Improve readability of SQL queries in db.go by formatting them
with consistent multi-line style. This change affects all database
operations including AddPermanentEntry, DeletePermanentEntry,
AddTempEntry, DeleteTempEntry, and CleanupExpiredTemp.
Also simplifies DeletePermanentEntry and DeleteTempEntry by removing
the RowsAffected() checks - audit logging is now executed unconditionally
regardless of whether rows were actually affected.
The proxy was forwarding the original Content-Length header to the
proxied service, which caused issues with request body processing.
Now setting it to an empty string to prevent nginx from passing the
original content-length value.
Move proxy_pass directive to correct position in nginx location block and
update proxy settings: enable request body forwarding (proxy_pass_request_body
on) and pass original Content-Length header (from $content_length variable)
instead of stripping it, ensuring auth-proxy receives full request payloads.
- Replace $%d placeholders with ? in logsHandler for database abstraction
- Remove unused argIndex variable in auth.go
- Log duplicate permanent whitelist insertions to audit_log in db.go
Use local caching for Docker builds in CI pipeline to simplify
configuration and improve build performance by storing cache
in /tmp/.buildx-cache instead of pushing to registry.
Enable registry-based caching for Docker builds by adding
--cache-from and --cache-to flags. This reuses cached layers
from previous builds to speed up build times and reduce network
usage.
- Change whitelist response format to use single `entry` field instead of `ip` + `reason`
- Update auth endpoint to return 204 No Content instead of 200 with body
- Add 405 Method Not Allowed response for auth endpoint
- Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`)
- Add query parameters for logs endpoint: action, ip, limit, offset
- Update documentation in docs/api.md and openapi.yaml
Previously, errors from INSERT INTO audit_log were silently discarded using _, _, which
meant audit log failures could go unnoticed during add/delete/cleanup operations.
The changes now properly capture and return errors for permanent entry operations and
temporary entry operations, except for cleanupExpiredTemp which logs warnings instead
of failing the entire cleanup process when individual audit log entries fail.
The logsHandler now accepts query parameters to filter logs by action
and IP address, with support for pagination via limit and offset
parameters. Query parameters are safely bound to prepared statements
to prevent SQL injection, and pagination values are validated to
ensure they fall within acceptable ranges.
The `created_at` field is no longer needed in the result set,
so it was removed from the SELECT query to reduce data transfer
and simplify the response.
- Initialize list slices with make() to avoid nil slices in ListTempEntries and ListPermEntries
- Use strings.Contains() for uniqueness constraint checking to handle variations in error messages
Update ListPermEntries to return entry field instead of ip and
sort results by created_at. Update the handler in auth.go to call
ListPermEntries instead of ListTempEntries for the whitelist endpoint.
- Add GET /api/whitelist/perm/list to list permanent whitelisted entries
- Implement permWhitelistListHandler with API key verification
- Rename permanent_whitelist table to perm_whitelist for consistency
- Update default DB path from ./data to /data
- Comment out build job in CI/CD workflow
Update the CI/CD workflow to reference the full path to Go binaries
(/usr/local/go/bin/go, gofmt) instead of relying on PATH resolution.
This ensures the correct Go version is used when running in the
Docker container where the binary location may differ from the
default PATH expectation.
Remove the explicit Go installation step in the CI pipeline since Go is already available in the container. The Go proxy mirror configuration remains in place to maintain dependency resolution behavior.
The go.mod file had an incorrect module name 'go.mod' instead of the
actual project name 'auth-proxy'. This fix corrects the module declaration
to match the repository name and enable proper Go module resolution.
The install.sh script expects plain version numbers without the 'v' prefix, so using 'v1.64.8' causes the version string to be interpreted incorrectly. Updated the version format to match the expected format '1.64.8'.
Update GOPROXY to use go.iranserver.com instead of go.devneeds.ir for dependency downloads.
Disable GOSUMDB validation to speed up the build process and avoid potential checksum mismatches.
Rename GITEA_CLONE_URL to G_CLONE_URL in all checkout steps
and update GITEA_TOKEN and GITEA_USERNAME to G_TOKEN and
G_USERNAME for Docker registry authentication. This standardizes
secret naming across the CI/CD pipeline.
Add GitHub Actions workflow that performs linting with golangci-lint,
formats check, cross-compilation for linux/amd64, linux/arm64, and
windows/amd64, and multi-platform docker image publishing to Gitea
registry on pushes to main/master branches.
- Migrate IP-based temporary whitelisting from file to SQLite storage
- Add REST API endpoints for managing temporary and permanent whitelists
- Create `.env.example` with required environment variables
- Document API endpoints in README.md and docs/api.md
- Add new dependency `modernc.org/sqlite` for SQLite support
- Update deployment and security documentation