refactor: rework user context handling throughout tinyauth

cmd/tinyauth/generate_totp.go

@@ -73,7 +73,7 @@ func generateTotpCmd() *cli.Command {
 				docker = true
 			}
 
-			if user.TotpSecret != "" {
+			if user.TOTPSecret != "" {
 				return fmt.Errorf("user already has a TOTP secret")
 			}
 
@@ -102,14 +102,14 @@ func generateTotpCmd() *cli.Command {
 
 			qrterminal.GenerateWithConfig(key.URL(), config)
 
-			user.TotpSecret = secret
+			user.TOTPSecret = secret
 
 			// If using docker escape re-escape it
 			if docker {
 				user.Password = strings.ReplaceAll(user.Password, "$", "$$")
 			}
 
-			tlog.App.Info().Str("user", fmt.Sprintf("%s:%s:%s", user.Username, user.Password, user.TotpSecret)).Msg("Add the totp secret to your authenticator app then use the verify command to ensure everything is working correctly.")
+			tlog.App.Info().Str("user", fmt.Sprintf("%s:%s:%s", user.Username, user.Password, user.TOTPSecret)).Msg("Add the totp secret to your authenticator app then use the verify command to ensure everything is working correctly.")
 
 			return nil
 		},

cmd/tinyauth/tinyauth.go

@@ -5,7 +5,7 @@ import (
 
 	"charm.land/huh/v2"
 	"github.com/tinyauthapp/tinyauth/internal/bootstrap"
-	"github.com/tinyauthapp/tinyauth/internal/config"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 	"github.com/tinyauthapp/tinyauth/internal/utils/loaders"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 
@@ -14,7 +14,7 @@ import (
 )
 
 func main() {
-	tConfig := config.NewDefaultConfiguration()
+	tConfig := model.NewDefaultConfiguration()
 
 	loaders := []cli.ResourceLoader{
 		&loaders.FileLoader{},
@@ -108,11 +108,11 @@ func main() {
 	}
 }
 
-func runCmd(cfg config.Config) error {
+func runCmd(cfg model.Config) error {
 	logger := tlog.NewLogger(cfg.Log)
 	logger.Init()
 
-	tlog.App.Info().Str("version", config.Version).Msg("Starting tinyauth")
+	tlog.App.Info().Str("version", model.Version).Msg("Starting tinyauth")
 
 	app := bootstrap.NewBootstrapApp(cfg)
 

cmd/tinyauth/verify_user.go

@@ -95,15 +95,15 @@ func verifyUserCmd() *cli.Command {
 				return fmt.Errorf("password is incorrect: %w", err)
 			}
 
-			if user.TotpSecret == "" {
+			if user.TOTPSecret == "" {
 				if tCfg.Totp != "" {
 					tlog.App.Warn().Msg("User does not have TOTP secret")
 				}
 				tlog.App.Info().Msg("User verified")
 				return nil
 			}
 
-			ok := totp.Validate(tCfg.Totp, user.TotpSecret)
+			ok := totp.Validate(tCfg.Totp, user.TOTPSecret)
 
 			if !ok {
 				return fmt.Errorf("TOTP code incorrect")

cmd/tinyauth/version.go

@@ -3,9 +3,8 @@ package main
 import (
 	"fmt"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
-
 	"github.com/tinyauthapp/paerser/cli"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 )
 
 func versionCmd() *cli.Command {
@@ -15,9 +14,9 @@ func versionCmd() *cli.Command {
 		Configuration: nil,
 		Resources:     nil,
 		Run: func(_ []string) error {
-			fmt.Printf("Version: %s\n", config.Version)
-			fmt.Printf("Commit Hash: %s\n", config.CommitHash)
-			fmt.Printf("Build Timestamp: %s\n", config.BuildTimestamp)
+			fmt.Printf("Version: %s\n", model.Version)
+			fmt.Printf("Commit Hash: %s\n", model.CommitHash)
+			fmt.Printf("Build Timestamp: %s\n", model.BuildTimestamp)
 			return nil
 		},
 	}

gen/gen_env.go

@@ -10,7 +10,7 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 )
 
 type EnvEntry struct {
@@ -20,7 +20,7 @@ type EnvEntry struct {
 }
 
 func generateExampleEnv() {
-	cfg := config.NewDefaultConfiguration()
+	cfg := model.NewDefaultConfiguration()
 	entries := make([]EnvEntry, 0)
 
 	root := reflect.TypeOf(cfg).Elem()

gen/gen_md.go

@@ -10,7 +10,7 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 )
 
 type MarkdownEntry struct {
@@ -21,7 +21,7 @@ type MarkdownEntry struct {
 }
 
 func generateMarkdown() {
-	cfg := config.NewDefaultConfiguration()
+	cfg := model.NewDefaultConfiguration()
 	entries := make([]MarkdownEntry, 0)
 
 	root := reflect.TypeOf(cfg).Elem()

go.mod

@@ -20,7 +20,6 @@ require (
 	github.com/weppos/publicsuffix-go v0.50.3
 	golang.org/x/crypto v0.50.0
 	golang.org/x/oauth2 v0.36.0
-	gotest.tools/v3 v3.5.2
 	k8s.io/apimachinery v0.32.2
 	k8s.io/client-go v0.32.2
 	modernc.org/sqlite v1.49.1
@@ -133,6 +132,7 @@ require (
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
 	modernc.org/libc v1.72.0 // indirect

internal/bootstrap/app_bootstrap.go

@@ -12,15 +12,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
 	"github.com/tinyauthapp/tinyauth/internal/controller"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 	"github.com/tinyauthapp/tinyauth/internal/repository"
 	"github.com/tinyauthapp/tinyauth/internal/utils"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 )
 
 type BootstrapApp struct {
-	config  config.Config
+	config  model.Config
 	context struct {
 		appUrl                 string
 		uuid                   string
@@ -29,15 +29,15 @@ type BootstrapApp struct {
 		csrfCookieName         string
 		redirectCookieName     string
 		oauthSessionCookieName string
-		users                  []config.User
-		oauthProviders         map[string]config.OAuthServiceConfig
+		localUsers             []model.LocalUser
+		oauthProviders         map[string]model.OAuthServiceConfig
 		configuredProviders    []controller.Provider
-		oidcClients            []config.OIDCClientConfig
+		oidcClients            []model.OIDCClientConfig
 	}
 	services Services
 }
 
-func NewBootstrapApp(config config.Config) *BootstrapApp {
+func NewBootstrapApp(config model.Config) *BootstrapApp {
 	return &BootstrapApp{
 		config: config,
 	}
@@ -69,7 +69,7 @@ func (app *BootstrapApp) Setup() error {
 		return err
 	}
 
-	app.context.users = users
+	app.context.localUsers = *users
 
 	// Setup OAuth providers
 	app.context.oauthProviders = app.config.OAuth.Providers
@@ -88,7 +88,7 @@ func (app *BootstrapApp) Setup() error {
 
 	for id, provider := range app.context.oauthProviders {
 		if provider.Name == "" {
-			if name, ok := config.OverrideProviders[id]; ok {
+			if name, ok := model.OverrideProviders[id]; ok {
 				provider.Name = name
 			} else {
 				provider.Name = utils.Capitalize(id)
@@ -115,14 +115,14 @@ func (app *BootstrapApp) Setup() error {
 	// Cookie names
 	app.context.uuid = utils.GenerateUUID(appUrl.Hostname())
 	cookieId := strings.Split(app.context.uuid, "-")[0]
-	app.context.sessionCookieName = fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
-	app.context.csrfCookieName = fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
-	app.context.redirectCookieName = fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
-	app.context.oauthSessionCookieName = fmt.Sprintf("%s-%s", config.OAuthSessionCookieName, cookieId)
+	app.context.sessionCookieName = fmt.Sprintf("%s-%s", model.SessionCookieName, cookieId)
+	app.context.csrfCookieName = fmt.Sprintf("%s-%s", model.CSRFCookieName, cookieId)
+	app.context.redirectCookieName = fmt.Sprintf("%s-%s", model.RedirectCookieName, cookieId)
+	app.context.oauthSessionCookieName = fmt.Sprintf("%s-%s", model.OAuthSessionCookieName, cookieId)
 
 	// Dumps
 	tlog.App.Trace().Interface("config", app.config).Msg("Config dump")
-	tlog.App.Trace().Interface("users", app.context.users).Msg("Users dump")
+	tlog.App.Trace().Interface("users", app.context.localUsers).Msg("Users dump")
 	tlog.App.Trace().Interface("oauthProviders", app.context.oauthProviders).Msg("OAuth providers dump")
 	tlog.App.Trace().Str("cookieDomain", app.context.cookieDomain).Msg("Cookie domain")
 	tlog.App.Trace().Str("sessionCookieName", app.context.sessionCookieName).Msg("Session cookie name")
@@ -171,7 +171,7 @@ func (app *BootstrapApp) Setup() error {
 		})
 	}
 
-	if services.authService.LdapAuthConfigured() {
+	if services.authService.LDAPAuthConfigured() {
 		configuredProviders = append(configuredProviders, controller.Provider{
 			Name:  "LDAP",
 			ID:    "ldap",
@@ -244,7 +244,7 @@ func (app *BootstrapApp) heartbeatRoutine() {
 	var body heartbeat
 
 	body.UUID = app.context.uuid
-	body.Version = config.Version
+	body.Version = model.Version
 
 	bodyJson, err := json.Marshal(body)
 
@@ -257,7 +257,7 @@ func (app *BootstrapApp) heartbeatRoutine() {
 		Timeout: 30 * time.Second, // The server should never take more than 30 seconds to respond
 	}
 
-	heartbeatURL := config.ApiServer + "/v1/instances/heartbeat"
+	heartbeatURL := model.APIServer + "/v1/instances/heartbeat"
 
 	for range ticker.C {
 		tlog.App.Debug().Msg("Sending heartbeat")

internal/bootstrap/router_bootstrap.go

@@ -4,17 +4,17 @@ import (
 	"fmt"
 	"slices"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
 	"github.com/tinyauthapp/tinyauth/internal/controller"
 	"github.com/tinyauthapp/tinyauth/internal/middleware"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 
 	"github.com/gin-gonic/gin"
 )
 
 var DEV_MODES = []string{"main", "test", "development"}
 
 func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
-	if !slices.Contains(DEV_MODES, config.Version) {
+	if !slices.Contains(DEV_MODES, model.Version) {
 		gin.SetMode(gin.ReleaseMode)
 	}
 
@@ -30,7 +30,8 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 	}
 
 	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
-		CookieDomain: app.context.cookieDomain,
+		CookieDomain:      app.context.cookieDomain,
+		SessionCookieName: app.context.sessionCookieName,
 	}, app.services.authService, app.services.oauthBrokerService)
 
 	err := contextMiddleware.Init()
@@ -98,7 +99,8 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 	proxyController.SetupRoutes()
 
 	userController := controller.NewUserController(controller.UserControllerConfig{
-		CookieDomain: app.context.cookieDomain,
+		CookieDomain:      app.context.cookieDomain,
+		SessionCookieName: app.context.sessionCookieName,
 	}, apiRouter, app.services.authService)
 
 	userController.SetupRoutes()

internal/bootstrap/service_bootstrap.go

@@ -22,14 +22,14 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 	services := Services{}
 
 	ldapService := service.NewLdapService(service.LdapServiceConfig{
-		Address:      app.config.Ldap.Address,
-		BindDN:       app.config.Ldap.BindDN,
-		BindPassword: app.config.Ldap.BindPassword,
-		BaseDN:       app.config.Ldap.BaseDN,
-		Insecure:     app.config.Ldap.Insecure,
-		SearchFilter: app.config.Ldap.SearchFilter,
-		AuthCert:     app.config.Ldap.AuthCert,
-		AuthKey:      app.config.Ldap.AuthKey,
+		Address:      app.config.LDAP.Address,
+		BindDN:       app.config.LDAP.BindDN,
+		BindPassword: app.config.LDAP.BindPassword,
+		BaseDN:       app.config.LDAP.BaseDN,
+		Insecure:     app.config.LDAP.Insecure,
+		SearchFilter: app.config.LDAP.SearchFilter,
+		AuthCert:     app.config.LDAP.AuthCert,
+		AuthKey:      app.config.LDAP.AuthKey,
 	})
 
 	err := ldapService.Init()
@@ -89,7 +89,7 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 	services.oauthBrokerService = oauthBrokerService
 
 	authService := service.NewAuthService(service.AuthServiceConfig{
-		Users:              app.context.users,
+		LocalUsers:         app.context.localUsers,
 		OauthWhitelist:     app.config.OAuth.Whitelist,
 		SessionExpiry:      app.config.Auth.SessionExpiry,
 		SessionMaxLifetime: app.config.Auth.SessionMaxLifetime,
@@ -99,7 +99,7 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 		LoginMaxRetries:    app.config.Auth.LoginMaxRetries,
 		SessionCookieName:  app.context.sessionCookieName,
 		IP:                 app.config.Auth.IP,
-		LDAPGroupsCacheTTL: app.config.Ldap.GroupCacheTTL,
+		LDAPGroupsCacheTTL: app.config.LDAP.GroupCacheTTL,
 	}, services.ldapService, queries, services.oauthBrokerService)
 
 	err = authService.Init()