barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-04-02 20:07:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: barbercollie:v5.0.5-rc.1
Branches Tags
barbercollie:main barbercollie:feat/proxy-integration-tests barbercollie:refactor/testing barbercollie:steveiliop56-patch-1 barbercollie:feat/tsnet barbercollie:shreknel-feature/oidc-provider-pr barbercollie:feat/access-log barbercollie:refactor/env-flag-decoders barbercollie:refactor/acl-decoder barbercollie:feat/login-screen-version barbercollie:feat/ip-allow-block barbercollie:feat/app-label-domain barbercollie:feat/multiple-app-urls barbercollie:feat/swagger barbercollie:chore/comments
barbercollie:v5.0.6 barbercollie:v5.0.6-beta.1 barbercollie:nightly barbercollie:v5.0.5-rc.2 barbercollie:v5.0.5 barbercollie:v5.0.5-rc.1 barbercollie:v5.0.5-beta.3 barbercollie:v5.0.5-beta.2 barbercollie:v5.0.5-beta.1 barbercollie:v5.0.4 barbercollie:v5.0.3 barbercollie:v5.0.3-beta.1 barbercollie:v5.0.2-beta.2 barbercollie:v5.0.2 barbercollie:v5.0.2-beta.1 barbercollie:v5.0.1 barbercollie:v5.0.1-rc.1 barbercollie:v5.0.1-beta.1 barbercollie:v5.0.0-rc.2 barbercollie:v5.0.0 barbercollie:v5.0.0-rc.1 barbercollie:v5.0.0-beta.4 barbercollie:v5.0.0-beta.3 barbercollie:v5.0.0-beta.2 barbercollie:v5.0.0-beta.1 barbercollie:v5.0.0-alpha.5 barbercollie:v5.0.0-alpha.4 barbercollie:v5.0.0-alpha.3 barbercollie:v5.0.0-alpha.2 barbercollie:v5.0.0-alpha.1 barbercollie:v4.1.0 barbercollie:v4.1.0-rc.2 barbercollie:v4.1.0-rc.1 barbercollie:v4.1.0-beta.1 barbercollie:v4.0.1 barbercollie:v4.0.1-beta.2 barbercollie:v4.0.1-beta.1 barbercollie:v4.0.0 barbercollie:v4.0.0-rc.1 barbercollie:v4.0.0-beta.3 barbercollie:v4.0.0-beta.2 barbercollie:v4.0.0-beta.1 barbercollie:v4.0.0-alpha.2 barbercollie:v4.0.0-alpha.1 barbercollie:v3.6.2 barbercollie:v3.6.2-beta.4 barbercollie:v3.6.2-beta.3 barbercollie:v3.6.2-beta.2 barbercollie:v3.6.2-beta.1 barbercollie:v3.6.1 barbercollie:v3.6.1-beta.3 barbercollie:v3.6.1-beta.2 barbercollie:v3.6.1-beta.1 barbercollie:v3.6.0 barbercollie:v3.6.0-beta.2 barbercollie:v3.6.0-beta.1 barbercollie:v3.5.0 barbercollie:v3.5.0-alpha.2 barbercollie:v3.5.0-alpha.1 barbercollie:v3.4.1 barbercollie:v3.4.1-beta.1 barbercollie:v3.4.0 barbercollie:v3.4.0-beta.2 barbercollie:v3.4.0-beta.1 barbercollie:v3.4.0-alpha.1 barbercollie:v3.3.1 barbercollie:v3.3.1-beta.1 barbercollie:v3.3.0 barbercollie:v3.3.0-alpha.3 barbercollie:v3.3.0-alpha.2 barbercollie:v3.3.0-alpha.1 barbercollie:v3.2.1 barbercollie:v3.2.1-beta.1 barbercollie:v3.2.0 barbercollie:v3.2.0-beta.6 barbercollie:v3.2.0-beta.5 barbercollie:v3.2.0-beta.4 barbercollie:v3.2.0-beta.3 barbercollie:v3.2.0-beta.2 barbercollie:v3.2.0-beta.1 barbercollie:v3.2.0-alpha.1 barbercollie:v3.1.0 barbercollie:v3.1.0-beta.2 barbercollie:v3.1.0-beta.1 barbercollie:v3.1.0-alpha.1 barbercollie:v3.1.0-exp.3 barbercollie:v3.1.0-exp.2 barbercollie:v3.1.0-exp.1 barbercollie:v3.0.1 barbercollie:v3.0.1-beta.1 barbercollie:v3.0.0 barbercollie:v3.0.0-beta.2 barbercollie:v3.0.0-beta.1 barbercollie:v3.0.0-alpha.4 barbercollie:v3.0.0-alpha.3 barbercollie:v3.0.0-alpha.2 barbercollie:v3.0.0-alpha.1 barbercollie:v2.1.1 barbercollie:v2.1.1-beta.1 barbercollie:v2.1.0 barbercollie:v2.1.0-alpha.2 barbercollie:v2.1.0-alpha.1 barbercollie:v2.0.2 barbercollie:v2.0.2-beta.2 barbercollie:v2.0.2-beta.1 barbercollie:v2.0.1 barbercollie:v2.0.0 barbercollie:v2.0.0-beta.1 barbercollie:v2.0.0-alpha.1 barbercollie:v1.0.0 barbercollie:v1.0.0-beta.3 barbercollie:v1.0.0-beta.2 barbercollie:v1.0.0-beta.1 barbercollie:v1.0.0-alpha.1 barbercollie:v0.3.0 barbercollie:v0.3.0-beta.3 barbercollie:v0.3.0-beta.2 barbercollie:v0.3.0-beta.1 barbercollie:v0.2.0 barbercollie:v0.2.0-beta.1 barbercollie:v0.1.0 barbercollie:v0.1.0-beta.1
..
compare: barbercollie:v5.0.6-beta.1
Branches Tags
barbercollie:main barbercollie:feat/proxy-integration-tests barbercollie:refactor/testing barbercollie:steveiliop56-patch-1 barbercollie:feat/tsnet barbercollie:shreknel-feature/oidc-provider-pr barbercollie:feat/access-log barbercollie:refactor/env-flag-decoders barbercollie:refactor/acl-decoder barbercollie:feat/login-screen-version barbercollie:feat/ip-allow-block barbercollie:feat/app-label-domain barbercollie:feat/multiple-app-urls barbercollie:feat/swagger barbercollie:chore/comments
barbercollie:v5.0.6 barbercollie:v5.0.6-beta.1 barbercollie:nightly barbercollie:v5.0.5-rc.2 barbercollie:v5.0.5 barbercollie:v5.0.5-rc.1 barbercollie:v5.0.5-beta.3 barbercollie:v5.0.5-beta.2 barbercollie:v5.0.5-beta.1 barbercollie:v5.0.4 barbercollie:v5.0.3 barbercollie:v5.0.3-beta.1 barbercollie:v5.0.2-beta.2 barbercollie:v5.0.2 barbercollie:v5.0.2-beta.1 barbercollie:v5.0.1 barbercollie:v5.0.1-rc.1 barbercollie:v5.0.1-beta.1 barbercollie:v5.0.0-rc.2 barbercollie:v5.0.0 barbercollie:v5.0.0-rc.1 barbercollie:v5.0.0-beta.4 barbercollie:v5.0.0-beta.3 barbercollie:v5.0.0-beta.2 barbercollie:v5.0.0-beta.1 barbercollie:v5.0.0-alpha.5 barbercollie:v5.0.0-alpha.4 barbercollie:v5.0.0-alpha.3 barbercollie:v5.0.0-alpha.2 barbercollie:v5.0.0-alpha.1 barbercollie:v4.1.0 barbercollie:v4.1.0-rc.2 barbercollie:v4.1.0-rc.1 barbercollie:v4.1.0-beta.1 barbercollie:v4.0.1 barbercollie:v4.0.1-beta.2 barbercollie:v4.0.1-beta.1 barbercollie:v4.0.0 barbercollie:v4.0.0-rc.1 barbercollie:v4.0.0-beta.3 barbercollie:v4.0.0-beta.2 barbercollie:v4.0.0-beta.1 barbercollie:v4.0.0-alpha.2 barbercollie:v4.0.0-alpha.1 barbercollie:v3.6.2 barbercollie:v3.6.2-beta.4 barbercollie:v3.6.2-beta.3 barbercollie:v3.6.2-beta.2 barbercollie:v3.6.2-beta.1 barbercollie:v3.6.1 barbercollie:v3.6.1-beta.3 barbercollie:v3.6.1-beta.2 barbercollie:v3.6.1-beta.1 barbercollie:v3.6.0 barbercollie:v3.6.0-beta.2 barbercollie:v3.6.0-beta.1 barbercollie:v3.5.0 barbercollie:v3.5.0-alpha.2 barbercollie:v3.5.0-alpha.1 barbercollie:v3.4.1 barbercollie:v3.4.1-beta.1 barbercollie:v3.4.0 barbercollie:v3.4.0-beta.2 barbercollie:v3.4.0-beta.1 barbercollie:v3.4.0-alpha.1 barbercollie:v3.3.1 barbercollie:v3.3.1-beta.1 barbercollie:v3.3.0 barbercollie:v3.3.0-alpha.3 barbercollie:v3.3.0-alpha.2 barbercollie:v3.3.0-alpha.1 barbercollie:v3.2.1 barbercollie:v3.2.1-beta.1 barbercollie:v3.2.0 barbercollie:v3.2.0-beta.6 barbercollie:v3.2.0-beta.5 barbercollie:v3.2.0-beta.4 barbercollie:v3.2.0-beta.3 barbercollie:v3.2.0-beta.2 barbercollie:v3.2.0-beta.1 barbercollie:v3.2.0-alpha.1 barbercollie:v3.1.0 barbercollie:v3.1.0-beta.2 barbercollie:v3.1.0-beta.1 barbercollie:v3.1.0-alpha.1 barbercollie:v3.1.0-exp.3 barbercollie:v3.1.0-exp.2 barbercollie:v3.1.0-exp.1 barbercollie:v3.0.1 barbercollie:v3.0.1-beta.1 barbercollie:v3.0.0 barbercollie:v3.0.0-beta.2 barbercollie:v3.0.0-beta.1 barbercollie:v3.0.0-alpha.4 barbercollie:v3.0.0-alpha.3 barbercollie:v3.0.0-alpha.2 barbercollie:v3.0.0-alpha.1 barbercollie:v2.1.1 barbercollie:v2.1.1-beta.1 barbercollie:v2.1.0 barbercollie:v2.1.0-alpha.2 barbercollie:v2.1.0-alpha.1 barbercollie:v2.0.2 barbercollie:v2.0.2-beta.2 barbercollie:v2.0.2-beta.1 barbercollie:v2.0.1 barbercollie:v2.0.0 barbercollie:v2.0.0-beta.1 barbercollie:v2.0.0-alpha.1 barbercollie:v1.0.0 barbercollie:v1.0.0-beta.3 barbercollie:v1.0.0-beta.2 barbercollie:v1.0.0-beta.1 barbercollie:v1.0.0-alpha.1 barbercollie:v0.3.0 barbercollie:v0.3.0-beta.3 barbercollie:v0.3.0-beta.2 barbercollie:v0.3.0-beta.1 barbercollie:v0.2.0 barbercollie:v0.2.0-beta.1 barbercollie:v0.1.0 barbercollie:v0.1.0-beta.1

14 Commits
v5.0.5-rc. ... v5.0.6-bet

Author SHA1 Message Date
dependabot[bot]
7ad13935a5 chore(deps): bump docker/build-push-action from 6 to 7 (#749) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 15:37:35 +03:00
dependabot[bot]
98e788b1e8 chore(deps): bump docker/metadata-action from 5 to 6 (#750) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 15:37:19 +03:00
dependabot[bot]
a074efb3a3 chore(deps): bump actions/download-artifact from 4 to 8 (#751) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 15:37:02 +03:00
dependabot[bot]
48ef8c0e4c chore(deps): bump actions/stale from 9 to 10 (#752) 
Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9...v10)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 15:36:37 +03:00
dependabot[bot]
1313e8767a chore(deps): bump actions/checkout from 4 to 6 (#753) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 15:36:23 +03:00
Stavros
892097dc4d fix: account for proxy type in browser response 2026-04-02 15:35:55 +03:00
dependabot[bot]
6542e1b121 chore(deps): bump codecov/codecov-action from 5 to 6 (#746) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-01 19:09:28 +03:00
dependabot[bot]
e1d7fa2eb3 chore(deps): bump docker/setup-buildx-action from 3 to 4 (#747) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-01 19:09:02 +03:00
dependabot[bot]
41244080c0 chore(deps): bump docker/login-action from 3 to 4 (#748) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-01 19:08:48 +03:00
dependabot[bot]
34f9724866 chore(deps): bump actions/upload-artifact from 4 to 7 (#745) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-01 19:08:33 +03:00
dependabot[bot]
19a317dd7c chore(deps): bump actions/setup-go from 5 to 6 (#744) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-01 19:08:01 +03:00
Stavros
8a9ffcf185 chore: add github action updates in dependabot 2026-04-01 19:03:05 +03:00
Stavros
fc1d4f2082 refactor: use better ignore paths in context middleware (#743) 2026-04-01 17:07:14 +03:00
Stavros
08e6b84615 fix: use int for status in healthcheck cmd 2026-04-01 16:12:11 +03:00
11 changed files with 201 additions and 106 deletions
Expand all files Collapse all files

5
.github/dependabot.yml vendored
View File

@@ -24,3 +24,8 @@ updates:
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"

6
.github/workflows/ci.yml vendored
View File

@@ -10,13 +10,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Setup bun
uses: oven-sh/setup-bun@v2
- name: Setup go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: "^1.26.0"
@@ -56,6 +56,6 @@ jobs:
run: go test -coverprofile=coverage.txt -v ./...
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@v6
with:
token: ${{ secrets.CODECOV_TOKEN }}

82
.github/workflows/nightly.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Delete old release
run: gh release delete --cleanup-tag --yes nightly || echo release not found
@@ -33,7 +33,7 @@ jobs:
BUILD_TIMESTAMP: ${{ steps.metadata.outputs.BUILD_TIMESTAMP }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -51,7 +51,7 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -59,7 +59,7 @@ jobs:
uses: oven-sh/setup-bun@v2
- name: Install go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: "^1.26.0"
@@ -94,7 +94,7 @@ jobs:
CGO_ENABLED: 0
- name: Upload artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: tinyauth-amd64
path: tinyauth-amd64
@@ -106,7 +106,7 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -114,7 +114,7 @@ jobs:
uses: oven-sh/setup-bun@v2
- name: Install go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: "^1.26.0"
@@ -149,7 +149,7 @@ jobs:
CGO_ENABLED: 0
- name: Upload artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: tinyauth-arm64
path: tinyauth-arm64
@@ -161,7 +161,7 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -176,22 +176,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/amd64
@@ -213,7 +213,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-linux-amd64
path: ${{ runner.temp }}/digests/*
@@ -228,7 +228,7 @@ jobs:
- image-build
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -243,22 +243,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/amd64
@@ -281,7 +281,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-distroless-linux-amd64
path: ${{ runner.temp }}/digests/*
@@ -295,7 +295,7 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -310,22 +310,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/arm64
@@ -347,7 +347,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-linux-arm64
path: ${{ runner.temp }}/digests/*
@@ -362,7 +362,7 @@ jobs:
- image-build-arm
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: nightly
@@ -377,22 +377,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/arm64
@@ -415,7 +415,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-distroless-linux-arm64
path: ${{ runner.temp }}/digests/*
@@ -429,25 +429,25 @@ jobs:
- image-build-arm
steps:
- name: Download digests
uses: actions/download-artifact@v4
uses: actions/download-artifact@v8
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
@@ -468,25 +468,25 @@ jobs:
- image-build-arm-distroless
steps:
- name: Download digests
uses: actions/download-artifact@v4
uses: actions/download-artifact@v8
with:
path: ${{ runner.temp }}/digests
pattern: digests-distroless-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
@@ -506,7 +506,7 @@ jobs:
- binary-build
- binary-build-arm
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
pattern: tinyauth-*
path: binaries

80
.github/workflows/release.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
BUILD_TIMESTAMP: ${{ steps.metadata.outputs.BUILD_TIMESTAMP }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Generate metadata
id: metadata
@@ -29,13 +29,13 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Install bun
uses: oven-sh/setup-bun@v2
- name: Install go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: "^1.26.0"
@@ -70,7 +70,7 @@ jobs:
CGO_ENABLED: 0
- name: Upload artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: tinyauth-amd64
path: tinyauth-amd64
@@ -81,13 +81,13 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Install bun
uses: oven-sh/setup-bun@v2
- name: Install go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: "^1.26.0"
@@ -122,7 +122,7 @@ jobs:
CGO_ENABLED: 0
- name: Upload artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: tinyauth-arm64
path: tinyauth-arm64
@@ -133,7 +133,7 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Initialize submodules
run: |
@@ -146,22 +146,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/amd64
@@ -183,7 +183,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-linux-amd64
path: ${{ runner.temp }}/digests/*
@@ -197,7 +197,7 @@ jobs:
- image-build
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Initialize submodules
run: |
@@ -210,22 +210,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/amd64
@@ -248,7 +248,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-distroless-linux-amd64
path: ${{ runner.temp }}/digests/*
@@ -261,7 +261,7 @@ jobs:
- generate-metadata
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Initialize submodules
run: |
@@ -274,22 +274,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/arm64
@@ -311,7 +311,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-linux-arm64
path: ${{ runner.temp }}/digests/*
@@ -325,7 +325,7 @@ jobs:
- image-build-arm
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Initialize submodules
run: |
@@ -338,22 +338,22 @@ jobs:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
id: build
with:
platforms: linux/arm64
@@ -376,7 +376,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: digests-distroless-linux-arm64
path: ${{ runner.temp }}/digests/*
@@ -390,25 +390,25 @@ jobs:
- image-build-arm
steps:
- name: Download digests
uses: actions/download-artifact@v4
uses: actions/download-artifact@v8
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
@@ -431,25 +431,25 @@ jobs:
- image-build-arm-distroless
steps:
- name: Download digests
uses: actions/download-artifact@v4
uses: actions/download-artifact@v8
with:
path: ${{ runner.temp }}/digests
pattern: digests-distroless-*
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
flavor: |
@@ -473,7 +473,7 @@ jobs:
- binary-build
- binary-build-arm
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
pattern: tinyauth-*
path: binaries

2
.github/workflows/sponsors.yml vendored
View File

@@ -7,7 +7,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
- name: Generate Sponsors
uses: JamesIves/github-sponsors-readme-action@v1

2
.github/workflows/stale.yml vendored
View File

@@ -7,7 +7,7 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9
- uses: actions/stale@v10
with:
days-before-stale: 30
stale-pr-message: This PR has been inactive for 30 days and will be marked as stale.

2
cmd/tinyauth/healthcheck.go
View File

@@ -14,7 +14,7 @@ import (
)
type healthzResponse struct {
Status string `json:"status"`
Status int `json:"status"`
Message string `json:"message"`
}

64
internal/controller/proxy_controller.go
View File

@@ -25,6 +25,15 @@ const (
ForwardAuth
)
type ProxyType int
const (
Traefik ProxyType = iota
Caddy
Envoy
Nginx
)
var BrowserUserAgentRegex = regexp.MustCompile("Chrome|Gecko|AppleWebKit|Opera|Edge")
type Proxy struct {
@@ -38,6 +47,7 @@ type ProxyContext struct {
Method string
Type AuthModuleType
IsBrowser bool
ProxyType ProxyType
}
type ProxyControllerConfig struct {
@@ -121,7 +131,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
}
if !controller.auth.CheckIP(acls.IP, clientIP) {
if !controller.useFriendlyError(proxyCtx) {
if !controller.useBrowserResponse(proxyCtx) {
c.JSON(401, gin.H{
"status": 401,
"message": "Unauthorized",
@@ -165,7 +175,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
if !userAllowed {
tlog.App.Warn().Str("user", userContext.Username).Str("resource", strings.Split(proxyCtx.Host, ".")[0]).Msg("User not allowed to access resource")
if !controller.useFriendlyError(proxyCtx) {
if !controller.useBrowserResponse(proxyCtx) {
c.JSON(403, gin.H{
"status": 403,
"message": "Forbidden",
@@ -205,7 +215,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
if !groupOK {
tlog.App.Warn().Str("user", userContext.Username).Str("resource", strings.Split(proxyCtx.Host, ".")[0]).Msg("User groups do not match resource requirements")
if !controller.useFriendlyError(proxyCtx) {
if !controller.useBrowserResponse(proxyCtx) {
c.JSON(403, gin.H{
"status": 403,
"message": "Forbidden",
@@ -256,7 +266,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
return
}
if !controller.useFriendlyError(proxyCtx) {
if !controller.useBrowserResponse(proxyCtx) {
c.JSON(401, gin.H{
"status": 401,
"message": "Unauthorized",
@@ -296,7 +306,7 @@ func (controller *ProxyController) setHeaders(c *gin.Context, acls config.App) {
}
func (controller *ProxyController) handleError(c *gin.Context, proxyCtx ProxyContext) {
if !controller.useFriendlyError(proxyCtx) {
if !controller.useBrowserResponse(proxyCtx) {
c.JSON(500, gin.H{
"status": 500,
"message": "Internal Server Error",
@@ -312,8 +322,31 @@ func (controller *ProxyController) getHeader(c *gin.Context, header string) (str
return val, strings.TrimSpace(val) != ""
}
func (controller *ProxyController) useFriendlyError(proxyCtx ProxyContext) bool {
return (proxyCtx.Type == ForwardAuth || proxyCtx.Type == ExtAuthz) && proxyCtx.IsBrowser
func (controller *ProxyController) useBrowserResponse(proxyCtx ProxyContext) bool {
if !proxyCtx.IsBrowser {
return false
}
if proxyCtx.ProxyType == Traefik {
return true
}
return false
}
func (controller *ProxyController) getProxyType(proxy string) (ProxyType, error) {
switch proxy {
case "traefik":
return Traefik, nil
case "caddy":
return Caddy, nil
case "envoy":
return Envoy, nil
case "nginx":
return Nginx, nil
default:
return 0, fmt.Errorf("unsupported proxy type: %v", proxy)
}
}
// Code below is inspired from https://github.com/authelia/authelia/blob/master/internal/handlers/handler_authz.go
@@ -417,13 +450,13 @@ func (controller *ProxyController) getExtAuthzContext(c *gin.Context) (ProxyCont
}, nil
}
func (controller *ProxyController) determineAuthModules(proxy string) []AuthModuleType {
func (controller *ProxyController) determineAuthModules(proxy ProxyType) []AuthModuleType {
switch proxy {
case "traefik", "caddy":
case Traefik, Caddy:
return []AuthModuleType{ForwardAuth}
case "envoy":
case Envoy:
return []AuthModuleType{ExtAuthz, ForwardAuth}
case "nginx":
case Nginx:
return []AuthModuleType{AuthRequest, ForwardAuth}
default:
return []AuthModuleType{}
@@ -462,9 +495,15 @@ func (controller *ProxyController) getProxyContext(c *gin.Context) (ProxyContext
return ProxyContext{}, err
}
proxy, err := controller.getProxyType(req.Proxy)
if err != nil {
return ProxyContext{}, err
}
tlog.App.Debug().Msgf("Proxy: %v", req.Proxy)
authModules := controller.determineAuthModules(req.Proxy)
authModules := controller.determineAuthModules(proxy)
if len(authModules) == 0 {
return ProxyContext{}, fmt.Errorf("no auth modules supported for proxy: %v", req.Proxy)
@@ -497,5 +536,6 @@ func (controller *ProxyController) getProxyContext(c *gin.Context) (ProxyContext
}
ctx.IsBrowser = isBrowser
ctx.ProxyType = proxy
return ctx, nil
}

26
internal/controller/proxy_controller_test.go
View File

@@ -164,6 +164,32 @@ func TestProxyController(t *testing.T) {
assert.Equal(t, 401, recorder.Code)
},
},
{
description: "Ensure forward auth fallback for nginx with browser user agent",
middlewares: []gin.HandlerFunc{},
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
req := httptest.NewRequest("GET", "/api/auth/nginx", nil)
req.Header.Set("x-forwarded-host", "test.example.com")
req.Header.Set("x-forwarded-proto", "https")
req.Header.Set("x-forwarded-uri", "/")
req.Header.Set("user-agent", browserUserAgent)
router.ServeHTTP(recorder, req)
assert.Equal(t, 401, recorder.Code)
},
},
{
description: "Ensure forward auth fallback for envoy with browser user agent",
middlewares: []gin.HandlerFunc{},
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
req := httptest.NewRequest("HEAD", "/api/auth/envoy?path=/hello", nil)
req.Header.Set("x-forwarded-host", "test.example.com")
req.Header.Set("x-forwarded-proto", "https")
req.Header.Set("x-forwarded-uri", "/hello")
req.Header.Set("user-agent", browserUserAgent)
router.ServeHTTP(recorder, req)
assert.Equal(t, 401, recorder.Code)
},
},
{
description: "Ensure normal authentication flow for forward auth",
middlewares: []gin.HandlerFunc{

33
internal/middleware/context_middleware.go
View File

@@ -1,7 +1,6 @@
package middleware
import (
"slices"
"strings"
"time"
@@ -13,7 +12,24 @@ import (
"github.com/gin-gonic/gin"
)
var OIDCIgnorePaths = []string{"/api/oidc/token", "/api/oidc/userinfo"}
// Gin won't let us set a middleware on a specific route (at least it doesn't work,
// see https://github.com/gin-gonic/gin/issues/531) so we have to do some hackery
var (
contextSkipPathsPrefix = []string{
"GET /api/context/app",
"GET /api/healthz",
"HEAD /api/healthz",
"GET /api/oauth/url",
"GET /api/oauth/callback",
"GET /api/oidc/clients",
"POST /api/oidc/token",
"GET /api/oidc/userinfo",
"GET /resources",
"POST /api/user/login",
"GET /.well-known/openid-configuration",
"GET /.well-known/jwks.json",
}
)
type ContextMiddlewareConfig struct {
CookieDomain string
@@ -39,9 +55,7 @@ func (m *ContextMiddleware) Init() error {
func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
return func(c *gin.Context) {
// There is no point in trying to get credentials if it's an OIDC endpoint
path := c.Request.URL.Path
if slices.Contains(OIDCIgnorePaths, strings.TrimSuffix(path, "/")) {
if m.isIgnorePath(c.Request.Method + " " + c.Request.URL.Path) {
c.Next()
return
}
@@ -224,3 +238,12 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
c.Next()
}
}
func (m *ContextMiddleware) isIgnorePath(path string) bool {
for _, prefix := range contextSkipPathsPrefix {
if strings.HasPrefix(path, prefix) {
return true
}
}
return false
}

5
internal/middleware/zerolog_middleware.go
View File

@@ -8,10 +8,11 @@ import (
"github.com/steveiliop56/tinyauth/internal/utils/tlog"
)
// See context middleware for explanation of why we have to do this
var (
loggerSkipPathsPrefix = []string{
"GET /api/health",
"HEAD /api/health",
"GET /api/healthz",
"HEAD /api/healthz",
"GET /favicon.ico",
}
)