* feat(auth): implement oidc
* refactor(auth): centralize OIDC state cookie handling
* fix(web): resolve unused error variables in route handlers
* docs(readme): add OIDC authentication feature to list
* fix(auth): improve OIDC cookie handling for reverse proxy setups
The OIDC state cookie's Secure flag is now properly set when running behind a reverse proxy by checking both direct TLS and X-Forwarded-Proto header. This fixes authentication issues in common setups where:
- autobrr runs behind a reverse proxy that terminates HTTPS
- local development environments without TLS
- mixed protocol environments (internal HTTP, external HTTPS)
* fix: use crypt/random if argon2id fails
* feat(auth): show both login options when user exists in db
if user doesn't exist, e.g. canOnboard=true then we only show the OIDC button, since regular login makes no sense in that case
If user does not exist in db and the user wants to create a local user, OIDC needs to be disabled first
* feat(auth): improve OIDC provider initialization with discovery logging
* revert(issuer): do not remove trailing slash
* feat(auth): improve OIDC username resolution with additional claims
* fix(auth): handle OIDC issuer URLs with and without trailing slashes
When initializing the OIDC provider, automatically retry with/without trailing
slash if the first attempt fails.
- First attempts with original issuer URL
- If fails with trailing slash, retries without
- If fails without trailing slash, retries with
* feat(oidc): add gorilla sessions store for secure state management
Add gorilla sessions store to handle encrypted state cookies in OIDC flow,
while removing redundant session validation checks
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): prevent duplicate OIDC state cookies for authenticated sessions
Modify OIDC config handler to check for existing authenticated sessions
before setting state cookie. Still returns OIDC enabled status to maintain
UI state, but prevents unnecessary cookie creation for authenticated users.
* feat(oidc): use random secret for temporary state cookies
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* feat(auth): add rate limiting to OIDC endpoints
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): validate OIDC authorization code presence in callback
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): properly handle OIDC session errors
Improve error handling in OIDC login flow by properly handling cookie store
session errors. Return HTTP 500 if session cannot be retrieved instead of
silently continuing with potentially invalid state.
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* feat(auth): track and display authentication method for oidc and password logins
* fix: tests
* docs(readme): add environment variable section
* go mod tidy
* chore: log style and errors
---------
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: ze0s <ze0s@riseup.net>
* fix(ci): update workflow to use latest patch version of Go
* fix(ci): update all workflows to use latest patch version of Go
* chore(deps): bump Go version to latest patch in go.mod
* fix(wildcard): avoid excessive allocations every loop
* are you going to Scarborough Fair?
* ruby ruby ruby ruby
* ride on, little murphy
* shirley?
* to the moon
* reggie are you there?
* code 99
* my doctorate is in Art History
* helps to be consistent
* tidy
* slow and steady gets the clam
* oysters were better anyway
* DIAL TONE
* bump(deps): lift language versions
* Update Dockerfile
* ask your doctor
* chore: update go to 1.23
* fix: go mod version
---------
Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
* feat(qbittorrent): add priority handling
* fix: check if torrent queueing is enabled
* fix: only check for torrent queueing if priority is set
* fix: improve tooltip message
* feat: enable torrent queueing if disabled
* change to SetPreferencesQueueingEnabled
* feat(actions): rename field
* chore: bump pkg go-qbittorrent to v1.8.0
* chore(deps): update go-qbittorrent to v1.8.1
* chore(deps): go mod tidy
---------
Co-authored-by: ze0s <ze0s@riseup.net>
* fix some races in IRC handler management
* remove go 1.21 and slices package
* chore: update deps
* fix: use exp/slices pkg and client callbacks
* fix(irc): remove deadlock mutex from authenticate
* restore locking in authenticate()
* fix(irc): data races
* fix(irc): do not allow restart of disabled network
* fix(irc): disable restart btn if net disabled
---------
Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
