11 Commits

Author SHA1 Message Date
db123-test
7930f2ec99 fix: validate action parameter and correct database health check logic
- Add whitelist of valid actions to prevent arbitrary action values
- Fix error handling to properly detect database failures

Previously, any action value was accepted without validation, which could lead to unexpected behavior. The health check also incorrectly set dbOK to true when queries succeeded, now correctly sets it to false when errors occur.
2026-05-11 12:19:47 +03:30
db123-test
ef7abd386e fix(auth): corrected apu_client_ip to only return an string instead of array with valid true 2026-05-07 18:15:06 +03:30
db123-test
bdc0d9beb2 fix: commit go.sum and remove .sum from gitignore
The .sum exclusion was preventing version control of Go dependency checksums. Remove the pattern from .gitignore to allow go.sum to be committed while keeping generated binaries (.exe, .env, .db*) excluded.
2026-05-07 17:54:36 +03:30
db123-test
eb8ba0eb74 ci: replace manual sqlite driver download with go mod tidy
The workflow previously ran `go get auth-proxy/src` to download the sqlite driver
separately before downloading dependencies. This step has been removed and replaced
with `go mod tidy`, which is the idiomatic Go approach for managing dependencies.
It ensures go.mod is properly formatted and removes unused dependencies, eliminating
the need for manual driver installation steps.
2026-05-07 17:52:23 +03:30
db123-test
31afa58ace Merge branch 'master' of ssh://git.yejayekhoob.com:2222/db123/auth-proxy 2026-05-07 17:50:14 +03:30
db123-test
63dba60c44 fix: add SQLite Go driver download step in CI pipeline
Add explicit go get for the auth-proxy/src package to ensure the
SQLite driver is available before running go mod download, fixing
dependency resolution during CI builds.
2026-05-07 17:50:05 +03:30
b6d71a3929 fix: made it detect any change inside src folder and only run then 2026-05-07 17:47:40 +03:30
db123-test
3ba6d61117 fix: use sql.NullString for apiClientIP in logs query
Change apiClientIP from string to sql.NullString to properly handle
NULL values from the database, preventing potential runtime errors
when the column contains NULL entries.
2026-05-07 17:46:23 +03:30
db123-test
6ea4019d55 chore(gitignore): ignored .db files 2026-05-07 16:53:11 +03:30
db123-test
91c53e5968 chore: removed git ignored go.sum 2026-05-07 15:43:05 +03:30
db123-test
684ac2a8c3 chore: update .gitignore to exclude .sum files and fix formatting 2026-05-07 15:41:10 +03:30
3 changed files with 22 additions and 11 deletions

View File

@@ -4,7 +4,7 @@ on:
push: push:
branches: [main, master] branches: [main, master]
paths: paths:
- 'src/' - 'src/**'
pull_request: pull_request:
branches: [main, master] branches: [main, master]
@@ -22,6 +22,9 @@ jobs:
- name: Download dependencies - name: Download dependencies
run: /usr/local/go/bin/go mod download run: /usr/local/go/bin/go mod download
- name: Tidy modules
run: /usr/local/go/bin/go mod tidy
- name: Check formatting - name: Check formatting
run: | run: |
if [ "$(/usr/local/go/bin/gofmt -l $(find . -name '*.go' -not -path './vendor/*'))" ]; then if [ "$(/usr/local/go/bin/gofmt -l $(find . -name '*.go' -not -path './vendor/*'))" ]; then

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
*.exe *.exe
*.env *.env
*.db*

View File

@@ -243,9 +243,16 @@ func parseLogFilter(r *http.Request) (*logFilter, error) {
Offset: 0, Offset: 0,
} }
validActions := map[string]bool{
"add_temp": true, "delete_temp": true,
"add_perm": true, "delete_perm": true, "expire_temp": true,
}
if v := r.URL.Query().Get("action"); v != "" { if v := r.URL.Query().Get("action"); v != "" {
if validActions[v] {
f.Action = v f.Action = v
} }
}
if v := r.URL.Query().Get("ip"); v != "" { if v := r.URL.Query().Get("ip"); v != "" {
f.IP = v f.IP = v
} }
@@ -302,8 +309,8 @@ func logsHandler(db *sql.DB) http.HandlerFunc {
logs := make([]map[string]interface{}, 0) logs := make([]map[string]interface{}, 0)
for rows.Next() { for rows.Next() {
var ts time.Time var ts time.Time
var action, apiClientIP string var action string
var ip, reason sql.NullString var ip, reason, apiClientIP sql.NullString
var ttlSeconds sql.NullInt64 var ttlSeconds sql.NullInt64
if err := rows.Scan(&ts, &action, &ip, &ttlSeconds, &reason, &apiClientIP); err != nil { if err := rows.Scan(&ts, &action, &ip, &ttlSeconds, &reason, &apiClientIP); err != nil {
continue continue
@@ -311,7 +318,7 @@ func logsHandler(db *sql.DB) http.HandlerFunc {
entry := map[string]interface{}{ entry := map[string]interface{}{
"timestamp": ts, "timestamp": ts,
"action": action, "action": action,
"api_client_ip": apiClientIP, "api_client_ip": apiClientIP.String,
"reason": reason.String, "reason": reason.String,
} }
if ip.Valid { if ip.Valid {
@@ -333,13 +340,13 @@ func statusHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
var permCount int var permCount int
var tempCount int var tempCount int
dbOK := false dbOK := true
if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err == nil { if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err != nil {
dbOK = true dbOK = false
} }
if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err == nil { if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err != nil {
dbOK = true dbOK = false
} }
health := map[string]interface{}{ health := map[string]interface{}{