refactor: replace gorm with vanilla sql and sqlc

.gitignore

@@ -34,6 +34,3 @@
 # binary out
 /tinyauth.db
 /resources
-
-# debug files
-__debug_*

CONTRIBUTING.md

@@ -23,7 +23,7 @@ cd tinyauth
 Although you will not need the requirements in your machine since the development will happen in docker, I still recommend to install them because this way you will not have import errors. To install the go requirements run:
 
 ```sh
-go mod tidy
+go mod download
 ```
 
 You also need to download the frontend dependencies, this can be done like so:

cmd/tinyauth/generate.go

@@ -6,8 +6,7 @@ import (
 	"os"
 	"strings"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"

cmd/tinyauth/tinyauth.go

@@ -5,10 +5,9 @@ import (
 	"os"
 	"strings"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/bootstrap"
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/utils/loaders"
+	"tinyauth/internal/bootstrap"
+	"tinyauth/internal/config"
+	"tinyauth/internal/utils/loaders"
 
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"

cmd/tinyauth/verify.go

@@ -5,8 +5,7 @@ import (
 	"fmt"
 	"os"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"

cmd/tinyauth/version.go

@@ -2,8 +2,7 @@ package main
 
 import (
 	"fmt"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"github.com/traefik/paerser/cli"
 )

docker-compose.dev.yml

@@ -42,7 +42,6 @@ services:
     volumes:
       - ./internal:/tinyauth/internal
       - ./cmd:/tinyauth/cmd
-      - ./main.go:/tinyauth/main.go
       - /var/run/docker.sock:/var/run/docker.sock
       - ./data:/data
     ports:

go.mod

@@ -1,4 +1,4 @@
-module github.com/steveiliop56/tinyauth
+module tinyauth
 
 go 1.24.0
 
@@ -6,24 +6,18 @@ toolchain go1.24.3
 
 require (
 	github.com/cenkalti/backoff/v5 v5.0.3
-	github.com/charmbracelet/huh v0.8.0
-	github.com/docker/docker v28.5.2+incompatible
 	github.com/gin-gonic/gin v1.11.0
-	github.com/glebarez/sqlite v1.11.0
-	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/golang-migrate/migrate/v4 v4.19.1
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
-	github.com/pquerna/otp v1.5.0
 	github.com/rs/zerolog v1.34.0
 	github.com/traefik/paerser v0.2.2
 	github.com/weppos/publicsuffix-go v0.50.1
 	golang.org/x/crypto v0.46.0
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
-	golang.org/x/oauth2 v0.34.0
-	gorm.io/gorm v1.31.1
 	gotest.tools/v3 v3.5.2
+	modernc.org/sqlite v1.38.2
 )
 
 require (
@@ -32,6 +26,39 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
+	github.com/containerd/errdefs v1.0.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
+	github.com/go-playground/validator/v10 v10.28.0 // indirect
+	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
+	github.com/imdario/mergo v0.3.11 // indirect
+	github.com/mattn/go-sqlite3 v1.14.32 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moby/sys/atomicwriter v0.1.0 // indirect
+	github.com/moby/term v0.5.2 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.57.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	modernc.org/libc v1.66.3 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.11.0 // indirect
+	rsc.io/qr v0.2.0 // indirect
+)
+
+require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
@@ -41,17 +68,14 @@ require (
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 // indirect
 	github.com/charmbracelet/bubbletea v1.3.6 // indirect
-	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/huh v0.8.0
 	github.com/charmbracelet/lipgloss v1.1.0 // indirect
 	github.com/charmbracelet/x/ansi v0.9.3 // indirect
-	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
 	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
-	github.com/containerd/errdefs v1.0.0 // indirect
-	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/containerd/log v0.1.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -59,20 +83,12 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
-	github.com/glebarez/go-sqlite v1.21.2 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.28.0 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
-	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/imdario/mergo v0.3.11 // indirect
-	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
@@ -81,49 +97,31 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/mattn/go-sqlite3 v1.14.32 // indirect
-	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
-	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
-	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/termenv v0.16.0 // indirect
-	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/quic-go/qpack v0.6.0 // indirect
-	github.com/quic-go/quic-go v0.57.0 // indirect
-	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/pquerna/otp v1.5.0
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
-	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
 	go.opentelemetry.io/otel v1.37.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/metric v1.37.0 // indirect
 	go.opentelemetry.io/otel/trace v1.37.0 // indirect
 	golang.org/x/arch v0.20.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
-	golang.org/x/term v0.38.0 // indirect
 	golang.org/x/text v0.32.0 // indirect
 	google.golang.org/protobuf v1.36.9 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.66.3 // indirect
-	modernc.org/mathutil v1.7.1 // indirect
-	modernc.org/memory v1.11.0 // indirect
-	modernc.org/sqlite v1.38.2 // indirect
-	rsc.io/qr v0.2.0 // indirect
 )

go.sum

@@ -101,10 +101,6 @@ github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
-github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
-github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
-github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
-github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
@@ -161,10 +157,6 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
-github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
-github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
@@ -378,8 +370,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg=
-gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=

internal/assets/migrations/000003_oauth_sub.down.sql

@@ -1 +0,0 @@
-ALTER TABLE "sessions" DROP COLUMN "oauth_sub";

internal/assets/migrations/000003_oauth_sub.up.sql

@@ -1 +0,0 @@
-ALTER TABLE "sessions" ADD COLUMN "oauth_sub" TEXT;

internal/bootstrap/app_bootstrap.go

@@ -11,14 +11,12 @@ import (
 	"sort"
 	"strings"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/model"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/repository"
+	"tinyauth/internal/utils"
 
 	"github.com/rs/zerolog/log"
-	"gorm.io/gorm"
 )
 
 type BootstrapApp struct {
@@ -108,8 +106,18 @@ func (app *BootstrapApp) Setup() error {
 	log.Trace().Str("csrfCookieName", app.context.csrfCookieName).Msg("CSRF cookie name")
 	log.Trace().Str("redirectCookieName", app.context.redirectCookieName).Msg("Redirect cookie name")
 
+	// Database
+	db, err := app.setupDatabase(app.config.DatabasePath)
+
+	if err != nil {
+		return fmt.Errorf("failed to setup database: %w", err)
+	}
+
+	// Queries
+	queries := repository.New(db)
+
 	// Services
-	services, err := app.initServices()
+	services, err := app.initServices(queries)
 
 	if err != nil {
 		return fmt.Errorf("failed to initialize services: %w", err)
@@ -155,9 +163,9 @@ func (app *BootstrapApp) Setup() error {
 		return fmt.Errorf("failed to setup routes: %w", err)
 	}
 
-	// Start DB cleanup routine
+	// Start db cleanup routine
 	log.Debug().Msg("Starting database cleanup routine")
-	go app.dbCleanup(services.databaseService.GetDatabase())
+	go app.dbCleanup(queries)
 
 	// If analytics are not disabled, start heartbeat
 	if !app.config.DisableAnalytics {
@@ -247,16 +255,16 @@ func (app *BootstrapApp) heartbeat() {
 	}
 }
 
-func (app *BootstrapApp) dbCleanup(db *gorm.DB) {
+func (app *BootstrapApp) dbCleanup(queries *repository.Queries) {
 	ticker := time.NewTicker(time.Duration(30) * time.Minute)
 	defer ticker.Stop()
 	ctx := context.Background()
 
 	for ; true; <-ticker.C {
 		log.Debug().Msg("Cleaning up old database sessions")
-		_, err := gorm.G[model.Session](db).Where("expiry < ?", time.Now().Unix()).Delete(ctx)
+		err := queries.DeleteExpiredSessions(ctx, time.Now().Unix())
 		if err != nil {
-			log.Error().Err(err).Msg("Failed to cleanup old sessions")
+			log.Error().Err(err).Msg("Failed to clean up old database sessions")
 		}
 	}
 }

internal/bootstrap/db_bootstrap.go

@@ -0,0 +1,52 @@
+package bootstrap
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"path/filepath"
+	"tinyauth/internal/assets"
+
+	"github.com/golang-migrate/migrate/v4"
+	"github.com/golang-migrate/migrate/v4/database/sqlite3"
+	"github.com/golang-migrate/migrate/v4/source/iofs"
+	_ "modernc.org/sqlite"
+)
+
+func (app *BootstrapApp) setupDatabase(databasePath string) (*sql.DB, error) {
+	dir := filepath.Dir(databasePath)
+
+	if err := os.MkdirAll(dir, 0755); err != nil {
+		return nil, fmt.Errorf("failed to create database directory %s: %w", dir, err)
+	}
+
+	db, err := sql.Open("sqlite", databasePath)
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to open database: %w", err)
+	}
+
+	migrations, err := iofs.New(assets.Migrations, "migrations")
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to create migrations: %w", err)
+	}
+
+	target, err := sqlite3.WithInstance(db, &sqlite3.Config{})
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sqlite3 instance: %w", err)
+	}
+
+	migrator, err := migrate.NewWithInstance("iofs", migrations, "sqlite3", target)
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to create migrator: %w", err)
+	}
+
+	if err := migrator.Up(); err != nil && err != migrate.ErrNoChange {
+		return nil, fmt.Errorf("failed to migrate database: %w", err)
+	}
+
+	return db, nil
+}

internal/bootstrap/router_bootstrap.go

@@ -3,9 +3,8 @@ package bootstrap
 import (
 	"fmt"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/middleware"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/middleware"
 
 	"github.com/gin-gonic/gin"
 )

internal/bootstrap/service_bootstrap.go

@@ -1,7 +1,8 @@
 package bootstrap
 
 import (
-	"github.com/steveiliop56/tinyauth/internal/service"
+	"tinyauth/internal/repository"
+	"tinyauth/internal/service"
 
 	"github.com/rs/zerolog/log"
 )
@@ -9,27 +10,14 @@ import (
 type Services struct {
 	accessControlService *service.AccessControlsService
 	authService          *service.AuthService
-	databaseService      *service.DatabaseService
 	dockerService        *service.DockerService
 	ldapService          *service.LdapService
 	oauthBrokerService   *service.OAuthBrokerService
 }
 
-func (app *BootstrapApp) initServices() (Services, error) {
+func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, error) {
 	services := Services{}
 
-	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
-		DatabasePath: app.config.DatabasePath,
-	})
-
-	err := databaseService.Init()
-
-	if err != nil {
-		return Services{}, err
-	}
-
-	services.databaseService = databaseService
-
 	ldapService := service.NewLdapService(service.LdapServiceConfig{
 		Address:      app.config.Ldap.Address,
 		BindDN:       app.config.Ldap.BindDN,
@@ -39,7 +27,7 @@ func (app *BootstrapApp) initServices() (Services, error) {
 		SearchFilter: app.config.Ldap.SearchFilter,
 	})
 
-	err = ldapService.Init()
+	err := ldapService.Init()
 
 	if err == nil {
 		services.ldapService = ldapService
@@ -76,7 +64,7 @@ func (app *BootstrapApp) initServices() (Services, error) {
 		LoginTimeout:      app.config.Auth.LoginTimeout,
 		LoginMaxRetries:   app.config.Auth.LoginMaxRetries,
 		SessionCookieName: app.context.sessionCookieName,
-	}, dockerService, ldapService, databaseService.GetDatabase())
+	}, dockerService, ldapService, queries)
 
 	err = authService.Init()
 

internal/config/config.go

@@ -79,7 +79,6 @@ const DefaultNamePrefix = "TINYAUTH_"
 // OAuth/OIDC config
 
 type Claims struct {
-	Sub               string `json:"sub"`
 	Name              string `json:"name"`
 	Email             string `json:"email"`
 	PreferredUsername string `json:"preferred_username"`
@@ -126,7 +125,6 @@ type SessionCookie struct {
 	TotpPending bool
 	OAuthGroups string
 	OAuthName   string
-	OAuthSub    string
 }
 
 type UserContext struct {
@@ -140,7 +138,6 @@ type UserContext struct {
 	OAuthGroups string
 	TotpEnabled bool
 	OAuthName   string
-	OAuthSub    string
 }
 
 // API responses and queries

internal/controller/context_controller.go

@@ -3,8 +3,7 @@ package controller
 import (
 	"fmt"
 	"net/url"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -21,7 +20,6 @@ type UserContextResponse struct {
 	OAuth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
 	OAuthName   string `json:"oauthName"`
-	OAuthSub    string `json:"oauthSub"`
 }
 
 type AppContextResponse struct {
@@ -90,7 +88,6 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		OAuth:       context.OAuth,
 		TotpPending: context.TotpPending,
 		OAuthName:   context.OAuthName,
-		OAuthSub:    context.OAuthSub,
 	}
 
 	if err != nil {

internal/controller/context_controller_test.go

@@ -4,9 +4,8 @@ import (
 	"encoding/json"
 	"net/http/httptest"
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/controller"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
 
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
@@ -44,7 +43,6 @@ var userContext = config.UserContext{
 	TotpPending: false,
 	OAuthGroups: "",
 	TotpEnabled: false,
-	OAuthSub:    "",
 }
 
 func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {

internal/controller/oauth_controller.go

@@ -5,10 +5,9 @@ import (
 	"net/http"
 	"strings"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
@@ -197,7 +196,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		Provider:    req.Provider,
 		OAuthGroups: utils.CoalesceToString(user.Groups),
 		OAuthName:   service.GetName(),
-		OAuthSub:    user.Sub,
 	}
 
 	log.Trace().Interface("session_cookie", sessionCookie).Msg("Creating session cookie")

internal/controller/proxy_controller.go

@@ -5,10 +5,9 @@ import (
 	"net/http"
 	"slices"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
@@ -43,8 +42,7 @@ func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, a
 
 func (controller *ProxyController) SetupRoutes() {
 	proxyGroup := controller.router.Group("/auth")
-	proxyGroup.GET("/:proxy", controller.proxyHandler)
-	proxyGroup.POST("/:proxy", controller.proxyHandler)
+	proxyGroup.Any("/:proxy", controller.proxyHandler)
 }
 
 func (controller *ProxyController) proxyHandler(c *gin.Context) {
@@ -69,6 +67,15 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
+	if req.Proxy != "envoy" && c.Request.Method != http.MethodGet {
+		log.Warn().Str("method", c.Request.Method).Msg("Invalid method for proxy")
+		c.JSON(405, gin.H{
+			"status":  405,
+			"message": "Method Not Allowed",
+		})
+		return
+	}
+
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
 
 	if isBrowser {
@@ -239,7 +246,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
 		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
 		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
-		c.Header("Remote-Sub", utils.SanitizeHeader(userContext.OAuthSub))
 
 		controller.setHeaders(c, acls)
 

internal/controller/proxy_controller_test.go

@@ -3,10 +3,9 @@ package controller_test
 import (
 	"net/http/httptest"
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/service"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/service"
 
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
@@ -81,6 +80,13 @@ func TestProxyHandler(t *testing.T) {
 
 	assert.Equal(t, 400, recorder.Code)
 
+	// Test invalid method
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/auth/traefik", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 405, recorder.Code)
+
 	// Test logged out user (traefik/caddy)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)

internal/controller/resources_controller_test.go

@@ -4,8 +4,7 @@ import (
 	"net/http/httptest"
 	"os"
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/controller"
+	"tinyauth/internal/controller"
 
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"

internal/controller/user_controller.go

@@ -3,10 +3,9 @@ package controller
 import (
 	"fmt"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"

internal/controller/user_controller_test.go

@@ -7,10 +7,9 @@ import (
 	"strings"
 	"testing"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/service"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/service"
 
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"

internal/middleware/context_middleware.go

@@ -3,10 +3,9 @@ package middleware
 import (
 	"fmt"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -66,7 +65,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}
 
-			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:   cookie.Username,
 				Name:       cookie.Name,
@@ -91,7 +89,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}
 
-			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:    cookie.Username,
 				Name:        cookie.Name,
@@ -99,7 +96,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				Provider:    cookie.Provider,
 				OAuthGroups: cookie.OAuthGroups,
 				OAuthName:   cookie.OAuthName,
-				OAuthSub:    cookie.OAuthSub,
 				IsLoggedIn:  true,
 				OAuth:       true,
 			})

internal/middleware/ui_middleware.go

@@ -7,8 +7,7 @@ import (
 	"os"
 	"strings"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/assets"
+	"tinyauth/internal/assets"
 
 	"github.com/gin-gonic/gin"
 )

internal/model/session_model.go

@@ -1,14 +0,0 @@
-package model
-
-type Session struct {
-	UUID        string `gorm:"column:uuid;primaryKey"`
-	Username    string `gorm:"column:username"`
-	Email       string `gorm:"column:email"`
-	Name        string `gorm:"column:name"`
-	Provider    string `gorm:"column:provider"`
-	TOTPPending bool   `gorm:"column:totp_pending"`
-	OAuthGroups string `gorm:"column:oauth_groups"`
-	Expiry      int64  `gorm:"column:expiry"`
-	OAuthName   string `gorm:"column:oauth_name"`
-	OAuthSub    string `gorm:"column:oauth_sub"`
-}

internal/repository/db.go

@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repository
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}

internal/repository/models.go

@@ -0,0 +1,17 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repository
+
+type Session struct {
+	UUID        string
+	Username    string
+	Email       string
+	Name        string
+	Provider    string
+	TotpPending bool
+	OAuthGroups string
+	Expiry      int64
+	OAuthName   string
+}

internal/repository/query.sql.go

@@ -0,0 +1,161 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: query.sql
+
+package repository
+
+import (
+	"context"
+)
+
+const createSession = `-- name: CreateSession :one
+INSERT INTO sessions (
+    "uuid",
+    "username",
+    "email",
+    "name",
+    "provider",
+    "totp_pending",
+    "oauth_groups",
+    "expiry",
+    "oauth_name"
+) VALUES (
+    ?, ?, ?, ?, ?, ?, ?, ?, ?
+)
+RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name
+`
+
+type CreateSessionParams struct {
+	UUID        string
+	Username    string
+	Email       string
+	Name        string
+	Provider    string
+	TotpPending bool
+	OAuthGroups string
+	Expiry      int64
+	OAuthName   string
+}
+
+func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (Session, error) {
+	row := q.db.QueryRowContext(ctx, createSession,
+		arg.UUID,
+		arg.Username,
+		arg.Email,
+		arg.Name,
+		arg.Provider,
+		arg.TotpPending,
+		arg.OAuthGroups,
+		arg.Expiry,
+		arg.OAuthName,
+	)
+	var i Session
+	err := row.Scan(
+		&i.UUID,
+		&i.Username,
+		&i.Email,
+		&i.Name,
+		&i.Provider,
+		&i.TotpPending,
+		&i.OAuthGroups,
+		&i.Expiry,
+		&i.OAuthName,
+	)
+	return i, err
+}
+
+const deleteExpiredSessions = `-- name: DeleteExpiredSessions :exec
+DELETE FROM "sessions"
+WHERE "expiry" < ?
+`
+
+func (q *Queries) DeleteExpiredSessions(ctx context.Context, expiry int64) error {
+	_, err := q.db.ExecContext(ctx, deleteExpiredSessions, expiry)
+	return err
+}
+
+const deleteSession = `-- name: DeleteSession :exec
+DELETE FROM "sessions"
+WHERE "uuid" = ?
+`
+
+func (q *Queries) DeleteSession(ctx context.Context, uuid string) error {
+	_, err := q.db.ExecContext(ctx, deleteSession, uuid)
+	return err
+}
+
+const getSession = `-- name: GetSession :one
+SELECT uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name FROM "sessions"
+WHERE "uuid" = ?
+`
+
+func (q *Queries) GetSession(ctx context.Context, uuid string) (Session, error) {
+	row := q.db.QueryRowContext(ctx, getSession, uuid)
+	var i Session
+	err := row.Scan(
+		&i.UUID,
+		&i.Username,
+		&i.Email,
+		&i.Name,
+		&i.Provider,
+		&i.TotpPending,
+		&i.OAuthGroups,
+		&i.Expiry,
+		&i.OAuthName,
+	)
+	return i, err
+}
+
+const updateSession = `-- name: UpdateSession :one
+UPDATE "sessions" SET
+    "username" = ?,
+    "email" = ?,
+    "name" = ?,
+    "provider" = ?,
+    "totp_pending" = ?,
+    "oauth_groups" = ?,
+    "expiry" = ?,
+    "oauth_name" = ?
+WHERE "uuid" = ?
+RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name
+`
+
+type UpdateSessionParams struct {
+	Username    string
+	Email       string
+	Name        string
+	Provider    string
+	TotpPending bool
+	OAuthGroups string
+	Expiry      int64
+	OAuthName   string
+	UUID        string
+}
+
+func (q *Queries) UpdateSession(ctx context.Context, arg UpdateSessionParams) (Session, error) {
+	row := q.db.QueryRowContext(ctx, updateSession,
+		arg.Username,
+		arg.Email,
+		arg.Name,
+		arg.Provider,
+		arg.TotpPending,
+		arg.OAuthGroups,
+		arg.Expiry,
+		arg.OAuthName,
+		arg.UUID,
+	)
+	var i Session
+	err := row.Scan(
+		&i.UUID,
+		&i.Username,
+		&i.Email,
+		&i.Name,
+		&i.Provider,
+		&i.TotpPending,
+		&i.OAuthGroups,
+		&i.Expiry,
+		&i.OAuthName,
+	)
+	return i, err
+}

internal/service/access_controls_service.go

@@ -1,7 +1,7 @@
 package service
 
 import (
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 )
 
 /*

internal/service/auth_service.go

@@ -1,22 +1,22 @@
 package service
 
 import (
+	"context"
+	"database/sql"
 	"errors"
 	"fmt"
 	"regexp"
 	"strings"
 	"sync"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/model"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/repository"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/crypto/bcrypt"
-	"gorm.io/gorm"
 )
 
 type LoginAttempt struct {
@@ -42,20 +42,22 @@ type AuthService struct {
 	loginAttempts map[string]*LoginAttempt
 	loginMutex    sync.RWMutex
 	ldap          *LdapService
-	database      *gorm.DB
+	queries       *repository.Queries
+	ctx           context.Context
 }
 
-func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
+func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, queries *repository.Queries) *AuthService {
 	return &AuthService{
 		config:        config,
 		docker:        docker,
 		loginAttempts: make(map[string]*LoginAttempt),
 		ldap:          ldap,
-		database:      database,
+		queries:       queries,
 	}
 }
 
 func (auth *AuthService) Init() error {
+	auth.ctx = context.Background()
 	return nil
 }
 
@@ -203,20 +205,19 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		expiry = auth.config.SessionExpiry
 	}
 
-	session := model.Session{
+	session := repository.CreateSessionParams{
 		UUID:        uuid.String(),
 		Username:    data.Username,
 		Email:       data.Email,
 		Name:        data.Name,
 		Provider:    data.Provider,
-		TOTPPending: data.TotpPending,
+		TotpPending: data.TotpPending,
 		OAuthGroups: data.OAuthGroups,
 		Expiry:      time.Now().Add(time.Duration(expiry) * time.Second).Unix(),
 		OAuthName:   data.OAuthName,
-		OAuthSub:    data.OAuthSub,
 	}
 
-	err = gorm.G[model.Session](auth.database).Create(c, &session)
+	_, err = auth.queries.CreateSession(c, session)
 
 	if err != nil {
 		return err
@@ -227,40 +228,6 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 	return nil
 }
 
-func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
-	cookie, err := c.Cookie(auth.config.SessionCookieName)
-
-	if err != nil {
-		return err
-	}
-
-	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)
-
-	if err != nil {
-		return err
-	}
-
-	currentTime := time.Now().Unix()
-
-	if session.Expiry-currentTime > int64(time.Hour.Seconds()) {
-		return nil
-	}
-
-	newExpiry := currentTime + int64(time.Hour.Seconds())
-
-	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Updates(c, model.Session{
-		Expiry: newExpiry,
-	})
-
-	if err != nil {
-		return err
-	}
-
-	c.SetCookie(auth.config.SessionCookieName, cookie, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
-
-	return nil
-}
-
 func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 	cookie, err := c.Cookie(auth.config.SessionCookieName)
 
@@ -268,7 +235,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return err
 	}
 
-	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c)
+	err = auth.queries.DeleteSession(auth.ctx, cookie)
 
 	if err != nil {
 		return err
@@ -286,20 +253,20 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		return config.SessionCookie{}, err
 	}
 
-	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)
+	session, err := auth.queries.GetSession(auth.ctx, cookie)
 
 	if err != nil {
 		return config.SessionCookie{}, err
 	}
 
-	if errors.Is(err, gorm.ErrRecordNotFound) {
+	if errors.Is(err, sql.ErrNoRows) {
 		return config.SessionCookie{}, fmt.Errorf("session not found")
 	}
 
 	currentTime := time.Now().Unix()
 
 	if currentTime > session.Expiry {
-		_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(c)
+		err = auth.queries.DeleteSession(auth.ctx, cookie)
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to delete expired session")
 		}
@@ -312,10 +279,9 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		Email:       session.Email,
 		Name:        session.Name,
 		Provider:    session.Provider,
-		TotpPending: session.TOTPPending,
+		TotpPending: session.TotpPending,
 		OAuthGroups: session.OAuthGroups,
 		OAuthName:   session.OAuthName,
-		OAuthSub:    session.OAuthSub,
 	}, nil
 }
 

internal/service/database_service.go

@@ -1,92 +0,0 @@
-package service
-
-import (
-	"database/sql"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/steveiliop56/tinyauth/internal/assets"
-
-	"github.com/glebarez/sqlite"
-	"github.com/golang-migrate/migrate/v4"
-	sqliteMigrate "github.com/golang-migrate/migrate/v4/database/sqlite3"
-	"github.com/golang-migrate/migrate/v4/source/iofs"
-	"gorm.io/gorm"
-)
-
-type DatabaseServiceConfig struct {
-	DatabasePath string
-}
-
-type DatabaseService struct {
-	config   DatabaseServiceConfig
-	database *gorm.DB
-}
-
-func NewDatabaseService(config DatabaseServiceConfig) *DatabaseService {
-	return &DatabaseService{
-		config: config,
-	}
-}
-
-func (ds *DatabaseService) Init() error {
-	dbPath := ds.config.DatabasePath
-	if dbPath == "" {
-		dbPath = "/data/tinyauth.db"
-	}
-
-	dir := filepath.Dir(dbPath)
-	if err := os.MkdirAll(dir, 0755); err != nil {
-		return fmt.Errorf("failed to create database directory %s: %w", dir, err)
-	}
-
-	gormDB, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{})
-
-	if err != nil {
-		return err
-	}
-
-	sqlDB, err := gormDB.DB()
-
-	if err != nil {
-		return err
-	}
-
-	sqlDB.SetMaxOpenConns(1)
-
-	err = ds.migrateDatabase(sqlDB)
-
-	if err != nil && err != migrate.ErrNoChange {
-		return err
-	}
-
-	ds.database = gormDB
-	return nil
-}
-
-func (ds *DatabaseService) migrateDatabase(sqlDB *sql.DB) error {
-	data, err := iofs.New(assets.Migrations, "migrations")
-
-	if err != nil {
-		return err
-	}
-
-	target, err := sqliteMigrate.WithInstance(sqlDB, &sqliteMigrate.Config{})
-
-	if err != nil {
-		return err
-	}
-
-	migrator, err := migrate.NewWithInstance("iofs", data, "tinyauth", target)
-
-	if err != nil {
-		return err
-	}
-
-	return migrator.Up()
-}
-
-func (ds *DatabaseService) GetDatabase() *gorm.DB {
-	return ds.database
-}

internal/service/docker_service.go

@@ -3,9 +3,8 @@ package service
 import (
 	"context"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/utils/decoders"
+	"tinyauth/internal/config"
+	"tinyauth/internal/utils/decoders"
 
 	container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"

internal/service/generic_oauth_service.go

@@ -10,8 +10,7 @@ import (
 	"io"
 	"net/http"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"

internal/service/github_oauth_service.go

@@ -9,10 +9,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"strconv"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/endpoints"
@@ -28,7 +26,6 @@ type GithubEmailResponse []struct {
 type GithubUserInfoResponse struct {
 	Login string `json:"login"`
 	Name  string `json:"name"`
-	ID    int    `json:"id"`
 }
 
 type GithubOAuthService struct {
@@ -174,7 +171,6 @@ func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 
 	user.PreferredUsername = userInfo.Login
 	user.Name = userInfo.Name
-	user.Sub = strconv.Itoa(userInfo.ID)
 
 	return user, nil
 }

internal/service/google_oauth_service.go

@@ -10,14 +10,18 @@ import (
 	"net/http"
 	"strings"
 	"time"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/endpoints"
 )
 
-var GoogleOAuthScopes = []string{"openid", "email", "profile"}
+var GoogleOAuthScopes = []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"}
+
+type GoogleUserInfoResponse struct {
+	Email string `json:"email"`
+	Name  string `json:"name"`
+}
 
 type GoogleOAuthService struct {
 	config   oauth2.Config
@@ -86,7 +90,7 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 
 	client := google.config.Client(google.context, google.token)
 
-	res, err := client.Get("https://openidconnect.googleapis.com/v1/userinfo")
+	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
 	if err != nil {
 		return config.Claims{}, err
 	}
@@ -101,12 +105,16 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 		return config.Claims{}, err
 	}
 
-	err = json.Unmarshal(body, &user)
+	var userInfo GoogleUserInfoResponse
+
+	err = json.Unmarshal(body, &userInfo)
 	if err != nil {
 		return config.Claims{}, err
 	}
 
-	user.PreferredUsername = strings.SplitN(user.Email, "@", 2)[0]
+	user.PreferredUsername = strings.Split(userInfo.Email, "@")[0]
+	user.Name = userInfo.Name
+	user.Email = userInfo.Email
 
 	return user, nil
 }

internal/service/oauth_broker_service.go

@@ -2,8 +2,7 @@ package service
 
 import (
 	"errors"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"github.com/rs/zerolog/log"
 	"golang.org/x/exp/slices"

internal/utils/app_utils.go

@@ -5,8 +5,7 @@ import (
 	"net"
 	"net/url"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"github.com/gin-gonic/gin"
 	"github.com/weppos/publicsuffix-go/publicsuffix"

internal/utils/app_utils_test.go

@@ -2,9 +2,8 @@ package utils_test
 
 import (
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/config"
+	"tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"

internal/utils/decoders/label_decoder_test.go

@@ -2,9 +2,8 @@ package decoders_test
 
 import (
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/utils/decoders"
+	"tinyauth/internal/config"
+	"tinyauth/internal/utils/decoders"
 
 	"gotest.tools/v3/assert"
 )

internal/utils/label_utils_test.go

@@ -2,8 +2,7 @@ package utils_test
 
 import (
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"gotest.tools/v3/assert"
 )

internal/utils/loaders/loader_env.go

@@ -3,8 +3,7 @@ package loaders
 import (
 	"fmt"
 	"os"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 
 	"github.com/traefik/paerser/cli"
 	"github.com/traefik/paerser/env"

internal/utils/security_utils_test.go

@@ -3,8 +3,7 @@ package utils_test
 import (
 	"os"
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"gotest.tools/v3/assert"
 )

internal/utils/string_utils_test.go

@@ -2,8 +2,7 @@ package utils_test
 
 import (
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"gotest.tools/v3/assert"
 )

internal/utils/user_utils.go

@@ -3,8 +3,7 @@ package utils
 import (
 	"errors"
 	"strings"
-
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/config"
 )
 
 func ParseUsers(users string) ([]config.User, error) {

internal/utils/user_utils_test.go

@@ -3,8 +3,7 @@ package utils_test
 import (
 	"os"
 	"testing"
-
-	"github.com/steveiliop56/tinyauth/internal/utils"
+	"tinyauth/internal/utils"
 
 	"gotest.tools/v3/assert"
 )

query.sql

@@ -0,0 +1,40 @@
+-- name: CreateSession :one
+INSERT INTO sessions (
+    "uuid",
+    "username",
+    "email",
+    "name",
+    "provider",
+    "totp_pending",
+    "oauth_groups",
+    "expiry",
+    "oauth_name"
+) VALUES (
+    ?, ?, ?, ?, ?, ?, ?, ?, ?
+)
+RETURNING *;
+
+-- name: GetSession :one
+SELECT * FROM "sessions"
+WHERE "uuid" = ?;
+
+-- name: DeleteSession :exec
+DELETE FROM "sessions"
+WHERE "uuid" = ?;
+
+-- name: UpdateSession :one
+UPDATE "sessions" SET
+    "username" = ?,
+    "email" = ?,
+    "name" = ?,
+    "provider" = ?,
+    "totp_pending" = ?,
+    "oauth_groups" = ?,
+    "expiry" = ?,
+    "oauth_name" = ?
+WHERE "uuid" = ?
+RETURNING *;
+
+-- name: DeleteExpiredSessions :exec
+DELETE FROM "sessions"
+WHERE "expiry" < ?;

schema.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS "sessions" (
+    "uuid" TEXT NOT NULL PRIMARY KEY UNIQUE,
+    "username" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "provider" TEXT NOT NULL,
+    "totp_pending" BOOLEAN NOT NULL,
+    "oauth_groups" TEXT NULL,
+    "expiry" INTEGER NOT NULL,
+    "oauth_name" TEXT NULL
+);

sqlc.yml

@@ -0,0 +1,18 @@
+version: "2"
+sql:
+  - engine: "sqlite"
+    queries: "query.sql"
+    schema: "schema.sql"
+    gen:
+      go:
+        package: "repository"
+        out: "internal/repository"
+        rename:
+          uuid: "UUID"
+          oauth_groups: "OAuthGroups"
+          oauth_name: "OAuthName"
+        overrides:
+          - column: "sessions.oauth_groups"
+            go_type: "string"
+          - column: "sessions.oauth_name"
+            go_type: "string"