Commit graph

33 commits

Author SHA1 Message Date
soup
0391629862
chore(license): update copyright year in headers (#1929)
* chore: update copyright year in license headers

* Revert "chore: update copyright year in license headers"

This reverts commit 3e58129c431b9a491089ce36b908f9bb6ba38ed3.

* chore: update copyright year in license headers

* fix: sort go imports

* fix: add missing license headers
2025-01-06 22:23:19 +01:00
soup
43c28fc0c6
feat(auth): implement auth proxy support with OpenID Connect (#1853)
* feat(auth): implement oidc

* refactor(auth): centralize OIDC state cookie handling

* fix(web): resolve unused error variables in route handlers

* docs(readme): add OIDC authentication feature to list

* fix(auth): improve OIDC cookie handling for reverse proxy setups

The OIDC state cookie's Secure flag is now properly set when running behind a reverse proxy by checking both direct TLS and X-Forwarded-Proto header. This fixes authentication issues in common setups where:

- autobrr runs behind a reverse proxy that terminates HTTPS
- local development environments without TLS
- mixed protocol environments (internal HTTP, external HTTPS)

* fix: use crypt/random if argon2id fails

* feat(auth): show both login options when user exists in db

if user doesn't exist, e.g. canOnboard=true then we only show the OIDC button, since regular login makes no sense in that case

If user does not exist in db and the user wants to create a local user, OIDC needs to be disabled first

* feat(auth): improve OIDC provider initialization with discovery logging

* revert(issuer): do not remove trailing slash

* feat(auth): improve OIDC username resolution with additional claims

* fix(auth): handle OIDC issuer URLs with and without trailing slashes

When initializing the OIDC provider, automatically retry with/without trailing
slash if the first attempt fails.

- First attempts with original issuer URL
- If fails with trailing slash, retries without
- If fails without trailing slash, retries with

* feat(oidc): add gorilla sessions store for secure state management

Add gorilla sessions store to handle encrypted state cookies in OIDC flow,
while removing redundant session validation checks

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>

* fix(auth): prevent duplicate OIDC state cookies for authenticated sessions

Modify OIDC config handler to check for existing authenticated sessions
before setting state cookie. Still returns OIDC enabled status to maintain
UI state, but prevents unnecessary cookie creation for authenticated users.

* feat(oidc): use random secret for temporary state cookies

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>

* feat(auth): add rate limiting to OIDC endpoints

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>

* fix(auth): validate OIDC authorization code presence in callback

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>

* fix(auth): properly handle OIDC session errors

Improve error handling in OIDC login flow by properly handling cookie store
session errors. Return HTTP 500 if session cannot be retrieved instead of
silently continuing with potentially invalid state.

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>

* feat(auth): track and display authentication method for oidc and password logins

* fix: tests

* docs(readme): add environment variable section

* go mod tidy

* chore: log style and errors

---------

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: ze0s <ze0s@riseup.net>
2024-12-19 14:41:31 +01:00
KaiserBh
4432dfb099
feat(http): implement proper BaseUrl support to coexist with legacy mode (#1298)
* refactor: remove baseUrl from api calls and sseBaseUrl

* refactor: set cookie session to '/'.

Since that's where the api endpoint is that way we set it to the root domain, we can't set it to the subfolder since the api is called directly now and not using the baseUrl.

* feat: add the baseUrl route.

When user for example is in `/autobrr` and hit reload it should just return the index.html.

* refactor: now it have to be `/autobrr`

Remove the trailing `/`, now base url is set to /autobrr aligned with other arrs.

* refactor: remove baseUrl stuff.

* refactor: use separate router for the api endpoint and the baseUrl.

I don't think we need separate router, but I didn't test it, so feel free to test it and see if it works without the separate router, the whole point was to make sure that it's not prefixed with baseUrl and I noticed that it was being called in the frontend `APIClients.ts`. So yea just check if it works without it then keep the old one.

Also removed the index since it was zombie code not being used anywhere.

* feat: Dynamic base url.

* fix: auth handler deps

* feat(http): mount web and api on baseurl

* feat(http): web api client routes

* feat(http): baseurl legacy mode

* feat(http): baseurl legacy mode test

* feat(http): add assetBaseUrl

* feat(http): try separate web handlers

* feat(http): improve file serving

* feat(http): ignore .gitkeep

* fix(assets): windows paths

* fix(assets): windows paths trimprefix

* fix(assets): windows paths join

* fix(assets): cleanup

* fix(assets): additional web route check

* feat(http): add comments

---------

Co-authored-by: ze0s <ze0s@riseup.net>
2024-12-19 12:56:04 +01:00
martylukyy
74eea79215
feat(database): SQLite database backups (#1756)
* feat(database): SQLite database backups

* feat(database): do not produce SQL injections

* feat(database): retain all backups if 0 or less
refactor(database): specify database driver in func names

* refactor(database): return early on cleanup

* refactor(database): do not call cleanup func if max backups set to 0

* refactor(database): backup retention behavior

* feat(database): improve logging

---------

Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
2024-11-12 19:14:45 +01:00
soup
2386a9db31
fix(config): log reload message once (#1773)
fix(config): prevent double logging of config reload message
2024-10-20 12:56:42 +02:00
Kyle Sanderson
e603b262f7
fix(docker): windows container (#1710)
* Update ciwindows.Dockerfile
2024-09-09 10:18:31 +02:00
ze0s
34d6e0cf60
fix(diagnostics): profiling config flags (#1637) 2024-08-29 13:21:01 +02:00
Kyle Sanderson
65d25c56c9
feat(diagnostics): add pprof profiling (#1627)
* feat(tracing): enable tracing

* of course the squash didn't work.

* gah. always nice when there's 40 csets.

* might as well.

* refactor: tracing to diagnostics

* feat: add note about the magic methods from pprof

---------

Co-authored-by: ze0s <ze0s@riseup.net>
2024-08-27 11:00:30 +02:00
Kyle Sanderson
4f0e2d82b3
feat(config): check pid for container startup (#1589)
fix(config): check pid for container startup
2024-07-03 21:43:13 +02:00
ze0s
45b522abf8
chore: update license header year (#1332)
* chore: update license header year

* chore: update license header year tsx files

* chore: update license header
2024-01-01 16:21:02 +01:00
ze0s
17e97201fd
fix(config): log level change causes panic (#1296) 2023-12-02 17:23:08 +01:00
ze0s
8b5e08727b
fix(config): load from env vars (#995)
* fix(config): load from env and bind

* fix(config): remove unused imports

* feat: add new postgres config as vars
2023-11-19 22:16:46 +01:00
soup
d8c977b5ba
refactor(config): copylocks and staticcheck findings (#1261)
refactor: copylocks and staticcheck findings

Refactor mutex handling, optimize byte slice creation, and clean up code in accordance with go.staticcheck and copylocks guidelines.

- Changed AppConfig's mutex to *sync.Mutex, preventing mutex copying and enhancing thread safety.
- Simplified byte slice initialization in writeConfig for efficiency.
- Removed redundant return in DynamicReload for better code clarity.
2023-11-19 16:03:53 +01:00
Antoine
73e76c4214
feat(database): postgres set ssl mode (#1245)
* feat(database): postgres set ssl mode

* feat(database): postgres set extra params
2023-11-06 19:04:32 +01:00
soup
89d00d0986
fix(config): prevent overwriting default logPath (#1219)
* fix(config): prevent overwriting logPath default

* Fix duplication issue

* fix: Preserve non-empty logPath value in config
2023-10-30 23:04:53 +01:00
ze0s
d31866b03e
fix(config): env var prefix clashing in k8s (#937)
* fix: log config error

* fix: add extra underscore to env prefix

* fix: config revert

* chore: add web/.gitkeep

* chore: fix web/dist/.gitkeep

* fix: add extra underscore to env prefix
2023-05-16 00:46:28 +02:00
Kyle Sanderson
2ce82cc687
feat(config): allow config environment variables (#691)
* feat(config): allow config environment variables

* generate secure config default token

* fix: read env vars

* fix: go mod tidy

* fix: revert default port change

* fix: do not ignore default config values

---------

Co-authored-by: ze0s <ze0s@riseup.net>
2023-05-07 21:57:52 +02:00
Fabricio Silva
d085d894d4
fix(config): lxc container detection (#900)
fix(config): detection for lxc containers
2023-05-02 18:48:12 +02:00
ze0s
604c7896bd
chore: add LICENSE GPLv2-or-later (#897)
* chore: add LICENSE

* chore: add LICENSE to README
2023-05-01 16:21:59 +02:00
KaiserBh
07b3569cde
enhancement(config): clarify logPath usage (#783)
Added clarity for logPath as people on windows uses backslashes which doesn't work.

Co-authored-by: KaiserBh <kaiserbh@proton.me>
2023-03-26 23:14:07 +02:00
ze0s
ac276868fb
feat(settings): make log level configurable from UI (#704)
* feat(settings): set log level

* fix: light theme colors

* fix: light theme colors size unit
2023-02-11 22:37:06 +01:00
ze0s
2917a7d42d
feat: show new updates in dashboard (#690)
* feat: show new update banner

* feat(http): add request logger

* refactor: updates checker

* feat: make update check optional

* fix: empty releases

* add toggle switch for update checks

* feat: toggle updates check from settings

* feat: toggle updates check from settings

* feat: check on toggle enabled

---------

Co-authored-by: soup <soup@r4tio.dev>
2023-02-05 18:44:11 +01:00
ze0s
0af95e2b44
feat(logging): make log size and log backups configurable (#657)
feat(logging): make log size and backups configurable
2023-01-17 21:35:31 +01:00
ze0s
765215270a
fix(config): improve container detection (#420)
fix(config): detect container
2022-08-21 18:21:43 +02:00
Ludvig Lundgren
a63e022c15
feat(config): add loglevel defaults option trace (#356) 2022-07-16 18:11:17 +02:00
Kyle Sanderson
f74b348b26
feat(config): detect container runtime (#324)
* feat(config): add container detection capabilities
2022-07-12 21:05:29 +02:00
Ludvig Lundgren
2a10ea27c6
fix(config): load sqlite from configdir (#281) 2022-05-21 14:49:11 +02:00
Ludvig Lundgren
91b094f4f4
feat(confg): reload on save and refactor logging (#275)
* feat(confg): reload on save

* refactor(logging): rework
2022-05-20 09:27:01 +02:00
Ludvig Lundgren
cc0c071cce feat: wip postgres support 2022-03-27 03:12:00 +02:00
Ludvig Lundgren
ffa2447c59
feat: change default port (#207)
Change default port from 8989 to 7474
2022-03-26 21:38:57 +01:00
Ludvig Lundgren
fdf69e6403
feat(indexers): load custom definitions (#186) 2022-03-20 14:35:33 +01:00
Ludvig Lundgren
40b855bf39
Feature: Auth (#4)
* feat(api): add auth

* feat(web): add auth and refactor

* refactor(web): baseurl

* feat: add autobrrctl cli for user creation

* build: move static assets

* refactor(web): auth guard and routing

* refactor: rename var

* fix: remove subrouter

* build: update default config
2021-08-14 14:19:21 +02:00
Ludvig Lundgren
a838d994a6 feat: add backend 2021-08-11 15:26:17 +02:00