starred/godoxy-yusing
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-01-11 14:20:32 +01:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

[PR #143] [MERGED] Add TinyAuth forward-auth middleware implementation #171

New Issue
Closed
opened 2025-12-29 15:18:51 +01:00 by adam · 0 comments
adam commented 2025-12-29 15:18:51 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/yusing/godoxy/pull/143
Author: @FrozenFrog
Created: 9/1/2025
Status: Merged
Merged: 9/2/2025
Merged by: @yusing

Base: mainHead: tinyauth-middleware

📝 Commits (6)

  • 76d4d41 feat: add tinyauth middleware
  • dcca7ef Refactor
  • 45a67ef add forward headers
  • 06fe9d7 refactor(forwardauth): remove unnecessary mutex
  • b8211a3 refactor(forwardauth): replace hardcoded http statuses with http constants
  • a357802 refactor(forwardauth): remove hardcoded localhost and port option and construct forwardAuthUrl with route's targetURL

📊 Changes

2 files changed (+110 additions, -1 deletions)

View changed files

internal/net/gphttp/middleware/forwardauth.go (+108 -0)
📝 internal/net/gphttp/middleware/middlewares.go (+2 -1)

📄 Description

This PR adds forward-auth middleware support using TinyAuth’s /api/auth/nginx endpoint.

I have tested the implementation and it works as expected. The video demo below shows the flow in action. In the demo, I used the Cookie-Editor browser extension to delete the tinyauth cookie and then refreshed the page to verify that authentication was properly re-triggered.

🎥 Demo video:

https://github.com/user-attachments/assets/aaa173b9-0c41-48f0-b152-84acdce771f3

Configuration Notes

⚠️ Note: In order to make it work properly, you need to adjust the config.yml by adding the following middleware configuration:

- use: ModifyResponse
      bypass:
        - route tinyauth & path /api/auth/nginx
- use: ForwardAuth
  bypass:
    - route tinyauth
    - route pocketid
    - route alist
    - path /api/*
  forwardauth_port: 10000

All access control and authorization are handled through TinyAuth’s labels, according to their official documentation.

Request for Feedback

I would really appreciate feedback from @yusing and the community. I am not very experienced with Golang, so any suggestions for improvements are very welcome.

Related Issue

Relate yusing/godoxy#81

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/yusing/godoxy/pull/143 **Author:** [@FrozenFrog](https://github.com/FrozenFrog) **Created:** 9/1/2025 **Status:** ✅ Merged **Merged:** 9/2/2025 **Merged by:** [@yusing](https://github.com/yusing) **Base:** `main` ← **Head:** `tinyauth-middleware` --- ### 📝 Commits (6) - [`76d4d41`](https://github.com/yusing/godoxy/commit/76d4d41b57912b3677663406893a39da5a855702) feat: add tinyauth middleware - [`dcca7ef`](https://github.com/yusing/godoxy/commit/dcca7efd90fc913016211eb29d06b775ad8e3f5d) Refactor - [`45a67ef`](https://github.com/yusing/godoxy/commit/45a67ef95bd4e3369e8795a471eb24c0df6b25f7) add forward headers - [`06fe9d7`](https://github.com/yusing/godoxy/commit/06fe9d77750bb56b939ba3e9f0c7a1d61016e730) refactor(forwardauth): remove unnecessary mutex - [`b8211a3`](https://github.com/yusing/godoxy/commit/b8211a35bd35f08058da69e2b69cee20990fd1bd) refactor(forwardauth): replace hardcoded http statuses with http constants - [`a357802`](https://github.com/yusing/godoxy/commit/a357802eaeb409d984544dbec18e58cab99180f4) refactor(forwardauth): remove hardcoded localhost and port option and construct forwardAuthUrl with route's targetURL ### 📊 Changes **2 files changed** (+110 additions, -1 deletions) <details> <summary>View changed files</summary> ➕ `internal/net/gphttp/middleware/forwardauth.go` (+108 -0) 📝 `internal/net/gphttp/middleware/middlewares.go` (+2 -1) </details> ### 📄 Description This PR adds forward-auth middleware support using TinyAuth’s /api/auth/nginx endpoint. I have tested the implementation and it works as expected. The video demo below shows the flow in action. In the demo, I used the Cookie-Editor browser extension to delete the tinyauth cookie and then refreshed the page to verify that authentication was properly re-triggered. 🎥 Demo video: https://github.com/user-attachments/assets/aaa173b9-0c41-48f0-b152-84acdce771f3 **Configuration Notes** ⚠️ Note: In order to make it work properly, you need to adjust the config.yml by adding the following middleware configuration: ``` - use: ModifyResponse bypass: - route tinyauth & path /api/auth/nginx - use: ForwardAuth bypass: - route tinyauth - route pocketid - route alist - path /api/* forwardauth_port: 10000 ``` All access control and authorization are handled through TinyAuth’s labels, according to their official documentation. **Request for Feedback** I would really appreciate feedback from @yusing and the community. I am not very experienced with Golang, so any suggestions for improvements are very welcome. **Related Issue** Relate yusing/godoxy#81 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
adam added the pull-request label 2025-12-29 15:18:51 +01:00
adam closed this issue 2025-12-29 15:18:52 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
enhancement
pull-request
Mirrored from GitHub Pull Request
 wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/godoxy-yusing#171
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?