refactor: ignore containers that failed to get inspected in docker

refactor: use splitn in header parser
fix: sanitize headers before adding to map
2025-10-28 20:55:42 +00:00 · 2025-06-15 19:56:37 +03:00 · 2025-06-15 19:55:03 +03:00 · 2025-06-15 19:50:33 +03:00 · 2025-06-15 19:39:38 +03:00
6 changed files with 27 additions and 26 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,8 +2,8 @@

 ## Supported Versions

-It is recommended to use the [latest](https://github.com/steveiliop56/tinyauth/releases/latest) available version of tinyauth. This is because it includes security fixes, new features and dependency updates. Older versions, especially major ones, are not supported and won't receive security or patch updates.
+Please always use the latest available Tinyauth version which can be found [here](https://github.com/steveiliop56/tinyauth/releases/latest). Older versions (especially major) may contain security issues which I cannot go back and fix.

 ## Reporting a Vulnerability

-Due to the nature of this app, it needs to be secure. If you discover any security issues or vulnerabilities in the app please contact me as soon as possible at <steve@doesmycode.work>. Please do not use the issues section to report security issues as I won't be able to patch them in time and they may get exploited by malicious actors.
+Due to the nature of this app, it needs to be secure. If you find any security issues in the OAuth or login flow of the app please contact me at <steve@doesmycode.work> and include a concise description of the issue. Please do not use the issues section for reporting major security issues.
--- a/frontend/src/components/layout/layout.tsx
+++ b/frontend/src/components/layout/layout.tsx
@@ -7,7 +7,7 @@ export const Layout = () => {

  return (
    <div
-      className="relative flex flex-col justify-center items-center min-h-dvh"
+      className="relative flex flex-col justify-center items-center min-h-svh"
      style={{
        backgroundImage: `url(${backgroundImage})`,
        backgroundSize: "cover",
--- a/internal/docker/docker.go
+++ b/internal/docker/docker.go
@@ -74,7 +74,7 @@ func (docker *Docker) DockerConnected() bool {
 	return err == nil
 }

-func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) {
+func (docker *Docker) GetLabels(appId string) (types.Labels, error) {
 	// Check if we have access to the Docker API
 	isConnected := docker.DockerConnected()

@@ -85,16 +85,15 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error)
 	}

 	// Get the containers
-	log.Debug().Msg("Getting containers")
-
 	containers, err := docker.GetContainers()

 	// If there is an error, return false
 	if err != nil {
-		log.Error().Err(err).Msg("Error getting containers")
 		return types.Labels{}, err
 	}

+	log.Debug().Msg("Got containers")
+
 	// Loop through the containers
 	for _, container := range containers {
 		// Inspect the container
@@ -106,22 +105,28 @@ func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error)
 			continue
 		}

-		// Get the labels
-		log.Debug().Str("id", inspect.ID).Msg("Getting labels for container")
+		// Get the container name (for some reason it is /name)
+		containerName := strings.TrimPrefix(inspect.Name, "/")

-		labels, err := utils.GetLabels(inspect.Config.Labels)
+		// There is a container with the same name as the app ID
+		if containerName == appId {
+			log.Debug().Str("container", containerName).Msg("Found container")

-		// Check if there was an error
-		if err != nil {
-			log.Warn().Str("id", container.ID).Err(err).Msg("Error getting container labels, skipping")
-			continue
-		}
+			// Get only the tinyauth labels in a struct
+			labels, err := utils.GetLabels(inspect.Config.Labels)

-		// Check if the labels match the id or the domain
-		if strings.TrimPrefix(inspect.Name, "/") == id || labels.Domain == domain {
-			log.Debug().Str("id", inspect.ID).Msg("Found matching container")
+			// Check if there was an error
+			if err != nil {
+				log.Error().Err(err).Msg("Error parsing labels")
+				return types.Labels{}, err
+			}
+
+			log.Debug().Msg("Got labels")
+
+			// Return labels
 			return labels, nil
 		}
+
 	}

 	log.Debug().Msg("No matching container found, returning empty labels")
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -69,14 +69,11 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 	proto := c.Request.Header.Get("X-Forwarded-Proto")
 	host := c.Request.Header.Get("X-Forwarded-Host")

-	// Remove the port from the host if it exists
-	hostPortless := strings.Split(host, ":")[0] // *lol*
-
-	// Get the id
-	id := strings.Split(hostPortless, ".")[0]
+	// Get the app id
+	appId := strings.Split(host, ".")[0]

 	// Get the container labels
-	labels, err := h.Docker.GetLabels(id, hostPortless)
+	labels, err := h.Docker.GetLabels(appId)

 	log.Debug().Interface("labels", labels).Msg("Got labels")

--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -104,6 +104,5 @@ type Labels struct {
 	Users   string
 	Allowed string
 	Headers []string
-	Domain  string
 	OAuth   OAuthLabels
 }
--- a/internal/utils/utils.go
+++ b/internal/utils/utils.go
@@ -201,7 +201,7 @@ func GetLabels(labels map[string]string) (types.Labels, error) {
 	var labelsParsed types.Labels

 	// Decode the labels into the labels struct
-	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.domain", "tinyauth.oauth")
+	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.oauth")

 	// Check if there was an error
 	if err != nil {
Author	SHA1	Message	Date
Stavros	6157f75659	refactor: ignore containers that failed to get inspected in docker	2025-06-15 19:56:37 +03:00
Stavros	a621135ac0	refactor: use splitn in header parser	2025-06-15 19:55:03 +03:00
Stavros	aeb93da378	fix: sanitize headers before adding to map	2025-06-15 19:50:33 +03:00
Stavros	282cabf4dd	refactor: move to traefik paerser for label parsing	2025-06-15 19:39:38 +03:00