mirror of
https://github.com/sysadminsmedia/homebox.git
synced 2025-12-27 15:41:42 +01:00
f36756d98e
* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
144 lines
4.6 KiB
Go
Generated
144 lines
4.6 KiB
Go
Generated
// Code generated by ent, DO NOT EDIT.
|
|
|
|
package ent
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"entgo.io/ent"
|
|
"entgo.io/ent/dialect/sql"
|
|
"github.com/google/uuid"
|
|
"github.com/sysadminsmedia/homebox/backend/internal/data/ent/authroles"
|
|
"github.com/sysadminsmedia/homebox/backend/internal/data/ent/authtokens"
|
|
)
|
|
|
|
// AuthRoles is the model entity for the AuthRoles schema.
|
|
type AuthRoles struct {
|
|
config `json:"-"`
|
|
// ID of the ent.
|
|
ID int `json:"id,omitempty"`
|
|
// Role holds the value of the "role" field.
|
|
Role authroles.Role `json:"role,omitempty"`
|
|
// Edges holds the relations/edges for other nodes in the graph.
|
|
// The values are being populated by the AuthRolesQuery when eager-loading is set.
|
|
Edges AuthRolesEdges `json:"edges"`
|
|
auth_tokens_roles *uuid.UUID
|
|
selectValues sql.SelectValues
|
|
}
|
|
|
|
// AuthRolesEdges holds the relations/edges for other nodes in the graph.
|
|
type AuthRolesEdges struct {
|
|
// Token holds the value of the token edge.
|
|
Token *AuthTokens `json:"token,omitempty"`
|
|
// loadedTypes holds the information for reporting if a
|
|
// type was loaded (or requested) in eager-loading or not.
|
|
loadedTypes [1]bool
|
|
}
|
|
|
|
// TokenOrErr returns the Token value or an error if the edge
|
|
// was not loaded in eager-loading, or loaded but was not found.
|
|
func (e AuthRolesEdges) TokenOrErr() (*AuthTokens, error) {
|
|
if e.Token != nil {
|
|
return e.Token, nil
|
|
} else if e.loadedTypes[0] {
|
|
return nil, &NotFoundError{label: authtokens.Label}
|
|
}
|
|
return nil, &NotLoadedError{edge: "token"}
|
|
}
|
|
|
|
// scanValues returns the types for scanning values from sql.Rows.
|
|
func (*AuthRoles) scanValues(columns []string) ([]any, error) {
|
|
values := make([]any, len(columns))
|
|
for i := range columns {
|
|
switch columns[i] {
|
|
case authroles.FieldID:
|
|
values[i] = new(sql.NullInt64)
|
|
case authroles.FieldRole:
|
|
values[i] = new(sql.NullString)
|
|
case authroles.ForeignKeys[0]: // auth_tokens_roles
|
|
values[i] = &sql.NullScanner{S: new(uuid.UUID)}
|
|
default:
|
|
values[i] = new(sql.UnknownType)
|
|
}
|
|
}
|
|
return values, nil
|
|
}
|
|
|
|
// assignValues assigns the values that were returned from sql.Rows (after scanning)
|
|
// to the AuthRoles fields.
|
|
func (_m *AuthRoles) assignValues(columns []string, values []any) error {
|
|
if m, n := len(values), len(columns); m < n {
|
|
return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
|
|
}
|
|
for i := range columns {
|
|
switch columns[i] {
|
|
case authroles.FieldID:
|
|
value, ok := values[i].(*sql.NullInt64)
|
|
if !ok {
|
|
return fmt.Errorf("unexpected type %T for field id", value)
|
|
}
|
|
_m.ID = int(value.Int64)
|
|
case authroles.FieldRole:
|
|
if value, ok := values[i].(*sql.NullString); !ok {
|
|
return fmt.Errorf("unexpected type %T for field role", values[i])
|
|
} else if value.Valid {
|
|
_m.Role = authroles.Role(value.String)
|
|
}
|
|
case authroles.ForeignKeys[0]:
|
|
if value, ok := values[i].(*sql.NullScanner); !ok {
|
|
return fmt.Errorf("unexpected type %T for field auth_tokens_roles", values[i])
|
|
} else if value.Valid {
|
|
_m.auth_tokens_roles = new(uuid.UUID)
|
|
*_m.auth_tokens_roles = *value.S.(*uuid.UUID)
|
|
}
|
|
default:
|
|
_m.selectValues.Set(columns[i], values[i])
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Value returns the ent.Value that was dynamically selected and assigned to the AuthRoles.
|
|
// This includes values selected through modifiers, order, etc.
|
|
func (_m *AuthRoles) Value(name string) (ent.Value, error) {
|
|
return _m.selectValues.Get(name)
|
|
}
|
|
|
|
// QueryToken queries the "token" edge of the AuthRoles entity.
|
|
func (_m *AuthRoles) QueryToken() *AuthTokensQuery {
|
|
return NewAuthRolesClient(_m.config).QueryToken(_m)
|
|
}
|
|
|
|
// Update returns a builder for updating this AuthRoles.
|
|
// Note that you need to call AuthRoles.Unwrap() before calling this method if this AuthRoles
|
|
// was returned from a transaction, and the transaction was committed or rolled back.
|
|
func (_m *AuthRoles) Update() *AuthRolesUpdateOne {
|
|
return NewAuthRolesClient(_m.config).UpdateOne(_m)
|
|
}
|
|
|
|
// Unwrap unwraps the AuthRoles entity that was returned from a transaction after it was closed,
|
|
// so that all future queries will be executed through the driver which created the transaction.
|
|
func (_m *AuthRoles) Unwrap() *AuthRoles {
|
|
_tx, ok := _m.config.driver.(*txDriver)
|
|
if !ok {
|
|
panic("ent: AuthRoles is not a transactional entity")
|
|
}
|
|
_m.config.driver = _tx.drv
|
|
return _m
|
|
}
|
|
|
|
// String implements the fmt.Stringer.
|
|
func (_m *AuthRoles) String() string {
|
|
var builder strings.Builder
|
|
builder.WriteString("AuthRoles(")
|
|
builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
|
|
builder.WriteString("role=")
|
|
builder.WriteString(fmt.Sprintf("%v", _m.Role))
|
|
builder.WriteByte(')')
|
|
return builder.String()
|
|
}
|
|
|
|
// AuthRolesSlice is a parsable slice of AuthRoles.
|
|
type AuthRolesSlice []*AuthRoles
|