fix: disable search engine indexing

feat: autofocus totp form
chore(deps): bump oven/bun from 1.2.22-alpine to 1.2.23-alpine (#373 )
2025-11-03 23:55:44 +00:00 · 2025-10-05 16:41:15 +03:00 · 2025-10-03 16:36:10 +03:00 · 2025-10-03 16:32:17 +03:00 · 2025-09-25 22:35:44 +03:00 · 2025-09-22 19:56:59 +03:00
14 changed files with 63 additions and 46 deletions
--- a/.env.example
+++ b/.env.example
@@ -4,20 +4,6 @@ APP_URL=http://localhost:3000
 USERS=your_user_password_hash
 USERS_FILE=users_file
 SECURE_COOKIE=false
-GITHUB_CLIENT_ID=github_client_id
-GITHUB_CLIENT_SECRET=github_client_secret
-GITHUB_CLIENT_SECRET_FILE=github_client_secret_file
-GOOGLE_CLIENT_ID=google_client_id
-GOOGLE_CLIENT_SECRET=google_client_secret
-GOOGLE_CLIENT_SECRET_FILE=google_client_secret_file
-GENERIC_CLIENT_ID=generic_client_id
-GENERIC_CLIENT_SECRET=generic_client_secret
-GENERIC_CLIENT_SECRET_FILE=generic_client_secret_file
-GENERIC_SCOPES=generic_scopes
-GENERIC_AUTH_URL=generic_auth_url
-GENERIC_TOKEN_URL=generic_token_url
-GENERIC_USER_URL=generic_user_url
-DISABLE_CONTINUE=false
 OAUTH_WHITELIST=
 GENERIC_NAME=My OAuth
 SESSION_EXPIRY=7200
@@ -31,3 +17,6 @@ BACKGROUND_IMAGE=some_image_url
 GENERIC_SKIP_SSL=false
 RESOURCES_DIR=/data/resources
 DATABASE_PATH=/data/tinyauth.db
+DISABLE_ANALYTICS=false
+DISABLE_RESOURCES=false
+TRUSTED_PROXIES=
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.2.22-alpine AS frontend-builder
+FROM oven/bun:1.2.23-alpine AS frontend-builder

 WORKDIR /frontend

--- a/cmd/root.go
+++ b/cmd/root.go
@@ -95,6 +95,7 @@ func init() {
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
 		{"trusted-proxies", "", "Comma separated list of trusted proxies (IP addresses or CIDRs) for correct client IP detection."},
 		{"disable-analytics", false, "Disable anonymous version collection."},
+		{"disable-resources", false, "Disable the resources server."},
 	}

 	for _, opt := range configOptions {
--- a/cmd/user/verify/verify.go
+++ b/cmd/user/verify/verify.go
@@ -70,7 +70,7 @@ var VerifyCmd = &cobra.Command{

 		err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
 		if err != nil {
-			log.Fatal().Msg("Ppassword is incorrect")
+			log.Fatal().Msg("Password is incorrect")
 		}

 		if user.TotpSecret == "" {
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -8,6 +8,7 @@
    <link rel="shortcut icon" href="/favicon.ico" />
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
    <meta name="apple-mobile-web-app-title" content="Tinyauth" />
+    <meta name="robots" content="noindex" />
    <link rel="manifest" href="/site.webmanifest" />
    <title>Tinyauth</title>
  </head>
--- a/frontend/src/components/auth/totp-form.tsx
+++ b/frontend/src/components/auth/totp-form.tsx
@@ -44,6 +44,7 @@ export const TotpForm = (props: Props) => {
                  disabled={loading}
                  {...field}
                  autoComplete="one-time-code"
+                  autoFocus
                >
                  <InputOTPGroup>
                    <InputOTPSlot index={0} />
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -147,10 +147,6 @@ func (app *BootstrapApp) Setup() error {
 	}

 	// Configured providers
-	babysit := map[string]string{
-		"google": "Google",
-		"github": "GitHub",
-	}
 	configuredProviders := make([]controller.Provider, 0)

 	for id, provider := range oauthProviders {
@@ -159,7 +155,7 @@ func (app *BootstrapApp) Setup() error {
 		}

 		if provider.Name == "" {
-			if name, ok := babysit[id]; ok {
+			if name, ok := config.OverrideProviders[id]; ok {
 				provider.Name = name
 			} else {
 				provider.Name = utils.Capitalize(id)
@@ -188,6 +184,10 @@ func (app *BootstrapApp) Setup() error {
 	}

 	// Create engine
+	if config.Version != "development" {
+		gin.SetMode(gin.ReleaseMode)
+	}
+
 	engine := gin.New()

 	if len(app.config.TrustedProxies) > 0 {
@@ -198,10 +198,6 @@ func (app *BootstrapApp) Setup() error {
 		}
 	}

-	if config.Version != "development" {
-		gin.SetMode(gin.ReleaseMode)
-	}
-
 	// Create middlewares
 	var middlewares []Middleware

@@ -255,7 +251,8 @@ func (app *BootstrapApp) Setup() error {
 	}, apiRouter, authService)

 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
-		ResourcesDir: app.config.ResourcesDir,
+		ResourcesDir:      app.config.ResourcesDir,
+		ResourcesDisabled: app.config.DisableResources,
 	}, mainRouter)

 	healthController := controller.NewHealthController(apiRouter)
@@ -337,8 +334,8 @@ func (app *BootstrapApp) heartbeat() {

 		res.Body.Close()

-		if res.StatusCode != 200 {
-			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200 status")
+		if res.StatusCode != 200 && res.StatusCode != 201 {
+			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200/201 status")
 		}
 	}
 }
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -40,6 +40,7 @@ type Config struct {
 	DatabasePath          string `mapstructure:"database-path" validate:"required"`
 	TrustedProxies        string `mapstructure:"trusted-proxies"`
 	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
+	DisableResources      bool   `mapstructure:"disable-resources"`
 }

 // OAuth/OIDC config
@@ -64,6 +65,11 @@ type OAuthServiceConfig struct {
 	Name               string   `key:"name"`
 }

+var OverrideProviders = map[string]string{
+	"google": "Google",
+	"github": "GitHub",
+}
+
 // User/session related stuff

 type User struct {
--- a/internal/controller/resources_controller.go
+++ b/internal/controller/resources_controller.go
@@ -7,7 +7,8 @@ import (
 )

 type ResourcesControllerConfig struct {
-	ResourcesDir string
+	ResourcesDir      string
+	ResourcesDisabled bool
 }

 type ResourcesController struct {
@@ -38,5 +39,12 @@ func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
 		})
 		return
 	}
+	if controller.config.ResourcesDisabled {
+		c.JSON(403, gin.H{
+			"status":  403,
+			"message": "Resources are disabled",
+		})
+		return
+	}
 	controller.fileServer.ServeHTTP(c.Writer, c.Request)
 }
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -309,12 +309,14 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 		return true
 	}

-	if context.Provider != "generic" {
-		log.Debug().Msg("Not using generic provider, skipping group check")
-		return true
+	for id := range config.OverrideProviders {
+		if context.Provider == id {
+			log.Info().Str("provider", id).Msg("OAuth groups not supported for this provider")
+			return true
+		}
 	}

-	for _, userGroup := range strings.Split(context.OAuthGroups, ",") {
+	for userGroup := range strings.SplitSeq(context.OAuthGroups, ",") {
 		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
 			return true
 		}
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -50,7 +50,7 @@ func (broker *OAuthBrokerService) Init() error {
 			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
 			return err
 		}
-		log.Info().Msgf("Initialized OAuth service: %T", name)
+		log.Info().Str("service", service.GetName()).Msg("Initialized OAuth service")
 	}

 	return nil
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -183,14 +183,13 @@ func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[st
 		providers[name] = provider
 	}

-	// If we have google/github providers and no redirect URL babysit them
-	babysitProviders := []string{"google", "github"}
+	// If we have google/github providers and no redirect URL then set a default

-	for _, name := range babysitProviders {
-		if provider, exists := providers[name]; exists {
+	for id := range config.OverrideProviders {
+		if provider, exists := providers[id]; exists {
 			if provider.RedirectURL == "" {
-				provider.RedirectURL = appUrl + "/api/oauth/callback/" + name
-				providers[name] = provider
+				provider.RedirectURL = appUrl + "/api/oauth/callback/" + id
+				providers[id] = provider
 			}
 		}
 	}
--- a/internal/utils/decoders/decoders.go
+++ b/internal/utils/decoders/decoders.go
@@ -18,10 +18,14 @@ func NormalizeKeys(keys map[string]string, rootName string, sep string) map[stri

 		finalKey = append(finalKey, rootName)
 		finalKey = append(finalKey, "providers")
-		cebabKey := strings.ToLower(k)
+		lowerKey := strings.ToLower(k)
+
+		if !strings.HasPrefix(lowerKey, "providers"+sep) {
+			continue
+		}

 		for _, known := range knownKeys {
-			if strings.HasSuffix(cebabKey, strings.ReplaceAll(known, "-", sep)) {
+			if strings.HasSuffix(lowerKey, strings.ReplaceAll(known, "-", sep)) {
 				suffix = known
 				break
 			}
@@ -31,7 +35,11 @@ func NormalizeKeys(keys map[string]string, rootName string, sep string) map[stri
 			continue
 		}

-		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(cebabKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)
+		if strings.TrimSpace(strings.TrimSuffix(strings.TrimPrefix(lowerKey, "providers"+sep), strings.ReplaceAll(suffix, "-", sep))) == "" {
+			continue
+		}
+
+		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(lowerKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)

 		for i, p := range clientNameParts {
 			if i == 0 {
@@ -46,9 +54,9 @@ func NormalizeKeys(keys map[string]string, rootName string, sep string) map[stri

 		finalKey = append(finalKey, camelClientName)

-		filedParts := strings.Split(suffix, "-")
+		fieldParts := strings.Split(suffix, "-")

-		for i, p := range filedParts {
+		for i, p := range fieldParts {
 			if i == 0 {
 				camelField += p
 				continue
--- a/internal/utils/decoders/decoders_test.go
+++ b/internal/utils/decoders/decoders_test.go
@@ -14,6 +14,8 @@ func TestNormalizeKeys(t *testing.T) {
 		"PROVIDERS_CLIENT1_CLIENT_SECRET":                "my-client-secret",
 		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_ID":          "my-awesome-client-id",
 		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_SECRET_FILE": "/path/to/secret",
+		"I_LOOK_LIKE_A_KEY_CLIENT_ID":                    "should-not-appear",
+		"PROVIDERS_CLIENT_ID":                            "should-not-appear",
 	}
 	expected := map[string]string{
 		"tinyauth.providers.client1.clientId":                 "my-client-id",
@@ -31,6 +33,9 @@ func TestNormalizeKeys(t *testing.T) {
 		"providers-client1-client-secret":                "my-client-secret",
 		"providers-my-awesome-client-client-id":          "my-awesome-client-id",
 		"providers-my-awesome-client-client-secret-file": "/path/to/secret",
+		"providers-should-not-appear-client":             "should-not-appear",
+		"i-look-like-a-key-client-id":                    "should-not-appear",
+		"providers-client-id":                            "should-not-appear",
 	}
 	expected = map[string]string{
 		"tinyauth.providers.client1.clientId":                 "my-client-id",
Author	SHA1	Message	Date
Stavros	dad0718091	fix: disable search engine indexing	2025-10-05 16:41:15 +03:00
Stavros	d4069900bc	feat: autofocus totp form	2025-10-03 16:36:10 +03:00
dependabot[bot]	a54996d72d	chore(deps): bump oven/bun from 1.2.22-alpine to 1.2.23-alpine (#373 ) Bumps oven/bun from 1.2.22-alpine to 1.2.23-alpine. --- updated-dependencies: - dependency-name: oven/bun dependency-version: 1.2.23-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-03 16:32:17 +03:00
Stavros	085f6257c5	fix: fix oauth group provider check	2025-09-25 22:35:44 +03:00
Stavros	c307f7eb2e	fix: handle 201 status for heartbeat	2025-09-22 19:56:59 +03:00
Stavros	5dd8526833	fix: fix key normalization function handing more cases than it needs to	2025-09-22 19:29:55 +03:00
Stavros	e8558b89b4	fix: set gin mode correctly	2025-09-22 16:15:55 +03:00
Stavros	f8047a6c2e	feat: add option to disable resources server	2025-09-22 15:52:43 +03:00
axjp	e114bf0943	Update verify.go (#364 )	2025-09-21 09:52:41 +03:00
Stavros	c9867ccb76	chore: fix typo	2025-09-20 11:08:57 +03:00