Skip to content

Commit d90e3d6

Browse files
committed
Add TINYAUTH_AUTH_SUBDOMAINSENABLED option
Setting it to false allows to use Tinyauth on top-level domain only, but forbids automatic cross-app authentication using Traefik/Nginx.
1 parent 479f165 commit d90e3d6

3 files changed

Lines changed: 18 additions & 1 deletion

File tree

internal/bootstrap/app_bootstrap.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,13 @@ func (app *BootstrapApp) Setup() error {
106106
}
107107

108108
// Get cookie domain
109-
cookieDomain, err := utils.GetCookieDomain(app.context.appUrl)
109+
cookieDomainResolver := utils.GetCookieDomain
110+
if !app.config.Auth.SubdomainsEnabled {
111+
tlog.App.Info().Msg("Subdomains disabled, automatic authentication for proxied apps will not work")
112+
cookieDomainResolver = utils.GetStandaloneCookieDomain
113+
}
114+
115+
cookieDomain, err := cookieDomainResolver(app.context.appUrl)
110116

111117
if err != nil {
112118
return err

internal/config/config.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ func NewDefaultConfiguration() *Config {
1818
Address: "0.0.0.0",
1919
},
2020
Auth: AuthConfig{
21+
SubdomainsEnabled: true,
2122
SessionExpiry: 86400, // 1 day
2223
SessionMaxLifetime: 0, // disabled
2324
LoginTimeout: 300, // 5 minutes
@@ -116,6 +117,7 @@ type AuthConfig struct {
116117
IP IPConfig `description:"IP whitelisting config options." yaml:"ip"`
117118
Users []string `description:"Comma-separated list of users (username:hashed_password)." yaml:"users"`
118119
UsersFile string `description:"Path to the users file." yaml:"usersFile"`
120+
SubdomainsEnabled bool `description:"Enable subdomains support." yaml:"subdomainsEnabled"`
119121
SecureCookie bool `description:"Enable secure cookies." yaml:"secureCookie"`
120122
SessionExpiry int `description:"Session expiry time in seconds." yaml:"sessionExpiry"`
121123
SessionMaxLifetime int `description:"Maximum session lifetime in seconds." yaml:"sessionMaxLifetime"`

internal/utils/app_utils.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,15 @@ func GetCookieDomain(u string) (string, error) {
4949
return domain, nil
5050
}
5151

52+
func GetStandaloneCookieDomain(u string) (string, error) {
53+
parsed, err := url.Parse(u)
54+
if err != nil {
55+
return "", err
56+
}
57+
58+
return parsed.Hostname(), nil
59+
}
60+
5261
func ParseFileToLine(content string) string {
5362
lines := strings.Split(content, "\n")
5463
users := make([]string, 0)

0 commit comments

Comments
 (0)