feat: add trace logging

Co-authored-by: GitHub <noreply@github.com>

.github/workflows/nightly.yml

@@ -396,6 +396,8 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=false
           tags: |
             type=raw,nightly
 
@@ -433,6 +435,8 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=false
           tags: |
             type=raw,nightly-distroless
 

.github/workflows/release.yml

@@ -359,10 +359,13 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=true
+            prefix=v,onlatest=false
           tags: |
-            type=semver,pattern={{version}},prefix=v
+            type=semver,pattern={{version}}
-            type=semver,pattern={{major}},prefix=v
+            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}},prefix=v
+            type=semver,pattern={{major}}.{{minor}}
 
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests
@@ -398,10 +401,14 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/tinyauth
+          flavor: |
+            latest=false
+            prefix=v,onlatest=false
+            suffix=-distroless,onlatest=false
           tags: |
-            type=semver,pattern={{version}},prefix=v,suffix=-distroless
+            type=semver,pattern={{version}}
-            type=semver,pattern={{major}},prefix=v,suffix=-distroless
+            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}},prefix=v,suffix=-distroless
+            type=semver,pattern={{major}}.{{minor}}
 
       - name: Create manifest list and push
         working-directory: ${{ runner.temp }}/digests

Dockerfile

@@ -47,6 +47,8 @@ WORKDIR /tinyauth
 
 COPY --from=builder /tinyauth/tinyauth ./
 
+RUN mkdir -p /data
+
 EXPOSE 3000
 
 VOLUME ["/data"]

Dockerfile.distroless

@@ -38,6 +38,8 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
+RUN mkdir -p data
+
 RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
  
 # Runner
@@ -47,6 +49,9 @@ WORKDIR /tinyauth
 
 COPY --from=builder /tinyauth/tinyauth ./
 
+# Since it's distroless, we need to copy the data directory from the builder stage
+COPY --from=builder /tinyauth/data /data
+
 EXPOSE 3000
 
 VOLUME ["/data"]

README.md

@@ -53,7 +53,7 @@ Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You ma
 
 A big thank you to the following people for providing me with more coffee:
 
-<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<!-- sponsors -->
+<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<!-- sponsors -->
 
 ## Acknowledgements
 

air.toml

@@ -2,7 +2,7 @@ root = "/tinyauth"
 tmp_dir = "tmp"
 
 [build]
-pre_cmd = ["mkdir -p internal/assets/dist", "echo 'backend running' > internal/assets/dist/index.html", "go install github.com/go-delve/delve/cmd/dlv@v1.25.0"]
+pre_cmd = ["mkdir -p internal/assets/dist", "mkdir -p /data", "echo 'backend running' > internal/assets/dist/index.html", "go install github.com/go-delve/delve/cmd/dlv@v1.25.0"]
 cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ."
 bin = "/go/bin/dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 include_ext = ["go"]

cmd/root.go

@@ -112,6 +112,10 @@ func (c *rootCmd) run(cmd *cobra.Command, args []string) {
 	log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel)))
 	log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting Tinyauth")
 
+	if log.Logger.GetLevel() == zerolog.TraceLevel {
+		log.Warn().Msg("Log level set to trace, this will log sensitive information!")
+	}
+
 	app := bootstrap.NewBootstrapApp(conf)
 
 	err = app.Setup()

internal/bootstrap/app_bootstrap.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"sort"
 	"strings"
 	"time"
 	"tinyauth/internal/config"
@@ -157,6 +158,10 @@ func (app *BootstrapApp) Setup() error {
 		})
 	}
 
+	sort.Slice(configuredProviders, func(i, j int) bool {
+		return configuredProviders[i].Name < configuredProviders[j].Name
+	})
+
 	if authService.UserAuthConfigured() || ldapService != nil {
 		configuredProviders = append(configuredProviders, controller.Provider{
 			Name:  "Username",
@@ -173,6 +178,7 @@ func (app *BootstrapApp) Setup() error {
 
 	// Create engine
 	engine := gin.New()
+	engine.Use(gin.Recovery())
 
 	if len(app.config.TrustedProxies) > 0 {
 		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))

internal/controller/oauth_controller.go

@@ -162,7 +162,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 
 	var name string
 
-	if user.Name != "" {
+	if strings.TrimSpace(user.Name) != "" {
 		log.Debug().Msg("Using name from OAuth provider")
 		name = user.Name
 	} else {
@@ -172,7 +172,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 
 	var username string
 
-	if user.PreferredUsername != "" {
+	if strings.TrimSpace(user.PreferredUsername) != "" {
 		log.Debug().Msg("Using preferred username from OAuth provider")
 		username = user.PreferredUsername
 	} else {

internal/controller/proxy_controller.go

@@ -84,6 +84,8 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 
+	log.Trace().Interface("labels", labels).Msg("Labels for resource")
+
 	clientIP := c.ClientIP()
 
 	if controller.auth.IsBypassedIP(labels.IP, clientIP) {
@@ -150,6 +152,8 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		userContext = context
 	}
 
+	log.Trace().Interface("context", userContext).Msg("User context from request")
+
 	if userContext.Provider == "basic" && userContext.TotpEnabled {
 		log.Debug().Msg("User has TOTP enabled, denying basic auth access")
 		userContext.IsLoggedIn = false

internal/service/auth_service.go

@@ -318,6 +318,7 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 
 	for userGroup := range strings.SplitSeq(context.OAuthGroups, ",") {
 		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
+			log.Trace().Str("group", userGroup).Str("required", requiredGroups).Msg("User group matched")
 			return true
 		}
 	}

internal/service/docker_service.go

@@ -12,8 +12,9 @@ import (
 )
 
 type DockerService struct {
-	client  *client.Client
+	client      *client.Client
-	context context.Context
+	context     context.Context
+	isConnected bool
 }
 
 func NewDockerService() *DockerService {
@@ -31,10 +32,24 @@ func (docker *DockerService) Init() error {
 
 	docker.client = client
 	docker.context = ctx
+
+	_, err = docker.client.Ping(docker.context)
+
+	if err != nil {
+		log.Debug().Err(err).Msg("Docker not connected")
+		docker.isConnected = false
+		docker.client = nil
+		docker.context = nil
+		return nil
+	}
+
+	docker.isConnected = true
+	log.Debug().Msg("Docker connected")
+
 	return nil
 }
 
-func (docker *DockerService) GetContainers() ([]container.Summary, error) {
+func (docker *DockerService) getContainers() ([]container.Summary, error) {
 	containers, err := docker.client.ContainerList(docker.context, container.ListOptions{})
 	if err != nil {
 		return nil, err
@@ -42,7 +57,7 @@ func (docker *DockerService) GetContainers() ([]container.Summary, error) {
 	return containers, nil
 }
 
-func (docker *DockerService) InspectContainer(containerId string) (container.InspectResponse, error) {
+func (docker *DockerService) inspectContainer(containerId string) (container.InspectResponse, error) {
 	inspect, err := docker.client.ContainerInspect(docker.context, containerId)
 	if err != nil {
 		return container.InspectResponse{}, err
@@ -50,26 +65,19 @@ func (docker *DockerService) InspectContainer(containerId string) (container.Ins
 	return inspect, nil
 }
 
-func (docker *DockerService) DockerConnected() bool {
-	_, err := docker.client.Ping(docker.context)
-	return err == nil
-}
-
 func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {
-	isConnected := docker.DockerConnected()
+	if !docker.isConnected {
-
-	if !isConnected {
 		log.Debug().Msg("Docker not connected, returning empty labels")
 		return config.App{}, nil
 	}
 
-	containers, err := docker.GetContainers()
+	containers, err := docker.getContainers()
 	if err != nil {
 		return config.App{}, err
 	}
 
 	for _, ctr := range containers {
-		inspect, err := docker.InspectContainer(ctr.ID)
+		inspect, err := docker.inspectContainer(ctr.ID)
 		if err != nil {
 			return config.App{}, err
 		}
@@ -81,12 +89,12 @@ func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {
 
 		for appName, appLabels := range labels.Apps {
 			if appLabels.Config.Domain == appDomain {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
+				log.Debug().Str("id", inspect.ID).Str("name", inspect.Name).Msg("Found matching container by domain")
 				return appLabels, nil
 			}
 
 			if strings.TrimPrefix(inspect.Name, "/") == appName {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by app name")
+				log.Debug().Str("id", inspect.ID).Str("name", inspect.Name).Msg("Found matching container by app name")
 				return appLabels, nil
 			}
 		}

internal/service/generic_oauth_service.go

@@ -12,6 +12,7 @@ import (
 	"time"
 	"tinyauth/internal/config"
 
+	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"
 )
 
@@ -110,6 +111,8 @@ func (generic *GenericOAuthService) Userinfo() (config.Claims, error) {
 		return user, err
 	}
 
+	log.Trace().Str("body", string(body)).Msg("Userinfo response body")
+
 	err = json.Unmarshal(body, &user)
 	if err != nil {
 		return user, err