",
-	BackgroundImage:       "/assets/bg.jpg",
-	OAuthAutoRedirect:     "google",
-}
-
-var userContext = config.UserContext{
-	Username:    "testuser",
-	Name:        "testuser",
-	Email:       "test@example.com",
-	IsLoggedIn:  true,
-	OAuth:       false,
-	Provider:    "username",
-	TotpPending: false,
-	OAuthGroups: "",
-	TotpEnabled: false,
-}
-
-func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
-	// Setup
-	gin.SetMode(gin.TestMode)
-	router := gin.Default()
-	recorder := httptest.NewRecorder()
-
-	if middlewares != nil {
-		for _, m := range *middlewares {
-			router.Use(m)
-		}
-	}
-
-	group := router.Group("/api")
-
-	ctrl := controller.NewContextController(controllerCfg, group)
-	ctrl.SetupRoutes()
-
-	return router, recorder
-}
-
-func TestAppContextHandler(t *testing.T) {
-	expectedRes := controller.AppContextResponse{
-		Status:                200,
-		Message:               "Success",
-		Providers:             controllerCfg.Providers,
-		Title:                 controllerCfg.Title,
-		AppURL:                controllerCfg.AppURL,
-		CookieDomain:          controllerCfg.CookieDomain,
-		ForgotPasswordMessage: controllerCfg.ForgotPasswordMessage,
-		BackgroundImage:       controllerCfg.BackgroundImage,
-		OAuthAutoRedirect:     controllerCfg.OAuthAutoRedirect,
-	}
-
-	router, recorder := setupContextController(nil)
-	req := httptest.NewRequest("GET", "/api/context/app", nil)
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	var ctrlRes controller.AppContextResponse
-
-	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
-
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expectedRes, ctrlRes)
-}
-
-func TestUserContextHandler(t *testing.T) {
-	expectedRes := controller.UserContextResponse{
-		Status:      200,
-		Message:     "Success",
-		IsLoggedIn:  userContext.IsLoggedIn,
-		Username:    userContext.Username,
-		Name:        userContext.Name,
-		Email:       userContext.Email,
-		Provider:    userContext.Provider,
-		OAuth:       userContext.OAuth,
-		TotpPending: userContext.TotpPending,
-	}
-
-	// Test with context
-	router, recorder := setupContextController(&[]gin.HandlerFunc{
-		func(c *gin.Context) {
-			c.Set("context", &userContext)
-			c.Next()
-		},
-	})
-
-	req := httptest.NewRequest("GET", "/api/context/user", nil)
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	var ctrlRes controller.UserContextResponse
-
-	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
-
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expectedRes, ctrlRes)
-
-	// Test no context
-	expectedRes = controller.UserContextResponse{
-		Status:     401,
-		Message:    "Unauthorized",
-		IsLoggedIn: false,
-	}
-
-	router, recorder = setupContextController(nil)
-	req = httptest.NewRequest("GET", "/api/context/user", nil)
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	err = json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
-
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expectedRes, ctrlRes)
-}

internal/controller/health_controller.go

@@ -3,18 +3,18 @@ package controller
 import "github.com/gin-gonic/gin"
 
 type HealthController struct {
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
 }
 
 func NewHealthController(router *gin.RouterGroup) *HealthController {
 	return &HealthController{
-		router: router,
+		Router: router,
 	}
 }
 
 func (controller *HealthController) SetupRoutes() {
-	controller.router.GET("/health", controller.healthHandler)
+	controller.Router.GET("/health", controller.healthHandler)
-	controller.router.HEAD("/health", controller.healthHandler)
+	controller.Router.HEAD("/health", controller.healthHandler)
 }
 
 func (controller *HealthController) healthHandler(c *gin.Context) {

internal/controller/oauth_controller.go

@@ -23,27 +23,27 @@ type OAuthControllerConfig struct {
 	RedirectCookieName string
 	SecureCookie       bool
 	AppURL             string
-	CookieDomain       string
+	RootDomain         string
 }
 
 type OAuthController struct {
-	config OAuthControllerConfig
+	Config OAuthControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
-	auth   *service.AuthService
+	Auth   *service.AuthService
-	broker *service.OAuthBrokerService
+	Broker *service.OAuthBrokerService
 }
 
 func NewOAuthController(config OAuthControllerConfig, router *gin.RouterGroup, auth *service.AuthService, broker *service.OAuthBrokerService) *OAuthController {
 	return &OAuthController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
-		auth:   auth,
+		Auth:   auth,
-		broker: broker,
+		Broker: broker,
 	}
 }
 
 func (controller *OAuthController) SetupRoutes() {
-	oauthGroup := controller.router.Group("/oauth")
+	oauthGroup := controller.Router.Group("/oauth")
 	oauthGroup.GET("/url/:provider", controller.oauthURLHandler)
 	oauthGroup.GET("/callback/:provider", controller.oauthCallbackHandler)
 }
@@ -61,7 +61,7 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 		return
 	}
 
-	service, exists := controller.broker.GetService(req.Provider)
+	service, exists := controller.Broker.GetService(req.Provider)
 
 	if !exists {
 		log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
-	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 
 	redirectURI := c.Query("redirect_uri")
 
-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
 		log.Debug().Msg("Setting redirect URI cookie")
-		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+		c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 	}
 
 	c.JSON(200, gin.H{
@@ -104,59 +104,58 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 	}
 
 	state := c.Query("state")
-	csrfCookie, err := c.Cookie(controller.config.CSRFCookieName)
+	csrfCookie, err := c.Cookie(controller.Config.CSRFCookieName)
 
 	if err != nil || state != csrfCookie {
 		log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
-		c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 		return
 	}
 
-	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 
 	code := c.Query("code")
-	service, exists := controller.broker.GetService(req.Provider)
+	service, exists := controller.Broker.GetService(req.Provider)
 
 	if !exists {
 		log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
 	err = service.VerifyCode(code)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to verify OAuth code")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
-	user, err := controller.broker.GetUser(req.Provider)
+	user, err := controller.Broker.GetUser(req.Provider)
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get user from OAuth provider")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
 	if user.Email == "" {
 		log.Error().Msg("OAuth provider did not return an email")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
-	if !controller.auth.IsEmailWhitelisted(user.Email) {
+	if !controller.Auth.IsEmailWhitelisted(user.Email) {
 		queries, err := query.Values(config.UnauthorizedQuery{
 			Username: user.Email,
 		})
 
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to encode unauthorized query")
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 			return
 		}
 
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 		return
 	}
 
@@ -170,36 +169,29 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		name = fmt.Sprintf("%s (%s)", utils.Capitalize(strings.Split(user.Email, "@")[0]), strings.Split(user.Email, "@")[1])
 	}
 
-	var username string
+	var usename string
 
 	if user.PreferredUsername != "" {
 		log.Debug().Msg("Using preferred username from OAuth provider")
-		username = user.PreferredUsername
+		usename = user.PreferredUsername
 	} else {
 		log.Debug().Msg("No preferred username from OAuth provider, using pseudo username")
-		username = strings.Replace(user.Email, "@", "_", -1)
+		usename = strings.Replace(user.Email, "@", "_", -1)
 	}
 
-	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+	controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
-		Username:    username,
+		Username:    usename,
 		Name:        name,
 		Email:       user.Email,
 		Provider:    req.Provider,
 		OAuthGroups: utils.CoalesceToString(user.Groups),
-		OAuthName:   service.GetName(),
 	})
 
-	if err != nil {
+	redirectURI, err := c.Cookie(controller.Config.RedirectCookieName)
-		log.Error().Err(err).Msg("Failed to create session cookie")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
-		return
-	}
 
-	redirectURI, err := c.Cookie(controller.config.RedirectCookieName)
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
-
-	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
 		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
-		c.Redirect(http.StatusTemporaryRedirect, controller.config.AppURL)
+		c.Redirect(http.StatusTemporaryRedirect, controller.Config.AppURL)
 		return
 	}
 
@@ -209,10 +201,10 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to encode redirect URI query")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
-	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.config.AppURL, queries.Encode()))
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.Config.AppURL, queries.Encode()))
 }

internal/controller/proxy_controller.go

@@ -22,23 +22,23 @@ type ProxyControllerConfig struct {
 }
 
 type ProxyController struct {
-	config ProxyControllerConfig
+	Config ProxyControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
-	docker *service.DockerService
+	Docker *service.DockerService
-	auth   *service.AuthService
+	Auth   *service.AuthService
 }
 
 func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, docker *service.DockerService, auth *service.AuthService) *ProxyController {
 	return &ProxyController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
-		docker: docker,
+		Docker: docker,
-		auth:   auth,
+		Auth:   auth,
 	}
 }
 
 func (controller *ProxyController) SetupRoutes() {
-	proxyGroup := controller.router.Group("/auth")
+	proxyGroup := controller.Router.Group("/auth")
 	proxyGroup.GET("/:proxy", controller.proxyHandler)
 }
 
@@ -55,15 +55,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
-	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" {
-		log.Warn().Str("proxy", req.Proxy).Msg("Invalid proxy")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
 
 	if isBrowser {
@@ -76,18 +67,44 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	proto := c.Request.Header.Get("X-Forwarded-Proto")
 	host := c.Request.Header.Get("X-Forwarded-Host")
 
-	labels, err := controller.docker.GetLabels(host)
+	hostWithoutPort := strings.Split(host, ":")[0]
+	id := strings.Split(hostWithoutPort, ".")[0]
+
+	labels, err := controller.Docker.GetLabels(id, hostWithoutPort)
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get labels from Docker")
-		controller.handleError(c, req, isBrowser)
+
+		if req.Proxy == "nginx" || !isBrowser {
+			c.JSON(500, gin.H{
+				"status":  500,
+				"message": "Internal Server Error",
+			})
+			return
+		}
+
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
 	clientIP := c.ClientIP()
 
-	if controller.auth.IsBypassedIP(labels.IP, clientIP) {
+	if controller.Auth.IsBypassedIP(labels.IP, clientIP) {
-		controller.setHeaders(c, labels)
+		c.Header("Authorization", c.Request.Header.Get("Authorization"))
+
+		headers := utils.ParseHeaders(labels.Response.Headers)
+
+		for key, value := range headers {
+			log.Debug().Str("header", key).Msg("Setting header")
+			c.Header(key, value)
+		}
+
+		basicPassword := utils.GetSecret(labels.Response.BasicAuth.Password, labels.Response.BasicAuth.PasswordFile)
+		if labels.Response.BasicAuth.Username != "" && basicPassword != "" {
+			log.Debug().Str("username", labels.Response.BasicAuth.Username).Msg("Setting basic auth header")
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Response.BasicAuth.Username, basicPassword)))
+		}
+
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
@@ -95,17 +112,41 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
-	authEnabled, err := controller.auth.IsAuthEnabled(uri, labels.Path)
+	authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels.Path)
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
-		controller.handleError(c, req, isBrowser)
+
+		if req.Proxy == "nginx" || !isBrowser {
+			c.JSON(500, gin.H{
+				"status":  500,
+				"message": "Internal Server Error",
+			})
+			return
+		}
+
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
 	if !authEnabled {
 		log.Debug().Msg("Authentication disabled for resource, allowing access")
-		controller.setHeaders(c, labels)
+
+		c.Header("Authorization", c.Request.Header.Get("Authorization"))
+
+		headers := utils.ParseHeaders(labels.Response.Headers)
+
+		for key, value := range headers {
+			log.Debug().Str("header", key).Msg("Setting header")
+			c.Header(key, value)
+		}
+
+		basicPassword := utils.GetSecret(labels.Response.BasicAuth.Password, labels.Response.BasicAuth.PasswordFile)
+		if labels.Response.BasicAuth.Username != "" && basicPassword != "" {
+			log.Debug().Str("username", labels.Response.BasicAuth.Username).Msg("Setting basic auth header")
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Response.BasicAuth.Username, basicPassword)))
+		}
+
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
@@ -113,7 +154,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
-	if !controller.auth.CheckIP(labels.IP, clientIP) {
+	if !controller.Auth.CheckIP(labels.IP, clientIP) {
 		if req.Proxy == "nginx" || !isBrowser {
 			c.JSON(401, gin.H{
 				"status":  401,
@@ -129,11 +170,11 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to encode unauthorized query")
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 			return
 		}
 
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 		return
 	}
 
@@ -156,7 +197,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	}
 
 	if userContext.IsLoggedIn {
-		appAllowed := controller.auth.IsResourceAllowed(c, userContext, labels)
+		appAllowed := controller.Auth.IsResourceAllowed(c, userContext, labels)
 
 		if !appAllowed {
 			log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
@@ -173,24 +214,24 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 				Resource: strings.Split(host, ".")[0],
 			})
 
-			if err != nil {
-				log.Error().Err(err).Msg("Failed to encode unauthorized query")
-				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
-				return
-			}
-
 			if userContext.OAuth {
 				queries.Set("username", userContext.Email)
 			} else {
 				queries.Set("username", userContext.Username)
 			}
 
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+			if err != nil {
+				log.Error().Err(err).Msg("Failed to encode unauthorized query")
+				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
+				return
+			}
+
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 			return
 		}
 
 		if userContext.OAuth {
-			groupOK := controller.auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
+			groupOK := controller.Auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
 
 			if !groupOK {
 				log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User OAuth groups do not match resource requirements")
@@ -208,29 +249,41 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 					GroupErr: true,
 				})
 
-				if err != nil {
-					log.Error().Err(err).Msg("Failed to encode unauthorized query")
-					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
-					return
-				}
-
 				if userContext.OAuth {
 					queries.Set("username", userContext.Email)
 				} else {
 					queries.Set("username", userContext.Username)
 				}
 
-				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+				if err != nil {
+					log.Error().Err(err).Msg("Failed to encode unauthorized query")
+					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
+					return
+				}
+
+				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 				return
 			}
 		}
 
+		c.Header("Authorization", c.Request.Header.Get("Authorization"))
 		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
 		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
 		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
 
-		controller.setHeaders(c, labels)
+		headers := utils.ParseHeaders(labels.Response.Headers)
+
+		for key, value := range headers {
+			log.Debug().Str("header", key).Msg("Setting header")
+			c.Header(key, value)
+		}
+
+		basicPassword := utils.GetSecret(labels.Response.BasicAuth.Password, labels.Response.BasicAuth.PasswordFile)
+		if labels.Response.BasicAuth.Username != "" && basicPassword != "" {
+			log.Debug().Str("username", labels.Response.BasicAuth.Username).Msg("Setting basic auth header")
+			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Response.BasicAuth.Username, basicPassword)))
+		}
 
 		c.JSON(200, gin.H{
 			"status":  200,
@@ -253,39 +306,9 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to encode redirect URI query")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.config.AppURL, queries.Encode()))
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.Config.AppURL, queries.Encode()))
-}
-
-func (controller *ProxyController) setHeaders(c *gin.Context, labels config.App) {
-	c.Header("Authorization", c.Request.Header.Get("Authorization"))
-
-	headers := utils.ParseHeaders(labels.Response.Headers)
-
-	for key, value := range headers {
-		log.Debug().Str("header", key).Msg("Setting header")
-		c.Header(key, value)
-	}
-
-	basicPassword := utils.GetSecret(labels.Response.BasicAuth.Password, labels.Response.BasicAuth.PasswordFile)
-
-	if labels.Response.BasicAuth.Username != "" && basicPassword != "" {
-		log.Debug().Str("username", labels.Response.BasicAuth.Username).Msg("Setting basic auth header")
-		c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Response.BasicAuth.Username, basicPassword)))
-	}
-}
-
-func (controller *ProxyController) handleError(c *gin.Context, req Proxy, isBrowser bool) {
-	if req.Proxy == "nginx" || !isBrowser {
-		c.JSON(500, gin.H{
-			"status":  500,
-			"message": "Internal Server Error",
-		})
-		return
-	}
-
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 }

internal/controller/proxy_controller_test.go

@@ -1,164 +0,0 @@
-package controller_test
-
-import (
-	"net/http/httptest"
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/controller"
-	"tinyauth/internal/service"
-
-	"github.com/gin-gonic/gin"
-	"gotest.tools/v3/assert"
-)
-
-func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder, *service.AuthService) {
-	// Setup
-	gin.SetMode(gin.TestMode)
-	router := gin.Default()
-
-	if middlewares != nil {
-		for _, m := range *middlewares {
-			router.Use(m)
-		}
-	}
-
-	group := router.Group("/api")
-	recorder := httptest.NewRecorder()
-
-	// Database
-	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
-		DatabasePath: "/tmp/tinyauth_test.db",
-	})
-
-	assert.NilError(t, databaseService.Init())
-
-	database := databaseService.GetDatabase()
-
-	// Docker
-	dockerService := service.NewDockerService()
-
-	assert.NilError(t, dockerService.Init())
-
-	// Auth service
-	authService := service.NewAuthService(service.AuthServiceConfig{
-		Users: []config.User{
-			{
-				Username: "testuser",
-				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
-			},
-		},
-		OauthWhitelist:    "",
-		SessionExpiry:     3600,
-		SecureCookie:      false,
-		CookieDomain:      "localhost",
-		LoginTimeout:      300,
-		LoginMaxRetries:   3,
-		SessionCookieName: "tinyauth-session",
-	}, dockerService, nil, database)
-
-	// Controller
-	ctrl := controller.NewProxyController(controller.ProxyControllerConfig{
-		AppURL: "http://localhost:8080",
-	}, group, dockerService, authService)
-	ctrl.SetupRoutes()
-
-	return router, recorder, authService
-}
-
-func TestProxyHandler(t *testing.T) {
-	// Setup
-	router, recorder, authService := setupProxyController(t, nil)
-
-	// Test invalid proxy
-	req := httptest.NewRequest("GET", "/api/auth/invalidproxy", nil)
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 400, recorder.Code)
-
-	// Test logged out user (traefik/caddy)
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
-	req.Header.Set("X-Forwarded-Proto", "https")
-	req.Header.Set("X-Forwarded-Host", "example.com")
-	req.Header.Set("X-Forwarded-Uri", "/somepath")
-	req.Header.Set("Accept", "text/html")
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 307, recorder.Code)
-	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
-
-	// Test logged out user (nginx)
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("GET", "/api/auth/nginx", nil)
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 401, recorder.Code)
-
-	// Test logged in user
-	c := gin.CreateTestContextOnly(recorder, router)
-
-	err := authService.CreateSessionCookie(c, &config.SessionCookie{
-		Username:    "testuser",
-		Name:        "testuser",
-		Email:       "testuser@example.com",
-		Provider:    "username",
-		TotpPending: false,
-		OAuthGroups: "",
-	})
-
-	assert.NilError(t, err)
-
-	cookie := c.Writer.Header().Get("Set-Cookie")
-
-	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
-		func(c *gin.Context) {
-			c.Set("context", &config.UserContext{
-				Username:    "testuser",
-				Name:        "testuser",
-				Email:       "testuser@example.com",
-				IsLoggedIn:  true,
-				OAuth:       false,
-				Provider:    "username",
-				TotpPending: false,
-				OAuthGroups: "",
-				TotpEnabled: false,
-			})
-			c.Next()
-		},
-	})
-
-	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
-	req.Header.Set("Cookie", cookie)
-	req.Header.Set("Accept", "text/html")
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	assert.Equal(t, "testuser", recorder.Header().Get("Remote-User"))
-	assert.Equal(t, "testuser", recorder.Header().Get("Remote-Name"))
-	assert.Equal(t, "testuser@example.com", recorder.Header().Get("Remote-Email"))
-
-	// Ensure basic auth is disabled for TOTP enabled users
-	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
-		func(c *gin.Context) {
-			c.Set("context", &config.UserContext{
-				Username:    "testuser",
-				Name:        "testuser",
-				Email:       "testuser@example.com",
-				IsLoggedIn:  true,
-				OAuth:       false,
-				Provider:    "basic",
-				TotpPending: false,
-				OAuthGroups: "",
-				TotpEnabled: true,
-			})
-			c.Next()
-		},
-	})
-
-	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
-	req.SetBasicAuth("testuser", "test")
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 401, recorder.Code)
-}

internal/controller/resources_controller.go

@@ -11,32 +11,32 @@ type ResourcesControllerConfig struct {
 }
 
 type ResourcesController struct {
-	config     ResourcesControllerConfig
+	Config     ResourcesControllerConfig
-	router     *gin.RouterGroup
+	Router     *gin.RouterGroup
-	fileServer http.Handler
+	FileServer http.Handler
 }
 
 func NewResourcesController(config ResourcesControllerConfig, router *gin.RouterGroup) *ResourcesController {
 	fileServer := http.StripPrefix("/resources", http.FileServer(http.Dir(config.ResourcesDir)))
 
 	return &ResourcesController{
-		config:     config,
+		Config:     config,
-		router:     router,
+		Router:     router,
-		fileServer: fileServer,
+		FileServer: fileServer,
 	}
 }
 
 func (controller *ResourcesController) SetupRoutes() {
-	controller.router.GET("/resources/*resource", controller.resourcesHandler)
+	controller.Router.GET("/resources/*resource", controller.resourcesHandler)
 }
 
 func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
-	if controller.config.ResourcesDir == "" {
+	if controller.Config.ResourcesDir == "" {
 		c.JSON(404, gin.H{
 			"status":  404,
 			"message": "Resources not found",
 		})
 		return
 	}
-	controller.fileServer.ServeHTTP(c.Writer, c.Request)
+	controller.FileServer.ServeHTTP(c.Writer, c.Request)
 }

internal/controller/resources_controller_test.go

@@ -1,57 +0,0 @@
-package controller_test
-
-import (
-	"net/http/httptest"
-	"os"
-	"testing"
-	"tinyauth/internal/controller"
-
-	"github.com/gin-gonic/gin"
-	"gotest.tools/v3/assert"
-)
-
-func TestResourcesHandler(t *testing.T) {
-	// Setup
-	gin.SetMode(gin.TestMode)
-	router := gin.New()
-	group := router.Group("/")
-
-	ctrl := controller.NewResourcesController(controller.ResourcesControllerConfig{
-		ResourcesDir: "/tmp/tinyauth",
-	}, group)
-	ctrl.SetupRoutes()
-
-	// Create test data
-	err := os.Mkdir("/tmp/tinyauth", 0755)
-	assert.NilError(t, err)
-	defer os.RemoveAll("/tmp/tinyauth")
-
-	file, err := os.Create("/tmp/tinyauth/test.txt")
-	assert.NilError(t, err)
-
-	_, err = file.WriteString("This is a test file.")
-	assert.NilError(t, err)
-	file.Close()
-
-	// Test existing file
-	req := httptest.NewRequest("GET", "/resources/test.txt", nil)
-	recorder := httptest.NewRecorder()
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-	assert.Equal(t, "This is a test file.", recorder.Body.String())
-
-	// Test non-existing file
-	req = httptest.NewRequest("GET", "/resources/nonexistent.txt", nil)
-	recorder = httptest.NewRecorder()
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 404, recorder.Code)
-
-	// Test directory traversal attack
-	req = httptest.NewRequest("GET", "/resources/../etc/passwd", nil)
-	recorder = httptest.NewRecorder()
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 404, recorder.Code)
-}

internal/controller/user_controller.go

@@ -22,25 +22,25 @@ type TotpRequest struct {
 }
 
 type UserControllerConfig struct {
-	CookieDomain string
+	RootDomain string
 }
 
 type UserController struct {
-	config UserControllerConfig
+	Config UserControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
-	auth   *service.AuthService
+	Auth   *service.AuthService
 }
 
 func NewUserController(config UserControllerConfig, router *gin.RouterGroup, auth *service.AuthService) *UserController {
 	return &UserController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
-		auth:   auth,
+		Auth:   auth,
 	}
 }
 
 func (controller *UserController) SetupRoutes() {
-	userGroup := controller.router.Group("/user")
+	userGroup := controller.Router.Group("/user")
 	userGroup.POST("/login", controller.loginHandler)
 	userGroup.POST("/logout", controller.logoutHandler)
 	userGroup.POST("/totp", controller.totpHandler)
@@ -69,7 +69,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 
 	log.Debug().Str("username", req.Username).Str("ip", clientIP).Msg("Login attempt")
 
-	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
+	isLocked, remainingTime := controller.Auth.IsAccountLocked(rateIdentifier)
 
 	if isLocked {
 		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed login attempts")
@@ -80,11 +80,11 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		return
 	}
 
-	userSearch := controller.auth.SearchUser(req.Username)
+	userSearch := controller.Auth.SearchUser(req.Username)
 
-	if userSearch.Type == "unknown" {
+	if userSearch.Type == "" {
 		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("User not found")
-		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		controller.Auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -92,9 +92,9 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		return
 	}
 
-	if !controller.auth.VerifyUser(userSearch, req.Password) {
+	if !controller.Auth.VerifyUser(userSearch, req.Password) {
 		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Invalid password")
-		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		controller.Auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -104,18 +104,18 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 
 	log.Info().Str("username", req.Username).Str("ip", clientIP).Msg("Login successful")
 
-	controller.auth.RecordLoginAttempt(rateIdentifier, true)
+	controller.Auth.RecordLoginAttempt(rateIdentifier, true)
 
 	if userSearch.Type == "local" {
-		user := controller.auth.GetLocalUser(userSearch.Username)
+		user := controller.Auth.GetLocalUser(userSearch.Username)
 
 		if user.TotpSecret != "" {
 			log.Debug().Str("username", req.Username).Msg("User has TOTP enabled, requiring TOTP verification")
 
-			err := controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+			err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
 				Provider:    "username",
 				TotpPending: true,
 			})
@@ -138,10 +138,10 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		}
 	}
 
-	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
 		Provider: "username",
 	})
 
@@ -163,7 +163,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 func (controller *UserController) logoutHandler(c *gin.Context) {
 	log.Debug().Msg("Logout request received")
 
-	controller.auth.DeleteSessionCookie(c)
+	controller.Auth.DeleteSessionCookie(c)
 
 	c.JSON(200, gin.H{
 		"status":  200,
@@ -214,24 +214,24 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 
 	log.Debug().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification attempt")
 
-	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
+	isLocked, remainingTime := controller.Auth.IsAccountLocked(rateIdentifier)
 
 	if isLocked {
 		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed TOTP attempts")
 		c.JSON(429, gin.H{
 			"status":  429,
-			"message": fmt.Sprintf("Too many failed TOTP attempts. Try again in %d seconds", remainingTime),
+			"message": fmt.Sprintf("Too many failed login attempts. Try again in %d seconds", remainingTime),
 		})
 		return
 	}
 
-	user := controller.auth.GetLocalUser(context.Username)
+	user := controller.Auth.GetLocalUser(context.Username)
 
 	ok := totp.Validate(req.Code, user.TotpSecret)
 
 	if !ok {
 		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Invalid TOTP code")
-		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		controller.Auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -241,12 +241,12 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 
 	log.Info().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification successful")
 
-	controller.auth.RecordLoginAttempt(rateIdentifier, true)
+	controller.Auth.RecordLoginAttempt(rateIdentifier, true)
 
-	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.CookieDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.RootDomain),
 		Provider: "username",
 	})
 

internal/controller/user_controller_test.go

@@ -1,297 +0,0 @@
-package controller_test
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-	"time"
-	"tinyauth/internal/config"
-	"tinyauth/internal/controller"
-	"tinyauth/internal/service"
-
-	"github.com/gin-gonic/gin"
-	"github.com/pquerna/otp/totp"
-	"gotest.tools/v3/assert"
-)
-
-var cookieValue string
-var totpSecret = "6WFZXPEZRK5MZHHYAFW4DAOUYQMCASBJ"
-
-func setupUserController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
-	// Setup
-	gin.SetMode(gin.TestMode)
-	router := gin.Default()
-
-	if middlewares != nil {
-		for _, m := range *middlewares {
-			router.Use(m)
-		}
-	}
-
-	group := router.Group("/api")
-	recorder := httptest.NewRecorder()
-
-	// Database
-	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
-		DatabasePath: "/tmp/tinyauth_test.db",
-	})
-
-	assert.NilError(t, databaseService.Init())
-
-	database := databaseService.GetDatabase()
-
-	// Auth service
-	authService := service.NewAuthService(service.AuthServiceConfig{
-		Users: []config.User{
-			{
-				Username: "testuser",
-				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
-			},
-			{
-				Username:   "totpuser",
-				Password:   "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
-				TotpSecret: totpSecret,
-			},
-		},
-		OauthWhitelist:    "",
-		SessionExpiry:     3600,
-		SecureCookie:      false,
-		CookieDomain:      "localhost",
-		LoginTimeout:      300,
-		LoginMaxRetries:   3,
-		SessionCookieName: "tinyauth-session",
-	}, nil, nil, database)
-
-	// Controller
-	ctrl := controller.NewUserController(controller.UserControllerConfig{
-		CookieDomain: "localhost",
-	}, group, authService)
-	ctrl.SetupRoutes()
-
-	return router, recorder
-}
-
-func TestLoginHandler(t *testing.T) {
-	// Setup
-	router, recorder := setupUserController(t, nil)
-
-	loginReq := controller.LoginRequest{
-		Username: "testuser",
-		Password: "test",
-	}
-
-	loginReqJson, err := json.Marshal(loginReq)
-	assert.NilError(t, err)
-
-	// Test
-	req := httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	cookie := recorder.Result().Cookies()[0]
-
-	assert.Equal(t, "tinyauth-session", cookie.Name)
-	assert.Assert(t, cookie.Value != "")
-
-	cookieValue = cookie.Value
-
-	// Test invalid credentials
-	loginReq = controller.LoginRequest{
-		Username: "testuser",
-		Password: "invalid",
-	}
-
-	loginReqJson, err = json.Marshal(loginReq)
-	assert.NilError(t, err)
-
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 401, recorder.Code)
-
-	// Test totp required
-	loginReq = controller.LoginRequest{
-		Username: "totpuser",
-		Password: "test",
-	}
-
-	loginReqJson, err = json.Marshal(loginReq)
-	assert.NilError(t, err)
-
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	loginResJson, err := json.Marshal(map[string]any{
-		"message":     "TOTP required",
-		"status":      200,
-		"totpPending": true,
-	})
-
-	assert.NilError(t, err)
-	assert.Equal(t, string(loginResJson), recorder.Body.String())
-
-	// Test invalid json
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader("{invalid json}"))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 400, recorder.Code)
-
-	// Test rate limiting
-	loginReq = controller.LoginRequest{
-		Username: "testuser",
-		Password: "invalid",
-	}
-
-	loginReqJson, err = json.Marshal(loginReq)
-	assert.NilError(t, err)
-
-	for range 5 {
-		recorder = httptest.NewRecorder()
-		req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
-		router.ServeHTTP(recorder, req)
-	}
-
-	assert.Equal(t, 429, recorder.Code)
-}
-
-func TestLogoutHandler(t *testing.T) {
-	// Setup
-	router, recorder := setupUserController(t, nil)
-
-	// Test
-	req := httptest.NewRequest("POST", "/api/user/logout", nil)
-
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth-session",
-		Value: cookieValue,
-	})
-
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	cookie := recorder.Result().Cookies()[0]
-
-	assert.Equal(t, "tinyauth-session", cookie.Name)
-	assert.Equal(t, "", cookie.Value)
-	assert.Equal(t, -1, cookie.MaxAge)
-}
-
-func TestTotpHandler(t *testing.T) {
-	// Setup
-	router, recorder := setupUserController(t, &[]gin.HandlerFunc{
-		func(c *gin.Context) {
-			c.Set("context", &config.UserContext{
-				Username:    "totpuser",
-				Name:        "totpuser",
-				Email:       "totpuser@example.com",
-				IsLoggedIn:  false,
-				OAuth:       false,
-				Provider:    "username",
-				TotpPending: true,
-				OAuthGroups: "",
-				TotpEnabled: true,
-			})
-			c.Next()
-		},
-	})
-
-	// Test
-	code, err := totp.GenerateCode(totpSecret, time.Now())
-
-	assert.NilError(t, err)
-
-	totpReq := controller.TotpRequest{
-		Code: code,
-	}
-
-	totpReqJson, err := json.Marshal(totpReq)
-	assert.NilError(t, err)
-
-	req := httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 200, recorder.Code)
-
-	cookie := recorder.Result().Cookies()[0]
-
-	assert.Equal(t, "tinyauth-session", cookie.Name)
-	assert.Assert(t, cookie.Value != "")
-
-	// Test invalid json
-	recorder = httptest.NewRecorder()
-	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader("{invalid json}"))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 400, recorder.Code)
-
-	// Test rate limiting
-	totpReq = controller.TotpRequest{
-		Code: "000000",
-	}
-
-	totpReqJson, err = json.Marshal(totpReq)
-	assert.NilError(t, err)
-
-	for range 5 {
-		recorder = httptest.NewRecorder()
-		req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
-		router.ServeHTTP(recorder, req)
-	}
-
-	assert.Equal(t, 429, recorder.Code)
-
-	// Test invalid code
-	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
-		func(c *gin.Context) {
-			c.Set("context", &config.UserContext{
-				Username:    "totpuser",
-				Name:        "totpuser",
-				Email:       "totpuser@example.com",
-				IsLoggedIn:  false,
-				OAuth:       false,
-				Provider:    "username",
-				TotpPending: true,
-				OAuthGroups: "",
-				TotpEnabled: true,
-			})
-			c.Next()
-		},
-	})
-
-	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 401, recorder.Code)
-
-	// Test no totp pending
-	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
-		func(c *gin.Context) {
-			c.Set("context", &config.UserContext{
-				Username:    "totpuser",
-				Name:        "totpuser",
-				Email:       "totpuser@example.com",
-				IsLoggedIn:  false,
-				OAuth:       false,
-				Provider:    "username",
-				TotpPending: false,
-				OAuthGroups: "",
-				TotpEnabled: false,
-			})
-			c.Next()
-		},
-	})
-
-	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
-	router.ServeHTTP(recorder, req)
-
-	assert.Equal(t, 401, recorder.Code)
-}

internal/middleware/context_middleware.go

@@ -12,20 +12,20 @@ import (
 )
 
 type ContextMiddlewareConfig struct {
-	CookieDomain string
+	RootDomain string
 }
 
 type ContextMiddleware struct {
-	config ContextMiddlewareConfig
+	Config ContextMiddlewareConfig
-	auth   *service.AuthService
+	Auth   *service.AuthService
-	broker *service.OAuthBrokerService
+	Broker *service.OAuthBrokerService
 }
 
 func NewContextMiddleware(config ContextMiddlewareConfig, auth *service.AuthService, broker *service.OAuthBrokerService) *ContextMiddleware {
 	return &ContextMiddleware{
-		config: config,
+		Config: config,
-		auth:   auth,
+		Auth:   auth,
-		broker: broker,
+		Broker: broker,
 	}
 }
 
@@ -35,7 +35,7 @@ func (m *ContextMiddleware) Init() error {
 
 func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		cookie, err := m.auth.GetSessionCookie(c)
+		cookie, err := m.Auth.GetSessionCookie(c)
 
 		if err != nil {
 			log.Debug().Err(err).Msg("No valid session cookie found")
@@ -57,11 +57,11 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 
 		switch cookie.Provider {
 		case "username":
-			userSearch := m.auth.SearchUser(cookie.Username)
+			userSearch := m.Auth.SearchUser(cookie.Username)
 
-			if userSearch.Type == "unknown" || userSearch.Type == "error" {
+			if userSearch.Type == "unknown" {
 				log.Debug().Msg("User from session cookie not found")
-				m.auth.DeleteSessionCookie(c)
+				m.Auth.DeleteSessionCookie(c)
 				goto basic
 			}
 
@@ -75,17 +75,17 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Next()
 			return
 		default:
-			_, exists := m.broker.GetService(cookie.Provider)
+			_, exists := m.Broker.GetService(cookie.Provider)
 
 			if !exists {
 				log.Debug().Msg("OAuth provider from session cookie not found")
-				m.auth.DeleteSessionCookie(c)
+				m.Auth.DeleteSessionCookie(c)
 				goto basic
 			}
 
-			if !m.auth.IsEmailWhitelisted(cookie.Email) {
+			if !m.Auth.IsEmailWhitelisted(cookie.Email) {
 				log.Debug().Msg("Email from session cookie not whitelisted")
-				m.auth.DeleteSessionCookie(c)
+				m.Auth.DeleteSessionCookie(c)
 				goto basic
 			}
 
@@ -95,7 +95,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				Email:       cookie.Email,
 				Provider:    cookie.Provider,
 				OAuthGroups: cookie.OAuthGroups,
-				OAuthName:   cookie.OAuthName,
 				IsLoggedIn:  true,
 				OAuth:       true,
 			})
@@ -104,7 +103,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		}
 
 	basic:
-		basic := m.auth.GetBasicAuth(c)
+		basic := m.Auth.GetBasicAuth(c)
 
 		if basic == nil {
 			log.Debug().Msg("No basic auth provided")
@@ -112,15 +111,15 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			return
 		}
 
-		userSearch := m.auth.SearchUser(basic.Username)
+		userSearch := m.Auth.SearchUser(basic.Username)
 
-		if userSearch.Type == "unknown" || userSearch.Type == "error" {
+		if userSearch.Type == "unknown" {
 			log.Debug().Msg("User from basic auth not found")
 			c.Next()
 			return
 		}
 
-		if !m.auth.VerifyUser(userSearch, basic.Password) {
+		if !m.Auth.VerifyUser(userSearch, basic.Password) {
 			log.Debug().Msg("Invalid password for basic auth user")
 			c.Next()
 			return
@@ -130,12 +129,12 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		case "local":
 			log.Debug().Msg("Basic auth user is local")
 
-			user := m.auth.GetLocalUser(basic.Username)
+			user := m.Auth.GetLocalUser(basic.Username)
 
 			c.Set("context", &config.UserContext{
 				Username:    user.Username,
 				Name:        utils.Capitalize(user.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.CookieDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.RootDomain),
 				Provider:    "basic",
 				IsLoggedIn:  true,
 				TotpEnabled: user.TotpSecret != "",
@@ -147,7 +146,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:   basic.Username,
 				Name:       utils.Capitalize(basic.Username),
-				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.CookieDomain),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.RootDomain),
 				Provider:   "basic",
 				IsLoggedIn: true,
 			})

internal/middleware/ui_middleware.go

@@ -11,8 +11,8 @@ import (
 )
 
 type UIMiddleware struct {
-	uiFs         fs.FS
+	UIFS         fs.FS
-	uiFileServer http.Handler
+	UIFileServer http.Handler
 }
 
 func NewUIMiddleware() *UIMiddleware {
@@ -26,8 +26,8 @@ func (m *UIMiddleware) Init() error {
 		return err
 	}
 
-	m.uiFs = ui
+	m.UIFS = ui
-	m.uiFileServer = http.FileServer(http.FS(ui))
+	m.UIFileServer = http.FileServer(http.FS(ui))
 
 	return nil
 }
@@ -42,13 +42,13 @@ func (m *UIMiddleware) Middleware() gin.HandlerFunc {
 			c.Next()
 			return
 		default:
-			_, err := fs.Stat(m.uiFs, strings.TrimPrefix(c.Request.URL.Path, "/"))
+			_, err := fs.Stat(m.UIFS, strings.TrimPrefix(c.Request.URL.Path, "/"))
 
 			if os.IsNotExist(err) {
 				c.Request.URL.Path = "/"
 			}
 
-			m.uiFileServer.ServeHTTP(c.Writer, c.Request)
+			m.UIFileServer.ServeHTTP(c.Writer, c.Request)
 			c.Abort()
 			return
 		}

internal/model/session_model.go

@@ -9,5 +9,4 @@ type Session struct {
 	TOTPPending bool   `gorm:"column:totp_pending"`
 	OAuthGroups string `gorm:"column:oauth_groups"`
 	Expiry      int64  `gorm:"column:expiry"`
-	OAuthName   string `gorm:"column:oauth_name"`
 }

internal/service/auth_service.go

@@ -28,28 +28,28 @@ type AuthServiceConfig struct {
 	OauthWhitelist    string
 	SessionExpiry     int
 	SecureCookie      bool
-	CookieDomain      string
+	RootDomain        string
 	LoginTimeout      int
 	LoginMaxRetries   int
 	SessionCookieName string
 }
 
 type AuthService struct {
-	config        AuthServiceConfig
+	Config        AuthServiceConfig
-	docker        *DockerService
+	Docker        *DockerService
-	loginAttempts map[string]*LoginAttempt
+	LoginAttempts map[string]*LoginAttempt
-	loginMutex    sync.RWMutex
+	LoginMutex    sync.RWMutex
-	ldap          *LdapService
+	LDAP          *LdapService
-	database      *gorm.DB
+	Database      *gorm.DB
 }
 
 func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
 	return &AuthService{
-		config:        config,
+		Config:        config,
-		docker:        docker,
+		Docker:        docker,
-		loginAttempts: make(map[string]*LoginAttempt),
+		LoginAttempts: make(map[string]*LoginAttempt),
-		ldap:          ldap,
+		LDAP:          ldap,
-		database:      database,
+		Database:      database,
 	}
 }
 
@@ -65,14 +65,12 @@ func (auth *AuthService) SearchUser(username string) config.UserSearch {
 		}
 	}
 
-	if auth.ldap != nil {
+	if auth.LDAP != nil {
-		userDN, err := auth.ldap.Search(username)
+		userDN, err := auth.LDAP.Search(username)
 
 		if err != nil {
 			log.Warn().Err(err).Str("username", username).Msg("Failed to search for user in LDAP")
-			return config.UserSearch{
+			return config.UserSearch{}
-				Type: "error",
-			}
 		}
 
 		return config.UserSearch{
@@ -92,14 +90,14 @@ func (auth *AuthService) VerifyUser(search config.UserSearch, password string) b
 		user := auth.GetLocalUser(search.Username)
 		return auth.CheckPassword(user, password)
 	case "ldap":
-		if auth.ldap != nil {
+		if auth.LDAP != nil {
-			err := auth.ldap.Bind(search.Username, password)
+			err := auth.LDAP.Bind(search.Username, password)
 			if err != nil {
 				log.Warn().Err(err).Str("username", search.Username).Msg("Failed to bind to LDAP")
 				return false
 			}
 
-			err = auth.ldap.Bind(auth.ldap.Config.BindDN, auth.ldap.Config.BindPassword)
+			err = auth.LDAP.Bind(auth.LDAP.Config.BindDN, auth.LDAP.Config.BindPassword)
 			if err != nil {
 				log.Error().Err(err).Msg("Failed to rebind with service account after user authentication")
 				return false
@@ -117,7 +115,7 @@ func (auth *AuthService) VerifyUser(search config.UserSearch, password string) b
 }
 
 func (auth *AuthService) GetLocalUser(username string) config.User {
-	for _, user := range auth.config.Users {
+	for _, user := range auth.Config.Users {
 		if user.Username == username {
 			return user
 		}
@@ -132,14 +130,14 @@ func (auth *AuthService) CheckPassword(user config.User, password string) bool {
 }
 
 func (auth *AuthService) IsAccountLocked(identifier string) (bool, int) {
-	auth.loginMutex.RLock()
+	auth.LoginMutex.RLock()
-	defer auth.loginMutex.RUnlock()
+	defer auth.LoginMutex.RUnlock()
 
-	if auth.config.LoginMaxRetries <= 0 || auth.config.LoginTimeout <= 0 {
+	if auth.Config.LoginMaxRetries <= 0 || auth.Config.LoginTimeout <= 0 {
 		return false, 0
 	}
 
-	attempt, exists := auth.loginAttempts[identifier]
+	attempt, exists := auth.LoginAttempts[identifier]
 	if !exists {
 		return false, 0
 	}
@@ -153,17 +151,17 @@ func (auth *AuthService) IsAccountLocked(identifier string) (bool, int) {
 }
 
 func (auth *AuthService) RecordLoginAttempt(identifier string, success bool) {
-	if auth.config.LoginMaxRetries <= 0 || auth.config.LoginTimeout <= 0 {
+	if auth.Config.LoginMaxRetries <= 0 || auth.Config.LoginTimeout <= 0 {
 		return
 	}
 
-	auth.loginMutex.Lock()
+	auth.LoginMutex.Lock()
-	defer auth.loginMutex.Unlock()
+	defer auth.LoginMutex.Unlock()
 
-	attempt, exists := auth.loginAttempts[identifier]
+	attempt, exists := auth.LoginAttempts[identifier]
 	if !exists {
 		attempt = &LoginAttempt{}
-		auth.loginAttempts[identifier] = attempt
+		auth.LoginAttempts[identifier] = attempt
 	}
 
 	attempt.LastAttempt = time.Now()
@@ -176,14 +174,14 @@ func (auth *AuthService) RecordLoginAttempt(identifier string, success bool) {
 
 	attempt.FailedAttempts++
 
-	if attempt.FailedAttempts >= auth.config.LoginMaxRetries {
+	if attempt.FailedAttempts >= auth.Config.LoginMaxRetries {
-		attempt.LockedUntil = time.Now().Add(time.Duration(auth.config.LoginTimeout) * time.Second)
+		attempt.LockedUntil = time.Now().Add(time.Duration(auth.Config.LoginTimeout) * time.Second)
-		log.Warn().Str("identifier", identifier).Int("timeout", auth.config.LoginTimeout).Msg("Account locked due to too many failed login attempts")
+		log.Warn().Str("identifier", identifier).Int("timeout", auth.Config.LoginTimeout).Msg("Account locked due to too many failed login attempts")
 	}
 }
 
 func (auth *AuthService) IsEmailWhitelisted(email string) bool {
-	return utils.CheckFilter(auth.config.OauthWhitelist, email)
+	return utils.CheckFilter(auth.Config.OauthWhitelist, email)
 }
 
 func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.SessionCookie) error {
@@ -198,7 +196,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 	if data.TotpPending {
 		expiry = 3600
 	} else {
-		expiry = auth.config.SessionExpiry
+		expiry = auth.Config.SessionExpiry
 	}
 
 	session := model.Session{
@@ -210,40 +208,39 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		TOTPPending: data.TotpPending,
 		OAuthGroups: data.OAuthGroups,
 		Expiry:      time.Now().Add(time.Duration(expiry) * time.Second).Unix(),
-		OAuthName:   data.OAuthName,
 	}
 
-	err = auth.database.Create(&session).Error
+	err = auth.Database.Create(&session).Error
 
 	if err != nil {
 		return err
 	}
 
-	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.Config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.Config.RootDomain), auth.Config.SecureCookie, true)
 
 	return nil
 }
 
 func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
-	cookie, err := c.Cookie(auth.config.SessionCookieName)
+	cookie, err := c.Cookie(auth.Config.SessionCookieName)
 
 	if err != nil {
 		return err
 	}
 
-	res := auth.database.Unscoped().Where("uuid = ?", cookie).Delete(&model.Session{})
+	res := auth.Database.Unscoped().Where("uuid = ?", cookie).Delete(&model.Session{})
 
 	if res.Error != nil {
 		return res.Error
 	}
 
-	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.RootDomain), auth.Config.SecureCookie, true)
 
 	return nil
 }
 
 func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie, error) {
-	cookie, err := c.Cookie(auth.config.SessionCookieName)
+	cookie, err := c.Cookie(auth.Config.SessionCookieName)
 
 	if err != nil {
 		return config.SessionCookie{}, err
@@ -251,7 +248,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 
 	var session model.Session
 
-	res := auth.database.Unscoped().Where("uuid = ?", cookie).First(&session)
+	res := auth.Database.Unscoped().Where("uuid = ?", cookie).First(&session)
 
 	if res.Error != nil {
 		return config.SessionCookie{}, res.Error
@@ -264,7 +261,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 	currentTime := time.Now().Unix()
 
 	if currentTime > session.Expiry {
-		res := auth.database.Unscoped().Where("uuid = ?", session.UUID).Delete(&model.Session{})
+		res := auth.Database.Unscoped().Where("uuid = ?", session.UUID).Delete(&model.Session{})
 		if res.Error != nil {
 			log.Error().Err(res.Error).Msg("Failed to delete expired session")
 		}
@@ -279,15 +276,14 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		Provider:    session.Provider,
 		TotpPending: session.TOTPPending,
 		OAuthGroups: session.OAuthGroups,
-		OAuthName:   session.OAuthName,
 	}, nil
 }
 
 func (auth *AuthService) UserAuthConfigured() bool {
-	return len(auth.config.Users) > 0 || auth.ldap != nil
+	return len(auth.Config.Users) > 0 || auth.LDAP != nil
 }
 
-func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.App) bool {
+func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.AppLabels) bool {
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
 		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
@@ -324,7 +320,7 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 	return false
 }
 
-func (auth *AuthService) IsAuthEnabled(uri string, path config.AppPath) (bool, error) {
+func (auth *AuthService) IsAuthEnabled(uri string, path config.PathLabels) (bool, error) {
 	// Check for block list
 	if path.Block != "" {
 		regex, err := regexp.Compile(path.Block)
@@ -366,7 +362,7 @@ func (auth *AuthService) GetBasicAuth(c *gin.Context) *config.User {
 	}
 }
 
-func (auth *AuthService) CheckIP(labels config.AppIP, ip string) bool {
+func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
 	for _, blocked := range labels.Block {
 		res, err := utils.FilterIP(blocked, ip)
 		if err != nil {
@@ -400,7 +396,7 @@ func (auth *AuthService) CheckIP(labels config.AppIP, ip string) bool {
 	return true
 }
 
-func (auth *AuthService) IsBypassedIP(labels config.AppIP, ip string) bool {
+func (auth *AuthService) IsBypassedIP(labels config.IPLabels, ip string) bool {
 	for _, bypassed := range labels.Bypass {
 		res, err := utils.FilterIP(bypassed, ip)
 		if err != nil {

internal/service/database_service.go

@@ -16,18 +16,18 @@ type DatabaseServiceConfig struct {
 }
 
 type DatabaseService struct {
-	config   DatabaseServiceConfig
+	Config   DatabaseServiceConfig
-	database *gorm.DB
+	Database *gorm.DB
 }
 
 func NewDatabaseService(config DatabaseServiceConfig) *DatabaseService {
 	return &DatabaseService{
-		config: config,
+		Config: config,
 	}
 }
 
 func (ds *DatabaseService) Init() error {
-	gormDB, err := gorm.Open(sqlite.Open(ds.config.DatabasePath), &gorm.Config{})
+	gormDB, err := gorm.Open(sqlite.Open(ds.Config.DatabasePath), &gorm.Config{})
 
 	if err != nil {
 		return err
@@ -47,7 +47,7 @@ func (ds *DatabaseService) Init() error {
 		return err
 	}
 
-	ds.database = gormDB
+	ds.Database = gormDB
 	return nil
 }
 
@@ -74,5 +74,5 @@ func (ds *DatabaseService) migrateDatabase(sqlDB *sql.DB) error {
 }
 
 func (ds *DatabaseService) GetDatabase() *gorm.DB {
-	return ds.database
+	return ds.Database
 }

internal/service/docker_service.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"strings"
 	"tinyauth/internal/config"
-	"tinyauth/internal/utils/decoders"
+	"tinyauth/internal/utils"
 
 	container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
@@ -12,8 +12,8 @@ import (
 )
 
 type DockerService struct {
-	client  *client.Client
+	Client  *client.Client
-	context context.Context
+	Context context.Context
 }
 
 func NewDockerService() *DockerService {
@@ -29,13 +29,13 @@ func (docker *DockerService) Init() error {
 	ctx := context.Background()
 	client.NegotiateAPIVersion(ctx)
 
-	docker.client = client
+	docker.Client = client
-	docker.context = ctx
+	docker.Context = ctx
 	return nil
 }
 
 func (docker *DockerService) GetContainers() ([]container.Summary, error) {
-	containers, err := docker.client.ContainerList(docker.context, container.ListOptions{})
+	containers, err := docker.Client.ContainerList(docker.Context, container.ListOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -43,7 +43,7 @@ func (docker *DockerService) GetContainers() ([]container.Summary, error) {
 }
 
 func (docker *DockerService) InspectContainer(containerId string) (container.InspectResponse, error) {
-	inspect, err := docker.client.ContainerInspect(docker.context, containerId)
+	inspect, err := docker.Client.ContainerInspect(docker.Context, containerId)
 	if err != nil {
 		return container.InspectResponse{}, err
 	}
@@ -51,38 +51,38 @@ func (docker *DockerService) InspectContainer(containerId string) (container.Ins
 }
 
 func (docker *DockerService) DockerConnected() bool {
-	_, err := docker.client.Ping(docker.context)
+	_, err := docker.Client.Ping(docker.Context)
 	return err == nil
 }
 
-func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {
+func (docker *DockerService) GetLabels(app string, domain string) (config.AppLabels, error) {
 	isConnected := docker.DockerConnected()
 
 	if !isConnected {
 		log.Debug().Msg("Docker not connected, returning empty labels")
-		return config.App{}, nil
+		return config.AppLabels{}, nil
 	}
 
 	containers, err := docker.GetContainers()
 	if err != nil {
-		return config.App{}, err
+		return config.AppLabels{}, err
 	}
 
-	for _, ctr := range containers {
+	for _, container := range containers {
-		inspect, err := docker.InspectContainer(ctr.ID)
+		inspect, err := docker.InspectContainer(container.ID)
 		if err != nil {
-			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error inspecting container, skipping")
+			log.Warn().Str("id", container.ID).Err(err).Msg("Error inspecting container, skipping")
 			continue
 		}
 
-		labels, err := decoders.DecodeLabels(inspect.Config.Labels)
+		labels, err := utils.GetLabels(inspect.Config.Labels)
 		if err != nil {
-			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error getting container labels, skipping")
+			log.Warn().Str("id", container.ID).Err(err).Msg("Error getting container labels, skipping")
 			continue
 		}
 
 		for appName, appLabels := range labels.Apps {
-			if appLabels.Config.Domain == appDomain {
+			if appLabels.Config.Domain == domain {
 				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
 				return appLabels, nil
 			}
@@ -95,5 +95,5 @@ func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {
 	}
 
 	log.Debug().Msg("No matching container found, returning empty labels")
-	return config.App{}, nil
+	return config.AppLabels{}, nil
 }

internal/service/generic_oauth_service.go

@@ -16,18 +16,17 @@ import (
 )
 
 type GenericOAuthService struct {
-	config             oauth2.Config
+	Config             oauth2.Config
-	context            context.Context
+	Context            context.Context
-	token              *oauth2.Token
+	Token              *oauth2.Token
-	verifier           string
+	Verifier           string
-	insecureSkipVerify bool
+	InsecureSkipVerify bool
-	userinfoUrl        string
+	UserinfoURL        string
-	name               string
 }
 
 func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthService {
 	return &GenericOAuthService{
-		config: oauth2.Config{
+		Config: oauth2.Config{
 			ClientID:     config.ClientID,
 			ClientSecret: config.ClientSecret,
 			RedirectURL:  config.RedirectURL,
@@ -37,16 +36,15 @@ func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthServi
 				TokenURL: config.TokenURL,
 			},
 		},
-		insecureSkipVerify: config.InsecureSkipVerify,
+		InsecureSkipVerify: config.InsecureSkipVerify,
-		userinfoUrl:        config.UserinfoURL,
+		UserinfoURL:        config.UserinfoURL,
-		name:               config.Name,
 	}
 }
 
 func (generic *GenericOAuthService) Init() error {
 	transport := &http.Transport{
 		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: generic.insecureSkipVerify,
+			InsecureSkipVerify: generic.InsecureSkipVerify,
 			MinVersion:         tls.VersionTLS12,
 		},
 	}
@@ -60,8 +58,8 @@ func (generic *GenericOAuthService) Init() error {
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	verifier := oauth2.GenerateVerifier()
 
-	generic.context = ctx
+	generic.Context = ctx
-	generic.verifier = verifier
+	generic.Verifier = verifier
 	return nil
 }
 
@@ -76,26 +74,26 @@ func (generic *GenericOAuthService) GenerateState() string {
 }
 
 func (generic *GenericOAuthService) GetAuthURL(state string) string {
-	return generic.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.verifier))
+	return generic.Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.Verifier))
 }
 
 func (generic *GenericOAuthService) VerifyCode(code string) error {
-	token, err := generic.config.Exchange(generic.context, code, oauth2.VerifierOption(generic.verifier))
+	token, err := generic.Config.Exchange(generic.Context, code, oauth2.VerifierOption(generic.Verifier))
 
 	if err != nil {
 		return err
 	}
 
-	generic.token = token
+	generic.Token = token
 	return nil
 }
 
 func (generic *GenericOAuthService) Userinfo() (config.Claims, error) {
 	var user config.Claims
 
-	client := generic.config.Client(generic.context, generic.token)
+	client := generic.Config.Client(generic.Context, generic.Token)
 
-	res, err := client.Get(generic.userinfoUrl)
+	res, err := client.Get(generic.UserinfoURL)
 	if err != nil {
 		return user, err
 	}
@@ -117,7 +115,3 @@ func (generic *GenericOAuthService) Userinfo() (config.Claims, error) {
 
 	return user, nil
 }
-
-func (generic *GenericOAuthService) GetName() string {
-	return generic.name
-}

internal/service/github_oauth_service.go

@@ -29,23 +29,21 @@ type GithubUserInfoResponse struct {
 }
 
 type GithubOAuthService struct {
-	config   oauth2.Config
+	Config   oauth2.Config
-	context  context.Context
+	Context  context.Context
-	token    *oauth2.Token
+	Token    *oauth2.Token
-	verifier string
+	Verifier string
-	name     string
 }
 
 func NewGithubOAuthService(config config.OAuthServiceConfig) *GithubOAuthService {
 	return &GithubOAuthService{
-		config: oauth2.Config{
+		Config: oauth2.Config{
 			ClientID:     config.ClientID,
 			ClientSecret: config.ClientSecret,
 			RedirectURL:  config.RedirectURL,
 			Scopes:       GithubOAuthScopes,
 			Endpoint:     endpoints.GitHub,
 		},
-		name: config.Name,
 	}
 }
 
@@ -55,8 +53,8 @@ func (github *GithubOAuthService) Init() error {
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	verifier := oauth2.GenerateVerifier()
 
-	github.context = ctx
+	github.Context = ctx
-	github.verifier = verifier
+	github.Verifier = verifier
 	return nil
 }
 
@@ -71,24 +69,24 @@ func (github *GithubOAuthService) GenerateState() string {
 }
 
 func (github *GithubOAuthService) GetAuthURL(state string) string {
-	return github.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.verifier))
+	return github.Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.Verifier))
 }
 
 func (github *GithubOAuthService) VerifyCode(code string) error {
-	token, err := github.config.Exchange(github.context, code, oauth2.VerifierOption(github.verifier))
+	token, err := github.Config.Exchange(github.Context, code, oauth2.VerifierOption(github.Verifier))
 
 	if err != nil {
 		return err
 	}
 
-	github.token = token
+	github.Token = token
 	return nil
 }
 
 func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 	var user config.Claims
 
-	client := github.config.Client(github.context, github.token)
+	client := github.Config.Client(github.Context, github.Token)
 
 	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
 	if err != nil {
@@ -169,7 +167,3 @@ func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 
 	return user, nil
 }
-
-func (github *GithubOAuthService) GetName() string {
-	return github.name
-}

internal/service/google_oauth_service.go

@@ -24,23 +24,21 @@ type GoogleUserInfoResponse struct {
 }
 
 type GoogleOAuthService struct {
-	config   oauth2.Config
+	Config   oauth2.Config
-	context  context.Context
+	Context  context.Context
-	token    *oauth2.Token
+	Token    *oauth2.Token
-	verifier string
+	Verifier string
-	name     string
 }
 
 func NewGoogleOAuthService(config config.OAuthServiceConfig) *GoogleOAuthService {
 	return &GoogleOAuthService{
-		config: oauth2.Config{
+		Config: oauth2.Config{
 			ClientID:     config.ClientID,
 			ClientSecret: config.ClientSecret,
 			RedirectURL:  config.RedirectURL,
 			Scopes:       GoogleOAuthScopes,
 			Endpoint:     endpoints.Google,
 		},
-		name: config.Name,
 	}
 }
 
@@ -50,8 +48,8 @@ func (google *GoogleOAuthService) Init() error {
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	verifier := oauth2.GenerateVerifier()
 
-	google.context = ctx
+	google.Context = ctx
-	google.verifier = verifier
+	google.Verifier = verifier
 	return nil
 }
 
@@ -66,24 +64,24 @@ func (oauth *GoogleOAuthService) GenerateState() string {
 }
 
 func (google *GoogleOAuthService) GetAuthURL(state string) string {
-	return google.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.verifier))
+	return google.Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.Verifier))
 }
 
 func (google *GoogleOAuthService) VerifyCode(code string) error {
-	token, err := google.config.Exchange(google.context, code, oauth2.VerifierOption(google.verifier))
+	token, err := google.Config.Exchange(google.Context, code, oauth2.VerifierOption(google.Verifier))
 
 	if err != nil {
 		return err
 	}
 
-	google.token = token
+	google.Token = token
 	return nil
 }
 
 func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 	var user config.Claims
 
-	client := google.config.Client(google.context, google.token)
+	client := google.Config.Client(google.Context, google.Token)
 
 	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
 	if err != nil {
@@ -113,7 +111,3 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 
 	return user, nil
 }
-
-func (google *GoogleOAuthService) GetName() string {
-	return google.name
-}

internal/service/ldap_service.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	"sync"
 	"time"
 
 	"github.com/cenkalti/backoff/v5"
@@ -22,9 +21,8 @@ type LdapServiceConfig struct {
 }
 
 type LdapService struct {
-	Config LdapServiceConfig // exported so as the auth service can use it
+	Config LdapServiceConfig
-	conn   *ldapgo.Conn
+	Conn   *ldapgo.Conn
-	mutex  sync.RWMutex
 }
 
 func NewLdapService(config LdapServiceConfig) *LdapService {
@@ -57,9 +55,6 @@ func (ldap *LdapService) Init() error {
 }
 
 func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
-	ldap.mutex.Lock()
-	defer ldap.mutex.Unlock()
-
 	conn, err := ldapgo.DialURL(ldap.Config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
 		InsecureSkipVerify: ldap.Config.Insecure,
 		MinVersion:         tls.VersionTLS12,
@@ -74,7 +69,7 @@ func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
 	}
 
 	// Set and return the connection
-	ldap.conn = conn
+	ldap.Conn = conn
 	return conn, nil
 }
 
@@ -91,10 +86,7 @@ func (ldap *LdapService) Search(username string) (string, error) {
 		nil,
 	)
 
-	ldap.mutex.Lock()
+	searchResult, err := ldap.Conn.Search(searchRequest)
-	defer ldap.mutex.Unlock()
-
-	searchResult, err := ldap.conn.Search(searchRequest)
 	if err != nil {
 		return "", err
 	}
@@ -108,9 +100,7 @@ func (ldap *LdapService) Search(username string) (string, error) {
 }
 
 func (ldap *LdapService) Bind(userDN string, password string) error {
-	ldap.mutex.Lock()
+	err := ldap.Conn.Bind(userDN, password)
-	defer ldap.mutex.Unlock()
-	err := ldap.conn.Bind(userDN, password)
 	if err != nil {
 		return err
 	}
@@ -128,9 +118,7 @@ func (ldap *LdapService) heartbeat() error {
 		nil,
 	)
 
-	ldap.mutex.Lock()
+	_, err := ldap.Conn.Search(searchRequest)
-	defer ldap.mutex.Unlock()
-	_, err := ldap.conn.Search(searchRequest)
 	if err != nil {
 		return err
 	}
@@ -149,7 +137,7 @@ func (ldap *LdapService) reconnect() error {
 	exp.Reset()
 
 	operation := func() (*ldapgo.Conn, error) {
-		ldap.conn.Close()
+		ldap.Conn.Close()
 		conn, err := ldap.connect()
 		if err != nil {
 			return nil, err

internal/service/oauth_broker_service.go

@@ -5,7 +5,6 @@ import (
 	"tinyauth/internal/config"
 
 	"github.com/rs/zerolog/log"
-	"golang.org/x/exp/slices"
 )
 
 type OAuthService interface {
@@ -14,64 +13,62 @@ type OAuthService interface {
 	GetAuthURL(state string) string
 	VerifyCode(code string) error
 	Userinfo() (config.Claims, error)
-	GetName() string
 }
 
 type OAuthBrokerService struct {
-	services map[string]OAuthService
+	Services map[string]OAuthService
-	configs  map[string]config.OAuthServiceConfig
+	Configs  map[string]config.OAuthServiceConfig
 }
 
 func NewOAuthBrokerService(configs map[string]config.OAuthServiceConfig) *OAuthBrokerService {
 	return &OAuthBrokerService{
-		services: make(map[string]OAuthService),
+		Services: make(map[string]OAuthService),
-		configs:  configs,
+		Configs:  configs,
 	}
 }
 
 func (broker *OAuthBrokerService) Init() error {
-	for name, cfg := range broker.configs {
+	for name, cfg := range broker.Configs {
 		switch name {
 		case "github":
 			service := NewGithubOAuthService(cfg)
-			broker.services[name] = service
+			broker.Services[name] = service
 		case "google":
 			service := NewGoogleOAuthService(cfg)
-			broker.services[name] = service
+			broker.Services[name] = service
 		default:
 			service := NewGenericOAuthService(cfg)
-			broker.services[name] = service
+			broker.Services[name] = service
 		}
 	}
 
-	for name, service := range broker.services {
+	for name, service := range broker.Services {
 		err := service.Init()
 		if err != nil {
-			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
+			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %s", name)
 			return err
 		}
-		log.Info().Msgf("Initialized OAuth service: %T", name)
+		log.Info().Msgf("Initialized OAuth service: %s", name)
 	}
 
 	return nil
 }
 
 func (broker *OAuthBrokerService) GetConfiguredServices() []string {
-	services := make([]string, 0, len(broker.services))
+	services := make([]string, 0, len(broker.Services))
-	for name := range broker.services {
+	for name := range broker.Services {
 		services = append(services, name)
 	}
-	slices.Sort(services)
 	return services
 }
 
 func (broker *OAuthBrokerService) GetService(name string) (OAuthService, bool) {
-	service, exists := broker.services[name]
+	service, exists := broker.Services[name]
 	return service, exists
 }
 
 func (broker *OAuthBrokerService) GetUser(service string) (config.Claims, error) {
-	oauthService, exists := broker.services[service]
+	oauthService, exists := broker.Services[service]
 	if !exists {
 		return config.Claims{}, errors.New("oauth service not found")
 	}

internal/utils/app_utils.go

@@ -6,43 +6,32 @@ import (
 	"net/url"
 	"strings"
 	"tinyauth/internal/config"
-	"tinyauth/internal/utils/decoders"
-
-	"maps"
 
 	"github.com/gin-gonic/gin"
+
 	"github.com/rs/zerolog"
-	"github.com/weppos/publicsuffix-go/publicsuffix"
 )
 
-// Get cookie domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
+// Get root domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
-func GetCookieDomain(u string) (string, error) {
+func GetRootDomain(appUrl string) (string, error) {
-	parsed, err := url.Parse(u)
+	appUrlParsed, err := url.Parse(appUrl)
 	if err != nil {
 		return "", err
 	}
 
-	host := parsed.Hostname()
+	host := appUrlParsed.Hostname()
 
 	if netIP := net.ParseIP(host); netIP != nil {
-		return "", errors.New("IP addresses not allowed")
+		return "", errors.New("IP addresses are not allowed")
 	}
 
-	parts := strings.Split(host, ".")
+	urlParts := strings.Split(host, ".")
 
-	if len(parts) < 3 {
+	if len(urlParts) < 2 {
-		return "", errors.New("invalid app url, must be at least second level domain")
+		return "", errors.New("invalid domain, must be at least second level domain")
 	}
 
-	domain := strings.Join(parts[1:], ".")
+	return strings.Join(urlParts[1:], "."), nil
-
-	_, err = publicsuffix.DomainFromListWithOptions(publicsuffix.DefaultList, domain, nil)
-
-	if err != nil {
-		return "", errors.New("domain in public suffix list, cannot set cookies")
-	}
-
-	return domain, nil
 }
 
 func ParseFileToLine(content string) string {
@@ -60,7 +49,6 @@ func ParseFileToLine(content string) string {
 }
 
 func Filter[T any](slice []T, test func(T) bool) (res []T) {
-	res = make([]T, 0)
 	for _, value := range slice {
 		if test(value) {
 			res = append(res, value)
@@ -100,13 +88,13 @@ func IsRedirectSafe(redirectURL string, domain string) bool {
 		return false
 	}
 
-	cookieDomain, err := GetCookieDomain(redirectURL)
+	upper, err := GetRootDomain(redirectURL)
 
 	if err != nil {
 		return false
 	}
 
-	if cookieDomain != domain {
+	if upper != domain {
 		return false
 	}
 
@@ -133,68 +121,3 @@ func GetLogLevel(level string) zerolog.Level {
 		return zerolog.InfoLevel
 	}
 }
-
-func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[string]config.OAuthServiceConfig, error) {
-	providers := make(map[string]config.OAuthServiceConfig)
-
-	// Get from environment variables
-	envMap := make(map[string]string)
-
-	for _, e := range env {
-		pair := strings.SplitN(e, "=", 2)
-		if len(pair) == 2 {
-			envMap[pair[0]] = pair[1]
-		}
-	}
-
-	envProviders, err := decoders.DecodeEnv(envMap)
-
-	if err != nil {
-		return nil, err
-	}
-
-	maps.Copy(providers, envProviders.Providers)
-
-	// Get from flags
-	flagsMap := make(map[string]string)
-
-	for _, arg := range args[1:] {
-		if strings.HasPrefix(arg, "--") {
-			pair := strings.SplitN(arg[2:], "=", 2)
-			if len(pair) == 2 {
-				flagsMap[pair[0]] = pair[1]
-			}
-		}
-	}
-
-	flagProviders, err := decoders.DecodeFlags(flagsMap)
-
-	if err != nil {
-		return nil, err
-	}
-
-	maps.Copy(providers, flagProviders.Providers)
-
-	// For every provider get correct secret from file if set
-	for name, provider := range providers {
-		secret := GetSecret(provider.ClientSecret, provider.ClientSecretFile)
-		provider.ClientSecret = secret
-		provider.ClientSecretFile = ""
-		providers[name] = provider
-	}
-
-	// If we have google/github providers and no redirect URL babysit them
-	babysitProviders := []string{"google", "github"}
-
-	for _, name := range babysitProviders {
-		if provider, exists := providers[name]; exists {
-			if provider.RedirectURL == "" {
-				provider.RedirectURL = appUrl + "/api/oauth/callback/" + name
-				providers[name] = provider
-			}
-		}
-	}
-
-	// Return combined providers
-	return providers, nil
-}

internal/utils/app_utils_test.go

@@ -1,271 +0,0 @@
-package utils_test
-
-import (
-	"os"
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/utils"
-
-	"github.com/gin-gonic/gin"
-	"gotest.tools/v3/assert"
-)
-
-func TestGetRootDomain(t *testing.T) {
-	// Normal case
-	domain := "http://sub.tinyauth.app"
-	expected := "tinyauth.app"
-	result, err := utils.GetCookieDomain(domain)
-	assert.NilError(t, err)
-	assert.Equal(t, expected, result)
-
-	// Domain with multiple subdomains
-	domain = "http://b.c.tinyauth.app"
-	expected = "c.tinyauth.app"
-	result, err = utils.GetCookieDomain(domain)
-	assert.NilError(t, err)
-	assert.Equal(t, expected, result)
-
-	// Domain with no subdomain
-	domain = "http://tinyauth.app"
-	expected = "tinyauth.app"
-	_, err = utils.GetCookieDomain(domain)
-	assert.Error(t, err, "invalid app url, must be at least second level domain")
-
-	// Invalid domain (only TLD)
-	domain = "com"
-	_, err = utils.GetCookieDomain(domain)
-	assert.ErrorContains(t, err, "invalid app url, must be at least second level domain")
-
-	// IP address
-	domain = "http://10.10.10.10"
-	_, err = utils.GetCookieDomain(domain)
-	assert.ErrorContains(t, err, "IP addresses not allowed")
-
-	// Invalid URL
-	domain = "http://[::1]:namedport"
-	_, err = utils.GetCookieDomain(domain)
-	assert.ErrorContains(t, err, "parse \"http://[::1]:namedport\": invalid port \":namedport\" after host")
-
-	// URL with scheme and path
-	domain = "https://sub.tinyauth.app/path"
-	expected = "tinyauth.app"
-	result, err = utils.GetCookieDomain(domain)
-	assert.NilError(t, err)
-	assert.Equal(t, expected, result)
-
-	// URL with port
-	domain = "http://sub.tinyauth.app:8080"
-	expected = "tinyauth.app"
-	result, err = utils.GetCookieDomain(domain)
-	assert.NilError(t, err)
-	assert.Equal(t, expected, result)
-
-	// Domain managed by ICANN
-	domain = "http://example.co.uk"
-	_, err = utils.GetCookieDomain(domain)
-	assert.Error(t, err, "domain in public suffix list, cannot set cookies")
-}
-
-func TestParseFileToLine(t *testing.T) {
-	// Normal case
-	content := "user1\nuser2\nuser3"
-	expected := "user1,user2,user3"
-	result := utils.ParseFileToLine(content)
-	assert.Equal(t, expected, result)
-
-	// Case with empty lines and spaces
-	content = " user1 \n\n user2 \n user3 \n"
-	expected = "user1,user2,user3"
-	result = utils.ParseFileToLine(content)
-	assert.Equal(t, expected, result)
-
-	// Case with only empty lines
-	content = "\n\n\n"
-	expected = ""
-	result = utils.ParseFileToLine(content)
-	assert.Equal(t, expected, result)
-
-	// Case with single user
-	content = "singleuser"
-	expected = "singleuser"
-	result = utils.ParseFileToLine(content)
-	assert.Equal(t, expected, result)
-
-	// Case with trailing newline
-	content = "user1\nuser2\n"
-	expected = "user1,user2"
-	result = utils.ParseFileToLine(content)
-	assert.Equal(t, expected, result)
-}
-
-func TestFilter(t *testing.T) {
-	// Normal case
-	slice := []int{1, 2, 3, 4, 5}
-	testFunc := func(n int) bool { return n%2 == 0 }
-	expected := []int{2, 4}
-	result := utils.Filter(slice, testFunc)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with no matches
-	slice = []int{1, 3, 5}
-	testFunc = func(n int) bool { return n%2 == 0 }
-	expected = []int{}
-	result = utils.Filter(slice, testFunc)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with all matches
-	slice = []int{2, 4, 6}
-	testFunc = func(n int) bool { return n%2 == 0 }
-	expected = []int{2, 4, 6}
-	result = utils.Filter(slice, testFunc)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with empty slice
-	slice = []int{}
-	testFunc = func(n int) bool { return n%2 == 0 }
-	expected = []int{}
-	result = utils.Filter(slice, testFunc)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with different type (string)
-	sliceStr := []string{"apple", "banana", "cherry"}
-	testFuncStr := func(s string) bool { return len(s) > 5 }
-	expectedStr := []string{"banana", "cherry"}
-	resultStr := utils.Filter(sliceStr, testFuncStr)
-	assert.DeepEqual(t, expectedStr, resultStr)
-}
-
-func TestGetContext(t *testing.T) {
-	// Setup
-	gin.SetMode(gin.TestMode)
-	c, _ := gin.CreateTestContext(nil)
-
-	// Normal case
-	c.Set("context", &config.UserContext{Username: "testuser"})
-	result, err := utils.GetContext(c)
-	assert.NilError(t, err)
-	assert.Equal(t, "testuser", result.Username)
-
-	// Case with no context
-	c.Set("context", nil)
-	_, err = utils.GetContext(c)
-	assert.Error(t, err, "invalid user context in request")
-
-	// Case with invalid context type
-	c.Set("context", "invalid type")
-	_, err = utils.GetContext(c)
-	assert.Error(t, err, "invalid user context in request")
-}
-
-func TestIsRedirectSafe(t *testing.T) {
-	// Setup
-	domain := "example.com"
-
-	// Case with no subdomain
-	redirectURL := "http://example.com/welcome"
-	result := utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, false, result)
-
-	// Case with different domain
-	redirectURL = "http://malicious.com/phishing"
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, false, result)
-
-	// Case with subdomain
-	redirectURL = "http://sub.example.com/page"
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, true, result)
-
-	// Case with empty redirect URL
-	redirectURL = ""
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, false, result)
-
-	// Case with invalid URL
-	redirectURL = "http://[::1]:namedport"
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, false, result)
-
-	// Case with URL having port
-	redirectURL = "http://sub.example.com:8080/page"
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, true, result)
-
-	// Case with URL having different subdomain
-	redirectURL = "http://another.example.com/page"
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, true, result)
-
-	// Case with URL having different TLD
-	redirectURL = "http://example.org/page"
-	result = utils.IsRedirectSafe(redirectURL, domain)
-	assert.Equal(t, false, result)
-}
-
-func TestGetOAuthProvidersConfig(t *testing.T) {
-	env := []string{"PROVIDERS_CLIENT1_CLIENT_ID=client1-id", "PROVIDERS_CLIENT1_CLIENT_SECRET=client1-secret"}
-	args := []string{"/tinyauth/tinyauth", "--providers-client2-client-id=client2-id", "--providers-client2-client-secret=client2-secret"}
-
-	expected := map[string]config.OAuthServiceConfig{
-		"client1": {
-			ClientID:     "client1-id",
-			ClientSecret: "client1-secret",
-		},
-		"client2": {
-			ClientID:     "client2-id",
-			ClientSecret: "client2-secret",
-		},
-	}
-
-	result, err := utils.GetOAuthProvidersConfig(env, args, "")
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with no providers
-	env = []string{}
-	args = []string{"/tinyauth/tinyauth"}
-	expected = map[string]config.OAuthServiceConfig{}
-
-	result, err = utils.GetOAuthProvidersConfig(env, args, "")
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with secret from file
-	file, err := os.Create("/tmp/tinyauth_test_file")
-	assert.NilError(t, err)
-
-	_, err = file.WriteString("file content\n")
-	assert.NilError(t, err)
-
-	err = file.Close()
-	assert.NilError(t, err)
-	defer os.Remove("/tmp/tinyauth_test_file")
-
-	env = []string{"PROVIDERS_CLIENT1_CLIENT_ID=client1-id", "PROVIDERS_CLIENT1_CLIENT_SECRET_FILE=/tmp/tinyauth_test_file"}
-	args = []string{"/tinyauth/tinyauth"}
-	expected = map[string]config.OAuthServiceConfig{
-		"client1": {
-			ClientID:     "client1-id",
-			ClientSecret: "file content",
-		},
-	}
-
-	result, err = utils.GetOAuthProvidersConfig(env, args, "")
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, result)
-
-	// Case with google provider and no redirect URL
-	env = []string{"PROVIDERS_GOOGLE_CLIENT_ID=google-id", "PROVIDERS_GOOGLE_CLIENT_SECRET=google-secret"}
-	args = []string{"/tinyauth/tinyauth"}
-	expected = map[string]config.OAuthServiceConfig{
-		"google": {
-			ClientID:     "google-id",
-			ClientSecret: "google-secret",
-			RedirectURL:  "http://app.url/api/oauth/callback/google",
-		},
-	}
-
-	result, err = utils.GetOAuthProvidersConfig(env, args, "http://app.url")
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, result)
-}

internal/utils/decoders/decoders.go

@@ -1,81 +0,0 @@
-package decoders
-
-import (
-	"reflect"
-	"strings"
-	"tinyauth/internal/config"
-)
-
-func NormalizeKeys(keys map[string]string, rootName string, sep string) map[string]string {
-	normalized := make(map[string]string)
-	knownKeys := getKnownKeys()
-
-	for k, v := range keys {
-		var finalKey []string
-		var suffix string
-		var camelClientName string
-		var camelField string
-
-		finalKey = append(finalKey, rootName)
-		finalKey = append(finalKey, "providers")
-		cebabKey := strings.ToLower(k)
-
-		for _, known := range knownKeys {
-			if strings.HasSuffix(cebabKey, strings.ReplaceAll(known, "-", sep)) {
-				suffix = known
-				break
-			}
-		}
-
-		if suffix == "" {
-			continue
-		}
-
-		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(cebabKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)
-
-		for i, p := range clientNameParts {
-			if i == 0 {
-				camelClientName += p
-				continue
-			}
-			if p == "" {
-				continue
-			}
-			camelClientName += strings.ToUpper(string([]rune(p)[0])) + string([]rune(p)[1:])
-		}
-
-		finalKey = append(finalKey, camelClientName)
-
-		filedParts := strings.Split(suffix, "-")
-
-		for i, p := range filedParts {
-			if i == 0 {
-				camelField += p
-				continue
-			}
-			if p == "" {
-				continue
-			}
-			camelField += strings.ToUpper(string([]rune(p)[0])) + string([]rune(p)[1:])
-		}
-
-		finalKey = append(finalKey, camelField)
-		normalized[strings.Join(finalKey, ".")] = v
-	}
-
-	return normalized
-}
-
-func getKnownKeys() []string {
-	var known []string
-
-	p := config.OAuthServiceConfig{}
-	v := reflect.ValueOf(p)
-	typeOfP := v.Type()
-
-	for field := range typeOfP.NumField() {
-		known = append(known, typeOfP.Field(field).Tag.Get("key"))
-	}
-
-	return known
-}

internal/utils/decoders/decoders_test.go

@@ -1,44 +0,0 @@
-package decoders_test
-
-import (
-	"testing"
-	"tinyauth/internal/utils/decoders"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestNormalizeKeys(t *testing.T) {
-	// Test with env
-	test := map[string]string{
-		"PROVIDERS_CLIENT1_CLIENT_ID":                    "my-client-id",
-		"PROVIDERS_CLIENT1_CLIENT_SECRET":                "my-client-secret",
-		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_ID":          "my-awesome-client-id",
-		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_SECRET_FILE": "/path/to/secret",
-	}
-	expected := map[string]string{
-		"tinyauth.providers.client1.clientId":                 "my-client-id",
-		"tinyauth.providers.client1.clientSecret":             "my-client-secret",
-		"tinyauth.providers.myAwesomeClient.clientId":         "my-awesome-client-id",
-		"tinyauth.providers.myAwesomeClient.clientSecretFile": "/path/to/secret",
-	}
-
-	normalized := decoders.NormalizeKeys(test, "tinyauth", "_")
-	assert.DeepEqual(t, normalized, expected)
-
-	// Test with flags (assume -- is already stripped)
-	test = map[string]string{
-		"providers-client1-client-id":                    "my-client-id",
-		"providers-client1-client-secret":                "my-client-secret",
-		"providers-my-awesome-client-client-id":          "my-awesome-client-id",
-		"providers-my-awesome-client-client-secret-file": "/path/to/secret",
-	}
-	expected = map[string]string{
-		"tinyauth.providers.client1.clientId":                 "my-client-id",
-		"tinyauth.providers.client1.clientSecret":             "my-client-secret",
-		"tinyauth.providers.myAwesomeClient.clientId":         "my-awesome-client-id",
-		"tinyauth.providers.myAwesomeClient.clientSecretFile": "/path/to/secret",
-	}
-
-	normalized = decoders.NormalizeKeys(test, "tinyauth", "-")
-	assert.DeepEqual(t, normalized, expected)
-}

internal/utils/decoders/env_decoder.go

@@ -1,20 +0,0 @@
-package decoders
-
-import (
-	"tinyauth/internal/config"
-
-	"github.com/traefik/paerser/parser"
-)
-
-func DecodeEnv(env map[string]string) (config.Providers, error) {
-	normalized := NormalizeKeys(env, "tinyauth", "_")
-	var providers config.Providers
-
-	err := parser.Decode(normalized, &providers, "tinyauth", "tinyauth.providers")
-
-	if err != nil {
-		return config.Providers{}, err
-	}
-
-	return providers, nil
-}

internal/utils/decoders/env_decoder_test.go

@@ -1,60 +0,0 @@
-package decoders_test
-
-import (
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/utils/decoders"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestDecodeEnv(t *testing.T) {
-	// Variables
-	expected := config.Providers{
-		Providers: map[string]config.OAuthServiceConfig{
-			"client1": {
-				ClientID:           "client1-id",
-				ClientSecret:       "client1-secret",
-				Scopes:             []string{"client1-scope1", "client1-scope2"},
-				RedirectURL:        "client1-redirect-url",
-				AuthURL:            "client1-auth-url",
-				UserinfoURL:        "client1-user-info-url",
-				Name:               "Client1",
-				InsecureSkipVerify: false,
-			},
-			"client2": {
-				ClientID:           "client2-id",
-				ClientSecret:       "client2-secret",
-				Scopes:             []string{"client2-scope1", "client2-scope2"},
-				RedirectURL:        "client2-redirect-url",
-				AuthURL:            "client2-auth-url",
-				UserinfoURL:        "client2-user-info-url",
-				Name:               "My Awesome Client2",
-				InsecureSkipVerify: false,
-			},
-		},
-	}
-	test := map[string]string{
-		"PROVIDERS_CLIENT1_CLIENT_ID":            "client1-id",
-		"PROVIDERS_CLIENT1_CLIENT_SECRET":        "client1-secret",
-		"PROVIDERS_CLIENT1_SCOPES":               "client1-scope1,client1-scope2",
-		"PROVIDERS_CLIENT1_REDIRECT_URL":         "client1-redirect-url",
-		"PROVIDERS_CLIENT1_AUTH_URL":             "client1-auth-url",
-		"PROVIDERS_CLIENT1_USER_INFO_URL":        "client1-user-info-url",
-		"PROVIDERS_CLIENT1_NAME":                 "Client1",
-		"PROVIDERS_CLIENT1_INSECURE_SKIP_VERIFY": "false",
-		"PROVIDERS_CLIENT2_CLIENT_ID":            "client2-id",
-		"PROVIDERS_CLIENT2_CLIENT_SECRET":        "client2-secret",
-		"PROVIDERS_CLIENT2_SCOPES":               "client2-scope1,client2-scope2",
-		"PROVIDERS_CLIENT2_REDIRECT_URL":         "client2-redirect-url",
-		"PROVIDERS_CLIENT2_AUTH_URL":             "client2-auth-url",
-		"PROVIDERS_CLIENT2_USER_INFO_URL":        "client2-user-info-url",
-		"PROVIDERS_CLIENT2_NAME":                 "My Awesome Client2",
-		"PROVIDERS_CLIENT2_INSECURE_SKIP_VERIFY": "false",
-	}
-
-	// Test
-	res, err := decoders.DecodeEnv(test)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, res)
-}

internal/utils/decoders/flags_decoder.go

@@ -1,30 +0,0 @@
-package decoders
-
-import (
-	"strings"
-	"tinyauth/internal/config"
-
-	"github.com/traefik/paerser/parser"
-)
-
-func DecodeFlags(flags map[string]string) (config.Providers, error) {
-	filtered := filterFlags(flags)
-	normalized := NormalizeKeys(filtered, "tinyauth", "-")
-	var providers config.Providers
-
-	err := parser.Decode(normalized, &providers, "tinyauth", "tinyauth.providers")
-
-	if err != nil {
-		return config.Providers{}, err
-	}
-
-	return providers, nil
-}
-
-func filterFlags(flags map[string]string) map[string]string {
-	filtered := make(map[string]string)
-	for k, v := range flags {
-		filtered[strings.TrimPrefix(k, "--")] = v
-	}
-	return filtered
-}

internal/utils/decoders/flags_decoder_test.go

@@ -1,60 +0,0 @@
-package decoders_test
-
-import (
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/utils/decoders"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestDecodeFlags(t *testing.T) {
-	// Variables
-	expected := config.Providers{
-		Providers: map[string]config.OAuthServiceConfig{
-			"client1": {
-				ClientID:           "client1-id",
-				ClientSecret:       "client1-secret",
-				Scopes:             []string{"client1-scope1", "client1-scope2"},
-				RedirectURL:        "client1-redirect-url",
-				AuthURL:            "client1-auth-url",
-				UserinfoURL:        "client1-user-info-url",
-				Name:               "Client1",
-				InsecureSkipVerify: false,
-			},
-			"client2": {
-				ClientID:           "client2-id",
-				ClientSecret:       "client2-secret",
-				Scopes:             []string{"client2-scope1", "client2-scope2"},
-				RedirectURL:        "client2-redirect-url",
-				AuthURL:            "client2-auth-url",
-				UserinfoURL:        "client2-user-info-url",
-				Name:               "My Awesome Client2",
-				InsecureSkipVerify: false,
-			},
-		},
-	}
-	test := map[string]string{
-		"--providers-client1-client-id":            "client1-id",
-		"--providers-client1-client-secret":        "client1-secret",
-		"--providers-client1-scopes":               "client1-scope1,client1-scope2",
-		"--providers-client1-redirect-url":         "client1-redirect-url",
-		"--providers-client1-auth-url":             "client1-auth-url",
-		"--providers-client1-user-info-url":        "client1-user-info-url",
-		"--providers-client1-name":                 "Client1",
-		"--providers-client1-insecure-skip-verify": "false",
-		"--providers-client2-client-id":            "client2-id",
-		"--providers-client2-client-secret":        "client2-secret",
-		"--providers-client2-scopes":               "client2-scope1,client2-scope2",
-		"--providers-client2-redirect-url":         "client2-redirect-url",
-		"--providers-client2-auth-url":             "client2-auth-url",
-		"--providers-client2-user-info-url":        "client2-user-info-url",
-		"--providers-client2-name":                 "My Awesome Client2",
-		"--providers-client2-insecure-skip-verify": "false",
-	}
-
-	// Test
-	res, err := decoders.DecodeFlags(test)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, res)
-}

internal/utils/decoders/label_decoder.go

@@ -1,19 +0,0 @@
-package decoders
-
-import (
-	"tinyauth/internal/config"
-
-	"github.com/traefik/paerser/parser"
-)
-
-func DecodeLabels(labels map[string]string) (config.Apps, error) {
-	var appLabels config.Apps
-
-	err := parser.Decode(labels, &appLabels, "tinyauth", "tinyauth.apps")
-
-	if err != nil {
-		return config.Apps{}, err
-	}
-
-	return appLabels, nil
-}

internal/utils/decoders/label_decoder_test.go

@@ -1,68 +0,0 @@
-package decoders_test
-
-import (
-	"testing"
-	"tinyauth/internal/config"
-	"tinyauth/internal/utils/decoders"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestDecodeLabels(t *testing.T) {
-	// Variables
-	expected := config.Apps{
-		Apps: map[string]config.App{
-			"foo": {
-				Config: config.AppConfig{
-					Domain: "example.com",
-				},
-				Users: config.AppUsers{
-					Allow: "user1,user2",
-					Block: "user3",
-				},
-				OAuth: config.AppOAuth{
-					Whitelist: "somebody@example.com",
-					Groups:    "group3",
-				},
-				IP: config.AppIP{
-					Allow:  []string{"10.71.0.1/24", "10.71.0.2"},
-					Block:  []string{"10.10.10.10", "10.0.0.0/24"},
-					Bypass: []string{"192.168.1.1"},
-				},
-				Response: config.AppResponse{
-					Headers: []string{"X-Foo=Bar", "X-Baz=Qux"},
-					BasicAuth: config.AppBasicAuth{
-						Username:     "admin",
-						Password:     "password",
-						PasswordFile: "/path/to/passwordfile",
-					},
-				},
-				Path: config.AppPath{
-					Allow: "/public",
-					Block: "/private",
-				},
-			},
-		},
-	}
-	test := map[string]string{
-		"tinyauth.apps.foo.config.domain":                   "example.com",
-		"tinyauth.apps.foo.users.allow":                     "user1,user2",
-		"tinyauth.apps.foo.users.block":                     "user3",
-		"tinyauth.apps.foo.oauth.whitelist":                 "somebody@example.com",
-		"tinyauth.apps.foo.oauth.groups":                    "group3",
-		"tinyauth.apps.foo.ip.allow":                        "10.71.0.1/24,10.71.0.2",
-		"tinyauth.apps.foo.ip.block":                        "10.10.10.10,10.0.0.0/24",
-		"tinyauth.apps.foo.ip.bypass":                       "192.168.1.1",
-		"tinyauth.apps.foo.response.headers":                "X-Foo=Bar,X-Baz=Qux",
-		"tinyauth.apps.foo.response.basicauth.username":     "admin",
-		"tinyauth.apps.foo.response.basicauth.password":     "password",
-		"tinyauth.apps.foo.response.basicauth.passwordfile": "/path/to/passwordfile",
-		"tinyauth.apps.foo.path.allow":                      "/public",
-		"tinyauth.apps.foo.path.block":                      "/private",
-	}
-
-	// Test
-	result, err := decoders.DecodeLabels(test)
-	assert.NilError(t, err)
-	assert.DeepEqual(t, expected, result)
-}

internal/utils/fs_utils_test.go

@@ -1,31 +0,0 @@
-package utils
-
-import (
-	"os"
-	"testing"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestReadFile(t *testing.T) {
-	// Setup
-	file, err := os.Create("/tmp/tinyauth_test_file")
-	assert.NilError(t, err)
-
-	_, err = file.WriteString("file content\n")
-	assert.NilError(t, err)
-
-	err = file.Close()
-	assert.NilError(t, err)
-	defer os.Remove("/tmp/tinyauth_test_file")
-
-	// Normal case
-	content, err := ReadFile("/tmp/tinyauth_test_file")
-	assert.NilError(t, err)
-	assert.Equal(t, "file content\n", content)
-
-	// Non-existing file
-	content, err = ReadFile("/tmp/non_existing_file")
-	assert.ErrorContains(t, err, "no such file or directory")
-	assert.Equal(t, "", content)
-}

internal/utils/label_utils.go

@@ -3,8 +3,22 @@ package utils
 import (
 	"net/http"
 	"strings"
+	"tinyauth/internal/config"
+
+	"github.com/traefik/paerser/parser"
 )
 
+func GetLabels(labels map[string]string) (config.Labels, error) {
+	var labelsParsed config.Labels
+
+	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.apps")
+	if err != nil {
+		return config.Labels{}, err
+	}
+
+	return labelsParsed, nil
+}
+
 func ParseHeaders(headers []string) map[string]string {
 	headerMap := make(map[string]string)
 	for _, header := range headers {

internal/utils/label_utils_test.go

@@ -1,87 +0,0 @@
-package utils_test
-
-import (
-	"testing"
-	"tinyauth/internal/utils"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestParseHeaders(t *testing.T) {
-	// Normal case
-	headers := []string{
-		"X-Custom-Header=Value",
-		"Another-Header=AnotherValue",
-	}
-	expected := map[string]string{
-		"X-Custom-Header": "Value",
-		"Another-Header":  "AnotherValue",
-	}
-	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
-
-	// Case insensitivity and trimming
-	headers = []string{
-		"  x-custom-header =  Value  ",
-		"ANOTHER-HEADER=AnotherValue",
-	}
-	expected = map[string]string{
-		"X-Custom-Header": "Value",
-		"Another-Header":  "AnotherValue",
-	}
-	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
-
-	// Invalid headers (missing '=', empty key/value)
-	headers = []string{
-		"InvalidHeader",
-		"=NoKey",
-		"NoValue=",
-		"   =   ",
-	}
-	expected = map[string]string{}
-	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
-
-	// Headers with unsafe characters
-	headers = []string{
-		"X-Custom-Header=Val\x00ue",       // Null byte
-		"Another-Header=Anoth\x7FerValue", // DEL character
-		"Good-Header=GoodValue",
-	}
-	expected = map[string]string{
-		"X-Custom-Header": "Value",
-		"Another-Header":  "AnotherValue",
-		"Good-Header":     "GoodValue",
-	}
-	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
-
-	// Header with spaces in key (should be ignored)
-	headers = []string{
-		"X Custom Header=Value",
-		"Valid-Header=ValidValue",
-	}
-	expected = map[string]string{
-		"Valid-Header": "ValidValue",
-	}
-	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
-}
-
-func TestSanitizeHeader(t *testing.T) {
-	// Normal case
-	header := "X-Custom-Header"
-	expected := "X-Custom-Header"
-	assert.Equal(t, expected, utils.SanitizeHeader(header))
-
-	// Header with unsafe characters
-	header = "X-Cust\x00om-Hea\x7Fder" // Null byte and DEL character
-	expected = "X-Custom-Header"
-	assert.Equal(t, expected, utils.SanitizeHeader(header))
-
-	// Header with only unsafe characters
-	header = "\x00\x01\x02\x7F"
-	expected = ""
-	assert.Equal(t, expected, utils.SanitizeHeader(header))
-
-	// Header with spaces and tabs (should be preserved)
-	header = "X Custom\tHeader"
-	expected = "X Custom\tHeader"
-	assert.Equal(t, expected, utils.SanitizeHeader(header))
-}

internal/utils/security_utils.go

@@ -48,12 +48,6 @@ func GetBasicAuth(username string, password string) string {
 func FilterIP(filter string, ip string) (bool, error) {
 	ipAddr := net.ParseIP(ip)
 
-	if ipAddr == nil {
-		return false, errors.New("invalid IP address")
-	}
-
-	filter = strings.Replace(filter, "-", "/", -1)
-
 	if strings.Contains(filter, "/") {
 		_, cidr, err := net.ParseCIDR(filter)
 		if err != nil {
@@ -101,7 +95,8 @@ func CheckFilter(filter string, str string) bool {
 	return false
 }
 
-func GenerateUUID(str string) string {
+func GenerateIdentifier(str string) string {
 	uuid := uuid.NewSHA1(uuid.NameSpaceURL, []byte(str))
-	return uuid.String()
+	uuidString := uuid.String()
+	return strings.Split(uuidString, "-")[0]
 }

internal/utils/security_utils_test.go

@@ -1,148 +0,0 @@
-package utils_test
-
-import (
-	"os"
-	"testing"
-	"tinyauth/internal/utils"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestGetSecret(t *testing.T) {
-	// Setup
-	file, err := os.Create("/tmp/tinyauth_test_secret")
-	assert.NilError(t, err)
-
-	_, err = file.WriteString("       secret       \n")
-	assert.NilError(t, err)
-
-	err = file.Close()
-	assert.NilError(t, err)
-	defer os.Remove("/tmp/tinyauth_test_secret")
-
-	// Get from config
-	assert.Equal(t, "mysecret", utils.GetSecret("mysecret", ""))
-
-	// Get from file
-	assert.Equal(t, "secret", utils.GetSecret("", "/tmp/tinyauth_test_secret"))
-
-	// Get from both (config should take precedence)
-	assert.Equal(t, "mysecret", utils.GetSecret("mysecret", "/tmp/tinyauth_test_secret"))
-
-	// Get from none
-	assert.Equal(t, "", utils.GetSecret("", ""))
-
-	// Get from non-existing file
-	assert.Equal(t, "", utils.GetSecret("", "/tmp/non_existing_file"))
-}
-
-func TestParseSecretFile(t *testing.T) {
-	// Normal case
-	content := "   mysecret   \n"
-	assert.Equal(t, "mysecret", utils.ParseSecretFile(content))
-
-	// Multiple lines (should take the first non-empty line)
-	content = "\n\n   firstsecret   \nsecondsecret\n"
-	assert.Equal(t, "firstsecret", utils.ParseSecretFile(content))
-
-	// All empty lines
-	content = "\n   \n  \n"
-	assert.Equal(t, "", utils.ParseSecretFile(content))
-
-	// Empty content
-	content = ""
-	assert.Equal(t, "", utils.ParseSecretFile(content))
-}
-
-func TestGetBasicAuth(t *testing.T) {
-	// Normal case
-	username := "user"
-	password := "pass"
-	expected := "dXNlcjpwYXNz" // base64 of "user:pass"
-	assert.Equal(t, expected, utils.GetBasicAuth(username, password))
-
-	// Empty username
-	username = ""
-	password = "pass"
-	expected = "OnBhc3M=" // base64 of ":pass"
-	assert.Equal(t, expected, utils.GetBasicAuth(username, password))
-
-	// Empty password
-	username = "user"
-	password = ""
-	expected = "dXNlcjo=" // base64 of "user:"
-	assert.Equal(t, expected, utils.GetBasicAuth(username, password))
-}
-
-func TestFilterIP(t *testing.T) {
-	// Exact match IPv4
-	ok, err := utils.FilterIP("10.10.0.1", "10.10.0.1")
-	assert.NilError(t, err)
-	assert.Equal(t, true, ok)
-
-	// Non-match IPv4
-	ok, err = utils.FilterIP("10.10.0.1", "10.10.0.2")
-	assert.NilError(t, err)
-	assert.Equal(t, false, ok)
-
-	// CIDR match IPv4
-	ok, err = utils.FilterIP("10.10.0.0/24", "10.10.0.2")
-	assert.NilError(t, err)
-	assert.Equal(t, true, ok)
-
-	// CIDR match IPv4 with '-' instead of '/'
-	ok, err = utils.FilterIP("10.10.10.0-24", "10.10.10.5")
-	assert.NilError(t, err)
-	assert.Equal(t, true, ok)
-
-	// CIDR non-match IPv4
-	ok, err = utils.FilterIP("10.10.0.0/24", "10.5.0.1")
-	assert.NilError(t, err)
-	assert.Equal(t, false, ok)
-
-	// Invalid CIDR
-	ok, err = utils.FilterIP("10.10.0.0/222", "10.0.0.1")
-	assert.ErrorContains(t, err, "invalid CIDR address")
-	assert.Equal(t, false, ok)
-
-	// Invalid IP in filter
-	ok, err = utils.FilterIP("invalid_ip", "10.5.5.5")
-	assert.ErrorContains(t, err, "invalid IP address in filter")
-	assert.Equal(t, false, ok)
-
-	// Invalid IP to check
-	ok, err = utils.FilterIP("10.10.10.10", "invalid_ip")
-	assert.ErrorContains(t, err, "invalid IP address")
-	assert.Equal(t, false, ok)
-}
-
-func TestCheckFilter(t *testing.T) {
-	// Empty filter
-	assert.Equal(t, true, utils.CheckFilter("", "anystring"))
-
-	// Exact match
-	assert.Equal(t, true, utils.CheckFilter("hello", "hello"))
-
-	// Regex match
-	assert.Equal(t, true, utils.CheckFilter("/^h.*o$/", "hello"))
-
-	// Invalid regex
-	assert.Equal(t, false, utils.CheckFilter("/[unclosed", "test"))
-
-	// Comma-separated values
-	assert.Equal(t, true, utils.CheckFilter("apple, banana, cherry", "banana"))
-
-	// No match
-	assert.Equal(t, false, utils.CheckFilter("apple, banana, cherry", "grape"))
-}
-
-func TestGenerateUUID(t *testing.T) {
-	// Consistent output for same input
-	id1 := utils.GenerateUUID("teststring")
-	id2 := utils.GenerateUUID("teststring")
-	assert.Equal(t, id1, id2)
-
-	// Different output for different input
-	id3 := utils.GenerateUUID("differentstring")
-	assert.Assert(t, id1 != id3)
-}

internal/utils/string_utils_test.go

@@ -1,50 +0,0 @@
-package utils_test
-
-import (
-	"testing"
-	"tinyauth/internal/utils"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestCapitalize(t *testing.T) {
-	// Test empty string
-	assert.Equal(t, "", utils.Capitalize(""))
-
-	// Test single character
-	assert.Equal(t, "A", utils.Capitalize("a"))
-
-	// Test multiple characters
-	assert.Equal(t, "Hello", utils.Capitalize("hello"))
-
-	// Test already capitalized
-	assert.Equal(t, "World", utils.Capitalize("World"))
-
-	// Test non-alphabetic first character
-	assert.Equal(t, "1number", utils.Capitalize("1number"))
-
-	// Test Unicode characters
-	assert.Equal(t, "Γειά", utils.Capitalize("γειά"))
-	assert.Equal(t, "Привет", utils.Capitalize("привет"))
-
-}
-
-func TestCoalesceToString(t *testing.T) {
-	// Test with []any containing strings
-	assert.Equal(t, "a,b,c", utils.CoalesceToString([]any{"a", "b", "c"}))
-
-	// Test with []any containing mixed types
-	assert.Equal(t, "a,c", utils.CoalesceToString([]any{"a", 1, "c", true}))
-
-	// Test with []any containing no strings
-	assert.Equal(t, "", utils.CoalesceToString([]any{1, 2, 3}))
-
-	// Test with string input
-	assert.Equal(t, "hello", utils.CoalesceToString("hello"))
-
-	// Test with non-string, non-[]any input
-	assert.Equal(t, "", utils.CoalesceToString(123))
-
-	// Test with nil input
-	assert.Equal(t, "", utils.CoalesceToString(nil))
-}

internal/utils/user_utils_test.go

@@ -1,163 +0,0 @@
-package utils_test
-
-import (
-	"os"
-	"testing"
-	"tinyauth/internal/utils"
-
-	"gotest.tools/v3/assert"
-)
-
-func TestGetUsers(t *testing.T) {
-	// Setup
-	file, err := os.Create("/tmp/tinyauth_users_test.txt")
-	assert.NilError(t, err)
-
-	_, err = file.WriteString("      user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G        \n         user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G                    ") // Spacing is on purpose
-	assert.NilError(t, err)
-
-	err = file.Close()
-	assert.NilError(t, err)
-	defer os.Remove("/tmp/tinyauth_users_test.txt")
-
-	// Test file
-	users, err := utils.GetUsers("", "/tmp/tinyauth_users_test.txt")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, 2, len(users))
-
-	assert.Equal(t, "user1", users[0].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
-	assert.Equal(t, "user2", users[1].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
-
-	// Test config
-	users, err = utils.GetUsers("user3:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G,user4:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, 2, len(users))
-
-	assert.Equal(t, "user3", users[0].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
-	assert.Equal(t, "user4", users[1].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
-
-	// Test both
-	users, err = utils.GetUsers("user5:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "/tmp/tinyauth_users_test.txt")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, 3, len(users))
-
-	assert.Equal(t, "user5", users[0].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
-	assert.Equal(t, "user1", users[1].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
-	assert.Equal(t, "user2", users[2].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[2].Password)
-
-	// Test empty
-	users, err = utils.GetUsers("", "")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, 0, len(users))
-
-	// Test non-existent file
-	users, err = utils.GetUsers("", "/tmp/non_existent_file.txt")
-
-	assert.ErrorContains(t, err, "no such file or directory")
-
-	assert.Equal(t, 0, len(users))
-}
-
-func TestParseUsers(t *testing.T) {
-	// Valid users
-	users, err := utils.ParseUsers("user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G,user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF") // user2 has TOTP
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, 2, len(users))
-
-	assert.Equal(t, "user1", users[0].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
-	assert.Equal(t, "", users[0].TotpSecret)
-	assert.Equal(t, "user2", users[1].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
-	assert.Equal(t, "ABCDEF", users[1].TotpSecret)
-
-	// Valid weirdly spaced users
-	users, err = utils.ParseUsers("      user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G        ,         user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF                    ") // Spacing is on purpose
-	assert.NilError(t, err)
-
-	assert.Equal(t, 2, len(users))
-
-	assert.Equal(t, "user1", users[0].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
-	assert.Equal(t, "", users[0].TotpSecret)
-	assert.Equal(t, "user2", users[1].Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
-	assert.Equal(t, "ABCDEF", users[1].TotpSecret)
-}
-
-func TestParseUser(t *testing.T) {
-	// Valid user without TOTP
-	user, err := utils.ParseUser("user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, "user1", user.Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", user.Password)
-	assert.Equal(t, "", user.TotpSecret)
-
-	// Valid user with TOTP
-	user, err = utils.ParseUser("user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, "user2", user.Username)
-	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", user.Password)
-	assert.Equal(t, "ABCDEF", user.TotpSecret)
-
-	// Valid user with $$ in password
-	user, err = utils.ParseUser("user3:pa$$word123")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, "user3", user.Username)
-	assert.Equal(t, "pa$word123", user.Password)
-	assert.Equal(t, "", user.TotpSecret)
-
-	// User with spaces
-	user, err = utils.ParseUser("   user4   :   password123   :   TOTPSECRET   ")
-
-	assert.NilError(t, err)
-
-	assert.Equal(t, "user4", user.Username)
-	assert.Equal(t, "password123", user.Password)
-	assert.Equal(t, "TOTPSECRET", user.TotpSecret)
-
-	// Invalid users
-	_, err = utils.ParseUser("user1") // Missing password
-	assert.ErrorContains(t, err, "invalid user format")
-
-	_, err = utils.ParseUser("user1:")
-	assert.ErrorContains(t, err, "invalid user format")
-
-	_, err = utils.ParseUser(":password123")
-	assert.ErrorContains(t, err, "invalid user format")
-
-	_, err = utils.ParseUser("user1:password123:ABC:EXTRA") // Too many parts
-	assert.ErrorContains(t, err, "invalid user format")
-
-	_, err = utils.ParseUser("user1::ABC")
-	assert.ErrorContains(t, err, "invalid user format")
-
-	_, err = utils.ParseUser(":password123:ABC")
-	assert.ErrorContains(t, err, "invalid user format")
-
-	_, err = utils.ParseUser("   :   :   ")
-	assert.ErrorContains(t, err, "invalid user format")
-}