chore(deps): bump oven/bun from 1.3.0-alpine to 1.3.1-alpine

Bumps oven/bun from 1.3.0-alpine to 1.3.1-alpine.

---
updated-dependencies:
- dependency-name: oven/bun
  dependency-version: 1.3.1-alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Dockerfile

@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.3.0-alpine AS frontend-builder
+FROM oven/bun:1.3.1-alpine AS frontend-builder
 
 WORKDIR /frontend
 

Dockerfile.distroless

@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.3.0-alpine AS frontend-builder
+FROM oven/bun:1.3.1-alpine AS frontend-builder
 
 WORKDIR /frontend
 

cmd/root.go

@@ -1,7 +1,6 @@
 package cmd
 
 import (
-	"os"
 	"strings"
 	"tinyauth/internal/bootstrap"
 	"tinyauth/internal/config"
@@ -15,16 +14,15 @@ import (
 )
 
 type rootCmd struct {
-	root     *cobra.Command
-	cmd      *cobra.Command
-	viper    *viper.Viper
-	aclFlags map[string]string
+	root *cobra.Command
+	cmd  *cobra.Command
+
+	viper *viper.Viper
 }
 
 func newRootCmd() *rootCmd {
 	return &rootCmd{
-		viper:    viper.New(),
-		aclFlags: make(map[string]string),
+		viper: viper.New(),
 	}
 }
 
@@ -34,9 +32,6 @@ func (c *rootCmd) Register() {
 		Short: "The simplest way to protect your apps with a login screen",
 		Long:  `Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your docker apps.`,
 		Run:   c.run,
-		FParseErrWhitelist: cobra.FParseErrWhitelist{
-			UnknownFlags: true,
-		},
 	}
 
 	c.viper.AutomaticEnv()
@@ -121,7 +116,7 @@ func (c *rootCmd) run(cmd *cobra.Command, args []string) {
 		log.Warn().Msg("Log level set to trace, this will log sensitive information!")
 	}
 
-	app := bootstrap.NewBootstrapApp(conf, c.aclFlags)
+	app := bootstrap.NewBootstrapApp(conf)
 
 	err = app.Setup()
 	if err != nil {
@@ -131,8 +126,6 @@ func (c *rootCmd) run(cmd *cobra.Command, args []string) {
 
 func Run() {
 	rootCmd := newRootCmd()
-	rootCmd.aclFlags = utils.ExtractACLFlags(os.Args[1:])
-
 	rootCmd.Register()
 	root := rootCmd.GetCmd()
 

go.mod

@@ -47,7 +47,6 @@ require (
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/quic-go/quic-go v0.54.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/stoewer/go-strcase v1.3.1 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect

go.sum

@@ -259,8 +259,6 @@ github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
 github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
-github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs=
-github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=

internal/bootstrap/app_bootstrap.go

@@ -37,15 +37,13 @@ type Service interface {
 }
 
 type BootstrapApp struct {
-	config   config.Config
-	aclFlags map[string]string
-	uuid     string
+	config config.Config
+	uuid   string
 }
 
-func NewBootstrapApp(config config.Config, aclFlags map[string]string) *BootstrapApp {
+func NewBootstrapApp(config config.Config) *BootstrapApp {
 	return &BootstrapApp{
-		config:   config,
-		aclFlags: aclFlags,
+		config: config,
 	}
 }
 
@@ -142,7 +140,6 @@ func (app *BootstrapApp) Setup() error {
 	// Create services
 	dockerService := service.NewDockerService()
 	aclsService := service.NewAccessControlsService(dockerService)
-	aclsService.SetACLFlags(app.aclFlags)
 	authService := service.NewAuthService(authConfig, dockerService, ldapService, database)
 	oauthBrokerService := service.NewOAuthBrokerService(oauthProviders)
 

internal/config/config.go

@@ -53,16 +53,16 @@ type Claims struct {
 }
 
 type OAuthServiceConfig struct {
-	ClientID           string `field:"client-id"`
-	ClientSecret       string
-	ClientSecretFile   string
-	Scopes             []string
-	RedirectURL        string `field:"redirect-url"`
-	AuthURL            string `field:"auth-url"`
-	TokenURL           string `field:"token-url"`
-	UserinfoURL        string `field:"user-info-url"`
-	InsecureSkipVerify bool
-	Name               string
+	ClientID           string   `key:"client-id"`
+	ClientSecret       string   `key:"client-secret"`
+	ClientSecretFile   string   `key:"client-secret-file"`
+	Scopes             []string `key:"scopes"`
+	RedirectURL        string   `key:"redirect-url"`
+	AuthURL            string   `key:"auth-url"`
+	TokenURL           string   `key:"token-url"`
+	UserinfoURL        string   `key:"user-info-url"`
+	InsecureSkipVerify bool     `key:"insecure-skip-verify"`
+	Name               string   `key:"name"`
 }
 
 var OverrideProviders = map[string]string{

internal/service/access_controls_service.go

@@ -4,39 +4,70 @@ import (
 	"os"
 	"strings"
 	"tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"tinyauth/internal/utils/decoders"
 
 	"github.com/rs/zerolog/log"
 )
 
 type AccessControlsService struct {
-	docker   *DockerService
-	envACLs  config.Apps
-	aclFlags map[string]string
+	docker  *DockerService
+	envACLs config.Apps
 }
 
 func NewAccessControlsService(docker *DockerService) *AccessControlsService {
 	return &AccessControlsService{
-		docker:   docker,
-		aclFlags: make(map[string]string),
+		docker: docker,
 	}
 }
 
-func (acls *AccessControlsService) SetACLFlags(flags map[string]string) {
-	acls.aclFlags = flags
+func (acls *AccessControlsService) Init() error {
+	acls.envACLs = config.Apps{}
+	env := os.Environ()
+	appEnvVars := []string{}
+
+	for _, e := range env {
+		if strings.HasPrefix(e, "TINYAUTH_APPS_") {
+			appEnvVars = append(appEnvVars, e)
+		}
+	}
+
+	err := acls.loadEnvACLs(appEnvVars)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
 }
 
-func (acls *AccessControlsService) Init() error {
-	env := os.Environ()
+func (acls *AccessControlsService) loadEnvACLs(appEnvVars []string) error {
+	if len(appEnvVars) == 0 {
+		return nil
+	}
 
-	apps, err := utils.GetACLsConfig(env, acls.aclFlags)
+	envAcls := map[string]string{}
+
+	for _, e := range appEnvVars {
+		parts := strings.SplitN(e, "=", 2)
+		if len(parts) != 2 {
+			continue
+		}
+
+		// Normalize key, this should use the same normalization logic as in utils/decoders/decoders.go
+		key := parts[0]
+		key = strings.ToLower(key)
+		key = strings.ReplaceAll(key, "_", ".")
+		value := parts[1]
+		envAcls[key] = value
+	}
+
+	apps, err := decoders.DecodeLabels(envAcls)
 
 	if err != nil {
 		return err
 	}
 
 	acls.envACLs = apps
-
 	return nil
 }
 

internal/utils/app_utils.go

@@ -147,7 +147,7 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 		}
 	}
 
-	envProviders, err := decoders.DecodeEnv[config.Providers, config.OAuthServiceConfig](envMap, "providers")
+	envProviders, err := decoders.DecodeEnv(envMap)
 
 	if err != nil {
 		return nil, err
@@ -167,7 +167,7 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 		}
 	}
 
-	flagProviders, err := decoders.DecodeFlags[config.Providers, config.OAuthServiceConfig](flagsMap, "providers")
+	flagProviders, err := decoders.DecodeFlags(flagsMap)
 
 	if err != nil {
 		return nil, err
@@ -208,53 +208,3 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 	// Return combined providers
 	return providers, nil
 }
-
-func GetACLsConfig(env []string, flagsMap map[string]string) (config.Apps, error) {
-	apps := config.Apps{Apps: make(map[string]config.App)}
-
-	envMap := make(map[string]string)
-
-	for _, e := range env {
-		pair := strings.SplitN(e, "=", 2)
-		if len(pair) == 2 {
-			envMap[pair[0]] = pair[1]
-		}
-	}
-
-	envApps, err := decoders.DecodeACLEnv[config.Apps](envMap, "apps")
-
-	if err != nil {
-		return config.Apps{}, err
-	}
-
-	if envApps.Apps != nil {
-		maps.Copy(apps.Apps, envApps.Apps)
-	}
-
-	flagApps, err := decoders.DecodeACLFlags[config.Apps](flagsMap, "apps")
-
-	if err != nil {
-		return config.Apps{}, err
-	}
-
-	if flagApps.Apps != nil {
-		maps.Copy(apps.Apps, flagApps.Apps)
-	}
-
-	return apps, nil
-}
-
-func ExtractACLFlags(args []string) map[string]string {
-	aclFlags := make(map[string]string)
-
-	for _, arg := range args {
-		if strings.HasPrefix(arg, "--apps-") || strings.HasPrefix(arg, "--tinyauth-apps-") {
-			pair := strings.SplitN(arg[2:], "=", 2)
-			if len(pair) == 2 {
-				aclFlags[pair[0]] = pair[1]
-			}
-		}
-	}
-
-	return aclFlags
-}

internal/utils/decoders/decoders.go

@@ -3,89 +3,29 @@ package decoders
 import (
 	"reflect"
 	"strings"
-
-	"github.com/stoewer/go-strcase"
+	"tinyauth/internal/config"
 )
 
-func ParsePath(parts []string, idx int, t reflect.Type) []string {
-	if idx >= len(parts) {
-		return []string{}
-	}
-
-	if t.Kind() == reflect.Map {
-
-		if idx >= len(parts) {
-			return []string{}
-		}
-
-		elemType := t.Elem()
-		keyEndIdx := idx + 1
-
-		if elemType.Kind() == reflect.Struct {
-			for i := idx + 1; i < len(parts); i++ {
-				found := false
-
-				for j := 0; j < elemType.NumField(); j++ {
-					field := elemType.Field(j)
-					if strings.EqualFold(parts[i], field.Name) {
-						keyEndIdx = i
-						found = true
-						break
-					}
-				}
-
-				if found {
-					break
-				}
-			}
-		}
-
-		keyParts := parts[idx:keyEndIdx]
-		keyName := strings.ToLower(strings.Join(keyParts, "_"))
-
-		rest := ParsePath(parts, keyEndIdx, elemType)
-		result := append([]string{keyName}, rest...)
-		return result
-	}
-
-	if t.Kind() == reflect.Struct {
-		for i := 0; i < t.NumField(); i++ {
-			field := t.Field(i)
-			if field.Type.Kind() == reflect.Map {
-				rest := ParsePath(parts, idx, field.Type)
-				if len(rest) > 0 {
-					return rest
-				}
-			}
-		}
-
-		for i := 0; i < t.NumField(); i++ {
-			field := t.Field(i)
-			if strings.EqualFold(parts[idx], field.Name) {
-				rest := ParsePath(parts, idx+1, field.Type)
-				result := append([]string{strings.ToLower(field.Name)}, rest...)
-				return result
-			}
-		}
-	}
-
-	return []string{}
-}
-
-func normalizeKeys[T any](input map[string]string, root string, sep string) map[string]string {
-	knownKeys := getKnownKeys[T]()
+func NormalizeKeys(keys map[string]string, rootName string, sep string) map[string]string {
 	normalized := make(map[string]string)
+	knownKeys := getKnownKeys()
 
-	for k, v := range input {
-		parts := []string{"tinyauth"}
+	for k, v := range keys {
+		var finalKey []string
+		var suffix string
+		var camelClientName string
+		var camelField string
 
-		key := strings.ToLower(k)
-		key = strings.ReplaceAll(key, sep, "-")
+		finalKey = append(finalKey, rootName)
+		finalKey = append(finalKey, "providers")
+		lowerKey := strings.ToLower(k)
 
-		suffix := ""
+		if !strings.HasPrefix(lowerKey, "providers"+sep) {
+			continue
+		}
 
 		for _, known := range knownKeys {
-			if strings.HasSuffix(key, known) {
+			if strings.HasSuffix(lowerKey, strings.ReplaceAll(known, "-", sep)) {
 				suffix = known
 				break
 			}
@@ -95,101 +35,55 @@ func normalizeKeys[T any](input map[string]string, root string, sep string) map[
 			continue
 		}
 
-		parts = append(parts, root)
-
-		id := strings.TrimPrefix(key, root+"-")
-		id = strings.TrimSuffix(id, "-"+suffix)
-
-		if id == "" {
+		if strings.TrimSpace(strings.TrimSuffix(strings.TrimPrefix(lowerKey, "providers"+sep), strings.ReplaceAll(suffix, "-", sep))) == "" {
 			continue
 		}
 
-		parts = append(parts, id)
-		parts = append(parts, suffix)
+		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(lowerKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)
 
-		final := ""
-
-		for i, part := range parts {
-			if i > 0 {
-				final += "."
+		for i, p := range clientNameParts {
+			if i == 0 {
+				camelClientName += p
+				continue
 			}
-			final += strcase.LowerCamelCase(part)
+			if p == "" {
+				continue
+			}
+			camelClientName += strings.ToUpper(string([]rune(p)[0])) + string([]rune(p)[1:])
 		}
 
-		normalized[final] = v
+		finalKey = append(finalKey, camelClientName)
+
+		fieldParts := strings.Split(suffix, "-")
+
+		for i, p := range fieldParts {
+			if i == 0 {
+				camelField += p
+				continue
+			}
+			if p == "" {
+				continue
+			}
+			camelField += strings.ToUpper(string([]rune(p)[0])) + string([]rune(p)[1:])
+		}
+
+		finalKey = append(finalKey, camelField)
+		normalized[strings.Join(finalKey, ".")] = v
 	}
 
 	return normalized
 }
 
-func getKnownKeys[T any]() []string {
-	var keys []string
-	var t T
+func getKnownKeys() []string {
+	var known []string
 
-	v := reflect.ValueOf(t)
-	typeOfT := v.Type()
+	p := config.OAuthServiceConfig{}
+	v := reflect.ValueOf(p)
+	typeOfP := v.Type()
 
-	for field := range typeOfT.NumField() {
-		if typeOfT.Field(field).Tag.Get("field") != "" {
-			keys = append(keys, typeOfT.Field(field).Tag.Get("field"))
-			continue
-		}
-		keys = append(keys, strcase.KebabCase(typeOfT.Field(field).Name))
+	for field := range typeOfP.NumField() {
+		known = append(known, typeOfP.Field(field).Tag.Get("key"))
 	}
 
-	return keys
-}
-
-func normalizeACLKeys[T any](input map[string]string, root string, sep string) map[string]string {
-	normalized := make(map[string]string)
-	var t T
-	rootType := reflect.TypeOf(t)
-
-	for k, v := range input {
-		parts := strings.Split(strings.ToLower(k), sep)
-
-		if len(parts) < 2 {
-			continue
-		}
-
-		// Two cases:
-		// 1. Keys starting with "tinyauth" (env vars): tinyauth_apps_...
-		// 2. Keys starting with root directly (flags): apps-...
-		startIdx := 0
-		if parts[0] == "tinyauth" {
-			if len(parts) < 3 {
-				continue
-			}
-			if parts[1] != root {
-				continue
-			}
-			startIdx = 2 // Skip "tinyauth" and root
-		} else if parts[0] == root {
-			startIdx = 1 // Skip root only
-		} else {
-			continue
-		}
-
-		if startIdx < len(parts) {
-			parsedParts := ParsePath(parts[startIdx:], 0, rootType)
-
-			if len(parsedParts) == 0 {
-				continue
-			}
-
-			final := "tinyauth." + root
-
-			for _, part := range parsedParts {
-				if strings.Contains(part, "_") {
-					final += "." + part
-				} else {
-					final += "." + strcase.LowerCamelCase(part)
-				}
-			}
-
-			normalized[final] = v
-		}
-	}
-
-	return normalized
+	return known
 }

internal/utils/decoders/decoders_test.go

@@ -0,0 +1,49 @@
+package decoders_test
+
+import (
+	"testing"
+	"tinyauth/internal/utils/decoders"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestNormalizeKeys(t *testing.T) {
+	// Test with env
+	test := map[string]string{
+		"PROVIDERS_CLIENT1_CLIENT_ID":                    "my-client-id",
+		"PROVIDERS_CLIENT1_CLIENT_SECRET":                "my-client-secret",
+		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_ID":          "my-awesome-client-id",
+		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_SECRET_FILE": "/path/to/secret",
+		"I_LOOK_LIKE_A_KEY_CLIENT_ID":                    "should-not-appear",
+		"PROVIDERS_CLIENT_ID":                            "should-not-appear",
+	}
+	expected := map[string]string{
+		"tinyauth.providers.client1.clientId":                 "my-client-id",
+		"tinyauth.providers.client1.clientSecret":             "my-client-secret",
+		"tinyauth.providers.myAwesomeClient.clientId":         "my-awesome-client-id",
+		"tinyauth.providers.myAwesomeClient.clientSecretFile": "/path/to/secret",
+	}
+
+	normalized := decoders.NormalizeKeys(test, "tinyauth", "_")
+	assert.DeepEqual(t, normalized, expected)
+
+	// Test with flags (assume -- is already stripped)
+	test = map[string]string{
+		"providers-client1-client-id":                    "my-client-id",
+		"providers-client1-client-secret":                "my-client-secret",
+		"providers-my-awesome-client-client-id":          "my-awesome-client-id",
+		"providers-my-awesome-client-client-secret-file": "/path/to/secret",
+		"providers-should-not-appear-client":             "should-not-appear",
+		"i-look-like-a-key-client-id":                    "should-not-appear",
+		"providers-client-id":                            "should-not-appear",
+	}
+	expected = map[string]string{
+		"tinyauth.providers.client1.clientId":                 "my-client-id",
+		"tinyauth.providers.client1.clientSecret":             "my-client-secret",
+		"tinyauth.providers.myAwesomeClient.clientId":         "my-awesome-client-id",
+		"tinyauth.providers.myAwesomeClient.clientSecretFile": "/path/to/secret",
+	}
+
+	normalized = decoders.NormalizeKeys(test, "tinyauth", "-")
+	assert.DeepEqual(t, normalized, expected)
+}

internal/utils/decoders/env_decoder.go

@@ -1,33 +1,20 @@
 package decoders
 
 import (
+	"tinyauth/internal/config"
+
 	"github.com/traefik/paerser/parser"
 )
 
-func DecodeEnv[T any, C any](env map[string]string, subName string) (T, error) {
-	var result T
+func DecodeEnv(env map[string]string) (config.Providers, error) {
+	normalized := NormalizeKeys(env, "tinyauth", "_")
+	var providers config.Providers
 
-	normalized := normalizeKeys[C](env, subName, "_")
-
-	err := parser.Decode(normalized, &result, "tinyauth", "tinyauth."+subName)
+	err := parser.Decode(normalized, &providers, "tinyauth", "tinyauth.providers")
 
 	if err != nil {
-		return result, err
+		return config.Providers{}, err
 	}
 
-	return result, nil
-}
-
-func DecodeACLEnv[T any](env map[string]string, subName string) (T, error) {
-	var result T
-
-	normalized := normalizeACLKeys[T](env, subName, "_")
-
-	err := parser.Decode(normalized, &result, "tinyauth", "tinyauth."+subName)
-
-	if err != nil {
-		return result, err
-	}
-
-	return result, nil
+	return providers, nil
 }

internal/utils/decoders/env_decoder_test.go

@@ -9,29 +9,52 @@ import (
 )
 
 func TestDecodeEnv(t *testing.T) {
-	// Setup
-	env := map[string]string{
-		"PROVIDERS_GOOGLE_CLIENT_ID":        "google-client-id",
-		"PROVIDERS_GOOGLE_CLIENT_SECRET":    "google-client-secret",
-		"PROVIDERS_MY_GITHUB_CLIENT_ID":     "github-client-id",
-		"PROVIDERS_MY_GITHUB_CLIENT_SECRET": "github-client-secret",
-	}
-
+	// Variables
 	expected := config.Providers{
 		Providers: map[string]config.OAuthServiceConfig{
-			"google": {
-				ClientID:     "google-client-id",
-				ClientSecret: "google-client-secret",
+			"client1": {
+				ClientID:           "client1-id",
+				ClientSecret:       "client1-secret",
+				Scopes:             []string{"client1-scope1", "client1-scope2"},
+				RedirectURL:        "client1-redirect-url",
+				AuthURL:            "client1-auth-url",
+				UserinfoURL:        "client1-user-info-url",
+				Name:               "Client1",
+				InsecureSkipVerify: false,
 			},
-			"myGithub": {
-				ClientID:     "github-client-id",
-				ClientSecret: "github-client-secret",
+			"client2": {
+				ClientID:           "client2-id",
+				ClientSecret:       "client2-secret",
+				Scopes:             []string{"client2-scope1", "client2-scope2"},
+				RedirectURL:        "client2-redirect-url",
+				AuthURL:            "client2-auth-url",
+				UserinfoURL:        "client2-user-info-url",
+				Name:               "My Awesome Client2",
+				InsecureSkipVerify: false,
 			},
 		},
 	}
+	test := map[string]string{
+		"PROVIDERS_CLIENT1_CLIENT_ID":            "client1-id",
+		"PROVIDERS_CLIENT1_CLIENT_SECRET":        "client1-secret",
+		"PROVIDERS_CLIENT1_SCOPES":               "client1-scope1,client1-scope2",
+		"PROVIDERS_CLIENT1_REDIRECT_URL":         "client1-redirect-url",
+		"PROVIDERS_CLIENT1_AUTH_URL":             "client1-auth-url",
+		"PROVIDERS_CLIENT1_USER_INFO_URL":        "client1-user-info-url",
+		"PROVIDERS_CLIENT1_NAME":                 "Client1",
+		"PROVIDERS_CLIENT1_INSECURE_SKIP_VERIFY": "false",
+		"PROVIDERS_CLIENT2_CLIENT_ID":            "client2-id",
+		"PROVIDERS_CLIENT2_CLIENT_SECRET":        "client2-secret",
+		"PROVIDERS_CLIENT2_SCOPES":               "client2-scope1,client2-scope2",
+		"PROVIDERS_CLIENT2_REDIRECT_URL":         "client2-redirect-url",
+		"PROVIDERS_CLIENT2_AUTH_URL":             "client2-auth-url",
+		"PROVIDERS_CLIENT2_USER_INFO_URL":        "client2-user-info-url",
+		"PROVIDERS_CLIENT2_NAME":                 "My Awesome Client2",
+		"PROVIDERS_CLIENT2_INSECURE_SKIP_VERIFY": "false",
+	}
 
-	// Execute
-	result, err := decoders.DecodeEnv[config.Providers, config.OAuthServiceConfig](env, "providers")
+	// Test
+	res, err := decoders.DecodeEnv(test)
 	assert.NilError(t, err)
-	assert.DeepEqual(t, result, expected)
+	assert.DeepEqual(t, expected, res)
 }

internal/utils/decoders/flags_decoder.go

@@ -2,38 +2,23 @@ package decoders
 
 import (
 	"strings"
+	"tinyauth/internal/config"
 
 	"github.com/traefik/paerser/parser"
 )
 
-func DecodeFlags[T any, C any](flags map[string]string, subName string) (T, error) {
-	var result T
-
+func DecodeFlags(flags map[string]string) (config.Providers, error) {
 	filtered := filterFlags(flags)
-	normalized := normalizeKeys[C](filtered, subName, "_")
+	normalized := NormalizeKeys(filtered, "tinyauth", "-")
+	var providers config.Providers
 
-	err := parser.Decode(normalized, &result, "tinyauth", "tinyauth."+subName)
+	err := parser.Decode(normalized, &providers, "tinyauth", "tinyauth.providers")
 
 	if err != nil {
-		return result, err
+		return config.Providers{}, err
 	}
 
-	return result, nil
-}
-
-func DecodeACLFlags[T any](flags map[string]string, subName string) (T, error) {
-	var result T
-
-	filtered := filterFlags(flags)
-	normalized := normalizeACLKeys[T](filtered, subName, "-")
-
-	err := parser.Decode(normalized, &result, "tinyauth", "tinyauth."+subName)
-
-	if err != nil {
-		return result, err
-	}
-
-	return result, nil
+	return providers, nil
 }
 
 func filterFlags(flags map[string]string) map[string]string {

internal/utils/decoders/flags_decoder_test.go

@@ -9,29 +9,52 @@ import (
 )
 
 func TestDecodeFlags(t *testing.T) {
-	// Setup
-	flags := map[string]string{
-		"--providers-google-client-id":        "google-client-id",
-		"--providers-google-client-secret":    "google-client-secret",
-		"--providers-my-github-client-id":     "github-client-id",
-		"--providers-my-github-client-secret": "github-client-secret",
-	}
-
+	// Variables
 	expected := config.Providers{
 		Providers: map[string]config.OAuthServiceConfig{
-			"google": {
-				ClientID:     "google-client-id",
-				ClientSecret: "google-client-secret",
+			"client1": {
+				ClientID:           "client1-id",
+				ClientSecret:       "client1-secret",
+				Scopes:             []string{"client1-scope1", "client1-scope2"},
+				RedirectURL:        "client1-redirect-url",
+				AuthURL:            "client1-auth-url",
+				UserinfoURL:        "client1-user-info-url",
+				Name:               "Client1",
+				InsecureSkipVerify: false,
 			},
-			"myGithub": {
-				ClientID:     "github-client-id",
-				ClientSecret: "github-client-secret",
+			"client2": {
+				ClientID:           "client2-id",
+				ClientSecret:       "client2-secret",
+				Scopes:             []string{"client2-scope1", "client2-scope2"},
+				RedirectURL:        "client2-redirect-url",
+				AuthURL:            "client2-auth-url",
+				UserinfoURL:        "client2-user-info-url",
+				Name:               "My Awesome Client2",
+				InsecureSkipVerify: false,
 			},
 		},
 	}
+	test := map[string]string{
+		"--providers-client1-client-id":            "client1-id",
+		"--providers-client1-client-secret":        "client1-secret",
+		"--providers-client1-scopes":               "client1-scope1,client1-scope2",
+		"--providers-client1-redirect-url":         "client1-redirect-url",
+		"--providers-client1-auth-url":             "client1-auth-url",
+		"--providers-client1-user-info-url":        "client1-user-info-url",
+		"--providers-client1-name":                 "Client1",
+		"--providers-client1-insecure-skip-verify": "false",
+		"--providers-client2-client-id":            "client2-id",
+		"--providers-client2-client-secret":        "client2-secret",
+		"--providers-client2-scopes":               "client2-scope1,client2-scope2",
+		"--providers-client2-redirect-url":         "client2-redirect-url",
+		"--providers-client2-auth-url":             "client2-auth-url",
+		"--providers-client2-user-info-url":        "client2-user-info-url",
+		"--providers-client2-name":                 "My Awesome Client2",
+		"--providers-client2-insecure-skip-verify": "false",
+	}
 
-	// Execute
-	result, err := decoders.DecodeFlags[config.Providers, config.OAuthServiceConfig](flags, "providers")
+	// Test
+	res, err := decoders.DecodeFlags(test)
 	assert.NilError(t, err)
-	assert.DeepEqual(t, result, expected)
+	assert.DeepEqual(t, expected, res)
 }