86 Commits

Author SHA1 Message Date
40151d403b chore: add proprietary license (All Rights Reserved) 2026-06-07 22:21:46 +03:30
d2992d2af6 Update .github/workflows/ci-cd.yml 2026-05-11 15:18:05 +03:30
db123-test
7930f2ec99 fix: validate action parameter and correct database health check logic
- Add whitelist of valid actions to prevent arbitrary action values
- Fix error handling to properly detect database failures

Previously, any action value was accepted without validation, which could lead to unexpected behavior. The health check also incorrectly set dbOK to true when queries succeeded, now correctly sets it to false when errors occur.
v1.0.2
2026-05-11 12:19:47 +03:30
db123-test
ef7abd386e fix(auth): corrected apu_client_ip to only return an string instead of array with valid true v1.0.1 2026-05-07 18:15:06 +03:30
db123-test
bdc0d9beb2 fix: commit go.sum and remove .sum from gitignore
The .sum exclusion was preventing version control of Go dependency checksums. Remove the pattern from .gitignore to allow go.sum to be committed while keeping generated binaries (.exe, .env, .db*) excluded.
2026-05-07 17:54:36 +03:30
db123-test
eb8ba0eb74 ci: replace manual sqlite driver download with go mod tidy
The workflow previously ran `go get auth-proxy/src` to download the sqlite driver
separately before downloading dependencies. This step has been removed and replaced
with `go mod tidy`, which is the idiomatic Go approach for managing dependencies.
It ensures go.mod is properly formatted and removes unused dependencies, eliminating
the need for manual driver installation steps.
2026-05-07 17:52:23 +03:30
db123-test
31afa58ace Merge branch 'master' of ssh://git.yejayekhoob.com:2222/db123/auth-proxy 2026-05-07 17:50:14 +03:30
db123-test
63dba60c44 fix: add SQLite Go driver download step in CI pipeline
Add explicit go get for the auth-proxy/src package to ensure the
SQLite driver is available before running go mod download, fixing
dependency resolution during CI builds.
2026-05-07 17:50:05 +03:30
b6d71a3929 fix: made it detect any change inside src folder and only run then 2026-05-07 17:47:40 +03:30
db123-test
3ba6d61117 fix: use sql.NullString for apiClientIP in logs query
Change apiClientIP from string to sql.NullString to properly handle
NULL values from the database, preventing potential runtime errors
when the column contains NULL entries.
2026-05-07 17:46:23 +03:30
db123-test
6ea4019d55 chore(gitignore): ignored .db files 2026-05-07 16:53:11 +03:30
db123-test
91c53e5968 chore: removed git ignored go.sum 2026-05-07 15:43:05 +03:30
db123-test
684ac2a8c3 chore: update .gitignore to exclude .sum files and fix formatting 2026-05-07 15:41:10 +03:30
db1234719
11ad43315f fix: corrected indent on paths specification v1.0.0 2026-05-05 22:20:14 +03:30
db1234719
1b5c3565af ci: made it run the workflow only on changes to src/ dir on push to main 2026-05-05 22:18:45 +03:30
db123-test
ffd5f0fc35 docs(security): clarify IPv6 support for whitelist endpoints
Update docs/security.md to reflect that the
/api/whitelist endpoints now accept both
IPv4 and IPv6 addresses, removing the
previous statement that IPv6 was unsupported.
2026-05-05 19:25:28 +03:30
db123-test
c3869f4f10 feat: add env file support and parameterize SQL queries
Add .env and .env.local loading with InitEnv() helper that reads
environment variables from config files without overwriting existing
values.

Refactor SQL queries to use parameterized arguments instead of
string formatting for LIMIT/OFFSET clauses, improving query security
and preventing SQL injection vulnerabilities.

Clean up unnecessary rows.Close() calls and simplify error handling
in database query functions.
2026-05-05 19:13:42 +03:30
db123-test
ac25f4f4c5 fix: correct typo in docker-compose volumes driver key
The auth-data volume in docker-compose.yml had "dirver" instead of
"driver", which would cause Docker to fail when creating the volume.
2026-05-05 19:07:50 +03:30
db123-test
30adeeebed fix: fix temporary whitelist IP listing endpoint
Fix new API endpoint `/api/whitelist/temp/list` to retrieve currently
active temporary whitelisted IPs. Also clean up trailing whitespace in
the permanent whitelist endpoint section.
2026-05-05 18:39:17 +03:30
db123-test
e244d01911 docs: remove duplicate nginx location block in deploy config 2026-05-05 18:27:33 +03:30
db123-test
3202906153 fix(db): convert expires_at to RFC3339 string format and simplify cleanup 2026-05-05 18:25:40 +03:30
db123-test
f04f6192ff docs: fix typos and update design rationale for SQLite choice
- Correct "proxyway" typo in README
- Rewrite design.md to explain SQLite decision over in-memory map,
  highlighting persistence, ACID transactions, and concurrent read
  support via WAL mode
- Increase audit log rotation limit from 100k to 200k entries
2026-05-05 18:21:40 +03:30
db123-test
a59509f017 refactor: auth and whitelist system for better organization
- Remove Config parameter from authHandler and CheckAuth
- Add doc comments and extract helper functions for IP extraction
- Refactor database operations (addPerm, addTemp, delPerm)
- Add CIDR matching support in IsPermanentWhitelisted
- Add request struct for temporary whitelist handler
- Update route registrations to match new function signatures
2026-05-05 18:18:00 +03:30
db123-test
3ce20314db refactor: rename 'entry' to 'ip' in audit log schema
Rename the 'entry' column to 'ip' throughout the database schema and
function signatures for clarity. This affects both the CREATE TABLE
statement and all INSERT queries in the audit_log table.

The parameter naming in AddPermanentEntry, DeletePermanentEntry, and
AddTempEntry functions has also been updated to reflect the more
specific 'ip' terminology. Corresponding log messages have been
adjusted to use 'temp ip' instead of 'temp entry' for consistency.
2026-05-05 17:54:07 +03:30
db123-test
31fc204ef2 refactor: rename entry field to ip across whitelist API
Rename the `entry` field to `ip` throughout the whitelist API for
clarity and consistency. This affects API request/response bodies,
path parameters, OpenAPI spec, documentation, and database queries
in the audit log endpoint.
2026-05-05 17:44:52 +03:30
db123-test
0c1bbdcaf4 chore: ignore environment files in .gitignore 2026-05-05 17:27:29 +03:30
db123-test
62e66f0436 ci: add vet and test steps, fix build targets to src directory
- Add go vet and go test steps to CI workflow
- Update Dockerfile and CI build commands to target ./src
- Comment out build jobs for Linux and Windows
- Fix build paths across the workflow configuration
2026-05-05 11:56:55 +03:30
db123-test
8d25bda386 refactor: reorganize project into src layout and update API documentation
Update project structure to use a src/ directory layout and
improve documentation across multiple files.

- Update README.md build command to use ./src
- Add directory structure documentation
- Update status endpoint to include DB health status
- Add pagination support (limit/offset) to whitelist list endpoints
- Document new query parameters with examples
- Update deployment guide to mark API token as required
- Add testing instructions
- Clarify audit log rotation in design documentation
2026-05-05 11:51:45 +03:30
db123-test
33b0e4e30e refactor: move Go source files to src/ directory
Organize project structure by relocating all Go files to a src/ directory,
following standard Go project conventions and improving code organization.
2026-05-05 11:46:58 +03:30
db123-test
f525eaa8f3 feat: enhance auth, add input validation and pagination
- Add IP validation in auth handler with detailed logging
- Implement apiKeyMiddleware helper for API key verification
- Add IP and CIDR validation for whitelist operations
- Support pagination for listing temp and permanent entries
- Add parsePagination helper to extract limit and offset
- Include comprehensive unit tests for IsIP, IsCIDR, and IPMatch
2026-05-05 11:34:35 +03:30
db123-test
93c9eb2a45 refactor(db): replace cidr with ip column in audit_log table
Remove the cidr column from the audit_log table schema and
update all INSERT statements to use the ip column instead,
aligning the field name with the actual data being stored.
2026-05-05 11:02:45 +03:30
db123-test
0745954db6 fix: correct nginx config syntax and standardize environment variable names
Remove extraneous closing brace from nginx auth-proxy location block
that was causing syntax errors. Update documentation to reflect proper
UPPER_CASE naming convention for environment variables (AUTH_PROXY_*)
and correct the default database path from relative to absolute path.
2026-05-04 17:57:13 +03:30
db123-test
a352adb441 fix: use sql.NullString for reason field in audit log
Update reason field handling in auth.go and db.go to properly support
NULL values using sql.NullString. When inserting expired temp entries
and serializing logs to JSON, extract the string value to avoid
JSON marshaling issues with nullable fields.
2026-05-04 17:48:18 +03:30
db123-test
6425158f61 refactor: format SQL queries with multi-line style
Improve readability of SQL queries in db.go by formatting them
with consistent multi-line style. This change affects all database
operations including AddPermanentEntry, DeletePermanentEntry,
AddTempEntry, DeleteTempEntry, and CleanupExpiredTemp.

Also simplifies DeletePermanentEntry and DeleteTempEntry by removing
the RowsAffected() checks - audit logging is now executed unconditionally
regardless of whether rows were actually affected.
2026-05-04 17:10:54 +03:30
db123-test
c6c27dcfc6 fix: override Content-Length header in auth proxy config
The proxy was forwarding the original Content-Length header to the
proxied service, which caused issues with request body processing.
Now setting it to an empty string to prevent nginx from passing the
original content-length value.
2026-05-04 16:44:38 +03:30
db123-test
3ab34aeea7 fix nginx auth-proxy configuration to forward request bodies
Move proxy_pass directive to correct position in nginx location block and
update proxy settings: enable request body forwarding (proxy_pass_request_body
on) and pass original Content-Length header (from $content_length variable)
instead of stripping it, ensuring auth-proxy receives full request payloads.
2026-05-04 16:08:11 +03:30
db123-test
5a811241e1 refactor: replace PostgreSQL placeholders with generic SQL syntax and add audit logging for duplicate entries
- Replace $%d placeholders with ? in logsHandler for database abstraction
- Remove unused argIndex variable in auth.go
- Log duplicate permanent whitelist insertions to audit_log in db.go
2026-05-04 15:17:12 +03:30
db123-test
3fb4c6af95 refactor: removed cache of docker build for simplicity of workflow 2026-05-04 14:59:27 +03:30
db123-test
f7fc68b13f fix(ci): correct dest and src 2026-05-04 14:54:41 +03:30
db123-test
f7090e216c fix(ci): changed local cache from dest keyword to src 2026-05-04 14:51:23 +03:30
db123-test
0d3a108dab chore(ci): switch Docker build cache from registry to local
Use local caching for Docker builds in CI pipeline to simplify
configuration and improve build performance by storing cache
in /tmp/.buildx-cache instead of pushing to registry.
2026-05-04 14:49:43 +03:30
db123-test
fc31ca3d86 chore(ci): add Docker buildx layer caching to CI/CD workflow
Enable registry-based caching for Docker builds by adding
--cache-from and --cache-to flags. This reuses cached layers
from previous builds to speed up build times and reduce network
usage.
2026-05-04 13:34:39 +03:30
db123-test
a281012fc4 fix: simplify whitelist entries and update logs API
- Change whitelist response format to use single `entry` field instead of `ip` + `reason`
- Update auth endpoint to return 204 No Content instead of 200 with body
- Add 405 Method Not Allowed response for auth endpoint
- Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`)
- Add query parameters for logs endpoint: action, ip, limit, offset
- Update documentation in docs/api.md and openapi.yaml
2026-05-04 13:27:06 +03:30
db123-test
252c617769 fix: handle errors from audit log INSERT statements
Previously, errors from INSERT INTO audit_log were silently discarded using _, _, which
meant audit log failures could go unnoticed during add/delete/cleanup operations.

The changes now properly capture and return errors for permanent entry operations and
temporary entry operations, except for cleanupExpiredTemp which logs warnings instead
of failing the entire cleanup process when individual audit log entries fail.
2026-05-04 13:16:58 +03:30
db123-test
5ffafbd38f feat: add filtering and pagination to audit logs endpoint
The logsHandler now accepts query parameters to filter logs by action
and IP address, with support for pagination via limit and offset
parameters. Query parameters are safely bound to prepared statements
to prevent SQL injection, and pagination values are validated to
ensure they fall within acceptable ranges.
2026-05-04 13:15:55 +03:30
db123-test
327827da69 refactor(db): remove unnecessary created_at column from perm whitelist query
The `created_at` field is no longer needed in the result set,
so it was removed from the SELECT query to reduce data transfer
and simplify the response.
2026-05-04 13:03:16 +03:30
db123-test
82f391f129 fix: initialize slices explicitly and improve uniqueness check robustness
- Initialize list slices with make() to avoid nil slices in ListTempEntries and ListPermEntries
- Use strings.Contains() for uniqueness constraint checking to handle variations in error messages
2026-05-04 12:10:41 +03:30
db123-test
145d3aa8ac refactor(auth): rename ListPermEntries to ListTempEntries in whitelist list handler 2026-05-04 12:06:27 +03:30
db123-test
03fdf23bdb chore: remove permanent whitelist volume mount from auth-proxy service 2026-05-04 11:58:30 +03:30
db123-test
b008f468f7 fix(deploy): add auth proxy configuration for phpMyAdmin
Include auth_request and upstream_status directives in
nginx location block to enable authentication proxy
for phpMyAdmin access.
2026-05-04 11:46:44 +03:30