Commit Graph

51 Commits

Author SHA1 Message Date
db123-test
3ab34aeea7 fix nginx auth-proxy configuration to forward request bodies
Move proxy_pass directive to correct position in nginx location block and
update proxy settings: enable request body forwarding (proxy_pass_request_body
on) and pass original Content-Length header (from $content_length variable)
instead of stripping it, ensuring auth-proxy receives full request payloads.
2026-05-04 16:08:11 +03:30
db123-test
5a811241e1 refactor: replace PostgreSQL placeholders with generic SQL syntax and add audit logging for duplicate entries
- Replace $%d placeholders with ? in logsHandler for database abstraction
- Remove unused argIndex variable in auth.go
- Log duplicate permanent whitelist insertions to audit_log in db.go
2026-05-04 15:17:12 +03:30
db123-test
3fb4c6af95 refactor: removed cache of docker build for simplicity of workflow 2026-05-04 14:59:27 +03:30
db123-test
f7fc68b13f fix(ci): correct dest and src 2026-05-04 14:54:41 +03:30
db123-test
f7090e216c fix(ci): changed local cache from dest keyword to src 2026-05-04 14:51:23 +03:30
db123-test
0d3a108dab chore(ci): switch Docker build cache from registry to local
Use local caching for Docker builds in CI pipeline to simplify
configuration and improve build performance by storing cache
in /tmp/.buildx-cache instead of pushing to registry.
2026-05-04 14:49:43 +03:30
db123-test
fc31ca3d86 chore(ci): add Docker buildx layer caching to CI/CD workflow
Enable registry-based caching for Docker builds by adding
--cache-from and --cache-to flags. This reuses cached layers
from previous builds to speed up build times and reduce network
usage.
2026-05-04 13:34:39 +03:30
db123-test
a281012fc4 fix: simplify whitelist entries and update logs API
- Change whitelist response format to use single `entry` field instead of `ip` + `reason`
- Update auth endpoint to return 204 No Content instead of 200 with body
- Add 405 Method Not Allowed response for auth endpoint
- Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`)
- Add query parameters for logs endpoint: action, ip, limit, offset
- Update documentation in docs/api.md and openapi.yaml
2026-05-04 13:27:06 +03:30
db123-test
252c617769 fix: handle errors from audit log INSERT statements
Previously, errors from INSERT INTO audit_log were silently discarded using _, _, which
meant audit log failures could go unnoticed during add/delete/cleanup operations.

The changes now properly capture and return errors for permanent entry operations and
temporary entry operations, except for cleanupExpiredTemp which logs warnings instead
of failing the entire cleanup process when individual audit log entries fail.
2026-05-04 13:16:58 +03:30
db123-test
5ffafbd38f feat: add filtering and pagination to audit logs endpoint
The logsHandler now accepts query parameters to filter logs by action
and IP address, with support for pagination via limit and offset
parameters. Query parameters are safely bound to prepared statements
to prevent SQL injection, and pagination values are validated to
ensure they fall within acceptable ranges.
2026-05-04 13:15:55 +03:30
db123-test
327827da69 refactor(db): remove unnecessary created_at column from perm whitelist query
The `created_at` field is no longer needed in the result set,
so it was removed from the SELECT query to reduce data transfer
and simplify the response.
2026-05-04 13:03:16 +03:30
db123-test
82f391f129 fix: initialize slices explicitly and improve uniqueness check robustness
- Initialize list slices with make() to avoid nil slices in ListTempEntries and ListPermEntries
- Use strings.Contains() for uniqueness constraint checking to handle variations in error messages
2026-05-04 12:10:41 +03:30
db123-test
145d3aa8ac refactor(auth): rename ListPermEntries to ListTempEntries in whitelist list handler 2026-05-04 12:06:27 +03:30
db123-test
03fdf23bdb chore: remove permanent whitelist volume mount from auth-proxy service 2026-05-04 11:58:30 +03:30
db123-test
b008f468f7 fix(deploy): add auth proxy configuration for phpMyAdmin
Include auth_request and upstream_status directives in
nginx location block to enable authentication proxy
for phpMyAdmin access.
2026-05-04 11:46:44 +03:30
db123-test
5f403c1264 fix(docker-compose): correct typo in auth-data volume driver configuration
Fixes misspelling of 'driver' in docker-compose.yml volume configuration
for the auth-data volume, ensuring proper Docker volume driver setup.
2026-05-04 11:42:04 +03:30
db123-test
39747cc151 fix: list permanent whitelist entries sorted by creation time
Update ListPermEntries to return entry field instead of ip and
sort results by created_at. Update the handler in auth.go to call
ListPermEntries instead of ListTempEntries for the whitelist endpoint.
2026-05-04 11:35:02 +03:30
db123-test
7221feb6d4 feat: add permanent whitelist list endpoint and rename DB table
- Add GET /api/whitelist/perm/list to list permanent whitelisted entries
- Implement permWhitelistListHandler with API key verification
- Rename permanent_whitelist table to perm_whitelist for consistency
- Update default DB path from ./data to /data
- Comment out build job in CI/CD workflow
2026-05-04 11:29:01 +03:30
db123-test
e46077f4fa chore: changed the build from yejayekhoob/x to db123/x and added docker pull command instruction too 2026-05-04 10:57:44 +03:30
db123-test
77f1fdfd76 chore: updated go version in dockerfile 2026-05-04 10:52:00 +03:30
db123-test
7a2bd72311 feat: added mirrors for go and for golang image and change the name gate to proxy 2026-05-04 10:49:44 +03:30
db123-test
b094c78318 ci: added removal of buildx builder and then re initializing of it for cleaner ci cd 2026-05-04 10:40:51 +03:30
db123-test
b61e496553 ci: fiddled with build platforms 2026-05-04 10:36:11 +03:30
db123-test
effa25a8bf ci: remove Linux arm64 build from CI/CD pipeline
The arm64 build step has been removed from the GitHub Actions workflow.
This simplifies the pipeline by only building for amd64 targets.
2026-05-04 10:08:43 +03:30
db123-test
19753ec07d fix(ci): use explicit Go binary paths in CI/CD workflow
Update the CI/CD workflow to reference the full path to Go binaries
(/usr/local/go/bin/go, gofmt) instead of relying on PATH resolution.
This ensures the correct Go version is used when running in the
Docker container where the binary location may differ from the
default PATH expectation.
2026-05-04 10:06:00 +03:30
db123-test
73748a9d09 chore(ci-cd): remove redundant Go setup step
Remove the explicit Go installation step in the CI pipeline since Go is already available in the container. The Go proxy mirror configuration remains in place to maintain dependency resolution behavior.
2026-05-04 09:57:21 +03:30
db123-test
c63db6102c chore(ci-cd): setup go environment in CI workflow
Add a setup step to export Go binary path to bashrc before
configuring the proxy mirror, ensuring Go commands are
available in the build environment.
2026-05-04 09:55:52 +03:30
db123-test
00552b7a04 fix: rename module in go.mod from 'go.mod' to 'auth-proxy'
The go.mod file had an incorrect module name 'go.mod' instead of the
actual project name 'auth-proxy'. This fix corrects the module declaration
to match the repository name and enable proper Go module resolution.
2026-05-04 09:54:57 +03:30
db123-test
55cd06fb51 ci: remove golangci-lint checks from CI pipeline
Removed the golangci-lint installation and linting step from the GitHub Actions workflow, simplifying the CI pipeline.
2026-05-04 09:40:05 +03:30
db123-test
e7d7c71572 ci: use latest golangci-lint version in CI workflow
Replace pinned golangci-lint 1.64.8 version with latest to automatically
receive updates and improvements.
2026-05-04 09:38:37 +03:30
db123-test
72be744484 fix(ci-cd): remove 'v' prefix from golangci-lint version
The install.sh script expects plain version numbers without the 'v' prefix, so using 'v1.64.8' causes the version string to be interpreted incorrectly. Updated the version format to match the expected format '1.64.8'.
2026-05-04 09:38:05 +03:30
db123-test
b4797afd39 ci: update Go proxy mirror and disable GOSUMDB in CI
Update GOPROXY to use go.iranserver.com instead of go.devneeds.ir for dependency downloads.
Disable GOSUMDB validation to speed up the build process and avoid potential checksum mismatches.
2026-05-04 09:36:06 +03:30
db123-test
cd843ed877 fix(ci-cd): add domestic go proxy mirror for faster dep downloads
Configure GOPROXY and GOSUMDB to use Iranian proxy servers
(go.devneeds.ir) before downloading dependencies in CI pipeline.
2026-05-04 09:34:49 +03:30
db123-test
e326c4270c fix(ci-cd): use secrets for G_CLONE_URL instead of env variable
Replace hardcoded G_CLONE_URL references with GitHub secrets to
prevent exposing the repository URL in workflow logs and environment.
2026-05-04 09:25:46 +03:30
db123-test
e29fd6d420 refactor: rename GITEA secrets and variables to G_ prefix
Rename GITEA_CLONE_URL to G_CLONE_URL in all checkout steps
and update GITEA_TOKEN and GITEA_USERNAME to G_TOKEN and
G_USERNAME for Docker registry authentication. This standardizes
secret naming across the CI/CD pipeline.
2026-05-04 09:24:53 +03:30
db123-test
b22db09c2f feat: add CI/CD workflow with linting, building, and docker
Add GitHub Actions workflow that performs linting with golangci-lint,
formats check, cross-compilation for linux/amd64, linux/arm64, and
windows/amd64, and multi-platform docker image publishing to Gitea
registry on pushes to main/master branches.
2026-05-04 09:20:56 +03:30
db123-test
515de33837 feat: add SQLite persistence and REST API for temporary whitelisting
- Migrate IP-based temporary whitelisting from file to SQLite storage
- Add REST API endpoints for managing temporary and permanent whitelists
- Create `.env.example` with required environment variables
- Document API endpoints in README.md and docs/api.md
- Add new dependency `modernc.org/sqlite` for SQLite support
- Update deployment and security documentation
2026-05-04 09:08:11 +03:30
a5c9c42533 refactor: wire everything up 2026-05-04 08:47:20 +03:30
2ef8d8a48a refactor: cleanup now uses db 2026-05-04 08:46:50 +03:30
ea42406c5a refactor: simplified and used db.go for operations on whitelists 2026-05-04 08:46:20 +03:30
1e439f4ce3 refactor: simplified and used db.go for operations 2026-05-04 08:42:37 +03:30
d82ab73336 refactor: added ton of sqlite helpers and used sqlite for all the whitelists 2026-05-04 08:29:36 +03:30
536d701641 refactor: simplified and used sqlite for all the whitelists 2026-05-04 08:24:59 +03:30
16dc738c1f fix: removed unnecessary api user 2026-05-04 08:16:49 +03:30
f0e6c09bce feat: made it standard openapi and removed comments 2026-05-04 08:15:46 +03:30
145980ba0f feat: removed comments and uses the passed whitelists 2026-05-04 08:13:25 +03:30
820cb88447 feat: removed comments and now uses the passed tempWhitelist 2026-05-04 08:12:26 +03:30
4e949912d6 feat: added the sqlite logging main logic
added sqlite logic which is being used across the files to log whitelist requests
2026-05-04 08:11:16 +03:30
8af9958743 feat: removed basic auth and added sqlite logging 2026-05-04 08:08:45 +03:30
c05dcbee04 Feat: removed comments and added sqlite db to config 2026-05-04 08:02:07 +03:30