Compare commits

..

6 Commits

Author SHA1 Message Date
dependabot[bot] 79fe8845d6 chore(deps): bump docker/metadata-action from 6.1.0 to 6.2.0
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9...dc802804100637a589fabce1cb79ff13a1411302)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-03 08:13:35 +00:00
Stavros 440a3a3ef5 chore: cleanup codegen (#965) 2026-07-02 23:35:34 +03:00
Stavros a3c4d6ac83 chore: move tailscale to experimental config (#964) 2026-07-02 23:17:03 +03:00
Stavros c8b31c54a0 chore: remove prettier from frontend 2026-07-02 22:23:52 +03:00
Stavros 04b93fa107 fix: remove shutdown from serve error path 2026-07-02 15:07:04 +03:00
Stavros a6c716c4e2 fix: ensure data paths are set correctly in docker, fixes #958 (#959) 2026-07-01 16:12:46 +03:00
37 changed files with 172 additions and 259 deletions
+17 -17
View File
@@ -220,6 +220,23 @@ TINYAUTH_LDAP_AUTHCERT=
TINYAUTH_LDAP_AUTHKEY=
# Cache duration for LDAP group membership in seconds.
TINYAUTH_LDAP_GROUPCACHETTL=900
# experimental config
# Enable Tailscale integration.
TINYAUTH_EXPERIMENTAL_TAILSCALE_ENABLED=false
# Tailscale state directory.
TINYAUTH_EXPERIMENTAL_TAILSCALE_DIR="./tailscale_state"
# Tailscale hostname.
TINYAUTH_EXPERIMENTAL_TAILSCALE_HOSTNAME=
# Tailscale auth key.
TINYAUTH_EXPERIMENTAL_TAILSCALE_AUTHKEY=
# Use ephemeral Tailscale node.
TINYAUTH_EXPERIMENTAL_TAILSCALE_EPHEMERAL=false
# Enable Tailscale Funnel.
TINYAUTH_EXPERIMENTAL_TAILSCALE_FUNNEL=false
# Listen on the Tailscale address instead of standard address.
TINYAUTH_EXPERIMENTAL_TAILSCALE_LISTEN=false
# Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment.
TINYAUTH_LABELPROVIDER="auto"
@@ -241,20 +258,3 @@ TINYAUTH_LOG_STREAMS_APP_LEVEL=
TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
# Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=
# tailscale config
# Enable Tailscale integration.
TINYAUTH_TAILSCALE_ENABLED=false
# Tailscale state directory.
TINYAUTH_TAILSCALE_DIR="./tailscale_state"
# Tailscale hostname.
TINYAUTH_TAILSCALE_HOSTNAME=
# Tailscale auth key.
TINYAUTH_TAILSCALE_AUTHKEY=
# Use ephemeral Tailscale node.
TINYAUTH_TAILSCALE_EPHEMERAL=false
# Enable Tailscale Funnel.
TINYAUTH_TAILSCALE_FUNNEL=false
# Listen on the Tailscale address instead of standard address.
TINYAUTH_TAILSCALE_LISTEN=false
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
sqlc generate
go generate ./...
git diff --exit-code
git status --porcelain | grep -q . && echo "untracked files in git diff" && exit 1 || true
git status --porcelain | grep -q . && echo "untracked files code gen files" && exit 1 || true
- name: Install frontend dependencies
working-directory: ./frontend
+6 -6
View File
@@ -151,7 +151,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -209,7 +209,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -267,7 +267,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -325,7 +325,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -395,7 +395,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
@@ -434,7 +434,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
+6 -6
View File
@@ -121,7 +121,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -177,7 +177,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -233,7 +233,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -289,7 +289,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
@@ -360,7 +360,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
@@ -401,7 +401,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
+3
View File
@@ -51,3 +51,6 @@ config.certify.yml
# deepsec
/.deepsec
# jetbrains
/.idea/
+7 -5
View File
@@ -52,15 +52,17 @@ WORKDIR /tinyauth
COPY --from=builder /tinyauth/tinyauth ./
RUN mkdir -p /data
EXPOSE 3000
# Make the data directory with a non-root user
RUN addgroup tinyauth && adduser -DH tinyauth -G tinyauth
RUN mkdir -p /data/resources /data/oidc /data/tailscale
RUN chown -R tinyauth:tinyauth /data
VOLUME ["/data"]
ENV TINYAUTH_DATABASE_PATH=/data/tinyauth.db
ENV TINYAUTH_RESOURCES_PATH=/data/resources
# Tell tinyauth that it's running in a container and where to find the data directory
ENV RUNTIME_ENV=docker
ENV PATH=$PATH:/tinyauth
+8 -6
View File
@@ -40,13 +40,16 @@ COPY ./cmd ./cmd
COPY ./internal ./internal
COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
RUN mkdir -p data
RUN CGO_ENABLED=0 go build -ldflags "${LDFLAGS} \
-X github.com/tinyauthapp/tinyauth/internal/model.Version=${VERSION} \
-X github.com/tinyauthapp/tinyauth/internal/model.CommitHash=${COMMIT_HASH} \
-X github.com/tinyauthapp/tinyauth/internal/model.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
# Make the data directory with a non-root user
RUN addgroup tinyauth && adduser -DH tinyauth -G tinyauth
RUN mkdir -p /data/resources /data/oidc /data/tailscale
RUN chown -R tinyauth:tinyauth /data
# Runner
FROM gcr.io/distroless/static-debian12:latest AS runner
@@ -55,15 +58,14 @@ WORKDIR /tinyauth
COPY --from=builder /tinyauth/tinyauth ./
# Since it's distroless, we need to copy the data directory from the builder stage
COPY --from=builder /tinyauth/data /data
COPY --from=builder /data /data
EXPOSE 3000
VOLUME ["/data"]
ENV TINYAUTH_DATABASE_PATH=/data/tinyauth.db
ENV TINYAUTH_RESOURCES_PATH=/data/resources
# Tell tinyauth that it's running in a container and where to find the data directory
ENV RUNTIME_ENV=docker
ENV PATH=$PATH:/tinyauth
+10 -3
View File
@@ -16,6 +16,8 @@ PROD_COMPOSE := $(shell test -f "docker-compose.test.prod.yml" && echo "docker-c
.DEFAULT_GOAL := binary
.PHONY: deps clean-data clean-webui webui binary binary-linux-amd64 binary-linux-arm64 test vet test-race dev dev-infisical prod prod-infisical sql generate docker docker-distroless
# Deps
deps:
cd frontend && pnpm ci
@@ -58,12 +60,10 @@ binary-linux-arm64:
$(MAKE) binary
# Go test
.PHONY: test
test:
go test -v ./...
# Go vet
.PHONY: vet
vet:
go vet ./...
@@ -88,10 +88,17 @@ prod-infisical:
infisical run --env=dev -- docker compose -f $(PROD_COMPOSE) up --force-recreate --pull=always --remove-orphans
# SQL
.PHONY: sql
sql:
sqlc generate
# Go gen
generate:
go generate ./...
# Docker image
docker:
docker buildx build -t tinyauthapp/tinyauth:dev --build-arg=VERSION=$(TAG_NAME) --build-arg=COMMIT_HASH=$(COMMIT_HASH) --build-arg=BUILD_TIMESTAMP=$(BUILD_TIMESTAMP) -f Dockerfile .
# Docker image distroless
docker-distroless:
docker buildx build -t tinyauthapp/tinyauth:dev-distroless --build-arg=VERSION=$(TAG_NAME) --build-arg=COMMIT_HASH=$(COMMIT_HASH) --build-arg=BUILD_TIMESTAMP=$(BUILD_TIMESTAMP) -f Dockerfile.distroless .
+26
View File
@@ -0,0 +1,26 @@
package main
import (
"encoding/json"
"fmt"
"github.com/tinyauthapp/paerser/cli"
"github.com/tinyauthapp/tinyauth/internal/model"
)
func configCmd(tconfig *model.Config, loaders []cli.ResourceLoader) *cli.Command {
return &cli.Command{
Name: "config",
Description: "Print the configuration of Tinyauth",
Configuration: tconfig,
Resources: loaders,
Run: func(_ []string) error {
jsonBytes, err := json.MarshalIndent(tconfig, "", " ")
if err != nil {
return fmt.Errorf("failed to marshal configuration: %w", err)
}
fmt.Println(string(jsonBytes))
return nil
},
}
}
+8 -1
View File
@@ -13,7 +13,8 @@ import (
)
func main() {
tConfig := model.NewDefaultConfiguration()
env := model.DetectRuntimeEnv()
tConfig := model.NewDefaultConfiguration(env)
loaders := []cli.ResourceLoader{
&loaders.FileLoader{},
@@ -52,6 +53,12 @@ func main() {
log.Fatal().Err(err).Msg("Failed to add version command")
}
err = cmdTinyauth.AddCommand(configCmd(tConfig, loaders))
if err != nil {
log.Fatal().Err(err).Msg("Failed to add config command")
}
err = cmdUser.AddCommand(verifyUserCmd())
if err != nil {
-1
View File
@@ -51,7 +51,6 @@
"eslint-plugin-react-hooks": "^7.0.1",
"eslint-plugin-react-refresh": "^0.5.2",
"globals": "^17.5.0",
"prettier": "3.8.2",
"rollup-plugin-visualizer": "^7.0.1",
"tw-animate-css": "^1.4.0",
"typescript": "~6.0.2",
-10
View File
@@ -120,9 +120,6 @@ importers:
globals:
specifier: ^17.5.0
version: 17.6.0
prettier:
specifier: 3.8.2
version: 3.8.2
rollup-plugin-visualizer:
specifier: ^7.0.1
version: 7.0.1(rolldown@1.0.1)
@@ -2148,11 +2145,6 @@ packages:
resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
engines: {node: '>= 0.8.0'}
prettier@3.8.2:
resolution: {integrity: sha512-8c3mgTe0ASwWAJK+78dpviD+A8EqhndQPUBpNUIPt6+xWlIigCwfN01lWr9MAede4uqXGTEKeQWTvzb3vjia0Q==}
engines: {node: '>=14'}
hasBin: true
property-information@7.1.0:
resolution: {integrity: sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ==}
@@ -4658,8 +4650,6 @@ snapshots:
prelude-ls@1.2.1: {}
prettier@3.8.2: {}
property-information@7.1.0: {}
proxy-from-env@2.1.0: {}
+1 -2
View File
@@ -1,4 +1,3 @@
dangerouslyAllowAllBuilds: false
blockExoticSubdeps: true
minimumReleaseAge: 1440 # 1 day
trustPolicy: no-downgrade
minimumReleaseAge: 1440 # 1 day
-131
View File
@@ -1,131 +0,0 @@
// gen/context_paths generates the ignore paths for the user context since
// gin will not less apply the middleware to only specific paths.
//
// The generator reads every controller and looks for the //context:ignore comment.
// The format for the context ignore comment is:
//
// //contxt:ignore /api/mypath GET,POST
package main
import (
"bytes"
"fmt"
"go/format"
"os"
"strings"
"text/template"
_ "embed"
"golang.org/x/tools/go/packages"
)
//go:embed paths.tmpl
var pathsTmplSrc string
var pathsTmpl = template.Must(template.New("paths").Parse(pathsTmplSrc))
func main() {
if err := run(); err != nil {
fmt.Printf("Failed to generate: %s", err.Error())
os.Exit(1)
}
}
func run() error {
// load pkg
pkgConfig := &packages.Config{
Mode: packages.NeedFiles,
}
pkgs, err := packages.Load(pkgConfig, "github.com/tinyauthapp/tinyauth/internal/controller")
if err != nil {
return fmt.Errorf("failed to load pkg: %w", err)
}
if len(pkgs) == 0 {
return fmt.Errorf("failed to get controllers package")
}
pkg := pkgs[0]
// for each file we check the comments and either add or remove the context
var contextIgnorePaths []string
for _, gofile := range pkg.GoFiles {
// read the file
file, err := os.ReadFile(gofile)
if err != nil {
fmt.Printf("Failed to read %s, ignoring", gofile)
continue
}
// get the comment lines
lines := strings.SplitSeq(string(file), "\n")
for line := range lines {
if !strings.HasPrefix(strings.TrimSpace(line), "//context:ignore") {
continue
}
path, methods, ok := parseContextIgnoreLine(line)
if !ok {
fmt.Printf("Failed to parse %s rule, ignore", line)
continue
}
for _, m := range methods {
contextIgnorePaths = append(contextIgnorePaths, m+" "+path)
}
}
}
// generate out
type tmplData struct {
IgnorePaths []string
}
var buf bytes.Buffer
if err := pathsTmpl.Execute(&buf, tmplData{
IgnorePaths: contextIgnorePaths,
}); err != nil {
return err
}
formatted, err := format.Source(buf.Bytes())
if err != nil {
return fmt.Errorf("gofmt failed: %w", err)
}
// write out
err = os.WriteFile("context_paths.go", formatted, 0666)
if err != nil {
return fmt.Errorf("failed to write out: %w", err)
}
return nil
}
func parseContextIgnoreLine(line string) (string, []string, bool) {
line = strings.TrimPrefix(line, "//context:ignore ")
path, methodStr, ok := strings.Cut(line, " ")
if !ok {
return "", []string{}, false
}
var methodsParsed []string
methodParts := strings.SplitSeq(methodStr, ",")
for m := range methodParts {
if strings.TrimSpace(m) == "" {
continue
}
m = strings.ToUpper(m)
methodsParsed = append(methodsParsed, m)
}
return path, methodsParsed, true
}
-6
View File
@@ -1,6 +0,0 @@
// Code generated by gen/context_paths. DO NOT EDIT.
package middleware
var contextSkipPathsPrefix = []string{
{{range .IgnorePaths}}"{{.}}",
{{end}}}
-6
View File
@@ -1,9 +1,3 @@
// gen/docs generates the .env.example and config.gen.md
// files for the configuration of Tinyauth. Run via:
//
// The generator reads the Tinyauth configuration package and using reflection it generates the
// example files. The .env.example is used in this repo while the config.gen.md is used in the
// documentaton alongside some warnings that are added later.
package main
import (
+1 -1
View File
@@ -20,7 +20,7 @@ type EnvEntry struct {
}
func generateExampleEnv() {
cfg := model.NewDefaultConfiguration()
cfg := model.NewDefaultConfiguration(model.RuntimeEnvUnknown)
entries := make([]EnvEntry, 0)
root := reflect.TypeOf(cfg).Elem()
+1 -1
View File
@@ -21,7 +21,7 @@ type MarkdownEntry struct {
}
func generateMarkdown() {
cfg := model.NewDefaultConfiguration()
cfg := model.NewDefaultConfiguration(model.RuntimeEnvUnknown)
entries := make([]MarkdownEntry, 0)
root := reflect.TypeOf(cfg).Elem()
+4 -2
View File
@@ -1,5 +1,7 @@
// gen/sqlc_wrapper generates store.go wrapper files for each sqlc driver package under
// internal/repository/<driver>/.
// internal/repository/<driver>/. Run via:
//
// go generate ./internal/repository/...
//
// The generator introspects *Queries methods and the model/params types in the
// driver package, then emits a store.go that wraps *Queries so it satisfies
@@ -30,7 +32,7 @@ import (
var storeSrc string
func main() {
fmt.Println("sqlc-wrapper: generating store.go files for sqlc driver packages...")
fmt.Println("sqlc_wrapper: generating store.go files for sqlc driver packages...")
if err := run(); err != nil {
log.Fatal(err)
}
+1 -1
View File
@@ -1,4 +1,4 @@
// Code generated by cmd/gen/sqlc_wrapper. DO NOT EDIT.
// Code generated by cmd/gen/sqlc-wrapper. DO NOT EDIT.
package {{.PkgName}}
import (
+1 -1
View File
@@ -1,3 +1,3 @@
package docs
package tinyauth
//go:generate go run github.com/tinyauthapp/tinyauth/gen/docs
+1 -1
View File
@@ -279,7 +279,7 @@ func (app *BootstrapApp) Setup() error {
app.runtime.ConfiguredProviders = configuredProviders
// if tailscale is enabled and listening, replace the app url with the tailscale hostname
if app.services.tailscaleService != nil && app.config.Tailscale.Listen {
if app.services.tailscaleService != nil && app.config.Experimental.Tailscale.Listen {
tailscaleUrl := "https://" + app.services.tailscaleService.GetHostname()
// if the tailscale url is different from the app url, replace it
+2 -3
View File
@@ -130,9 +130,9 @@ func (app *BootstrapApp) setupRouter() error {
// 2. Unix socket (if server.socketPath)
// 3. HTTP - default
func (app *BootstrapApp) getListenerFunc() (func(ctx context.Context) error, error) {
if app.config.Tailscale.Listen {
if app.config.Experimental.Tailscale.Listen {
if app.services.tailscaleService == nil {
return nil, fmt.Errorf("tailscale.listen is enabled but tailscale service is not initialized")
return nil, fmt.Errorf("experimental.tailscale.listen is enabled but tailscale service is not initialized")
}
return app.serveTailscale, nil
}
@@ -227,7 +227,6 @@ func (app *BootstrapApp) serve(listener net.Listener, server *http.Server, ctx c
err := server.Serve(listener)
if err != nil && !errors.Is(err, http.ErrServerClosed) {
shutdown()
return fmt.Errorf("failed to start %s listener: %w", name, err)
}
@@ -147,7 +147,6 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
c.JSON(200, userContext)
}
//context:ignore /api/context/app GET
func (controller *ContextController) appContextHandler(c *gin.Context) {
c.JSON(200, AppContextResponse{
Status: 200,
-1
View File
@@ -23,7 +23,6 @@ func NewHealthController(i HealthControllerInput) *HealthController {
return controller
}
//context:ignore /api/healthz GET,HEAD
func (controller *HealthController) healthHandler(c *gin.Context) {
c.JSON(200, gin.H{
"status": 200,
-2
View File
@@ -54,7 +54,6 @@ func NewOAuthController(i OAuthControllerInput) *OAuthController {
return controller
}
//context:ignore /api/oauth/url GET
func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
var req OAuthRequest
@@ -119,7 +118,6 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
})
}
//context:ignore /api/oauth/callback GET
func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
var req OAuthRequest
-2
View File
@@ -367,7 +367,6 @@ func (controller *OIDCController) authorizeComplete(c *gin.Context) {
})
}
//context:ignore /api/oidc/token POST
func (controller *OIDCController) Token(c *gin.Context) {
if controller.oidc == nil {
controller.log.App.Warn().Msg("Received OIDC request but OIDC server is not configured")
@@ -539,7 +538,6 @@ func (controller *OIDCController) Token(c *gin.Context) {
c.JSON(200, tokenResponse)
}
//context:ignore /api/oidc/userinfo GET,POST
func (controller *OIDCController) Userinfo(c *gin.Context) {
if controller.oidc == nil {
controller.log.App.Warn().Msg("Received OIDC userinfo request but OIDC server is not configured")
@@ -33,7 +33,6 @@ func NewResourcesController(i ResourcesControllerInput) *ResourcesController {
return controller
}
//context:ignore /resources GET
func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
if controller.config.Resources.Path == "" {
c.JSON(404, gin.H{
-1
View File
@@ -57,7 +57,6 @@ func NewUserController(i UserControllerInput) *UserController {
return controller
}
//context:ignore /api/user/login POST
func (controller *UserController) loginHandler(c *gin.Context) {
var req LoginRequest
@@ -65,7 +65,6 @@ func NewWellKnownController(i WellKnownControllerInput) *WellKnownController {
return controller
}
//context:ignore /.well-known/openid-configuration GET
func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context) {
if controller.oidc == nil {
c.JSON(500, gin.H{
@@ -95,7 +94,6 @@ func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context
})
}
//context:ignore /.well-known/jwks.json GET
func (controller *WellKnownController) JWKS(c *gin.Context) {
if controller.oidc == nil {
c.JSON(500, gin.H{
@@ -124,7 +122,6 @@ func (controller *WellKnownController) JWKS(c *gin.Context) {
c.Status(http.StatusOK)
}
//context:ignore /.well-known/webfinger GET
func (controller *WellKnownController) WebFinger(c *gin.Context) {
c.Header("Content-Type", "application/jrd+json")
c.Header("Access-Control-Allow-Origin", "*")
+20
View File
@@ -16,6 +16,26 @@ import (
"github.com/gin-gonic/gin"
)
// Gin won't let us set a middleware on a specific route (at least it doesn't work,
// see https://github.com/gin-gonic/gin/issues/531) so we have to do some hackery
var (
contextSkipPathsPrefix = []string{
"GET /api/context/app",
"GET /api/healthz",
"HEAD /api/healthz",
"GET /api/oauth/url",
"GET /api/oauth/callback",
"GET /api/oidc/clients",
"POST /api/oidc/token",
"GET /api/oidc/userinfo",
"POST /api/oidc/userinfo",
"GET /resources",
"POST /api/user/login",
"GET /.well-known/openid-configuration",
"GET /.well-known/jwks.json",
}
)
type ContextMiddleware struct {
log *logger.Logger
runtime *model.RuntimeConfig
-18
View File
@@ -1,18 +0,0 @@
// Code generated by gen/context_paths. DO NOT EDIT.
package middleware
var contextSkipPathsPrefix = []string{
"GET /api/context/app",
"GET /api/healthz",
"HEAD /api/healthz",
"GET /api/oauth/url",
"GET /api/oauth/callback",
"POST /api/oidc/token",
"GET /api/oidc/userinfo",
"POST /api/oidc/userinfo",
"GET /resources",
"POST /api/user/login",
"GET /.well-known/openid-configuration",
"GET /.well-known/jwks.json",
"GET /.well-known/webfinger",
}
-3
View File
@@ -1,3 +0,0 @@
package middleware
//go:generate go run github.com/tinyauthapp/tinyauth/gen/context_paths
+39 -7
View File
@@ -1,8 +1,27 @@
package model
import "os"
type RuntimeEnv int
const (
RuntimeEnvUnknown RuntimeEnv = iota
RuntimeEnvDocker
)
func DetectRuntimeEnv() RuntimeEnv {
env := os.Getenv("RUNTIME_ENV")
switch env {
case "docker":
return RuntimeEnvDocker
default:
return RuntimeEnvUnknown
}
}
// Default configuration
func NewDefaultConfiguration() *Config {
return &Config{
func NewDefaultConfiguration(runtimeEnv RuntimeEnv) *Config {
cfg := &Config{
Database: DatabaseConfig{
Driver: "sqlite",
Path: "./tinyauth.db",
@@ -62,11 +81,24 @@ func NewDefaultConfiguration() *Config {
PrivateKeyPath: "./tinyauth_oidc_key",
PublicKeyPath: "./tinyauth_oidc_key.pub",
},
Tailscale: TailscaleConfig{
Dir: "./tailscale_state",
Experimental: ExperimentalConfig{
Tailscale: TailscaleConfig{
Dir: "./tailscale_state",
},
},
LabelProvider: "auto",
}
// apply path overrides for docker runtime
if runtimeEnv == RuntimeEnvDocker {
cfg.Database.Path = "/data/tinyauth.db"
cfg.Resources.Path = "/data/resources"
cfg.OIDC.PrivateKeyPath = "/data/oidc/key.pem"
cfg.OIDC.PublicKeyPath = "/data/oidc/key.pub"
cfg.Experimental.Tailscale.Dir = "/data/tailscale"
}
return cfg
}
type Config struct {
@@ -84,7 +116,6 @@ type Config struct {
Experimental ExperimentalConfig `description:"Experimental features, use with caution." yaml:"experimental"`
LabelProvider string `description:"Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment." yaml:"labelProvider"`
Log LogConfig `description:"Logging configuration." yaml:"log"`
Tailscale TailscaleConfig `description:"Tailscale configuration." yaml:"tailscale"`
ConfigFile string `description:"Path to config file." yaml:"-"`
}
@@ -207,8 +238,9 @@ type LogStreamConfig struct {
Level string `description:"Log level for this stream. Use global if empty." yaml:"level"`
}
// no experimental features
type ExperimentalConfig struct{}
type ExperimentalConfig struct {
Tailscale TailscaleConfig `description:"Tailscale configuration." yaml:"tailscale"`
}
type TailscaleConfig struct {
Enabled bool `description:"Enable Tailscale integration." yaml:"enabled"`
+1 -1
View File
@@ -1,4 +1,4 @@
// Code generated by cmd/gen/sqlc_wrapper. DO NOT EDIT.
// Code generated by cmd/gen/sqlc-wrapper. DO NOT EDIT.
package postgres
import (
+1 -1
View File
@@ -1,4 +1,4 @@
// Code generated by cmd/gen/sqlc_wrapper. DO NOT EDIT.
// Code generated by cmd/gen/sqlc-wrapper. DO NOT EDIT.
package sqlite
import (
+7 -7
View File
@@ -45,17 +45,17 @@ type TailscaleServiceInput struct {
}
func NewTailscaleService(i TailscaleServiceInput) (*TailscaleService, error) {
if !i.Config.Tailscale.Enabled {
if !i.Config.Experimental.Tailscale.Enabled {
return nil, nil
}
srv := new(tsnet.Server)
// node options
srv.Dir = i.Config.Tailscale.Dir
srv.Hostname = i.Config.Tailscale.Hostname
srv.AuthKey = i.Config.Tailscale.AuthKey
srv.Ephemeral = i.Config.Tailscale.Ephemeral
srv.Dir = i.Config.Experimental.Tailscale.Dir
srv.Hostname = i.Config.Experimental.Tailscale.Hostname
srv.AuthKey = i.Config.Experimental.Tailscale.AuthKey
srv.Ephemeral = i.Config.Experimental.Tailscale.Ephemeral
// redirect logs to zerolog
srv.Logf = i.Log.App.Printf
@@ -94,7 +94,7 @@ func NewTailscaleService(i TailscaleServiceInput) (*TailscaleService, error) {
i.Ding.Go(service.watchAndClose, ding.RingMajor)
if i.Config.Tailscale.Funnel && !i.Config.Tailscale.Listen {
if i.Config.Experimental.Tailscale.Funnel && !i.Config.Experimental.Tailscale.Listen {
service.log.App.Warn().Msg("Tailscale Funnel is enabled but listen is disabled. Funnel will not work without listen enabled.")
}
@@ -153,7 +153,7 @@ func (ts *TailscaleService) CreateListener() (net.Listener, error) {
return *ts.ln, nil
}
if ts.config.Tailscale.Funnel {
if ts.config.Experimental.Tailscale.Funnel {
ln, err := ts.srv.ListenFunnel("tcp", ":443")
if err != nil {
return nil, err