feat: unified config

.env.example

@@ -1,22 +1,86 @@
-PORT=3000
-ADDRESS=0.0.0.0
-APP_URL=http://localhost:3000
-USERS=your_user_password_hash
-USERS_FILE=users_file
-SECURE_COOKIE=false
-OAUTH_WHITELIST=
-GENERIC_NAME=My OAuth
-SESSION_EXPIRY=7200
-LOGIN_TIMEOUT=300
-LOGIN_MAX_RETRIES=5
-LOG_LEVEL=debug
-APP_TITLE=Tinyauth SSO
-FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
-OAUTH_AUTO_REDIRECT=none
-BACKGROUND_IMAGE=some_image_url
-GENERIC_SKIP_SSL=false
-RESOURCES_DIR=/data/resources
-DATABASE_PATH=/data/tinyauth.db
-DISABLE_ANALYTICS=false
-DISABLE_RESOURCES=false
-TRUSTED_PROXIES=
+# Base Configuration
+
+# The base URL where Tinyauth is accessible
+TINYAUTH_APPURL="https://auth.example.com"
+# Log level: trace, debug, info, warn, error
+TINYAUTH_LOGLEVEL="info"
+# Directory for static resources
+TINYAUTH_RESOURCESDIR="/data/resources"
+# Path to SQLite database file
+TINYAUTH_DATABASEPATH="/data/tinyauth.db"
+# Disable version heartbeat
+TINYAUTH_DISABLEANALYTICS="false"
+# Disable static resource serving
+TINYAUTH_DISABLERESOURCES="false"
+# Disable UI warning messages
+TINYAUTH_DISABLEUIWARNINGS="false"
+# Enable JSON formatted logs
+TINYAUTH_LOGJSON="false"
+
+# Server Configuration
+
+# Port to listen on
+TINYAUTH_SERVER_PORT="3000"
+# Interface to bind to (0.0.0.0 for all interfaces)
+TINYAUTH_SERVER_ADDRESS="0.0.0.0"
+# Unix socket path (optional, overrides port/address if set)
+TINYAUTH_SERVER_SOCKETPATH=""
+# Comma-separated list of trusted proxy IPs/CIDRs
+TINYAUTH_SERVER_TRUSTEDPROXIES=""
+
+# Authentication Configuration
+
+# Format: username:bcrypt_hash (use bcrypt to generate hash)
+TINYAUTH_AUTH_USERS="admin:$2a$10$example_bcrypt_hash_here"
+# Path to external users file (optional)
+TINYAUTH_USERSFILE=""
+# Enable secure cookies (requires HTTPS)
+TINYAUTH_SECURECOOKIE="true"
+# Session expiry in seconds (7200 = 2 hours)
+TINYAUTH_SESSIONEXPIRY="7200"
+# Login timeout in seconds (300 = 5 minutes)
+TINYAUTH_LOGINTIMEOUT="300"
+# Maximum login retries before lockout
+TINYAUTH_LOGINMAXRETRIES="5"
+
+# OAuth Configuration
+
+# Regex pattern for allowed email addresses (e.g., /@example\.com$/)
+TINYAUTH_OAUTH_WHITELIST=""
+# Provider ID to auto-redirect to (skips login page)
+TINYAUTH_OAUTH_AUTOREDIRECT=""
+# OAuth Provider Configuration (replace MYPROVIDER with your provider name)
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID="your_client_id_here"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET="your_client_secret_here"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL="https://provider.example.com/oauth/authorize"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL="https://provider.example.com/oauth/token"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL="https://provider.example.com/oauth/userinfo"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL="https://auth.example.com/oauth/callback/myprovider"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES="openid email profile"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME="My OAuth Provider"
+# Allow self-signed certificates
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE="false"
+
+# UI Customization
+
+# Custom title for login page
+TINYAUTH_UI_TITLE="Tinyauth"
+# Message shown on forgot password page
+TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
+# Background image URL for login page
+TINYAUTH_UI_BACKGROUNDIMAGE=""
+
+# LDAP Configuration
+
+# LDAP server address
+TINYAUTH_LDAP_ADDRESS="ldap://ldap.example.com:389"
+# DN for binding to LDAP server
+TINYAUTH_LDAP_BINDDN="cn=readonly,dc=example,dc=com"
+# Password for bind DN
+TINYAUTH_LDAP_BINDPASSWORD="your_bind_password"
+# Base DN for user searches
+TINYAUTH_LDAP_BASEDN="dc=example,dc=com"
+# Search filter (%s will be replaced with username)
+TINYAUTH_LDAP_SEARCHFILTER="(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
+# Allow insecure LDAP connections
+TINYAUTH_LDAP_INSECURE="false"

.github/workflows/nightly.yml

@@ -80,7 +80,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 ./cmd/tinyauth
         env:
           CGO_ENABLED: 0
 
@@ -126,7 +126,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 ./cmd/tinyauth
         env:
           CGO_ENABLED: 0
 

.github/workflows/release.yml

@@ -58,7 +58,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 ./cmd/tinyauth
         env:
           CGO_ENABLED: 0
 
@@ -101,7 +101,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 ./cmd/tinyauth
         env:
           CGO_ENABLED: 0
 

.gitignore

@@ -1,29 +1,36 @@
 # dist
-internal/assets/dist
+/internal/assets/dist
 
 # binaries
-tinyauth
+/tinyauth
 
 # test docker compose
-docker-compose.test*
+/docker-compose.test*
 
 # users file
-users.txt
+/users.txt
 
 # secret test file
-secret*
+/secret*
 
 # apple stuff
 .DS_Store
 
 # env
-.env
+/.env
 
 # tmp directory
-tmp
+/tmp
 
 # version files
-internal/assets/version
+/internal/assets/version
 
 # data directory
-data
+/data
+
+# config file
+/config.yml
+
+# binary out
+/tinyauth.db
+/resources

Dockerfile

@@ -33,12 +33,11 @@ COPY go.sum ./
 
 RUN go mod download
 
-COPY ./main.go ./
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
 
 # Runner
 FROM alpine:3.23 AS runner
@@ -53,6 +52,10 @@ EXPOSE 3000
 
 VOLUME ["/data"]
 
+ENV DATABASEPATH=/data/tinyauth.db
+
+ENV RESOURCESDIR=/data/resources
+
 ENV GIN_MODE=release
 
 ENV PATH=$PATH:/tinyauth

Dockerfile.dev

@@ -12,9 +12,12 @@ RUN go install github.com/go-delve/delve/cmd/dlv@latest
 
 COPY ./cmd ./cmd
 COPY ./internal ./internal
-COPY ./main.go ./
 COPY ./air.toml ./
 
 EXPOSE 3000
 
+ENV DATABASEPATH=/data/tinyauth.db
+
+ENV RESOURCESDIR=/data/resources
+
 ENTRYPOINT ["air", "-c", "air.toml"]

Dockerfile.distroless

@@ -33,14 +33,13 @@ COPY go.sum ./
 
 RUN go mod download
 
-COPY ./main.go ./
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
 RUN mkdir -p data
 
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
 
 # Runner
 FROM gcr.io/distroless/static-debian12:latest AS runner
@@ -56,6 +55,10 @@ EXPOSE 3000
 
 VOLUME ["/data"]
 
+ENV DATABASEPATH=/data/tinyauth.db
+
+ENV RESOURCESDIR=/data/resources
+
 ENV GIN_MODE=release
 
 ENV PATH=$PATH:/tinyauth

air.toml

@@ -3,7 +3,7 @@ tmp_dir = "tmp"
 
 [build]
 pre_cmd = ["mkdir -p internal/assets/dist", "mkdir -p /data", "echo 'backend running' > internal/assets/dist/index.html"]
-cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ."
+cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ./cmd/tinyauth"
 bin = "tmp/tinyauth"
 full_bin = "dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 include_ext = ["go"]