mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-04-18 19:56:08 +00:00
Compare commits
1 Commits
e2e
...
45d17f8425
| Author | SHA1 | Date | |
|---|---|---|---|
|
45d17f8425 |
@@ -1,28 +0,0 @@
|
|||||||
# E2E Framework
|
|
||||||
|
|
||||||
[Project link](https://github.com/orgs/tinyauthapp/projects/1/views/1)
|
|
||||||
|
|
||||||
This is designed as an E2E framework to be able to test for changes in common proxy and application apps that tinyauth users are likely to use.
|
|
||||||
|
|
||||||
This is **not** designed to test functionality, it is a [Canary](https://en.wikipedia.org/wiki/Sentinel_species#Canaries). All functionailty testing is already done by Unit tests within the standard tinyauth PR / release workflows.
|
|
||||||
|
|
||||||
## Design
|
|
||||||
|
|
||||||
Primary testing is via Docker, although a minimal Kubernetes stack is also planned.
|
|
||||||
|
|
||||||
Initially this is being created to test the proxy connection, and ability to login.
|
|
||||||
|
|
||||||
Testing of endpoints and providers will be done via `traefik`.
|
|
||||||
|
|
||||||
It requires at least two endpoints, one will be `whoami` as an easy "is this working", but it also later requires an OIDC test (TBD), and a nested HTTP Auth (TBD).
|
|
||||||
|
|
||||||
It should test against all "known" Oauth providers (ie, the ones that are specifically mentioned in the documentation, including community supplied if possible).
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> This requires having both Google and Github logins for the built-in providers, so security for those on a public E2E setup must be taken into account.
|
|
||||||
|
|
||||||
## Running
|
|
||||||
|
|
||||||
Run the <./test.sh> script, this handles everything for all tests.
|
|
||||||
|
|
||||||
TODO: Implement options to limit testing to specific proxies and auth services.
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
# This contains base apps without any proxy information
|
|
||||||
|
|
||||||
services:
|
|
||||||
tinyauth:
|
|
||||||
image: ${TINYAUTH_IMAGE:-ghcr.io/steveiliop56/tinyauth}:${TINYAUTH_IMAGE_TAG:-v5}
|
|
||||||
environment:
|
|
||||||
TINYAUTH_ANALYTICS_ENABLED: "false"
|
|
||||||
TINYAUTH_APPURL: "https://tinyauth.${DOMAIN:-local}"
|
|
||||||
volumes:
|
|
||||||
- "./config:/data"
|
|
||||||
@@ -1,44 +0,0 @@
|
|||||||
# This contains Traefik proxy versions
|
|
||||||
# All apps must be prefixed by `traefik-`
|
|
||||||
|
|
||||||
services:
|
|
||||||
traefik:
|
|
||||||
container_name: traefik
|
|
||||||
image: ${TRAEFIK_IMAGE:-traefik}:${TRAEFIK_IMAGE_TAG:-v3}
|
|
||||||
networks:
|
|
||||||
- e2e
|
|
||||||
environment:
|
|
||||||
TZ: "${TZ:-Europe/London}"
|
|
||||||
PUID: "${PUID:-1000}"
|
|
||||||
PGID: "${PGID:-1000}"
|
|
||||||
UMASK: "000"
|
|
||||||
command:
|
|
||||||
- "--entryPoints.web.address=:80"
|
|
||||||
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
|
|
||||||
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
|
||||||
- "--entryPoints.websecure.address=:443"
|
|
||||||
- "--providers.docker=true"
|
|
||||||
- "--providers.docker.endpoint=/var/run/docker.sock"
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
||||||
- "./.ssl/key.pem:/run/secrets/key.pem:ro"
|
|
||||||
- "./.ssl/cert.pem:/run/secrets/cert.pem:ro"
|
|
||||||
- "./config:/etc/traefik"
|
|
||||||
|
|
||||||
traefik-tinyauth:
|
|
||||||
container_name: traefik-tinyauth
|
|
||||||
extends:
|
|
||||||
file: ../compose.base.yaml
|
|
||||||
service: tinyauth
|
|
||||||
networks:
|
|
||||||
e2e-external:
|
|
||||||
e2e:
|
|
||||||
aliases:
|
|
||||||
- "traefik-tinyauth.$DOMAIN"
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.tinyauth.rule=Host(`tinyauth.$DOMAIN`)"
|
|
||||||
- "traefik.http.services.tinyauth.loadbalancer.server.port=3000"
|
|
||||||
- "traefik.http.middlewares.tinyauth.forwardauth.address=http://tinyauth:3000/api/auth/traefik"
|
|
||||||
- "traefik.http.middlewares.tinyauth.forwardauth.authResponseHeaders=X-Forwarded-User"
|
|
||||||
- "traefik.http.middlewares.tinyauth.forwardauth.maxResponseBodySize=32768"
|
|
||||||
@@ -1,53 +0,0 @@
|
|||||||
name: tinyauth-e2e
|
|
||||||
|
|
||||||
services:
|
|
||||||
traefik-tinyauth:
|
|
||||||
container_name: traefik-tinyauth
|
|
||||||
extends:
|
|
||||||
file: ../compose.base.yaml
|
|
||||||
service: tinyauth
|
|
||||||
networks:
|
|
||||||
e2e-external:
|
|
||||||
e2e:
|
|
||||||
aliases:
|
|
||||||
- "traefik-tinyauth.$DOMAIN"
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.tinyauth.rule=Host(`tinyauth.$DOMAIN`)"
|
|
||||||
- "traefik.http.services.tinyauth.loadbalancer.server.port=3000"
|
|
||||||
- "traefik.http.middlewares.tinyauth.forwardauth.address=http://tinyauth:3000/api/auth/traefik"
|
|
||||||
- "traefik.http.middlewares.tinyauth.forwardauth.authResponseHeaders=X-Forwarded-User"
|
|
||||||
- "traefik.http.middlewares.tinyauth.forwardauth.maxResponseBodySize=32768"
|
|
||||||
|
|
||||||
traefik-tinyauth-google:
|
|
||||||
container_name: traefik-tinyauth-google
|
|
||||||
secrets:
|
|
||||||
- google_client_secret
|
|
||||||
environment:
|
|
||||||
TINYAUTH_OAUTH_PROVIDERS_GOOGLE_CLIENTID: "$GOOGLE_CLIENT_ID"
|
|
||||||
TINYAUTH_OAUTH_PROVIDERS_GOOGLE_CLIENTSECRETFILE: "/run/secrets/google_client_secret"
|
|
||||||
TINYAUTH_OAUTH_WHITELIST: "${WHITELIST:?Set the WHITELIST to your google email address!}"
|
|
||||||
|
|
||||||
whoami:
|
|
||||||
image: traefik/whoami:latest
|
|
||||||
networks:
|
|
||||||
e2e:
|
|
||||||
aliases:
|
|
||||||
- "whoami.$DOMAIN"
|
|
||||||
labels:
|
|
||||||
traefik.enable: true
|
|
||||||
traefik.http.routers.whoami.rule: Host(`whoami.$DOMAIN`)
|
|
||||||
traefik.http.routers.whoami.middlewares: tinyauth
|
|
||||||
|
|
||||||
networks:
|
|
||||||
e2e-external:
|
|
||||||
name: "e2e-external"
|
|
||||||
driver: bridge
|
|
||||||
enable_ipv4: true
|
|
||||||
enable_ipv6: true
|
|
||||||
e2e:
|
|
||||||
name: "e2e"
|
|
||||||
driver: bridge
|
|
||||||
internal: true
|
|
||||||
enable_ipv4: true
|
|
||||||
enable_ipv6: false
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
|
|
||||||
2
go.mod
2
go.mod
@@ -24,7 +24,7 @@ require (
|
|||||||
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546
|
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546
|
||||||
golang.org/x/oauth2 v0.36.0
|
golang.org/x/oauth2 v0.36.0
|
||||||
gotest.tools/v3 v3.5.2
|
gotest.tools/v3 v3.5.2
|
||||||
modernc.org/sqlite v1.48.0
|
modernc.org/sqlite v1.48.1
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
|||||||
4
go.sum
4
go.sum
@@ -389,8 +389,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
|
|||||||
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
|
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
|
||||||
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
|
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
|
||||||
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
|
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
|
||||||
modernc.org/sqlite v1.48.0 h1:ElZyLop3Q2mHYk5IFPPXADejZrlHu7APbpB0sF78bq4=
|
modernc.org/sqlite v1.48.1 h1:S85iToyU6cgeojybE2XJlSbcsvcWkQ6qqNXJHtW5hWA=
|
||||||
modernc.org/sqlite v1.48.0/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
|
modernc.org/sqlite v1.48.1/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
|
||||||
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
|
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
|
||||||
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
|
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
|
||||||
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
|
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
|
||||||
|
|||||||
Reference in New Issue
Block a user