feat: add trace logging

fix: use correct path for data directory in distroless
feat: sort configured providers based on name length
2025-11-03 23:55:44 +00:00 · 2025-10-11 15:27:01 +03:00 · 2025-10-11 15:18:37 +03:00 · 2025-10-10 17:16:22 +03:00 · 2025-10-10 16:42:19 +03:00 · 2025-10-10 16:28:52 +03:00
8 changed files with 23 additions and 5 deletions
--- a/Dockerfile.distroless
+++ b/Dockerfile.distroless
@@ -38,7 +38,7 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist

-RUN mkdir -p /data
+RUN mkdir -p data

 RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
 
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -112,6 +112,10 @@ func (c *rootCmd) run(cmd *cobra.Command, args []string) {
 	log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel)))
 	log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting Tinyauth")

+	if log.Logger.GetLevel() == zerolog.TraceLevel {
+		log.Warn().Msg("Log level set to trace, this will log sensitive information!")
+	}
+
 	app := bootstrap.NewBootstrapApp(conf)

 	err = app.Setup()
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"sort"
 	"strings"
 	"time"
 	"tinyauth/internal/config"
@@ -157,6 +158,10 @@ func (app *BootstrapApp) Setup() error {
 		})
 	}

+	sort.Slice(configuredProviders, func(i, j int) bool {
+		return configuredProviders[i].Name < configuredProviders[j].Name
+	})
+
 	if authService.UserAuthConfigured() || ldapService != nil {
 		configuredProviders = append(configuredProviders, controller.Provider{
 			Name:  "Username",
@@ -173,6 +178,7 @@ func (app *BootstrapApp) Setup() error {

 	// Create engine
 	engine := gin.New()
+	engine.Use(gin.Recovery())

 	if len(app.config.TrustedProxies) > 0 {
 		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -162,7 +162,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {

 	var name string

-	if user.Name != "" {
+	if strings.TrimSpace(user.Name) != "" {
 		log.Debug().Msg("Using name from OAuth provider")
 		name = user.Name
 	} else {
@@ -172,7 +172,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {

 	var username string

-	if user.PreferredUsername != "" {
+	if strings.TrimSpace(user.PreferredUsername) != "" {
 		log.Debug().Msg("Using preferred username from OAuth provider")
 		username = user.PreferredUsername
 	} else {
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -84,6 +84,8 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}

+	log.Trace().Interface("labels", labels).Msg("Labels for resource")
+
 	clientIP := c.ClientIP()

 	if controller.auth.IsBypassedIP(labels.IP, clientIP) {
@@ -150,6 +152,8 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		userContext = context
 	}

+	log.Trace().Interface("context", userContext).Msg("User context from request")
+
 	if userContext.Provider == "basic" && userContext.TotpEnabled {
 		log.Debug().Msg("User has TOTP enabled, denying basic auth access")
 		userContext.IsLoggedIn = false
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -318,6 +318,7 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte

 	for userGroup := range strings.SplitSeq(context.OAuthGroups, ",") {
 		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
+			log.Trace().Str("group", userGroup).Str("required", requiredGroups).Msg("User group matched")
 			return true
 		}
 	}
--- a/internal/service/docker_service.go
+++ b/internal/service/docker_service.go
@@ -89,12 +89,12 @@ func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {

 		for appName, appLabels := range labels.Apps {
 			if appLabels.Config.Domain == appDomain {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
+				log.Debug().Str("id", inspect.ID).Str("name", inspect.Name).Msg("Found matching container by domain")
 				return appLabels, nil
 			}

 			if strings.TrimPrefix(inspect.Name, "/") == appName {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by app name")
+				log.Debug().Str("id", inspect.ID).Str("name", inspect.Name).Msg("Found matching container by app name")
 				return appLabels, nil
 			}
 		}
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -12,6 +12,7 @@ import (
 	"time"
 	"tinyauth/internal/config"

+	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"
 )

@@ -110,6 +111,8 @@ func (generic *GenericOAuthService) Userinfo() (config.Claims, error) {
 		return user, err
 	}

+	log.Trace().Str("body", string(body)).Msg("Userinfo response body")
+
 	err = json.Unmarshal(body, &user)
 	if err != nil {
 		return user, err
Author	SHA1	Message	Date
Stavros	9b76a84ee2	feat: add trace logging	2025-10-11 15:27:01 +03:00
Stavros	ed20d2cf51	fix: use correct path for data directory in distroless	2025-10-11 15:18:37 +03:00
Stavros	fc7e395e66	feat: sort configured providers based on name length	2025-10-10 17:16:22 +03:00
Stavros	b940d681c3	feat: use recovery gin middleware in engine	2025-10-10 16:42:19 +03:00
Stavros	a1ec4a69cf	fix: remove spaces before checking oauth name and username	2025-10-10 16:28:52 +03:00
github-actions[bot]	4047cea451	docs: regenerate readme sponsors list (#402 ) Co-authored-by: GitHub <noreply@github.com>	2025-10-10 15:52:45 +03:00