refactor: switch to min-h-dvh in layout

* refactor: move to traefik paerser for label parsing

* fix: sanitize headers before adding to map

* refactor: use splitn in header parser

* refactor: ignore containers that failed to get inspected in docker

SECURITY.md

@@ -2,8 +2,8 @@
 
 ## Supported Versions
 
-Please always use the latest available Tinyauth version which can be found [here](https://github.com/steveiliop56/tinyauth/releases/latest). Older versions (especially major) may contain security issues which I cannot go back and fix.
+It is recommended to use the [latest](https://github.com/steveiliop56/tinyauth/releases/latest) available version of tinyauth. This is because it includes security fixes, new features and dependency updates. Older versions, especially major ones, are not supported and won't receive security or patch updates.
 
 ## Reporting a Vulnerability
 
-Due to the nature of this app, it needs to be secure. If you find any security issues in the OAuth or login flow of the app please contact me at <steve@doesmycode.work> and include a concise description of the issue. Please do not use the issues section for reporting major security issues.
+Due to the nature of this app, it needs to be secure. If you discover any security issues or vulnerabilities in the app please contact me as soon as possible at <steve@doesmycode.work>. Please do not use the issues section to report security issues as I won't be able to patch them in time and they may get exploited by malicious actors.

frontend/src/components/layout/layout.tsx

@@ -7,7 +7,7 @@ export const Layout = () => {
 
   return (
     <div
-      className="relative flex flex-col justify-center items-center min-h-svh"
+      className="relative flex flex-col justify-center items-center min-h-dvh"
       style={{
         backgroundImage: `url(${backgroundImage})`,
         backgroundSize: "cover",

internal/docker/docker.go

@@ -74,7 +74,7 @@ func (docker *Docker) DockerConnected() bool {
 	return err == nil
 }
 
-func (docker *Docker) GetLabels(appId string) (types.Labels, error) {
+func (docker *Docker) GetLabels(id string, domain string) (types.Labels, error) {
 	// Check if we have access to the Docker API
 	isConnected := docker.DockerConnected()
 
@@ -85,15 +85,16 @@ func (docker *Docker) GetLabels(appId string) (types.Labels, error) {
 	}
 
 	// Get the containers
+	log.Debug().Msg("Getting containers")
+
 	containers, err := docker.GetContainers()
 
 	// If there is an error, return false
 	if err != nil {
+		log.Error().Err(err).Msg("Error getting containers")
 		return types.Labels{}, err
 	}
 
-	log.Debug().Msg("Got containers")
-
 	// Loop through the containers
 	for _, container := range containers {
 		// Inspect the container
@@ -105,28 +106,22 @@ func (docker *Docker) GetLabels(appId string) (types.Labels, error) {
 			continue
 		}
 
-		// Get the container name (for some reason it is /name)
-		containerName := strings.TrimPrefix(inspect.Name, "/")
+		// Get the labels
+		log.Debug().Str("id", inspect.ID).Msg("Getting labels for container")
 
-		// There is a container with the same name as the app ID
-		if containerName == appId {
-			log.Debug().Str("container", containerName).Msg("Found container")
+		labels, err := utils.GetLabels(inspect.Config.Labels)
 
-			// Get only the tinyauth labels in a struct
-			labels, err := utils.GetLabels(inspect.Config.Labels)
-
-			// Check if there was an error
-			if err != nil {
-				log.Error().Err(err).Msg("Error parsing labels")
-				return types.Labels{}, err
-			}
-
-			log.Debug().Msg("Got labels")
-
-			// Return labels
-			return labels, nil
+		// Check if there was an error
+		if err != nil {
+			log.Warn().Str("id", container.ID).Err(err).Msg("Error getting container labels, skipping")
+			continue
 		}
 
+		// Check if the labels match the id or the domain
+		if strings.TrimPrefix(inspect.Name, "/") == id || labels.Domain == domain {
+			log.Debug().Str("id", inspect.ID).Msg("Found matching container")
+			return labels, nil
+		}
 	}
 
 	log.Debug().Msg("No matching container found, returning empty labels")

internal/handlers/handlers.go

@@ -69,11 +69,14 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 	proto := c.Request.Header.Get("X-Forwarded-Proto")
 	host := c.Request.Header.Get("X-Forwarded-Host")
 
-	// Get the app id
-	appId := strings.Split(host, ".")[0]
+	// Remove the port from the host if it exists
+	hostPortless := strings.Split(host, ":")[0] // *lol*
+
+	// Get the id
+	id := strings.Split(hostPortless, ".")[0]
 
 	// Get the container labels
-	labels, err := h.Docker.GetLabels(appId)
+	labels, err := h.Docker.GetLabels(id, hostPortless)
 
 	log.Debug().Interface("labels", labels).Msg("Got labels")
 

internal/types/config.go

@@ -104,5 +104,6 @@ type Labels struct {
 	Users   string
 	Allowed string
 	Headers []string
+	Domain  string
 	OAuth   OAuthLabels
 }

internal/utils/utils.go

@@ -201,7 +201,7 @@ func GetLabels(labels map[string]string) (types.Labels, error) {
 	var labelsParsed types.Labels
 
 	// Decode the labels into the labels struct
-	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.oauth")
+	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.domain", "tinyauth.oauth")
 
 	// Check if there was an error
 	if err != nil {