* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
* Add label maker font config
* Add document for label maker font config
* Add test for custom font
* Fix custom font setup documentation
- Fallback font is gofont which don't support CJK characters
* Fix golangci-lint error
* Update custom-font-setup.md
* Fix typo
* doc fix: match configure option names with help message (1/2)
This is a first commit in an attempt to reconcile the differences
between the /en/configure/index doc page and the automatically
generated help message. This addresses typos including, though not
limited to, Discussion #954, titled "[doc] apparent typo in the
documentation of GitHub release check option".
This commit fixes the CLI help command, preserving the original
order, while manually matching the option names with the help
message generated by the backend api executable.
Options are only checked for spelling correctness and existence.
In particular, the following are removed because i could not
find them in the help message.
* --swagger-host/$HBOX_SWAGGER_HOST <string> (default: localhost:7745)
* --swagger-scheme/$HBOX_SWAGGER_SCHEME <string> (default: http)
The following default values have also been updated:
* --storage-conn-string/$HBOX_STORAGE_CONN_STRING
(a slash is added to the URI path)
* --database-sqlite-path/$HBOX_DATABASE_SQLITE_PATH
(a query param '&_time_format=sqlite' is added)
* --database-ssl-mode/$HBOX_DATABASE_SSL_MODE
(default 'prefer' added)
* doc fix: match configure option names with help message (2/2)
This is a second commit in an attempt to reconcile the differences
between the /en/configure/index doc page and the automatically
generated help message. See the previous commit for details.
This commit fixes the Markdown table.
Options are only checked for spelling correctness and existence.
The following rows are deleted in particular:
* HBOX_SWAGGER_HOST
* HBOX_SWAGGER_SCHEME
The following default values are updated:
* HBOX_STORAGE_CONN_STRING
(a slash is added to the URI path)
* HBOX_DATABASE_SQLITE_PATH
(a query param '&_time_format=sqlite' is added)
* HBOX_DATABASE_SSL_MODE
(default 'prefer' added)
