wip

.github/workflows/release.yml

@@ -125,9 +125,9 @@ jobs:
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
           tags: |
-            type=semver,pattern={{version}},prefix=v
+            type=semver,pattern=v{{version}}
-            type=semver,pattern={{major}},prefix=v
+            type=semver,pattern=v{{major}}
-            type=semver,pattern={{major}}.{{minor}},prefix=v
+            type=semver,pattern=v{{major}}.{{minor}}
 
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests

Dockerfile.dev

@@ -9,6 +9,7 @@ RUN go mod download
 
 COPY ./cmd ./cmd
 COPY ./internal ./internal
+COPY ./docs ./docs
 COPY ./main.go ./
 COPY ./air.toml ./
 

cmd/root.go

@@ -35,8 +35,8 @@ var rootCmd = &cobra.Command{
 
 		// Get config
 		var config types.Config
-		err := viper.Unmarshal(&config)
+		parseErr := viper.Unmarshal(&config)
-		HandleError(err, "Failed to parse config")
+		HandleError(parseErr, "Failed to parse config")
 
 		// Secrets
 		config.Secret = utils.GetSecret(config.Secret, config.SecretFile)
@@ -47,8 +47,8 @@ var rootCmd = &cobra.Command{
 
 		// Validate config
 		validator := validator.New()
-		err = validator.Struct(config)
+		validateErr := validator.Struct(config)
-		HandleError(err, "Failed to validate config")
+		HandleError(validateErr, "Failed to validate config")
 
 		// Logger
 		log.Logger = log.Level(zerolog.Level(config.LogLevel))
@@ -56,8 +56,9 @@ var rootCmd = &cobra.Command{
 
 		// Users
 		log.Info().Msg("Parsing users")
-		users, err := utils.GetUsers(config.Users, config.UsersFile)
+		users, usersErr := utils.GetUsers(config.Users, config.UsersFile)
-		HandleError(err, "Failed to parse users")
+
+		HandleError(usersErr, "Failed to parse users")
 
 		if len(users) == 0 && !utils.OAuthConfigured(config) {
 			HandleError(errors.New("no users or OAuth configured"), "No users or OAuth configured")
@@ -67,15 +68,8 @@ var rootCmd = &cobra.Command{
 		oauthWhitelist := utils.Filter(strings.Split(config.OAuthWhitelist, ","), func(val string) bool {
 			return val != ""
 		})
-
 		log.Debug().Msg("Parsed OAuth whitelist")
 
-		// Get domain
-		log.Debug().Msg("Getting domain")
-		domain, err := utils.GetUpperDomain(config.AppURL)
-		HandleError(err, "Failed to get upper domain")
-		log.Info().Str("domain", domain).Msg("Using domain for cookie store")
-
 		// Create OAuth config
 		oauthConfig := types.OAuthConfig{
 			GithubClientId:        config.GithubClientId,
@@ -93,32 +87,14 @@ var rootCmd = &cobra.Command{
 			AppURL:                config.AppURL,
 		}
 
-		// Create handlers config
+		log.Debug().Msg("Parsed OAuth config")
-		serverConfig := types.HandlersConfig{
-			AppURL:          config.AppURL,
-			Domain:          fmt.Sprintf(".%s", domain),
-			CookieSecure:    config.CookieSecure,
-			DisableContinue: config.DisableContinue,
-			Title:           config.Title,
-			GenericName:     config.GenericName,
-		}
-
-		// Create api config
-		apiConfig := types.APIConfig{
-			Port:          config.Port,
-			Address:       config.Address,
-			Secret:        config.Secret,
-			CookieSecure:  config.CookieSecure,
-			SessionExpiry: config.SessionExpiry,
-			Domain:        domain,
-		}
 
 		// Create docker service
 		docker := docker.NewDocker()
 
 		// Initialize docker
-		err = docker.Init()
+		dockerErr := docker.Init()
-		HandleError(err, "Failed to initialize docker")
+		HandleError(dockerErr, "Failed to initialize docker")
 
 		// Create auth service
 		auth := auth.NewAuth(docker, users, oauthWhitelist, config.SessionExpiry)
@@ -132,11 +108,35 @@ var rootCmd = &cobra.Command{
 		// Create hooks service
 		hooks := hooks.NewHooks(auth, providers)
 
+		// Create doman
+		domain, domainErr := utils.GetRootURL(config.AppURL)
+
+		if domainErr != nil {
+			log.Fatal().Err(domainErr).Msg("Failed to get domain")
+			os.Exit(1)
+		}
+
+		log.Info().Str("domain", domain).Msg("Using domain for cookies")
+
+		// Create api config
+		apiConfig := types.APIConfig{
+			Port:            config.Port,
+			Address:         config.Address,
+			Secret:          config.Secret,
+			AppURL:          config.AppURL,
+			CookieSecure:    config.CookieSecure,
+			DisableContinue: config.DisableContinue,
+			SessionExpiry:   config.SessionExpiry,
+			Title:           config.Title,
+			GenericName:     config.GenericName,
+			Domain:          fmt.Sprintf(".%s", domain),
+		}
+
 		// Create handlers
-		handlers := handlers.NewHandlers(serverConfig, auth, hooks, providers)
+		apiHandlers := handlers.NewHandlers(apiConfig, auth, hooks)
 
 		// Create API
-		api := api.NewAPI(apiConfig, handlers)
+		api := api.NewAPI(apiConfig, hooks, auth, providers, apiHandlers)
 
 		// Setup routes
 		api.Init()
@@ -153,7 +153,7 @@ func Execute() {
 }
 
 func HandleError(err error, msg string) {
-	// If error, log it and exit
+	// If error log it and exit
 	if err != nil {
 		log.Fatal().Err(err).Msg(msg)
 	}

cmd/totp/generate/generate.go

@@ -18,7 +18,7 @@ import (
 // Interactive flag
 var interactive bool
 
-// Input user
+// i stands for input
 var iUser string
 
 var GenerateCmd = &cobra.Command{
@@ -46,18 +46,18 @@ var GenerateCmd = &cobra.Command{
 			)
 
 			// Run form
-			err := form.WithTheme(baseTheme).Run()
+			formErr := form.WithTheme(baseTheme).Run()
 
-			if err != nil {
+			if formErr != nil {
-				log.Fatal().Err(err).Msg("Form failed")
+				log.Fatal().Err(formErr).Msg("Form failed")
 			}
 		}
 
 		// Parse user
-		user, err := utils.ParseUser(iUser)
+		user, parseErr := utils.ParseUser(iUser)
 
-		if err != nil {
+		if parseErr != nil {
-			log.Fatal().Err(err).Msg("Failed to parse user")
+			log.Fatal().Err(parseErr).Msg("Failed to parse user")
 		}
 
 		// Check if user was using docker escape
@@ -73,13 +73,13 @@ var GenerateCmd = &cobra.Command{
 		}
 
 		// Generate totp secret
-		key, err := totp.Generate(totp.GenerateOpts{
+		key, keyErr := totp.Generate(totp.GenerateOpts{
 			Issuer:      "Tinyauth",
 			AccountName: user.Username,
 		})
 
-		if err != nil {
+		if keyErr != nil {
-			log.Fatal().Err(err).Msg("Failed to generate totp secret")
+			log.Fatal().Err(keyErr).Msg("Failed to generate totp secret")
 		}
 
 		// Create secret

cmd/user/create/create.go

@@ -12,10 +12,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-// Interactive flag
 var interactive bool
-
-// Docker flag
 var docker bool
 
 // i stands for input
@@ -54,10 +51,10 @@ var CreateCmd = &cobra.Command{
 			// Use simple theme
 			var baseTheme *huh.Theme = huh.ThemeBase()
 
-			err := form.WithTheme(baseTheme).Run()
+			formErr := form.WithTheme(baseTheme).Run()
 
-			if err != nil {
+			if formErr != nil {
-				log.Fatal().Err(err).Msg("Form failed")
+				log.Fatal().Err(formErr).Msg("Form failed")
 			}
 		}
 
@@ -69,10 +66,10 @@ var CreateCmd = &cobra.Command{
 		log.Info().Str("username", iUsername).Str("password", iPassword).Bool("docker", docker).Msg("Creating user")
 
 		// Hash password
-		password, err := bcrypt.GenerateFromPassword([]byte(iPassword), bcrypt.DefaultCost)
+		password, passwordErr := bcrypt.GenerateFromPassword([]byte(iPassword), bcrypt.DefaultCost)
 
-		if err != nil {
+		if passwordErr != nil {
-			log.Fatal().Err(err).Msg("Failed to hash password")
+			log.Fatal().Err(passwordErr).Msg("Failed to hash password")
 		}
 
 		// Convert password to string

cmd/user/verify/verify.go

@@ -12,10 +12,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-// Interactive flag
 var interactive bool
-
-// Docker flag
 var docker bool
 
 // i stands for input
@@ -63,18 +60,18 @@ var VerifyCmd = &cobra.Command{
 			)
 
 			// Run form
-			err := form.WithTheme(baseTheme).Run()
+			formErr := form.WithTheme(baseTheme).Run()
 
-			if err != nil {
+			if formErr != nil {
-				log.Fatal().Err(err).Msg("Form failed")
+				log.Fatal().Err(formErr).Msg("Form failed")
 			}
 		}
 
 		// Parse user
-		user, err := utils.ParseUser(iUser)
+		user, userErr := utils.ParseUser(iUser)
 
-		if err != nil {
+		if userErr != nil {
-			log.Fatal().Err(err).Msg("Failed to parse user")
+			log.Fatal().Err(userErr).Msg("Failed to parse user")
 		}
 
 		// Compare username
@@ -83,9 +80,9 @@ var VerifyCmd = &cobra.Command{
 		}
 
 		// Compare password
-		err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
+		verifyErr := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
 
-		if err != nil {
+		if verifyErr != nil {
 			log.Fatal().Msg("Ppassword is incorrect")
 		}
 
@@ -99,9 +96,9 @@ var VerifyCmd = &cobra.Command{
 		}
 
 		// Check totp code
-		ok := totp.Validate(iTotp, user.TotpSecret)
+		totpOk := totp.Validate(iTotp, user.TotpSecret)
 
-		if !ok {
+		if !totpOk {
 			log.Fatal().Msg("Totp code incorrect")
 
 		}

docker-compose.dev.yml

@@ -40,6 +40,7 @@ services:
     volumes:
       - ./internal:/tinyauth/internal
       - ./cmd:/tinyauth/cmd
+      - ./docs:/tinyauth/docs
       - ./main.go:/tinyauth/main.go
     ports:
       - 3000:3000

docs/docs.go

@@ -0,0 +1,92 @@
+// Package docs Code generated by swaggo/swag. DO NOT EDIT
+package docs
+
+import "github.com/swaggo/swag"
+
+const docTemplate = `{
+    "schemes": {{ marshal .Schemes }},
+    "swagger": "2.0",
+    "info": {
+        "description": "{{escape .Description}}",
+        "title": "{{.Title}}",
+        "contact": {},
+        "version": "{{.Version}}"
+    },
+    "host": "{{.Host}}",
+    "basePath": "{{.BasePath}}",
+    "paths": {
+        "/auth/logout": {
+            "get": {
+                "description": "Log the user out by invalidating the session cookie",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "auth"
+                ],
+                "summary": "Logout",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/types.SimpleResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/healthcheck": {
+            "get": {
+                "description": "Simple health check",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "health"
+                ],
+                "summary": "Health Check",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/types.SimpleResponse"
+                        }
+                    }
+                }
+            }
+        }
+    },
+    "definitions": {
+        "types.SimpleResponse": {
+            "type": "object",
+            "properties": {
+                "message": {
+                    "type": "string",
+                    "example": "OK"
+                },
+                "status": {
+                    "type": "integer",
+                    "example": 200
+                }
+            }
+        }
+    }
+}`
+
+// SwaggerInfo holds exported Swagger Info so clients can modify it
+var SwaggerInfo = &swag.Spec{
+	Version:          "1.0",
+	Host:             "",
+	BasePath:         "/api",
+	Schemes:          []string{},
+	Title:            "Tinyauth API",
+	Description:      "Documentation for the Tinyauth API",
+	InfoInstanceName: "swagger",
+	SwaggerTemplate:  docTemplate,
+	LeftDelim:        "{{",
+	RightDelim:       "}}",
+}
+
+func init() {
+	swag.Register(SwaggerInfo.InstanceName(), SwaggerInfo)
+}

docs/swagger.json

@@ -0,0 +1,67 @@
+{
+    "swagger": "2.0",
+    "info": {
+        "description": "Documentation for the Tinyauth API",
+        "title": "Tinyauth API",
+        "contact": {},
+        "version": "1.0"
+    },
+    "basePath": "/api",
+    "paths": {
+        "/auth/logout": {
+            "get": {
+                "description": "Log the user out by invalidating the session cookie",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "auth"
+                ],
+                "summary": "Logout",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/types.SimpleResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/healthcheck": {
+            "get": {
+                "description": "Simple health check",
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "health"
+                ],
+                "summary": "Health Check",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/types.SimpleResponse"
+                        }
+                    }
+                }
+            }
+        }
+    },
+    "definitions": {
+        "types.SimpleResponse": {
+            "type": "object",
+            "properties": {
+                "message": {
+                    "type": "string",
+                    "example": "OK"
+                },
+                "status": {
+                    "type": "integer",
+                    "example": 200
+                }
+            }
+        }
+    }
+}

docs/swagger.yaml

@@ -0,0 +1,44 @@
+basePath: /api
+definitions:
+  types.SimpleResponse:
+    properties:
+      message:
+        example: OK
+        type: string
+      status:
+        example: 200
+        type: integer
+    type: object
+info:
+  contact: {}
+  description: Documentation for the Tinyauth API
+  title: Tinyauth API
+  version: "1.0"
+paths:
+  /auth/logout:
+    get:
+      description: Log the user out by invalidating the session cookie
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/types.SimpleResponse'
+      summary: Logout
+      tags:
+      - auth
+  /healthcheck:
+    get:
+      description: Simple health check
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/types.SimpleResponse'
+      summary: Health Check
+      tags:
+      - health
+swagger: "2.0"

go.mod

@@ -5,23 +5,34 @@ go 1.23.2
 require (
 	github.com/gin-contrib/sessions v1.0.2
 	github.com/gin-gonic/gin v1.10.0
-	github.com/go-playground/validator/v10 v10.24.0
+	github.com/go-playground/validator/v10 v10.25.0
 	github.com/google/go-querystring v1.1.0
 	github.com/mdp/qrterminal/v3 v3.2.0
 	github.com/rs/zerolog v1.33.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
-	golang.org/x/crypto v0.32.0
+	github.com/swaggo/swag v1.16.4
+	golang.org/x/crypto v0.36.0
 )
 
 require (
+	github.com/KyleBanks/depth v1.2.1 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/swaggo/files v1.0.1 // indirect
+	github.com/swaggo/gin-swagger v1.6.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/tools v0.31.0 // indirect
 	gotest.tools/v3 v3.5.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
@@ -31,8 +42,8 @@ require (
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/boombuler/barcode v1.0.2 // indirect
-	github.com/bytedance/sonic v1.12.7 // indirect
+	github.com/bytedance/sonic v1.13.1 // indirect
-	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/catppuccin/go v0.2.0 // indirect
 	github.com/charmbracelet/bubbles v0.20.0 // indirect
 	github.com/charmbracelet/bubbletea v1.1.0 // indirect
@@ -41,7 +52,7 @@ require (
 	github.com/charmbracelet/x/ansi v0.2.3 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
 	github.com/charmbracelet/x/term v0.2.0 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v27.5.1+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
@@ -56,7 +67,7 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.4 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@@ -64,7 +75,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7
@@ -101,14 +112,14 @@ require (
 	go.opentelemetry.io/otel/trace v1.34.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/arch v0.13.0 // indirect
+	golang.org/x/arch v0.15.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/net v0.37.0 // indirect
 	golang.org/x/oauth2 v0.25.0
-	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
-	google.golang.org/protobuf v1.36.3 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,5 +1,7 @@
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
+github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
@@ -11,11 +13,11 @@ github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
 github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bytedance/sonic v1.12.7 h1:CQU8pxOy9HToxhndH0Kx/S1qU/CuS9GnKYrGioDcU1Q=
+github.com/bytedance/sonic v1.13.1 h1:Jyd5CIvdFnkOWuKXr+wm4Nyk2h0yAFsr8ucJgEasO3g=
-github.com/bytedance/sonic v1.12.7/go.mod h1:tnbal4mxOMju17EGfknm2XyYcpyCnIROYOEYuemj13I=
+github.com/bytedance/sonic v1.13.1/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.3 h1:yctD0Q3v2NOGfSWPLPvG2ggA2kV6TS6s4wioyEqssH0=
+github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
-github.com/bytedance/sonic/loader v0.2.3/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/catppuccin/go v0.2.0 h1:ktBeIrIP42b/8FGiScP9sgrWOss3lw0Z5SktRoithGA=
 github.com/catppuccin/go v0.2.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
@@ -34,8 +36,8 @@ github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 h1:qko
 github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0/go.mod h1:pBhA0ybfXv6hDjQUZ7hk1lVxBiUbupdw5R31yPUViVQ=
 github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0=
 github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
@@ -76,16 +78,24 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
+github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
+github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
+github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
+github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
+github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8=
-github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
-github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
-github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -111,13 +121,15 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -130,6 +142,8 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -222,12 +236,19 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=
+github.com/swaggo/files v1.0.1/go.mod h1:0qXmMNH6sXNf+73t65aKeB+ApmgxdnkQzVTAj2uaMUg=
+github.com/swaggo/gin-swagger v1.6.0 h1:y8sxvQ3E20/RCyrXeFfg60r6H0Z+SwpTjMYsMm+zy8M=
+github.com/swaggo/gin-swagger v1.6.0/go.mod h1:BG00cCEy294xtVpyIAHG6+e2Qzj/xKlRdOqDkvq0uzo=
+github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A=
+github.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
@@ -250,53 +271,74 @@ go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
 go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
-golang.org/x/arch v0.13.0 h1:KCkqVVV1kGg0X87TFysjCJ8MxtZEIU4Ja/yXGeoECdA=
+golang.org/x/arch v0.15.0 h1:QtOrQd0bTUnhNVNndMpLHNWrDmYzZ2KDqSrEymqInZw=
-golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.15.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
 golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -308,8 +350,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50=
 google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A=
 google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
-google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

internal/api/api.go

@@ -3,22 +3,36 @@ package api
 import (
 	"fmt"
 	"io/fs"
+	"math/rand/v2"
 	"net/http"
+	"os"
 	"strings"
 	"time"
 	"tinyauth/internal/assets"
+	"tinyauth/internal/auth"
 	"tinyauth/internal/handlers"
+	"tinyauth/internal/hooks"
+	"tinyauth/internal/providers"
 	"tinyauth/internal/types"
 
+	docs "tinyauth/docs"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
+	"github.com/google/go-querystring/query"
+	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog/log"
+	swaggerfiles "github.com/swaggo/files"
+	ginSwagger "github.com/swaggo/gin-swagger"
 )
 
-func NewAPI(config types.APIConfig, handlers *handlers.Handlers) *API {
+func NewAPI(config types.APIConfig, hooks *hooks.Hooks, auth *auth.Auth, providers *providers.Providers, handlers *handlers.Handlers) *API {
 	return &API{
 		Config:    config,
+		Hooks:     hooks,
+		Auth:      auth,
+		Providers: providers,
 		Handlers:  handlers,
 	}
 }
@@ -26,9 +40,18 @@ func NewAPI(config types.APIConfig, handlers *handlers.Handlers) *API {
 type API struct {
 	Config    types.APIConfig
 	Router    *gin.Engine
+	Hooks     *hooks.Hooks
+	Auth      *auth.Auth
+	Providers *providers.Providers
 	Handlers  *handlers.Handlers
+	Domain    string
 }
 
+// @title           Tinyauth API
+// @version         1.0
+// @description     Documentation for the Tinyauth API
+// @BasePath  /api
+
 func (api *API) Init() {
 	// Disable gin logs
 	gin.SetMode(gin.ReleaseMode)
@@ -37,13 +60,14 @@ func (api *API) Init() {
 	log.Debug().Msg("Setting up router")
 	router := gin.New()
 	router.Use(zerolog())
+	router.RedirectTrailingSlash = true
 
 	// Read UI assets
 	log.Debug().Msg("Setting up assets")
-	dist, err := fs.Sub(assets.Assets, "dist")
+	dist, distErr := fs.Sub(assets.Assets, "dist")
 
-	if err != nil {
+	if distErr != nil {
-		log.Fatal().Err(err).Msg("Failed to get UI assets")
+		log.Fatal().Err(distErr).Msg("Failed to get UI assets")
 	}
 
 	// Create file server
@@ -56,7 +80,7 @@ func (api *API) Init() {
 
 	// Use session middleware
 	store.Options(sessions.Options{
-		Domain:   api.Config.Domain,
+		Domain:   api.Domain,
 		Path:     "/",
 		HttpOnly: true,
 		Secure:   api.Config.CookieSecure,
@@ -65,11 +89,30 @@ func (api *API) Init() {
 
 	router.Use(sessions.Sessions("tinyauth", store))
 
+	// Configure swagger
+	docs.SwaggerInfo.BasePath = "/api"
+
+	// Swagger middleware
+	router.GET("/api/swagger/*any", ginSwagger.WrapHandler(swaggerfiles.Handler))
+	router.GET("/api/swagger", func(ctx *gin.Context) {
+		ctx.Redirect(http.StatusPermanentRedirect, "/api/swagger/index.html")
+	})
+
 	// UI middleware
 	router.Use(func(c *gin.Context) {
 		// If not an API request, serve the UI
 		if !strings.HasPrefix(c.Request.URL.Path, "/api") {
+			_, err := fs.Stat(dist, strings.TrimPrefix(c.Request.URL.Path, "/"))
+
+			// If the file doesn't exist, serve the index.html
+			if os.IsNotExist(err) {
+				c.Request.URL.Path = "/"
+			}
+
+			// Serve the file
 			fileServer.ServeHTTP(c.Writer, c.Request)
+
+			// Stop further processing
 			c.Abort()
 		}
 	})
@@ -79,24 +122,412 @@ func (api *API) Init() {
 }
 
 func (api *API) SetupRoutes() {
-	// Proxy
+	api.Router.GET("/api/healthcheck", api.Handlers.HealthCheck)
-	api.Router.GET("/api/auth/:proxy", api.Handlers.AuthHandler)
+	api.Router.GET("/api/auth/logout", api.Handlers.Logout)
+	api.Router.GET("/api/auth", api.Handlers.CheckAuth)
 
-	// Auth
+	api.Router.POST("/api/login", func(c *gin.Context) {
-	api.Router.POST("/api/login", api.Handlers.LoginHandler)
+		// Create login struct
-	api.Router.POST("/api/totp", api.Handlers.TotpHandler)
+		var login types.LoginRequest
-	api.Router.POST("/api/logout", api.Handlers.LogoutHandler)
 
-	// Context
+		// Bind JSON
-	api.Router.GET("/api/app", api.Handlers.AppHandler)
+		err := c.BindJSON(&login)
-	api.Router.GET("/api/user", api.Handlers.UserHandler)
 
-	// OAuth
+		// Handle error
-	api.Router.GET("/api/oauth/url/:provider", api.Handlers.OauthUrlHandler)
+		if err != nil {
-	api.Router.GET("/api/oauth/callback/:provider", api.Handlers.OauthCallbackHandler)
+			log.Error().Err(err).Msg("Failed to bind JSON")
+			c.JSON(400, gin.H{
+				"status":  400,
+				"message": "Bad Request",
+			})
+			return
+		}
 
-	// App
+		log.Debug().Msg("Got login request")
-	api.Router.GET("/api/healthcheck", api.Handlers.HealthcheckHandler)
+
+		// Get user based on username
+		user := api.Auth.GetUser(login.Username)
+
+		// User does not exist
+		if user == nil {
+			log.Debug().Str("username", login.Username).Msg("User not found")
+			c.JSON(401, gin.H{
+				"status":  401,
+				"message": "Unauthorized",
+			})
+			return
+		}
+
+		log.Debug().Msg("Got user")
+
+		// Check if password is correct
+		if !api.Auth.CheckPassword(*user, login.Password) {
+			log.Debug().Str("username", login.Username).Msg("Password incorrect")
+			c.JSON(401, gin.H{
+				"status":  401,
+				"message": "Unauthorized",
+			})
+			return
+		}
+
+		log.Debug().Msg("Password correct, checking totp")
+
+		// Check if user has totp enabled
+		if user.TotpSecret != "" {
+			log.Debug().Msg("Totp enabled")
+
+			// Set totp pending cookie
+			api.Auth.CreateSessionCookie(c, &types.SessionCookie{
+				Username:    login.Username,
+				Provider:    "username",
+				TotpPending: true,
+			})
+
+			// Return totp required
+			c.JSON(200, gin.H{
+				"status":      200,
+				"message":     "Waiting for totp",
+				"totpPending": true,
+			})
+
+			// Stop further processing
+			return
+		}
+
+		// Create session cookie with username as provider
+		api.Auth.CreateSessionCookie(c, &types.SessionCookie{
+			Username: login.Username,
+			Provider: "username",
+		})
+
+		// Return logged in
+		c.JSON(200, gin.H{
+			"status":      200,
+			"message":     "Logged in",
+			"totpPending": false,
+		})
+	})
+
+	api.Router.POST("/api/totp", func(c *gin.Context) {
+		// Create totp struct
+		var totpReq types.TotpRequest
+
+		// Bind JSON
+		err := c.BindJSON(&totpReq)
+
+		// Handle error
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to bind JSON")
+			c.JSON(400, gin.H{
+				"status":  400,
+				"message": "Bad Request",
+			})
+			return
+		}
+
+		log.Debug().Msg("Checking totp")
+
+		// Get user context
+		userContext := api.Hooks.UseUserContext(c)
+
+		// Check if we have a user
+		if userContext.Username == "" {
+			log.Debug().Msg("No user context")
+			c.JSON(401, gin.H{
+				"status":  401,
+				"message": "Unauthorized",
+			})
+			return
+		}
+
+		// Get user
+		user := api.Auth.GetUser(userContext.Username)
+
+		// Check if user exists
+		if user == nil {
+			log.Debug().Msg("User not found")
+			c.JSON(401, gin.H{
+				"status":  401,
+				"message": "Unauthorized",
+			})
+			return
+		}
+
+		// Check if totp is correct
+		totpOk := totp.Validate(totpReq.Code, user.TotpSecret)
+
+		// TOTP is incorrect
+		if !totpOk {
+			log.Debug().Msg("Totp incorrect")
+			c.JSON(401, gin.H{
+				"status":  401,
+				"message": "Unauthorized",
+			})
+			return
+		}
+
+		log.Debug().Msg("Totp correct")
+
+		// Create session cookie with username as provider
+		api.Auth.CreateSessionCookie(c, &types.SessionCookie{
+			Username: user.Username,
+			Provider: "username",
+		})
+
+		// Return logged in
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Logged in",
+		})
+	})
+
+	api.Router.GET("/api/app", func(c *gin.Context) {
+		log.Debug().Msg("Getting app context")
+
+		// Get configured providers
+		configuredProviders := api.Providers.GetConfiguredProviders()
+
+		// We have username/password configured so add it to our providers
+		if api.Auth.UserAuthConfigured() {
+			configuredProviders = append(configuredProviders, "username")
+		}
+
+		// Create app context struct
+		appContext := types.AppContext{
+			Status:              200,
+			Message:             "Ok",
+			ConfiguredProviders: configuredProviders,
+			DisableContinue:     api.Config.DisableContinue,
+			Title:               api.Config.Title,
+			GenericName:         api.Config.GenericName,
+		}
+
+		// Return app context
+		c.JSON(200, appContext)
+	})
+
+	api.Router.GET("/api/user", func(c *gin.Context) {
+		log.Debug().Msg("Getting user context")
+
+		// Get user context
+		userContext := api.Hooks.UseUserContext(c)
+
+		// Create user context response
+		userContextResponse := types.UserContextResponse{
+			Status:      200,
+			IsLoggedIn:  userContext.IsLoggedIn,
+			Username:    userContext.Username,
+			Provider:    userContext.Provider,
+			Oauth:       userContext.OAuth,
+			TotpPending: userContext.TotpPending,
+		}
+
+		// If we are not logged in we set the status to 401 and add the WWW-Authenticate header else we set it to 200
+		if !userContext.IsLoggedIn {
+			log.Debug().Msg("Unauthorized")
+			c.Header("WWW-Authenticate", "Basic realm=\"tinyauth\"")
+			userContextResponse.Message = "Unauthorized"
+		} else {
+			log.Debug().Interface("userContext", userContext).Msg("Authenticated")
+			userContextResponse.Message = "Authenticated"
+		}
+
+		// Return user context
+		c.JSON(200, userContextResponse)
+	})
+
+	api.Router.GET("/api/oauth/url/:provider", func(c *gin.Context) {
+		// Create struct for OAuth request
+		var request types.OAuthRequest
+
+		// Bind URI
+		bindErr := c.BindUri(&request)
+
+		// Handle error
+		if bindErr != nil {
+			log.Error().Err(bindErr).Msg("Failed to bind URI")
+			c.JSON(400, gin.H{
+				"status":  400,
+				"message": "Bad Request",
+			})
+			return
+		}
+
+		log.Debug().Msg("Got OAuth request")
+
+		// Check if provider exists
+		provider := api.Providers.GetProvider(request.Provider)
+
+		// Provider does not exist
+		if provider == nil {
+			c.JSON(404, gin.H{
+				"status":  404,
+				"message": "Not Found",
+			})
+			return
+		}
+
+		log.Debug().Str("provider", request.Provider).Msg("Got provider")
+
+		// Get auth URL
+		authURL := provider.GetAuthURL()
+
+		log.Debug().Msg("Got auth URL")
+
+		// Get redirect URI
+		redirectURI := c.Query("redirect_uri")
+
+		// Set redirect cookie if redirect URI is provided
+		if redirectURI != "" {
+			log.Debug().Str("redirectURI", redirectURI).Msg("Setting redirect cookie")
+			c.SetCookie("tinyauth_redirect_uri", redirectURI, 3600, "/", api.Domain, api.Config.CookieSecure, true)
+		}
+
+		// Tailscale does not have an auth url so we create a random code (does not need to be secure) to avoid caching and send it
+		if request.Provider == "tailscale" {
+			// Build tailscale query
+			tailscaleQuery, tailscaleQueryErr := query.Values(types.TailscaleQuery{
+				Code: (1000 + rand.IntN(9000)),
+			})
+
+			// Handle error
+			if tailscaleQueryErr != nil {
+				log.Error().Err(tailscaleQueryErr).Msg("Failed to build query")
+				c.JSON(500, gin.H{
+					"status":  500,
+					"message": "Internal Server Error",
+				})
+				return
+			}
+
+			// Return tailscale URL (immidiately redirects to the callback)
+			c.JSON(200, gin.H{
+				"status":  200,
+				"message": "Ok",
+				"url":     fmt.Sprintf("%s/api/oauth/callback/tailscale?%s", api.Config.AppURL, tailscaleQuery.Encode()),
+			})
+			return
+		}
+
+		// Return auth URL
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Ok",
+			"url":     authURL,
+		})
+	})
+
+	api.Router.GET("/api/oauth/callback/:provider", func(c *gin.Context) {
+		// Create struct for OAuth request
+		var providerName types.OAuthRequest
+
+		// Bind URI
+		bindErr := c.BindUri(&providerName)
+
+		// Handle error
+		if api.handleError(c, "Failed to bind URI", bindErr) {
+			return
+		}
+
+		log.Debug().Interface("provider", providerName.Provider).Msg("Got provider name")
+
+		// Get code
+		code := c.Query("code")
+
+		// Code empty so redirect to error
+		if code == "" {
+			log.Error().Msg("No code provided")
+			c.Redirect(http.StatusPermanentRedirect, "/error")
+			return
+		}
+
+		log.Debug().Msg("Got code")
+
+		// Get provider
+		provider := api.Providers.GetProvider(providerName.Provider)
+
+		log.Debug().Str("provider", providerName.Provider).Msg("Got provider")
+
+		// Provider does not exist
+		if provider == nil {
+			c.Redirect(http.StatusPermanentRedirect, "/not-found")
+			return
+		}
+
+		// Exchange token (authenticates user)
+		_, tokenErr := provider.ExchangeToken(code)
+
+		log.Debug().Msg("Got token")
+
+		// Handle error
+		if api.handleError(c, "Failed to exchange token", tokenErr) {
+			return
+		}
+
+		// Get email
+		email, emailErr := api.Providers.GetUser(providerName.Provider)
+
+		log.Debug().Str("email", email).Msg("Got email")
+
+		// Handle error
+		if api.handleError(c, "Failed to get user", emailErr) {
+			return
+		}
+
+		// Email is not whitelisted
+		if !api.Auth.EmailWhitelisted(email) {
+			log.Warn().Str("email", email).Msg("Email not whitelisted")
+
+			// Build query
+			unauthorizedQuery, unauthorizedQueryErr := query.Values(types.UnauthorizedQuery{
+				Username: email,
+			})
+
+			// Handle error
+			if api.handleError(c, "Failed to build query", unauthorizedQueryErr) {
+				return
+			}
+
+			// Redirect to unauthorized
+			c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, unauthorizedQuery.Encode()))
+		}
+
+		log.Debug().Msg("Email whitelisted")
+
+		// Create session cookie
+		api.Auth.CreateSessionCookie(c, &types.SessionCookie{
+			Username: email,
+			Provider: providerName.Provider,
+		})
+
+		// Get redirect URI
+		redirectURI, redirectURIErr := c.Cookie("tinyauth_redirect_uri")
+
+		// If it is empty it means that no redirect_uri was provided to the login screen so we just log in
+		if redirectURIErr != nil {
+			c.Redirect(http.StatusPermanentRedirect, api.Config.AppURL)
+		}
+
+		log.Debug().Str("redirectURI", redirectURI).Msg("Got redirect URI")
+
+		// Clean up redirect cookie since we already have the value
+		c.SetCookie("tinyauth_redirect_uri", "", -1, "/", api.Domain, api.Config.CookieSecure, true)
+
+		// Build query
+		redirectQuery, redirectQueryErr := query.Values(types.LoginQuery{
+			RedirectURI: redirectURI,
+		})
+
+		log.Debug().Msg("Got redirect query")
+
+		// Handle error
+		if api.handleError(c, "Failed to build query", redirectQueryErr) {
+			return
+		}
+
+		// Redirect to continue with the redirect URI
+		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/continue?%s", api.Config.AppURL, redirectQuery.Encode()))
+	})
 }
 
 func (api *API) Run() {
@@ -105,12 +536,23 @@ func (api *API) Run() {
 	// Run server
 	err := api.Router.Run(fmt.Sprintf("%s:%d", api.Config.Address, api.Config.Port))
 
-	// Check for errors
+	// Check error
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to start server")
 	}
 }
 
+// handleError logs the error and redirects to the error page (only meant for stuff the user may access does not apply for login paths)
+func (api *API) handleError(c *gin.Context, msg string, err error) bool {
+	// If error is not nil log it and redirect to error page also return true so we can stop further processing
+	if err != nil {
+		log.Error().Err(err).Msg(msg)
+		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", api.Config.AppURL))
+		return true
+	}
+	return false
+}
+
 // zerolog is a middleware for gin that logs requests using zerolog
 func zerolog() gin.HandlerFunc {
 	return func(c *gin.Context) {

internal/api/api_test.go

@@ -5,7 +5,6 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
-	"reflect"
 	"strings"
 	"testing"
 	"tinyauth/internal/api"
@@ -24,18 +23,10 @@ var apiConfig = types.APIConfig{
 	Port:            8080,
 	Address:         "0.0.0.0",
 	Secret:          "super-secret-api-thing-for-tests", // It is 32 chars long
+	AppURL:          "http://tinyauth.localhost",
 	CookieSecure:    false,
 	SessionExpiry:   3600,
-}
-
-// Simple handlers config for tests
-var handlersConfig = types.HandlersConfig{
-	AppURL:          "http://localhost:8080",
-	Domain:          ".localhost",
-	CookieSecure:    false,
 	DisableContinue: false,
-	Title:           "Tinyauth",
-	GenericName:     "Generic",
 }
 
 // Cookie
@@ -53,11 +44,11 @@ func getAPI(t *testing.T) *api.API {
 	docker := docker.NewDocker()
 
 	// Initialize docker
-	err := docker.Init()
+	dockerErr := docker.Init()
 
 	// Check if there was an error
-	if err != nil {
+	if dockerErr != nil {
-		t.Fatalf("Failed to initialize docker: %v", err)
+		t.Fatalf("Failed to initialize docker: %v", dockerErr)
 	}
 
 	// Create auth service
@@ -77,11 +68,11 @@ func getAPI(t *testing.T) *api.API {
 	// Create hooks service
 	hooks := hooks.NewHooks(auth, providers)
 
-	// Create handlers service
+	// Create handlers
-	handlers := handlers.NewHandlers(handlersConfig, auth, hooks, providers)
+	apiHandlers := handlers.NewHandlers(apiConfig)
 
 	// Create API
-	api := api.NewAPI(apiConfig, handlers)
+	api := api.NewAPI(apiConfig, hooks, auth, providers, apiHandlers)
 
 	// Setup routes
 	api.Init()
@@ -136,70 +127,6 @@ func TestLogin(t *testing.T) {
 	}
 }
 
-// Test app context
-func TestAppContext(t *testing.T) {
-	t.Log("Testing app context")
-
-	// Get API
-	api := getAPI(t)
-
-	// Create recorder
-	recorder := httptest.NewRecorder()
-
-	// Create request
-	req, err := http.NewRequest("GET", "/api/app", nil)
-
-	// Check if there was an error
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	// Set the cookie
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth",
-		Value: cookie,
-	})
-
-	// Serve the request
-	api.Router.ServeHTTP(recorder, req)
-
-	// Assert
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	// Read the body of the response
-	body, err := io.ReadAll(recorder.Body)
-
-	// Check if there was an error
-	if err != nil {
-		t.Fatalf("Error getting body: %v", err)
-	}
-
-	// Unmarshal the body into the user struct
-	var app types.AppContext
-
-	err = json.Unmarshal(body, &app)
-
-	// Check if there was an error
-	if err != nil {
-		t.Fatalf("Error unmarshalling body: %v", err)
-	}
-
-	// Create tests values
-	expected := types.AppContext{
-		Status:              200,
-		Message:             "OK",
-		ConfiguredProviders: []string{"username"},
-		DisableContinue:     false,
-		Title:               "Tinyauth",
-		GenericName:         "Generic",
-	}
-
-	// We should get the username back
-	if !reflect.DeepEqual(app, expected) {
-		t.Fatalf("Expected %v, got %v", expected, app)
-	}
-}
-
 // Test user context
 func TestUserContext(t *testing.T) {
 	t.Log("Testing user context")
@@ -231,11 +158,11 @@ func TestUserContext(t *testing.T) {
 	assert.Equal(t, recorder.Code, http.StatusOK)
 
 	// Read the body of the response
-	body, err := io.ReadAll(recorder.Body)
+	body, bodyErr := io.ReadAll(recorder.Body)
 
 	// Check if there was an error
-	if err != nil {
+	if bodyErr != nil {
-		t.Fatalf("Error getting body: %v", err)
+		t.Fatalf("Error getting body: %v", bodyErr)
 	}
 
 	// Unmarshal the body into the user struct
@@ -245,11 +172,11 @@ func TestUserContext(t *testing.T) {
 
 	var user User
 
-	err = json.Unmarshal(body, &user)
+	jsonErr := json.Unmarshal(body, &user)
 
 	// Check if there was an error
-	if err != nil {
+	if jsonErr != nil {
-		t.Fatalf("Error unmarshalling body: %v", err)
+		t.Fatalf("Error unmarshalling body: %v", jsonErr)
 	}
 
 	// We should get the username back

internal/auth/auth.go

@@ -160,7 +160,7 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext) (bo
 	appId := strings.Split(host, ".")[0]
 
 	// Check if resource is allowed
-	allowed, err := auth.Docker.ContainerAction(appId, func(labels types.TinyauthLabels) (bool, error) {
+	allowed, allowedErr := auth.Docker.ContainerAction(appId, func(labels types.TinyauthLabels) (bool, error) {
 		// If the container has an oauth whitelist, check if the user is in it
 		if context.OAuth {
 			if len(labels.OAuthWhitelist) == 0 {
@@ -187,9 +187,9 @@ func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext) (bo
 	})
 
 	// If there is an error, return false
-	if err != nil {
+	if allowedErr != nil {
-		log.Error().Err(err).Msg("Error checking if resource is allowed")
+		log.Error().Err(allowedErr).Msg("Error checking if resource is allowed")
-		return false, err
+		return false, allowedErr
 	}
 
 	// Return if the resource is allowed
@@ -205,7 +205,7 @@ func (auth *Auth) AuthEnabled(c *gin.Context) (bool, error) {
 	appId := strings.Split(host, ".")[0]
 
 	// Check if auth is enabled
-	enabled, err := auth.Docker.ContainerAction(appId, func(labels types.TinyauthLabels) (bool, error) {
+	enabled, enabledErr := auth.Docker.ContainerAction(appId, func(labels types.TinyauthLabels) (bool, error) {
 		// Check if the allowed label is empty
 		if labels.Allowed == "" {
 			// Auth enabled
@@ -213,12 +213,12 @@ func (auth *Auth) AuthEnabled(c *gin.Context) (bool, error) {
 		}
 
 		// Compile regex
-		regex, err := regexp.Compile(labels.Allowed)
+		regex, regexErr := regexp.Compile(labels.Allowed)
 
 		// If there is an error, invalid regex, auth enabled
-		if err != nil {
+		if regexErr != nil {
-			log.Warn().Err(err).Msg("Invalid regex")
+			log.Warn().Err(regexErr).Msg("Invalid regex")
-			return true, err
+			return true, regexErr
 		}
 
 		// Check if the uri matches the regex
@@ -232,9 +232,9 @@ func (auth *Auth) AuthEnabled(c *gin.Context) (bool, error) {
 	})
 
 	// If there is an error, auth enabled
-	if err != nil {
+	if enabledErr != nil {
-		log.Error().Err(err).Msg("Error checking if auth is enabled")
+		log.Error().Err(enabledErr).Msg("Error checking if auth is enabled")
-		return true, err
+		return true, enabledErr
 	}
 
 	return enabled, nil

internal/docker/docker.go

@@ -23,7 +23,7 @@ type Docker struct {
 
 func (docker *Docker) Init() error {
 	// Create a new docker client
-	client, err := client.NewClientWithOpts(client.FromEnv)
+	apiClient, err := client.NewClientWithOpts(client.FromEnv)
 
 	// Check if there was an error
 	if err != nil {
@@ -32,7 +32,7 @@ func (docker *Docker) Init() error {
 
 	// Set the context and api client
 	docker.Context = context.Background()
-	docker.Client = client
+	docker.Client = apiClient
 
 	// Done
 	return nil
@@ -81,11 +81,11 @@ func (docker *Docker) ContainerAction(appId string, runCheck func(labels appType
 	}
 
 	// Get the containers
-	containers, err := docker.GetContainers()
+	containers, containersErr := docker.GetContainers()
 
 	// If there is an error, return false
-	if err != nil {
+	if containersErr != nil {
-		return false, err
+		return false, containersErr
 	}
 
 	log.Debug().Msg("Got containers")
@@ -93,11 +93,11 @@ func (docker *Docker) ContainerAction(appId string, runCheck func(labels appType
 	// Loop through the containers
 	for _, container := range containers {
 		// Inspect the container
-		inspect, err := docker.InspectContainer(container.ID)
+		inspect, inspectErr := docker.InspectContainer(container.ID)
 
 		// If there is an error, return false
-		if err != nil {
+		if inspectErr != nil {
-			return false, err
+			return false, inspectErr
 		}
 
 		// Get the container name (for some reason it is /name)

internal/handlers/handlers.go

@@ -2,44 +2,76 @@ package handlers
 
 import (
 	"fmt"
-	"math/rand/v2"
 	"net/http"
 	"strings"
 	"tinyauth/internal/auth"
 	"tinyauth/internal/hooks"
-	"tinyauth/internal/providers"
 	"tinyauth/internal/types"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
-	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog/log"
 )
 
-func NewHandlers(config types.HandlersConfig, auth *auth.Auth, hooks *hooks.Hooks, providers *providers.Providers) *Handlers {
+func NewHandlers(config types.APIConfig, auth *auth.Auth, hooks *hooks.Hooks) *Handlers {
 	return &Handlers{
 		Config: config,
 		Auth:   auth,
 		Hooks:  hooks,
-		Providers: providers,
 	}
 }
 
 type Handlers struct {
-	Config    types.HandlersConfig
+	Config types.APIConfig
 	Auth   *auth.Auth
 	Hooks  *hooks.Hooks
-	Providers *providers.Providers
 }
 
-func (h *Handlers) AuthHandler(c *gin.Context) {
+// @Summary Health Check
-	// Create struct for proxy
+// @Description Simple health check
+// @Tags health
+// @Produce  json
+// @Success 200 {object} types.HealthCheckResponse
+// @Router /healthcheck [get]
+func (h *Handlers) HealthCheck(c *gin.Context) {
+	c.JSON(200, gin.H{
+		"status":  200,
+		"message": "OK",
+	})
+}
+
+// @Summary Logout
+// @Description Log the user out by invalidating the session cookie
+// @Tags auth
+// @Produce  json
+// @Success 200 {object} types.LogoutResponse
+// @Router /auth/logout [get]
+func (h *Handlers) Logout(c *gin.Context) {
+	log.Debug().Msg("Logging out")
+
+	h.Auth.DeleteSessionCookie(c)
+
+	log.Debug().Msg("Cleaning up redirect cookie")
+
+	c.SetCookie("tinyauth_redirect_uri", "", -1, "/", h.Config.Domain, h.Config.CookieSecure, true)
+
+	c.JSON(200, gin.H{
+		"status":  200,
+		"message": "Logged out",
+	})
+}
+
+// @Summary Auth Check (Traefik)
+// @Description Check the authentication status of the user and redirect to the login page if not authenticated
+// @Tags authn
+// @Produce  json
+// @Success 302
+// @Router /api/auth/traefik [get]
+func (h *Handlers) CheckAuth(c *gin.Context) {
 	var proxy types.Proxy
 
-	// Bind URI
 	err := c.BindUri(&proxy)
 
-	// Handle error
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to bind URI")
 		c.JSON(400, gin.H{
@@ -49,7 +81,6 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		return
 	}
 
-	// Check if the request is coming from a browser (tools like curl/bruno use */* and they don't include the text/html)
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
 
 	if isBrowser {
@@ -60,10 +91,8 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 
 	log.Debug().Interface("proxy", proxy.Proxy).Msg("Got proxy")
 
-	// Check if auth is enabled
 	authEnabled, err := h.Auth.AuthEnabled(c)
 
-	// Handle error
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled")
 
@@ -79,7 +108,6 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		return
 	}
 
-	// If auth is not enabled, return 200
 	if !authEnabled {
 		c.JSON(200, gin.H{
 			"status":  200,
@@ -88,22 +116,17 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		return
 	}
 
-	// Get user context
 	userContext := h.Hooks.UseUserContext(c)
 
-	// Get headers
 	uri := c.Request.Header.Get("X-Forwarded-Uri")
 	proto := c.Request.Header.Get("X-Forwarded-Proto")
 	host := c.Request.Header.Get("X-Forwarded-Host")
 
-	// Check if user is logged in
 	if userContext.IsLoggedIn {
 		log.Debug().Msg("Authenticated")
 
-		// Check if user is allowed to access subdomain, if request is nginx.example.com the subdomain (resource) is nginx
 		appAllowed, err := h.Auth.ResourceAllowed(c, userContext)
 
-		// Check if there was an error
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to check if app is allowed")
 
@@ -121,11 +144,9 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 
 		log.Debug().Bool("appAllowed", appAllowed).Msg("Checking if app is allowed")
 
-		// The user is not allowed to access the app
 		if !appAllowed {
 			log.Warn().Str("username", userContext.Username).Str("host", host).Msg("User not allowed")
 
-			// Set WWW-Authenticate header
 			c.Header("WWW-Authenticate", "Basic realm=\"tinyauth\"")
 
 			if proxy.Proxy == "nginx" || !isBrowser {
@@ -136,28 +157,23 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 				return
 			}
 
-			// Build query
 			queries, err := query.Values(types.UnauthorizedQuery{
 				Username: userContext.Username,
 				Resource: strings.Split(host, ".")[0],
 			})
 
-			// Handle error (no need to check for nginx/headers since we are sure we are using caddy/traefik)
 			if err != nil {
-				log.Error().Err(err).Msg("Failed to build queries")
+				log.Error().Err(err).Msg("Failed to build query")
 				c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
 				return
 			}
 
-			// We are using caddy/traefik so redirect
 			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
 			return
 		}
 
-		// Set the user header
 		c.Header("Remote-User", userContext.Username)
 
-		// The user is allowed to access the app
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
@@ -165,10 +181,8 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 		return
 	}
 
-	// The user is not logged in
 	log.Debug().Msg("Unauthorized")
 
-	// Set www-authenticate header
 	c.Header("WWW-Authenticate", "Basic realm=\"tinyauth\"")
 
 	if proxy.Proxy == "nginx" || !isBrowser {
@@ -184,451 +198,12 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 	})
 
 	if err != nil {
-		log.Error().Err(err).Msg("Failed to build queries")
+		log.Error().Err(err).Msg("Failed to build query")
 		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
 		return
 	}
 
 	log.Debug().Interface("redirect_uri", fmt.Sprintf("%s://%s%s", proto, host, uri)).Msg("Redirecting to login")
 
-	// Redirect to login
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/?%s", h.Config.AppURL, queries.Encode()))
 }
-
-func (h *Handlers) LoginHandler(c *gin.Context) {
-	// Create login struct
-	var login types.LoginRequest
-
-	// Bind JSON
-	err := c.BindJSON(&login)
-
-	// Handle error
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind JSON")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	log.Debug().Msg("Got login request")
-
-	// Get user based on username
-	user := h.Auth.GetUser(login.Username)
-
-	// User does not exist
-	if user == nil {
-		log.Debug().Str("username", login.Username).Msg("User not found")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	log.Debug().Msg("Got user")
-
-	// Check if password is correct
-	if !h.Auth.CheckPassword(*user, login.Password) {
-		log.Debug().Str("username", login.Username).Msg("Password incorrect")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	log.Debug().Msg("Password correct, checking totp")
-
-	// Check if user has totp enabled
-	if user.TotpSecret != "" {
-		log.Debug().Msg("Totp enabled")
-
-		// Set totp pending cookie
-		h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-			Username:    login.Username,
-			Provider:    "username",
-			TotpPending: true,
-		})
-
-		// Return totp required
-		c.JSON(200, gin.H{
-			"status":      200,
-			"message":     "Waiting for totp",
-			"totpPending": true,
-		})
-
-		// Stop further processing
-		return
-	}
-
-	// Create session cookie with username as provider
-	h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-		Username: login.Username,
-		Provider: "username",
-	})
-
-	// Return logged in
-	c.JSON(200, gin.H{
-		"status":      200,
-		"message":     "Logged in",
-		"totpPending": false,
-	})
-}
-
-func (h *Handlers) TotpHandler(c *gin.Context) {
-	// Create totp struct
-	var totpReq types.TotpRequest
-
-	// Bind JSON
-	err := c.BindJSON(&totpReq)
-
-	// Handle error
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind JSON")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	log.Debug().Msg("Checking totp")
-
-	// Get user context
-	userContext := h.Hooks.UseUserContext(c)
-
-	// Check if we have a user
-	if userContext.Username == "" {
-		log.Debug().Msg("No user context")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	// Get user
-	user := h.Auth.GetUser(userContext.Username)
-
-	// Check if user exists
-	if user == nil {
-		log.Debug().Msg("User not found")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	// Check if totp is correct
-	ok := totp.Validate(totpReq.Code, user.TotpSecret)
-
-	// TOTP is incorrect
-	if !ok {
-		log.Debug().Msg("Totp incorrect")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	log.Debug().Msg("Totp correct")
-
-	// Create session cookie with username as provider
-	h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-		Username: user.Username,
-		Provider: "username",
-	})
-
-	// Return logged in
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "Logged in",
-	})
-}
-
-func (h *Handlers) LogoutHandler(c *gin.Context) {
-	log.Debug().Msg("Logging out")
-
-	// Delete session cookie
-	h.Auth.DeleteSessionCookie(c)
-
-	log.Debug().Msg("Cleaning up redirect cookie")
-
-	// Clean up redirect cookie if it exists
-	c.SetCookie("tinyauth_redirect_uri", "", -1, "/", h.Config.Domain, h.Config.CookieSecure, true)
-
-	// Return logged out
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "Logged out",
-	})
-}
-
-func (h *Handlers) AppHandler(c *gin.Context) {
-	log.Debug().Msg("Getting app context")
-
-	// Get configured providers
-	configuredProviders := h.Providers.GetConfiguredProviders()
-
-	// We have username/password configured so add it to our providers
-	if h.Auth.UserAuthConfigured() {
-		configuredProviders = append(configuredProviders, "username")
-	}
-
-	// Create app context struct
-	appContext := types.AppContext{
-		Status:              200,
-		Message:             "OK",
-		ConfiguredProviders: configuredProviders,
-		DisableContinue:     h.Config.DisableContinue,
-		Title:               h.Config.Title,
-		GenericName:         h.Config.GenericName,
-	}
-
-	// Return app context
-	c.JSON(200, appContext)
-}
-
-func (h *Handlers) UserHandler(c *gin.Context) {
-	log.Debug().Msg("Getting user context")
-
-	// Get user context
-	userContext := h.Hooks.UseUserContext(c)
-
-	// Create user context response
-	userContextResponse := types.UserContextResponse{
-		Status:      200,
-		IsLoggedIn:  userContext.IsLoggedIn,
-		Username:    userContext.Username,
-		Provider:    userContext.Provider,
-		Oauth:       userContext.OAuth,
-		TotpPending: userContext.TotpPending,
-	}
-
-	// If we are not logged in we set the status to 401 and add the WWW-Authenticate header else we set it to 200
-	if !userContext.IsLoggedIn {
-		log.Debug().Msg("Unauthorized")
-		c.Header("WWW-Authenticate", "Basic realm=\"tinyauth\"")
-		userContextResponse.Message = "Unauthorized"
-	} else {
-		log.Debug().Interface("userContext", userContext).Msg("Authenticated")
-		userContextResponse.Message = "Authenticated"
-	}
-
-	// Return user context
-	c.JSON(200, userContextResponse)
-}
-
-func (h *Handlers) OauthUrlHandler(c *gin.Context) {
-	// Create struct for OAuth request
-	var request types.OAuthRequest
-
-	// Bind URI
-	err := c.BindUri(&request)
-
-	// Handle error
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind URI")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	log.Debug().Msg("Got OAuth request")
-
-	// Check if provider exists
-	provider := h.Providers.GetProvider(request.Provider)
-
-	// Provider does not exist
-	if provider == nil {
-		c.JSON(404, gin.H{
-			"status":  404,
-			"message": "Not Found",
-		})
-		return
-	}
-
-	log.Debug().Str("provider", request.Provider).Msg("Got provider")
-
-	// Get auth URL
-	authURL := provider.GetAuthURL()
-
-	log.Debug().Msg("Got auth URL")
-
-	// Get redirect URI
-	redirectURI := c.Query("redirect_uri")
-
-	// Set redirect cookie if redirect URI is provided
-	if redirectURI != "" {
-		log.Debug().Str("redirectURI", redirectURI).Msg("Setting redirect cookie")
-		c.SetCookie("tinyauth_redirect_uri", redirectURI, 3600, "/", h.Config.Domain, h.Config.CookieSecure, true)
-	}
-
-	// Tailscale does not have an auth url so we create a random code (does not need to be secure) to avoid caching and send it
-	if request.Provider == "tailscale" {
-		// Build tailscale query
-		queries, err := query.Values(types.TailscaleQuery{
-			Code: (1000 + rand.IntN(9000)),
-		})
-
-		// Handle error
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to build queries")
-			c.JSON(500, gin.H{
-				"status":  500,
-				"message": "Internal Server Error",
-			})
-			return
-		}
-
-		// Return tailscale URL (immidiately redirects to the callback)
-		c.JSON(200, gin.H{
-			"status":  200,
-			"message": "OK",
-			"url":     fmt.Sprintf("%s/api/oauth/callback/tailscale?%s", h.Config.AppURL, queries.Encode()),
-		})
-		return
-	}
-
-	// Return auth URL
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "OK",
-		"url":     authURL,
-	})
-}
-
-func (h *Handlers) OauthCallbackHandler(c *gin.Context) {
-	// Create struct for OAuth request
-	var providerName types.OAuthRequest
-
-	// Bind URI
-	err := c.BindUri(&providerName)
-
-	// Handle error
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind URI")
-		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Interface("provider", providerName.Provider).Msg("Got provider name")
-
-	// Get code
-	code := c.Query("code")
-
-	// Code empty so redirect to error
-	if code == "" {
-		log.Error().Msg("No code provided")
-		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Msg("Got code")
-
-	// Get provider
-	provider := h.Providers.GetProvider(providerName.Provider)
-
-	log.Debug().Str("provider", providerName.Provider).Msg("Got provider")
-
-	// Provider does not exist
-	if provider == nil {
-		c.Redirect(http.StatusPermanentRedirect, "/not-found")
-		return
-	}
-
-	// Exchange token (authenticates user)
-	_, err = provider.ExchangeToken(code)
-
-	log.Debug().Msg("Got token")
-
-	// Handle error
-	if err != nil {
-		log.Error().Msg("Failed to exchange token")
-		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	// Get email
-	email, err := h.Providers.GetUser(providerName.Provider)
-
-	log.Debug().Str("email", email).Msg("Got email")
-
-	// Handle error
-	if err != nil {
-		log.Error().Msg("Failed to get email")
-		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	// Email is not whitelisted
-	if !h.Auth.EmailWhitelisted(email) {
-		log.Warn().Str("email", email).Msg("Email not whitelisted")
-
-		// Build query
-		queries, err := query.Values(types.UnauthorizedQuery{
-			Username: email,
-		})
-
-		// Handle error
-		if err != nil {
-			log.Error().Msg("Failed to build queries")
-			c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-			return
-		}
-
-		// Redirect to unauthorized
-		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
-	}
-
-	log.Debug().Msg("Email whitelisted")
-
-	// Create session cookie
-	h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-		Username: email,
-		Provider: providerName.Provider,
-	})
-
-	// Get redirect URI
-	redirectURI, err := c.Cookie("tinyauth_redirect_uri")
-
-	// If it is empty it means that no redirect_uri was provided to the login screen so we just log in
-	if err != nil {
-		c.Redirect(http.StatusPermanentRedirect, h.Config.AppURL)
-	}
-
-	log.Debug().Str("redirectURI", redirectURI).Msg("Got redirect URI")
-
-	// Clean up redirect cookie since we already have the value
-	c.SetCookie("tinyauth_redirect_uri", "", -1, "/", h.Config.Domain, h.Config.CookieSecure, true)
-
-	// Build query
-	queries, err := query.Values(types.LoginQuery{
-		RedirectURI: redirectURI,
-	})
-
-	log.Debug().Msg("Got redirect query")
-
-	// Handle error
-	if err != nil {
-		log.Error().Msg("Failed to build queries")
-		c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	// Redirect to continue with the redirect URI
-	c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/continue?%s", h.Config.AppURL, queries.Encode()))
-}
-
-func (h *Handlers) HealthcheckHandler(c *gin.Context) {
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "OK",
-	})
-}

internal/providers/generic.go

@@ -15,21 +15,21 @@ type GenericUserInfoResponse struct {
 
 func GetGenericEmail(client *http.Client, url string) (string, error) {
 	// Using the oauth client get the user info url
-	res, err := client.Get(url)
+	res, resErr := client.Get(url)
 
 	// Check if there was an error
-	if err != nil {
+	if resErr != nil {
-		return "", err
+		return "", resErr
 	}
 
 	log.Debug().Msg("Got response from generic provider")
 
 	// Read the body of the response
-	body, err := io.ReadAll(res.Body)
+	body, bodyErr := io.ReadAll(res.Body)
 
 	// Check if there was an error
-	if err != nil {
+	if bodyErr != nil {
-		return "", err
+		return "", bodyErr
 	}
 
 	log.Debug().Msg("Read body from generic provider")
@@ -38,11 +38,11 @@ func GetGenericEmail(client *http.Client, url string) (string, error) {
 	var user GenericUserInfoResponse
 
 	// Unmarshal the body into the user struct
-	err = json.Unmarshal(body, &user)
+	jsonErr := json.Unmarshal(body, &user)
 
 	// Check if there was an error
-	if err != nil {
+	if jsonErr != nil {
-		return "", err
+		return "", jsonErr
 	}
 
 	log.Debug().Msg("Parsed user from generic provider")

internal/providers/github.go

@@ -22,21 +22,21 @@ func GithubScopes() []string {
 
 func GetGithubEmail(client *http.Client) (string, error) {
 	// Get the user emails from github using the oauth http client
-	res, err := client.Get("https://api.github.com/user/emails")
+	res, resErr := client.Get("https://api.github.com/user/emails")
 
 	// Check if there was an error
-	if err != nil {
+	if resErr != nil {
-		return "", err
+		return "", resErr
 	}
 
 	log.Debug().Msg("Got response from github")
 
 	// Read the body of the response
-	body, err := io.ReadAll(res.Body)
+	body, bodyErr := io.ReadAll(res.Body)
 
 	// Check if there was an error
-	if err != nil {
+	if bodyErr != nil {
-		return "", err
+		return "", bodyErr
 	}
 
 	log.Debug().Msg("Read body from github")
@@ -45,11 +45,11 @@ func GetGithubEmail(client *http.Client) (string, error) {
 	var emails GithubUserInfoResponse
 
 	// Unmarshal the body into the user struct
-	err = json.Unmarshal(body, &emails)
+	jsonErr := json.Unmarshal(body, &emails)
 
 	// Check if there was an error
-	if err != nil {
+	if jsonErr != nil {
-		return "", err
+		return "", jsonErr
 	}
 
 	log.Debug().Msg("Parsed emails from github")

internal/providers/google.go

@@ -20,21 +20,21 @@ func GoogleScopes() []string {
 
 func GetGoogleEmail(client *http.Client) (string, error) {
 	// Get the user info from google using the oauth http client
-	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
+	res, resErr := client.Get("https://www.googleapis.com/userinfo/v2/me")
 
 	// Check if there was an error
-	if err != nil {
+	if resErr != nil {
-		return "", err
+		return "", resErr
 	}
 
 	log.Debug().Msg("Got response from google")
 
 	// Read the body of the response
-	body, err := io.ReadAll(res.Body)
+	body, bodyErr := io.ReadAll(res.Body)
 
 	// Check if there was an error
-	if err != nil {
+	if bodyErr != nil {
-		return "", err
+		return "", bodyErr
 	}
 
 	log.Debug().Msg("Read body from google")
@@ -43,11 +43,11 @@ func GetGoogleEmail(client *http.Client) (string, error) {
 	var user GoogleUserInfoResponse
 
 	// Unmarshal the body into the user struct
-	err = json.Unmarshal(body, &user)
+	jsonErr := json.Unmarshal(body, &user)
 
 	// Check if there was an error
-	if err != nil {
+	if jsonErr != nil {
-		return "", err
+		return "", jsonErr
 	}
 
 	log.Debug().Msg("Parsed user from google")

internal/providers/providers.go

@@ -128,11 +128,11 @@ func (providers *Providers) GetUser(provider string) (string, error) {
 		log.Debug().Msg("Got client from github")
 
 		// Get the email from the github provider
-		email, err := GetGithubEmail(client)
+		email, emailErr := GetGithubEmail(client)
 
 		// Check if there was an error
-		if err != nil {
+		if emailErr != nil {
-			return "", err
+			return "", emailErr
 		}
 
 		log.Debug().Msg("Got email from github")
@@ -152,11 +152,11 @@ func (providers *Providers) GetUser(provider string) (string, error) {
 		log.Debug().Msg("Got client from google")
 
 		// Get the email from the google provider
-		email, err := GetGoogleEmail(client)
+		email, emailErr := GetGoogleEmail(client)
 
 		// Check if there was an error
-		if err != nil {
+		if emailErr != nil {
-			return "", err
+			return "", emailErr
 		}
 
 		log.Debug().Msg("Got email from google")
@@ -176,11 +176,11 @@ func (providers *Providers) GetUser(provider string) (string, error) {
 		log.Debug().Msg("Got client from tailscale")
 
 		// Get the email from the tailscale provider
-		email, err := GetTailscaleEmail(client)
+		email, emailErr := GetTailscaleEmail(client)
 
 		// Check if there was an error
-		if err != nil {
+		if emailErr != nil {
-			return "", err
+			return "", emailErr
 		}
 
 		log.Debug().Msg("Got email from tailscale")
@@ -200,11 +200,11 @@ func (providers *Providers) GetUser(provider string) (string, error) {
 		log.Debug().Msg("Got client from generic")
 
 		// Get the email from the generic provider
-		email, err := GetGenericEmail(client, providers.Config.GenericUserURL)
+		email, emailErr := GetGenericEmail(client, providers.Config.GenericUserURL)
 
 		// Check if there was an error
-		if err != nil {
+		if emailErr != nil {
-			return "", err
+			return "", emailErr
 		}
 
 		log.Debug().Msg("Got email from generic")

internal/providers/tailscale.go

@@ -31,21 +31,21 @@ var TailscaleEndpoint = oauth2.Endpoint{
 
 func GetTailscaleEmail(client *http.Client) (string, error) {
 	// Get the user info from tailscale using the oauth http client
-	res, err := client.Get("https://api.tailscale.com/api/v2/tailnet/-/users")
+	res, resErr := client.Get("https://api.tailscale.com/api/v2/tailnet/-/users")
 
 	// Check if there was an error
-	if err != nil {
+	if resErr != nil {
-		return "", err
+		return "", resErr
 	}
 
 	log.Debug().Msg("Got response from tailscale")
 
 	// Read the body of the response
-	body, err := io.ReadAll(res.Body)
+	body, bodyErr := io.ReadAll(res.Body)
 
 	// Check if there was an error
-	if err != nil {
+	if bodyErr != nil {
-		return "", err
+		return "", bodyErr
 	}
 
 	log.Debug().Msg("Read body from tailscale")
@@ -54,11 +54,11 @@ func GetTailscaleEmail(client *http.Client) (string, error) {
 	var users TailscaleUserInfoResponse
 
 	// Unmarshal the body into the user struct
-	err = json.Unmarshal(body, &users)
+	jsonErr := json.Unmarshal(body, &users)
 
 	// Check if there was an error
-	if err != nil {
+	if jsonErr != nil {
-		return "", err
+		return "", jsonErr
 	}
 
 	log.Debug().Msg("Parsed users from tailscale")

internal/types/config.go

@@ -0,0 +1,15 @@
+package types
+
+// API config is the configuration for the API
+type APIConfig struct {
+	Port            int
+	Address         string
+	Secret          string
+	AppURL          string
+	CookieSecure    bool
+	SessionExpiry   int
+	DisableContinue bool
+	GenericName     string
+	Title           string
+	Domain          string
+}

internal/types/handlers.go

@@ -0,0 +1,13 @@
+package types
+
+// HealthCheckResponse is the response for the health check endpoint
+type HealthCheckResponse struct {
+	Status  int    `json:"status" example:"200"`
+	Message string `json:"message" example:"Ok"`
+}
+
+// LogoutResponse is the response for the health check endpoint
+type LogoutResponse struct {
+	Status  int    `json:"status" example:"200"`
+	Message string `json:"message" example:"Logged out"`
+}

internal/types/types.go

@@ -67,16 +67,6 @@ type UserContext struct {
 	TotpPending bool
 }
 
-// APIConfig is the configuration for the API
-type APIConfig struct {
-	Port          int
-	Address       string
-	Secret        string
-	CookieSecure  bool
-	SessionExpiry int
-	Domain        string
-}
-
 // OAuthConfig is the configuration for the providers
 type OAuthConfig struct {
 	GithubClientId        string
@@ -161,13 +151,3 @@ type AppContext struct {
 type TotpRequest struct {
 	Code string `json:"code"`
 }
-
-// Server configuration
-type HandlersConfig struct {
-	AppURL          string
-	Domain          string
-	CookieSecure    bool
-	DisableContinue bool
-	GenericName     string
-	Title           string
-}

internal/utils/utils.go

@@ -29,11 +29,11 @@ func ParseUsers(users string) (types.Users, error) {
 
 	// Loop through the users and split them by colon
 	for _, user := range userList {
-		parsed, err := ParseUser(user)
+		parsed, parseErr := ParseUser(user)
 
 		// Check if there was an error
-		if err != nil {
+		if parseErr != nil {
-			return types.Users{}, err
+			return types.Users{}, parseErr
 		}
 
 		// Append the user to the users struct
@@ -46,14 +46,14 @@ func ParseUsers(users string) (types.Users, error) {
 	return usersParsed, nil
 }
 
-// Get upper domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
+// Root url parses parses a hostname and returns the root domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
-func GetUpperDomain(urlSrc string) (string, error) {
+func GetRootURL(urlSrc string) (string, error) {
 	// Make sure the url is valid
-	urlParsed, err := url.Parse(urlSrc)
+	urlParsed, parseErr := url.Parse(urlSrc)
 
 	// Check if there was an error
-	if err != nil {
+	if parseErr != nil {
-		return "", err
+		return "", parseErr
 	}
 
 	// Split the hostname by period
@@ -69,19 +69,19 @@ func GetUpperDomain(urlSrc string) (string, error) {
 // Reads a file and returns the contents
 func ReadFile(file string) (string, error) {
 	// Check if the file exists
-	_, err := os.Stat(file)
+	_, statErr := os.Stat(file)
 
 	// Check if there was an error
-	if err != nil {
+	if statErr != nil {
-		return "", err
+		return "", statErr
 	}
 
 	// Read the file
-	data, err := os.ReadFile(file)
+	data, readErr := os.ReadFile(file)
 
 	// Check if there was an error
-	if err != nil {
+	if readErr != nil {
-		return "", err
+		return "", readErr
 	}
 
 	// Return the file contents
@@ -152,10 +152,10 @@ func GetUsers(conf string, file string) (types.Users, error) {
 	// If the file is set, read the file and append the users to the users string
 	if file != "" {
 		// Read the file
-		contents, err := ReadFile(file)
+		fileContents, fileErr := ReadFile(file)
 
 		// If there isn't an error we can append the users to the users string
-		if err == nil {
+		if fileErr == nil {
 			log.Debug().Msg("Using users from file")
 
 			// Append the users to the users string
@@ -164,7 +164,7 @@ func GetUsers(conf string, file string) (types.Users, error) {
 			}
 
 			// Parse the file contents into a comma separated list of users
-			users += ParseFileToLine(contents)
+			users += ParseFileToLine(fileContents)
 		}
 	}
 

internal/utils/utils_test.go

@@ -38,15 +38,15 @@ func TestParseUsers(t *testing.T) {
 	}
 }
 
-// Test the get upper domain function
+// Test the get root url function
-func TestGetUpperDomain(t *testing.T) {
+func TestGetRootURL(t *testing.T) {
-	t.Log("Testing get upper domain with a valid url")
+	t.Log("Testing get root url with a valid url")
 
-	// Test the get upper domain function with a valid url
+	// Test the get root url function with a valid url
 	url := "https://sub1.sub2.domain.com:8080"
 	expected := "sub2.domain.com"
 
-	result, err := utils.GetUpperDomain(url)
+	result, err := utils.GetRootURL(url)
 
 	// Check if there was an error
 	if err != nil {
@@ -102,7 +102,7 @@ func TestParseFileToLine(t *testing.T) {
 	t.Log("Testing parse file to line with a valid string")
 
 	// Test the parse file to line function with a valid string
-	content := "\nuser1:pass1\nuser2:pass2\n"
+	content := "user1:pass1\nuser2:pass2"
 	expected := "user1:pass1,user2:pass2"
 
 	result := utils.ParseFileToLine(content)