Compare commits

12 Commits

Author SHA1 Message Date
d2992d2af6 Update .github/workflows/ci-cd.yml 2026-05-11 15:18:05 +03:30
db123-test
7930f2ec99 fix: validate action parameter and correct database health check logic
- Add whitelist of valid actions to prevent arbitrary action values
- Fix error handling to properly detect database failures

Previously, any action value was accepted without validation, which could lead to unexpected behavior. The health check also incorrectly set dbOK to true when queries succeeded, now correctly sets it to false when errors occur.
2026-05-11 12:19:47 +03:30
db123-test
ef7abd386e fix(auth): corrected apu_client_ip to only return an string instead of array with valid true 2026-05-07 18:15:06 +03:30
db123-test
bdc0d9beb2 fix: commit go.sum and remove .sum from gitignore
The .sum exclusion was preventing version control of Go dependency checksums. Remove the pattern from .gitignore to allow go.sum to be committed while keeping generated binaries (.exe, .env, .db*) excluded.
2026-05-07 17:54:36 +03:30
db123-test
eb8ba0eb74 ci: replace manual sqlite driver download with go mod tidy
The workflow previously ran `go get auth-proxy/src` to download the sqlite driver
separately before downloading dependencies. This step has been removed and replaced
with `go mod tidy`, which is the idiomatic Go approach for managing dependencies.
It ensures go.mod is properly formatted and removes unused dependencies, eliminating
the need for manual driver installation steps.
2026-05-07 17:52:23 +03:30
db123-test
31afa58ace Merge branch 'master' of ssh://git.yejayekhoob.com:2222/db123/auth-proxy 2026-05-07 17:50:14 +03:30
db123-test
63dba60c44 fix: add SQLite Go driver download step in CI pipeline
Add explicit go get for the auth-proxy/src package to ensure the
SQLite driver is available before running go mod download, fixing
dependency resolution during CI builds.
2026-05-07 17:50:05 +03:30
b6d71a3929 fix: made it detect any change inside src folder and only run then 2026-05-07 17:47:40 +03:30
db123-test
3ba6d61117 fix: use sql.NullString for apiClientIP in logs query
Change apiClientIP from string to sql.NullString to properly handle
NULL values from the database, preventing potential runtime errors
when the column contains NULL entries.
2026-05-07 17:46:23 +03:30
db123-test
6ea4019d55 chore(gitignore): ignored .db files 2026-05-07 16:53:11 +03:30
db123-test
91c53e5968 chore: removed git ignored go.sum 2026-05-07 15:43:05 +03:30
db123-test
684ac2a8c3 chore: update .gitignore to exclude .sum files and fix formatting 2026-05-07 15:41:10 +03:30
3 changed files with 24 additions and 13 deletions

View File

@@ -4,7 +4,7 @@ on:
push:
branches: [main, master]
paths:
- 'src/'
- 'src/**'
pull_request:
branches: [main, master]
@@ -22,6 +22,9 @@ jobs:
- name: Download dependencies
run: /usr/local/go/bin/go mod download
- name: Tidy modules
run: /usr/local/go/bin/go mod tidy
- name: Check formatting
run: |
if [ "$(/usr/local/go/bin/gofmt -l $(find . -name '*.go' -not -path './vendor/*'))" ]; then
@@ -76,7 +79,7 @@ jobs:
run: |
docker buildx build \
--platform linux/amd64 \
--tag "git.yejayekhoob.com/db123/auth-proxy:${{ github.sha }}" \
--tag "git.yejayekhoob.com/db123/auth-proxy:latest" \
--tag "git.yejayekhoob.com/yjkh/auth-proxy:${{ github.sha }}" \
--tag "git.yejayekhoob.com/yjkh/auth-proxy:latest" \
--push \
.

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
*.exe
*.env
*.db*

View File

@@ -243,9 +243,16 @@ func parseLogFilter(r *http.Request) (*logFilter, error) {
Offset: 0,
}
validActions := map[string]bool{
"add_temp": true, "delete_temp": true,
"add_perm": true, "delete_perm": true, "expire_temp": true,
}
if v := r.URL.Query().Get("action"); v != "" {
if validActions[v] {
f.Action = v
}
}
if v := r.URL.Query().Get("ip"); v != "" {
f.IP = v
}
@@ -302,8 +309,8 @@ func logsHandler(db *sql.DB) http.HandlerFunc {
logs := make([]map[string]interface{}, 0)
for rows.Next() {
var ts time.Time
var action, apiClientIP string
var ip, reason sql.NullString
var action string
var ip, reason, apiClientIP sql.NullString
var ttlSeconds sql.NullInt64
if err := rows.Scan(&ts, &action, &ip, &ttlSeconds, &reason, &apiClientIP); err != nil {
continue
@@ -311,7 +318,7 @@ func logsHandler(db *sql.DB) http.HandlerFunc {
entry := map[string]interface{}{
"timestamp": ts,
"action": action,
"api_client_ip": apiClientIP,
"api_client_ip": apiClientIP.String,
"reason": reason.String,
}
if ip.Valid {
@@ -333,13 +340,13 @@ func statusHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var permCount int
var tempCount int
dbOK := false
dbOK := true
if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err == nil {
dbOK = true
if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err != nil {
dbOK = false
}
if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err == nil {
dbOK = true
if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err != nil {
dbOK = false
}
health := map[string]interface{}{