mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-01-16 04:12:29 +00:00
53bd413046
* Refactor logging to use centralized logger utility - Removed direct usage of zerolog in multiple files and replaced it with a centralized logging utility in the `utils` package. - Introduced `Loggers` struct to manage different loggers (Audit, HTTP, App) with configurable levels and outputs. - Updated all relevant files to utilize the new logging structure, ensuring consistent logging practices across the application. - Enhanced error handling and logging messages for better traceability and debugging. * refactor: update logging implementation to use new logger structure * Refactor logging to use tlog package - Replaced instances of utils logging with tlog in various controllers, services, and middleware. - Introduced audit logging for login success, login failure, and logout events. - Created tlog package with structured logging capabilities using zerolog. - Added tests for the new tlog logger functionality. * refactor: update logging configuration in environment files * fix: adding coderabbit suggestions * fix: ensure correct audit caller * fix: include reason in audit login failure logs
100 lines
3.7 KiB
Plaintext
100 lines
3.7 KiB
Plaintext
# Base Configuration
|
|
|
|
# The base URL where Tinyauth is accessible
|
|
TINYAUTH_APPURL="https://auth.example.com"
|
|
# Directory for static resources
|
|
TINYAUTH_RESOURCESDIR="/data/resources"
|
|
# Path to SQLite database file
|
|
TINYAUTH_DATABASEPATH="/data/tinyauth.db"
|
|
# Disable version heartbeat
|
|
TINYAUTH_DISABLEANALYTICS="false"
|
|
# Disable static resource serving
|
|
TINYAUTH_DISABLERESOURCES="false"
|
|
# Disable UI warning messages
|
|
TINYAUTH_DISABLEUIWARNINGS="false"
|
|
|
|
# Logging Configuration
|
|
|
|
# Log level: trace, debug, info, warn, error
|
|
TINYAUTH_LOG_LEVEL="info"
|
|
# Enable JSON formatted logs
|
|
TINYAUTH_LOG_JSON="false"
|
|
# Specific Log stream configurations
|
|
# APP and HTTP log streams are enabled by default, and use the global log level unless overridden
|
|
TINYAUTH_LOG_STREAMS_APP_ENABLED="true"
|
|
TINYAUTH_LOG_STREAMS_APP_LEVEL="info"
|
|
TINYAUTH_LOG_STREAMS_HTTP_ENABLED="true"
|
|
TINYAUTH_LOG_STREAMS_HTTP_LEVEL="info"
|
|
TINYAUTH_LOG_STREAMS_AUDIT_ENABLED="false"
|
|
TINYAUTH_LOG_STREAMS_AUDIT_LEVEL="info"
|
|
|
|
# Server Configuration
|
|
|
|
# Port to listen on
|
|
TINYAUTH_SERVER_PORT="3000"
|
|
# Interface to bind to (0.0.0.0 for all interfaces)
|
|
TINYAUTH_SERVER_ADDRESS="0.0.0.0"
|
|
# Unix socket path (optional, overrides port/address if set)
|
|
TINYAUTH_SERVER_SOCKETPATH=""
|
|
# Comma-separated list of trusted proxy IPs/CIDRs
|
|
TINYAUTH_SERVER_TRUSTEDPROXIES=""
|
|
|
|
# Authentication Configuration
|
|
|
|
# Format: username:bcrypt_hash (use bcrypt to generate hash)
|
|
TINYAUTH_AUTH_USERS="admin:$2a$10$example_bcrypt_hash_here"
|
|
# Path to external users file (optional)
|
|
TINYAUTH_AUTH_USERSFILE=""
|
|
# Enable secure cookies (requires HTTPS)
|
|
TINYAUTH_AUTH_SECURECOOKIE="true"
|
|
# Session expiry in seconds (7200 = 2 hours)
|
|
TINYAUTH_AUTH_SESSIONEXPIRY="7200"
|
|
# Session maximum lifetime in seconds (0 = unlimited)
|
|
TINYAUTH_AUTH_SESSIONMAXLIFETIME="0"
|
|
# Login timeout in seconds (300 = 5 minutes)
|
|
TINYAUTH_AUTH_LOGINTIMEOUT="300"
|
|
# Maximum login retries before lockout
|
|
TINYAUTH_AUTH_LOGINMAXRETRIES="5"
|
|
|
|
# OAuth Configuration
|
|
|
|
# Regex pattern for allowed email addresses (e.g., /@example\.com$/)
|
|
TINYAUTH_OAUTH_WHITELIST=""
|
|
# Provider ID to auto-redirect to (skips login page)
|
|
TINYAUTH_OAUTH_AUTOREDIRECT=""
|
|
# OAuth Provider Configuration (replace MYPROVIDER with your provider name)
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID="your_client_id_here"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET="your_client_secret_here"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL="https://provider.example.com/oauth/authorize"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL="https://provider.example.com/oauth/token"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL="https://provider.example.com/oauth/userinfo"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL="https://auth.example.com/oauth/callback/myprovider"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES="openid email profile"
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME="My OAuth Provider"
|
|
# Allow self-signed certificates
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE="false"
|
|
|
|
# UI Customization
|
|
|
|
# Custom title for login page
|
|
TINYAUTH_UI_TITLE="Tinyauth"
|
|
# Message shown on forgot password page
|
|
TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
|
|
# Background image URL for login page
|
|
TINYAUTH_UI_BACKGROUNDIMAGE=""
|
|
|
|
# LDAP Configuration
|
|
|
|
# LDAP server address
|
|
TINYAUTH_LDAP_ADDRESS="ldap://ldap.example.com:389"
|
|
# DN for binding to LDAP server
|
|
TINYAUTH_LDAP_BINDDN="cn=readonly,dc=example,dc=com"
|
|
# Password for bind DN
|
|
TINYAUTH_LDAP_BINDPASSWORD="your_bind_password"
|
|
# Base DN for user searches
|
|
TINYAUTH_LDAP_BASEDN="dc=example,dc=com"
|
|
# Search filter (%s will be replaced with username)
|
|
TINYAUTH_LDAP_SEARCHFILTER="(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
|
|
# Allow insecure LDAP connections
|
|
TINYAUTH_LDAP_INSECURE="false"
|