refactor: use a slice to check for supported proxies

Merge branch 'main' into pushpinderbal/main
fix(proxy): reorder method validation for proxy authentication
2025-12-25 17:42:30 +00:00 · 2025-12-22 22:19:43 +02:00 · 2025-12-22 22:15:21 +02:00 · 2025-12-19 11:18:23 -05:00 · 2025-12-18 15:41:50 -05:00 · 2025-12-18 15:15:52 -05:00
5 changed files with 25 additions and 46 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -33,7 +33,4 @@

 # binary out
 /tinyauth.db
-/resources
-
-# debug files
-__debug_*
+/resources
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -42,8 +42,7 @@ func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, a

 func (controller *ProxyController) SetupRoutes() {
 	proxyGroup := controller.router.Group("/auth")
-	proxyGroup.GET("/:proxy", controller.proxyHandler)
-	proxyGroup.POST("/:proxy", controller.proxyHandler)
+	proxyGroup.Any("/:proxy", controller.proxyHandler)
 }

 func (controller *ProxyController) proxyHandler(c *gin.Context) {
@@ -68,6 +67,15 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}

+	if req.Proxy != "envoy" && c.Request.Method != http.MethodGet {
+		log.Warn().Str("method", c.Request.Method).Msg("Invalid method for proxy")
+		c.JSON(405, gin.H{
+			"status":  405,
+			"message": "Method Not Allowed",
+		})
+		return
+	}
+
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")

 	if isBrowser {
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -80,6 +80,13 @@ func TestProxyHandler(t *testing.T) {

 	assert.Equal(t, 400, recorder.Code)

+	// Test invalid method
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/auth/traefik", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 405, recorder.Code)
+
 	// Test logged out user (traefik/caddy)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -65,7 +65,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}

-			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:   cookie.Username,
 				Name:       cookie.Name,
@@ -90,7 +89,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}

-			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:    cookie.Username,
 				Name:        cookie.Name,
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -1,6 +1,7 @@
 package service

 import (
+	"context"
 	"errors"
 	"fmt"
 	"regexp"
@@ -42,6 +43,7 @@ type AuthService struct {
 	loginMutex    sync.RWMutex
 	ldap          *LdapService
 	database      *gorm.DB
+	ctx           context.Context
 }

 func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
@@ -55,6 +57,7 @@ func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapS
 }

 func (auth *AuthService) Init() error {
+	auth.ctx = context.Background()
 	return nil
 }

@@ -214,7 +217,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		OAuthName:   data.OAuthName,
 	}

-	err = gorm.G[model.Session](auth.database).Create(c, &session)
+	err = gorm.G[model.Session](auth.database).Create(auth.ctx, &session)

 	if err != nil {
 		return err
@@ -225,40 +228,6 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 	return nil
 }

-func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
-	cookie, err := c.Cookie(auth.config.SessionCookieName)
-
-	if err != nil {
-		return err
-	}
-
-	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)
-
-	if err != nil {
-		return err
-	}
-
-	currentTime := time.Now().Unix()
-
-	if session.Expiry-currentTime > int64(time.Hour.Seconds()) {
-		return nil
-	}
-
-	newExpiry := currentTime + int64(time.Hour.Seconds())
-
-	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Updates(c, model.Session{
-		Expiry: newExpiry,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	c.SetCookie(auth.config.SessionCookieName, cookie, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
-
-	return nil
-}
-
 func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 	cookie, err := c.Cookie(auth.config.SessionCookieName)

@@ -266,7 +235,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return err
 	}

-	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c)
+	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)

 	if err != nil {
 		return err
@@ -284,7 +253,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		return config.SessionCookie{}, err
 	}

-	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)
+	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(auth.ctx)

 	if err != nil {
 		return config.SessionCookie{}, err
@@ -297,7 +266,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 	currentTime := time.Now().Unix()

 	if currentTime > session.Expiry {
-		_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c)
+		_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to delete expired session")
 		}
Author	SHA1	Message	Date
Stavros	97291732f3	refactor: use a slice to check for supported proxies	2025-12-22 22:19:43 +02:00
Stavros	b75e715f9f	Merge branch 'main' into pushpinderbal/main	2025-12-22 22:15:21 +02:00
Pushpinder Singh	5a046bcfb2	fix(proxy): reorder method validation for proxy authentication	2025-12-19 11:18:23 -05:00
Pushpinder Singh	ca2ec6cc01	feat(proxy): add method validation for proxy authentication	2025-12-18 15:41:50 -05:00
Pushpinder Singh	f1bd1ca637	Merge branch 'steveiliop56:main' into main	2025-12-18 15:15:52 -05:00
pushpinderbal	8e062bb1df	refactor: simplify proxy route setup by consolidating envoy handling	2025-12-17 20:21:17 -05:00
pushpinderbal	f64afce83d	feat: add support for 'envoy' proxy in proxyHandler validation	2025-12-17 18:56:26 -05:00