reugn · reugn · Feb 24, 2024 · Feb 7, 2024 · Feb 8, 2024 · Feb 9, 2024
diff --git a/.dockerignore b/.dockerignore
@@ -2,4 +2,5 @@
 .github
 .cache
 
-examples/
+examples/
+docs/
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,12 +16,12 @@ jobs:
         go-version: [1.21.x]
     steps:
     - name: Setup Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ matrix.go-version }}
 
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Test
-      run: go test ./...
+      run: go test ./...
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Log in to the Container registry
         uses: docker/login-action@v2

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -0,0 +1,28 @@
+name: golangci-lint
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+          cache: false
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: v1.56
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,4 @@
 /vendor
 /secrets/cert.pem
 /secrets/privkey.pem
-auth-server
+/cmd/auth/auth
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,34 @@
+linters:
+  disable-all: true
+  enable:
+    - dupl
+    - errcheck
+    - errorlint
+    - exportloopref
+    - funlen
+    - gci
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+    - gosimple
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - prealloc
+    - revive
+    - staticcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+
+issues:
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - unparam
+        - funlen
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,18 @@
-FROM golang:alpine AS build
+# syntax=docker/dockerfile:1.2
+FROM golang:alpine3.19 AS build
 RUN apk --no-cache add gcc g++ make git
 WORKDIR /go/src/app
 COPY . .
 RUN go get ./...
+WORKDIR /go/src/app/cmd/auth
 RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/auth
 
-FROM alpine:3.14
-WORKDIR /go/bin
-COPY --from=build /go/src/app/bin /go/bin
+FROM alpine:3.19.1
+WORKDIR /app
+COPY --from=build /go/src/app/cmd/auth/bin /app
+COPY --from=build /go/src/app/config /app/
 COPY ./secrets ./secrets
+ENV AUTH_SERVER_LOCAL_CONFIG_PATH=local_repository_config.yml
+
 EXPOSE 8081
-ENTRYPOINT ["/go/bin/auth"]
+ENTRYPOINT ["/app/auth", "-c", "service_config.yml"]
diff --git a/README.md b/README.md
@@ -3,25 +3,29 @@
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/reugn/auth-server)](https://pkg.go.dev/github.com/reugn/auth-server)
 [![Go Report Card](https://goreportcard.com/badge/github.com/reugn/auth-server)](https://goreportcard.com/report/github.com/reugn/auth-server)
 
-This project provides tools to set up a custom authentication and authorization server.  
-`auth-server` can act as a proxy middleware or be configured in a stand-alone mode. It doesn't require any third-party software integration. Use one of the [available repositories](./repository) to configure backend storage, or implement one of your own.
+This project offers a toolkit for building and configuring a tailored authentication and authorization service.
 
-**Note:** This project has not yet passed security testing. Make sure you know what you are doing when setting up your own OAuth2 provider.
+`auth-server` can act as a proxy middleware or be configured in a stand-alone mode. It doesn't require any third-party software integration.
+Leverage existing backend [storage repositories](internal/repository) for storing security policies or develop a custom one to suit your specific requirements.
+For information on how to configure repositories using environment variables, refer to the [repository configuration](docs/repository_configuration.md) page.
+
+> [!NOTE] 
+> This project's security has not been thoroughly evaluated. Proceed with caution when setting up your own auth provider.
 
 ## Introduction
 * **Authentication** is used by a server when the server needs to know exactly who is accessing their information or site.
 * **Authorization** is a process by which a server determines if the client has permission to use a resource or access a file.
 
-Creating an authentication and authorization strategy is always a complex process. A number of quick questions immediately arise:
+The inherent complexity of crafting an authentication and authorization strategy raises a barrage of immediate questions:
 
-* Should we set up separate services for authentication and authorization
-* How do we handle access token creation and who is responsible for this
-* Should we alter our REST service to support authorization flow
+* Would it be beneficial to utilize separate services for authentication and authorization purposes?
+* What is the process for creating access tokens, and who is tasked with this responsibility?
+* Is it necessary to adapt our REST service to support an authorization flow?
 
-The `auth-server` project tries to accumulate all of those capabilities and act as a transparent authentication and authorization proxy middleware.
+The `auth-server` project aims to address these concerns by serving as a transparent authentication and authorization proxy middleware.
 
 ## Architecture
-![architecture_diagram](./images/architecture_diagram_1.png)
+![architecture_diagram](docs/images/architecture_diagram_1.png)
 
 1. The user requests an access token (JWT), using a basic authentication header:
     ```
@@ -45,20 +49,27 @@ The `auth-server` project tries to accumulate all of those capabilities and act
 
 ## Installation and Prerequisites
 * `auth-server` is written in Golang.
-To install the latest stable version of Go, visit https://golang.org/dl/
+To install the latest stable version of Go, visit the [releases page](https://golang.org/dl/).
+
+* Read the following [instructions](./secrets/README.md) to generate keys required to sign the token. Specify the location of the generated certificates in the service configuration file. An example of the configuration file can be found [here](config/service_config.yml).
+
+* The following example shows how to run the service using a configuration file:
+    ```
+    ./auth -c service_config.yml
+    ```
 
 * To run the project using Docker, visit their [page](https://www.docker.com/get-started) to get started. Docker images are available under the [GitHub Packages](https://github.com/reugn/auth-server/packages).
 
 * Install `docker-compose` to get started with the examples.
 
-* Read the following [instructions](./secrets/README.md) to generate keys.
-
 ## Examples
-Examples are available under the examples folder.
+Examples are available under the [examples](examples) folder.
 
 To run `auth-server` as a [Traefik](https://docs.traefik.io/) middleware:
-* `cd examples/traefik`
-* `docker-compose up -d`
+```
+cd examples/traefik
+docker-compose up -d
+```
 
 ## License
 Licensed under the Apache 2.0 License.
diff --git a/auth/env.go b/auth/env.go
diff --git a/auth/jwt_generator.go b/auth/jwt_generator.go
diff --git a/auth/jwt_validator.go b/auth/jwt_validator.go
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,4 +2,5 @@ @@
     .github
     .cache
-    examples/
+    examples/
+    docs/