@@ -46,18 +46,17 @@ type Services struct {
4646}
4747
4848type BootstrapApp struct {
49- config model.Config
50- runtime model.RuntimeConfig
51- services Services
52- log * logger.Logger
53- ctx context.Context
54- cancel context.CancelFunc
55- queries repository.Store
56- router * gin.Engine
57- db * sql.DB
58- ding * ding.Ding
59- listeners []Listener
60- dig * dig.Container
49+ config model.Config
50+ runtime model.RuntimeConfig
51+ services Services
52+ log * logger.Logger
53+ ctx context.Context
54+ cancel context.CancelFunc
55+ queries repository.Store
56+ router * gin.Engine
57+ db * sql.DB
58+ ding * ding.Ding
59+ dig * dig.Container
6160}
6261
6362func NewBootstrapApp (config model.Config ) * BootstrapApp {
@@ -98,8 +97,7 @@ func (app *BootstrapApp) Setup() error {
9897 return fmt .Errorf ("failed to parse app url: %w" , err )
9998 }
10099
101- app .runtime .AppURL = appUrl .Scheme + "://" + appUrl .Host
102- app .runtime .TrustedDomains = append (app .runtime .TrustedDomains , app .runtime .AppURL )
100+ app .runtime .AppURL = strings .ToLower (appUrl .Scheme + "://" + appUrl .Host )
103101
104102 // validate session config
105103 if app .config .Auth .SessionMaxLifetime != 0 && app .config .Auth .SessionMaxLifetime < app .config .Auth .SessionExpiry {
@@ -144,34 +142,23 @@ func (app *BootstrapApp) Setup() error {
144142 provider .ClientSecret = secret
145143 provider .ClientSecretFile = ""
146144
147- if provider .RedirectURL == "" {
148- provider .RedirectURL = app .runtime .AppURL + "/api/oauth/callback/" + id
149- }
150-
151- app .runtime .OAuthProviders [id ] = provider
152- }
153-
154- // set presets for built-in providers
155- for id , provider := range app .runtime .OAuthProviders {
156145 if provider .Name == "" {
157146 if name , ok := model .OverrideProviders [id ]; ok {
158147 provider .Name = name
159148 } else {
160149 provider .Name = utils .Capitalize (id )
161150 }
162151 }
152+
163153 app .runtime .OAuthProviders [id ] = provider
164154 }
165155
166156 // cookie domain
167- cookieDomainResolver := utils .GetCookieDomain
168-
169157 if ! app .config .Auth .SubdomainsEnabled {
170- app .log .App .Warn ().Msg ("Subdomains are disabled, using standalone cookie domain resolver which will not work with subdomains" )
171- cookieDomainResolver = utils .GetStandaloneCookieDomain
158+ app .log .App .Warn ().Msg ("Subdomains are disabled, cookies will be set for the current domain only" )
172159 }
173160
174- cookieDomain , err := cookieDomainResolver (app .runtime .AppURL )
161+ cookieDomain , err := utils . GetCookieDomain (app .runtime .AppURL , app . config . Auth . SubdomainsEnabled )
175162
176163 if err != nil {
177164 return fmt .Errorf ("failed to get cookie domain: %w" , err )
@@ -286,9 +273,43 @@ func (app *BootstrapApp) Setup() error {
286273
287274 app .runtime .ConfiguredProviders = configuredProviders
288275
289- // throw in tailscale if it's configured just before setting up the controllers
290- if app .services .tailscaleService != nil {
291- app .runtime .TrustedDomains = append (app .runtime .TrustedDomains , "https://" + app .services .tailscaleService .GetHostname ())
276+ // if tailscale is enabled and listening, replace the app url with the tailscale hostname
277+ if app .services .tailscaleService != nil && app .config .Tailscale .Listen {
278+ tailscaleUrl := "https://" + app .services .tailscaleService .GetHostname ()
279+
280+ // if the tailscale url is different from the app url, replace it
281+ if tailscaleUrl != app .runtime .AppURL {
282+ app .log .App .Info ().Msg ("Listening on tailscale, replacing app url with tailscale hostname" )
283+
284+ app .runtime .AppURL = tailscaleUrl
285+
286+ // also update cookie domain
287+ cookieDomain , err := utils .GetCookieDomain (tailscaleUrl , app .config .Auth .SubdomainsEnabled )
288+
289+ if err != nil {
290+ return fmt .Errorf ("failed to get cookie domain: %w" , err )
291+ }
292+
293+ app .runtime .CookieDomain = cookieDomain
294+ }
295+ }
296+
297+ // force an update of the redirect urls for all oauth providers, if they are empty
298+ services := app .services .oauthBrokerService .GetConfiguredServices ()
299+
300+ for _ , service := range services {
301+ oauthService , ok := app .services .oauthBrokerService .GetService (service )
302+
303+ if ! ok {
304+ return fmt .Errorf ("failed to get oauth service for provider %s" , service )
305+ }
306+
307+ providerConfig := oauthService .GetConfig ()
308+
309+ if providerConfig .RedirectURL == "" {
310+ providerConfig .RedirectURL = app .runtime .AppURL + "/api/oauth/callback/" + service
311+ oauthService .UpdateConfig (providerConfig )
312+ }
292313 }
293314
294315 // setup router
@@ -308,19 +329,19 @@ func (app *BootstrapApp) Setup() error {
308329 app .ding .Go (app .heartbeatRoutine , ding .RingMinor )
309330 }
310331
311- // setup listeners
312- app . listeners = app .calculateListenerPolicy ()
332+ // get listener
333+ listenerFunc , err : = app .getListenerFunc ()
313334
314- if app . config . Server . ConcurrentListenersEnabled {
315- app . log . App . Info (). Msg ( "Concurrent listeners enabled, will run on all available listeners" )
335+ if err != nil {
336+ return fmt . Errorf ( "failed to get listener function: %w" , err )
316337 }
317338
318- // run listeners
319- lec , err := app . runListeners ( )
339+ // run listener
340+ lec := make ( chan error , 1 )
320341
321- if err != nil {
322- return fmt . Errorf ( "failed to run listeners: %w" , err )
323- }
342+ app . ding . Go ( func ( ctx context. Context ) {
343+ lec <- listenerFunc ( ctx )
344+ }, ding . RingNormal )
324345
325346 // monitor cancellation and server errors
326347 for {
0 commit comments