mirror of
https://github.com/sysadminsmedia/homebox.git
synced 2025-12-21 13:23:14 +01:00
f36756d98e
* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
137 lines
5.2 KiB
Go
137 lines
5.2 KiB
Go
// Package config provides the configuration for the application.
|
|
package config
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/ardanlabs/conf/v3"
|
|
)
|
|
|
|
const (
|
|
ModeDevelopment = "development"
|
|
ModeProduction = "production"
|
|
)
|
|
|
|
type Config struct {
|
|
conf.Version
|
|
Mode string `yaml:"mode" conf:"default:development"` // development or production
|
|
Web WebConfig `yaml:"web"`
|
|
Storage Storage `yaml:"storage"`
|
|
Database Database `yaml:"database"`
|
|
Log LoggerConf `yaml:"logger"`
|
|
Mailer MailerConf `yaml:"mailer"`
|
|
Demo bool `yaml:"demo"`
|
|
Debug DebugConf `yaml:"debug"`
|
|
Options Options `yaml:"options"`
|
|
OIDC OIDCConf `yaml:"oidc"`
|
|
LabelMaker LabelMakerConf `yaml:"labelmaker"`
|
|
Thumbnail Thumbnail `yaml:"thumbnail"`
|
|
Barcode BarcodeAPIConf `yaml:"barcode"`
|
|
}
|
|
|
|
type Options struct {
|
|
AllowRegistration bool `yaml:"disable_registration" conf:"default:true"`
|
|
AutoIncrementAssetID bool `yaml:"auto_increment_asset_id" conf:"default:true"`
|
|
CurrencyConfig string `yaml:"currencies"`
|
|
GithubReleaseCheck bool `yaml:"check_github_release" conf:"default:true"`
|
|
AllowAnalytics bool `yaml:"allow_analytics" conf:"default:false"`
|
|
AllowLocalLogin bool `yaml:"allow_local_login" conf:"default:true"`
|
|
TrustProxy bool `yaml:"trust_proxy" conf:"default:false"`
|
|
Hostname string `yaml:"hostname"`
|
|
}
|
|
|
|
type Thumbnail struct {
|
|
Enabled bool `yaml:"enabled" conf:"default:true"`
|
|
Width int `yaml:"width" conf:"default:500"`
|
|
Height int `yaml:"height" conf:"default:500"`
|
|
}
|
|
|
|
type DebugConf struct {
|
|
Enabled bool `yaml:"enabled" conf:"default:false"`
|
|
Port string `yaml:"port" conf:"default:4000"`
|
|
}
|
|
|
|
type WebConfig struct {
|
|
Port string `yaml:"port" conf:"default:7745"`
|
|
Host string `yaml:"host"`
|
|
MaxUploadSize int64 `yaml:"max_file_upload" conf:"default:10"`
|
|
ReadTimeout time.Duration `yaml:"read_timeout" conf:"default:10s"`
|
|
WriteTimeout time.Duration `yaml:"write_timeout" conf:"default:10s"`
|
|
IdleTimeout time.Duration `yaml:"idle_timeout" conf:"default:30s"`
|
|
}
|
|
|
|
type LabelMakerConf struct {
|
|
Width int64 `yaml:"width" conf:"default:526"`
|
|
Height int64 `yaml:"height" conf:"default:200"`
|
|
Padding int64 `yaml:"padding" conf:"default:32"`
|
|
Margin int64 `yaml:"margin" conf:"default:32"`
|
|
FontSize float64 `yaml:"font_size" conf:"default:32.0"`
|
|
PrintCommand *string `yaml:"string"`
|
|
AdditionalInformation *string `yaml:"string"`
|
|
DynamicLength bool `yaml:"bool" conf:"default:true"`
|
|
LabelServiceUrl *string `yaml:"label_service_url"`
|
|
LabelServiceTimeout *time.Duration `yaml:"label_service_timeout"`
|
|
RegularFontPath *string `yaml:"regular_font_path"`
|
|
BoldFontPath *string `yaml:"bold_font_path"`
|
|
}
|
|
|
|
type OIDCConf struct {
|
|
Enabled bool `yaml:"enabled" conf:"default:false"`
|
|
IssuerURL string `yaml:"issuer_url"`
|
|
ClientID string `yaml:"client_id"`
|
|
ClientSecret string `yaml:"client_secret"`
|
|
Scope string `yaml:"scope" conf:"default:openid profile email"`
|
|
AllowedGroups string `yaml:"allowed_groups"`
|
|
AutoRedirect bool `yaml:"auto_redirect" conf:"default:false"`
|
|
VerifyEmail bool `yaml:"verify_email" conf:"default:false"`
|
|
GroupClaim string `yaml:"group_claim" conf:"default:groups"`
|
|
EmailClaim string `yaml:"email_claim" conf:"default:email"`
|
|
NameClaim string `yaml:"name_claim" conf:"default:name"`
|
|
EmailVerifiedClaim string `yaml:"email_verified_claim" conf:"default:email_verified"`
|
|
ButtonText string `yaml:"button_text" conf:"default:Sign in with OIDC"`
|
|
StateExpiry time.Duration `yaml:"state_expiry" conf:"default:10m"`
|
|
RequestTimeout time.Duration `yaml:"request_timeout" conf:"default:30s"`
|
|
}
|
|
|
|
type BarcodeAPIConf struct {
|
|
TokenBarcodespider string `yaml:"token_barcodespider"`
|
|
}
|
|
|
|
// New parses the CLI/Config file and returns a Config struct. If the file argument is an empty string, the
|
|
// file is not read. If the file is not empty, the file is read and the Config struct is returned.
|
|
func New(buildstr string, description string) (*Config, error) {
|
|
var cfg Config
|
|
const prefix = "HBOX"
|
|
|
|
cfg.Version = conf.Version{
|
|
Build: buildstr,
|
|
Desc: description,
|
|
}
|
|
|
|
help, err := conf.Parse(prefix, &cfg)
|
|
if err != nil {
|
|
if errors.Is(err, conf.ErrHelpWanted) {
|
|
fmt.Println(help)
|
|
os.Exit(0)
|
|
}
|
|
return &cfg, fmt.Errorf("parsing config: %w", err)
|
|
}
|
|
|
|
return &cfg, nil
|
|
}
|
|
|
|
// Print prints the configuration to stdout as a json indented string
|
|
// This is useful for debugging. If the marshaller errors out, it will panic.
|
|
func (c *Config) Print() {
|
|
res, err := json.MarshalIndent(c, "", " ")
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
fmt.Println(string(res))
|
|
}
|