docs: regenerate readme sponsors list

* feat: add http cache for static files

fix #392

* minor typo fix

.github/workflows/ci.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Install frontend dependencies
         run: |
           cd frontend
-          bun install
+          bun install --frozen-lockfile
 
       - name: Set version
         run: |

.github/workflows/nightly.yml

@@ -66,7 +66,7 @@ jobs:
       - name: Install frontend dependencies
         run: |
           cd frontend
-          bun install
+          bun install --frozen-lockfile
 
       - name: Install backend dependencies
         run: |
@@ -112,7 +112,7 @@ jobs:
       - name: Install frontend dependencies
         run: |
           cd frontend
-          bun install
+          bun install --frozen-lockfile
 
       - name: Install backend dependencies
         run: |
@@ -396,6 +396,8 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=false
           tags: |
             type=raw,nightly
 
@@ -433,6 +435,8 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=false
           tags: |
             type=raw,nightly-distroless
 

.github/workflows/release.yml

@@ -44,7 +44,7 @@ jobs:
       - name: Install frontend dependencies
         run: |
           cd frontend
-          bun install
+          bun install --frozen-lockfile
 
       - name: Install backend dependencies
         run: |
@@ -87,7 +87,7 @@ jobs:
       - name: Install frontend dependencies
         run: |
           cd frontend
-          bun install
+          bun install --frozen-lockfile
 
       - name: Install backend dependencies
         run: |
@@ -359,10 +359,13 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=true
+            prefix=v,onlatest=false
           tags: |
-            type=semver,pattern={{version}},prefix=v
-            type=semver,pattern={{major}},prefix=v
-            type=semver,pattern={{major}}.{{minor}},prefix=v
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
 
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests
@@ -398,10 +401,14 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=false
+            prefix=v,onlatest=false
+            suffix=-distroless,onlatest=false
           tags: |
-            type=semver,pattern={{version}},prefix=v,suffix=-distroless
-            type=semver,pattern={{major}},prefix=v,suffix=-distroless
-            type=semver,pattern={{major}}.{{minor}},prefix=v,suffix=-distroless
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
 
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests

Dockerfile

@@ -6,7 +6,7 @@ WORKDIR /frontend
 COPY ./frontend/package.json ./
 COPY ./frontend/bun.lock ./
 
-RUN bun install
+RUN bun install --frozen-lockfile
 
 COPY ./frontend/public ./public
 COPY ./frontend/src ./src
@@ -47,10 +47,16 @@ WORKDIR /tinyauth
 
 COPY --from=builder /tinyauth/tinyauth ./
 
+RUN mkdir -p /data
+
 EXPOSE 3000
 
 VOLUME ["/data"]
 
-HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["/tinyauth/tinyauth", "healthcheck"]
+ENV GIN_MODE=release
 
-ENTRYPOINT ["/tinyauth/tinyauth"]
+ENV PATH=$PATH:/tinyauth
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]
+
+ENTRYPOINT ["tinyauth"]

Dockerfile.distroless

@@ -6,7 +6,7 @@ WORKDIR /frontend
 COPY ./frontend/package.json ./
 COPY ./frontend/bun.lock ./
 
-RUN bun install
+RUN bun install --frozen-lockfile
 
 COPY ./frontend/public ./public
 COPY ./frontend/src ./src
@@ -38,6 +38,8 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
+RUN mkdir -p /data
+
 RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
  
 # Runner
@@ -47,10 +49,17 @@ WORKDIR /tinyauth
 
 COPY --from=builder /tinyauth/tinyauth ./
 
+# Since it's distroless, we need to copy the data directory from the builder stage
+COPY --from=builder /tinyauth/data /data
+
 EXPOSE 3000
 
 VOLUME ["/data"]
 
-HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["/tinyauth/tinyauth", "healthcheck"]
+ENV GIN_MODE=release
 
-ENTRYPOINT ["/tinyauth/tinyauth"]
+ENV PATH=$PATH:/tinyauth
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]
+
+ENTRYPOINT ["tinyauth"]

README.md

@@ -53,7 +53,7 @@ Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You ma
 
 A big thank you to the following people for providing me with more coffee:
 
-<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<!-- sponsors -->
+<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<!-- sponsors -->
 
 ## Acknowledgements
 

air.toml

@@ -2,7 +2,7 @@ root = "/tinyauth"
 tmp_dir = "tmp"
 
 [build]
-pre_cmd = ["mkdir -p internal/assets/dist", "echo 'backend running' > internal/assets/dist/index.html", "go install github.com/go-delve/delve/cmd/dlv@v1.25.0"]
+pre_cmd = ["mkdir -p internal/assets/dist", "mkdir -p /data", "echo 'backend running' > internal/assets/dist/index.html", "go install github.com/go-delve/delve/cmd/dlv@v1.25.0"]
 cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ."
 bin = "/go/bin/dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 include_ext = ["go"]

frontend/index.html

@@ -8,7 +8,7 @@
     <link rel="shortcut icon" href="/favicon.ico" />
     <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
     <meta name="apple-mobile-web-app-title" content="Tinyauth" />
-    <meta name="robots" content="none" />
+    <meta name="robots" content="nofollow, noindex" />
     <link rel="manifest" href="/site.webmanifest" />
     <title>Tinyauth</title>
   </head>

frontend/src/components/layout/layout.tsx

@@ -1,11 +1,15 @@
 import { useAppContext } from "@/context/app-context";
 import { LanguageSelector } from "../language/language";
 import { Outlet } from "react-router";
-import { useCallback, useState } from "react";
+import { useCallback, useEffect, useState } from "react";
 import { DomainWarning } from "../domain-warning/domain-warning";
 
 const BaseLayout = ({ children }: { children: React.ReactNode }) => {
-  const { backgroundImage } = useAppContext();
+  const { backgroundImage, title } = useAppContext();
+
+  useEffect(() => {
+    document.title = title;
+  }, [title]);
 
   return (
     <div

internal/bootstrap/app_bootstrap.go

@@ -150,18 +150,6 @@ func (app *BootstrapApp) Setup() error {
 	configuredProviders := make([]controller.Provider, 0)
 
 	for id, provider := range oauthProviders {
-		if id == "" {
-			continue
-		}
-
-		if provider.Name == "" {
-			if name, ok := config.OverrideProviders[id]; ok {
-				provider.Name = name
-			} else {
-				provider.Name = utils.Capitalize(id)
-			}
-		}
-
 		configuredProviders = append(configuredProviders, controller.Provider{
 			Name:  provider.Name,
 			ID:    id,
@@ -184,10 +172,6 @@ func (app *BootstrapApp) Setup() error {
 	}
 
 	// Create engine
-	if config.Version != "development" {
-		gin.SetMode(gin.ReleaseMode)
-	}
-
 	engine := gin.New()
 
 	if len(app.config.TrustedProxies) > 0 {

internal/middleware/ui_middleware.go

@@ -1,10 +1,12 @@
 package middleware
 
 import (
+	"fmt"
 	"io/fs"
 	"net/http"
 	"os"
 	"strings"
+	"time"
 	"tinyauth/internal/assets"
 
 	"github.com/gin-gonic/gin"
@@ -27,14 +29,16 @@ func (m *UIMiddleware) Init() error {
 	}
 
 	m.uiFs = ui
-	m.uiFileServer = http.FileServer(http.FS(ui))
+	m.uiFileServer = http.FileServerFS(ui)
 
 	return nil
 }
 
 func (m *UIMiddleware) Middleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		switch strings.Split(c.Request.URL.Path, "/")[1] {
+		path := strings.TrimPrefix(c.Request.URL.Path, "/")
+
+		switch strings.SplitN(path, "/", 2)[0] {
 		case "api":
 			c.Next()
 			return
@@ -42,12 +46,19 @@ func (m *UIMiddleware) Middleware() gin.HandlerFunc {
 			c.Next()
 			return
 		default:
-			_, err := fs.Stat(m.uiFs, strings.TrimPrefix(c.Request.URL.Path, "/"))
+			_, err := fs.Stat(m.uiFs, path)
+
+			// Enough for one authentication flow
+			maxAge := 15 * time.Minute
 
 			if os.IsNotExist(err) {
 				c.Request.URL.Path = "/"
+			} else if strings.HasPrefix(path, "assets/") {
+				// assets are named with a hash and can be cached for a long time
+				maxAge = 30 * 24 * time.Hour
 			}
 
+			c.Writer.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%d", int(maxAge.Seconds())))
 			m.uiFileServer.ServeHTTP(c.Writer, c.Request)
 			c.Abort()
 			return

internal/service/docker_service.go

@@ -12,8 +12,9 @@ import (
 )
 
 type DockerService struct {
-	client  *client.Client
-	context context.Context
+	client      *client.Client
+	context     context.Context
+	isConnected bool
 }
 
 func NewDockerService() *DockerService {
@@ -31,10 +32,24 @@ func (docker *DockerService) Init() error {
 
 	docker.client = client
 	docker.context = ctx
+
+	_, err = docker.client.Ping(docker.context)
+
+	if err != nil {
+		log.Debug().Err(err).Msg("Docker not connected")
+		docker.isConnected = false
+		docker.client = nil
+		docker.context = nil
+		return nil
+	}
+
+	docker.isConnected = true
+	log.Debug().Msg("Docker connected")
+
 	return nil
 }
 
-func (docker *DockerService) GetContainers() ([]container.Summary, error) {
+func (docker *DockerService) getContainers() ([]container.Summary, error) {
 	containers, err := docker.client.ContainerList(docker.context, container.ListOptions{})
 	if err != nil {
 		return nil, err
@@ -42,7 +57,7 @@ func (docker *DockerService) GetContainers() ([]container.Summary, error) {
 	return containers, nil
 }
 
-func (docker *DockerService) InspectContainer(containerId string) (container.InspectResponse, error) {
+func (docker *DockerService) inspectContainer(containerId string) (container.InspectResponse, error) {
 	inspect, err := docker.client.ContainerInspect(docker.context, containerId)
 	if err != nil {
 		return container.InspectResponse{}, err
@@ -50,35 +65,26 @@ func (docker *DockerService) InspectContainer(containerId string) (container.Ins
 	return inspect, nil
 }
 
-func (docker *DockerService) DockerConnected() bool {
-	_, err := docker.client.Ping(docker.context)
-	return err == nil
-}
-
 func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {
-	isConnected := docker.DockerConnected()
-
-	if !isConnected {
+	if !docker.isConnected {
 		log.Debug().Msg("Docker not connected, returning empty labels")
 		return config.App{}, nil
 	}
 
-	containers, err := docker.GetContainers()
+	containers, err := docker.getContainers()
 	if err != nil {
 		return config.App{}, err
 	}
 
 	for _, ctr := range containers {
-		inspect, err := docker.InspectContainer(ctr.ID)
+		inspect, err := docker.inspectContainer(ctr.ID)
 		if err != nil {
-			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error inspecting container, skipping")
-			continue
+			return config.App{}, err
 		}
 
 		labels, err := decoders.DecodeLabels(inspect.Config.Labels)
 		if err != nil {
-			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error getting container labels, skipping")
-			continue
+			return config.App{}, err
 		}
 
 		for appName, appLabels := range labels.Apps {

internal/service/oauth_broker_service.go

@@ -50,7 +50,7 @@ func (broker *OAuthBrokerService) Init() error {
 			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
 			return err
 		}
-		log.Info().Str("service", service.GetName()).Msg("Initialized OAuth service")
+		log.Info().Str("service", name).Msg("Initialized OAuth service")
 	}
 
 	return nil

internal/utils/app_utils.go

@@ -184,7 +184,6 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 	}
 
 	// If we have google/github providers and no redirect URL then set a default
-
 	for id := range config.OverrideProviders {
 		if provider, exists := providers[id]; exists {
 			if provider.RedirectURL == "" {
@@ -194,6 +193,18 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 		}
 	}
 
+	// Set names
+	for id, provider := range providers {
+		if provider.Name == "" {
+			if name, ok := config.OverrideProviders[id]; ok {
+				provider.Name = name
+			} else {
+				provider.Name = Capitalize(id)
+			}
+		}
+		providers[id] = provider
+	}
+
 	// Return combined providers
 	return providers, nil
 }

internal/utils/app_utils_test.go

@@ -210,10 +210,12 @@ func TestGetOAuthProvidersConfig(t *testing.T) {
 		"client1": {
 			ClientID:     "client1-id",
 			ClientSecret: "client1-secret",
+			Name:         "Client1",
 		},
 		"client2": {
 			ClientID:     "client2-id",
 			ClientSecret: "client2-secret",
+			Name:         "Client2",
 		},
 	}
 
@@ -247,6 +249,7 @@ func TestGetOAuthProvidersConfig(t *testing.T) {
 		"client1": {
 			ClientID:     "client1-id",
 			ClientSecret: "file content",
+			Name:         "Client1",
 		},
 	}
 
@@ -262,6 +265,7 @@ func TestGetOAuthProvidersConfig(t *testing.T) {
 			ClientID:     "google-id",
 			ClientSecret: "google-secret",
 			RedirectURL:  "http://app.url/api/oauth/callback/google",
+			Name:         "Google",
 		},
 	}