Merge pull request #12 from eisenwinter/updgrade-deps

Updgrade deps

.github/workflows/go.yml

@@ -15,7 +15,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.19
+        go-version: 1.23
 
     - name: Build
       run: go build -v ./...

.github/workflows/release_binaries.yml

@@ -26,7 +26,7 @@ jobs:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         goos: ${{ matrix.goos }}
         goarch: ${{ matrix.goarch }}
-        goversion: "https://dl.google.com/go/go1.19.linux-amd64.tar.gz"
+        goversion: "https://dl.google.com/go/go1.23.3.linux-amd64.tar.gz"
         build_flags: -v
         ldflags: -s -w -X "main.Version=${{ env.APP_VERSION }}" -X "main.BuildTime=${{ env.BUILD_TIME }}" -X main.GitCommit=${{ github.sha }} -X main.GitRef=${{ github.ref }}
         binary_name: "gotrxx"

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.19-buster as builder
+FROM golang:1.23-buster as builder
 WORKDIR /app
 COPY go.* ./
 RUN go mod download

README.md

@@ -3,7 +3,7 @@
 </p>
 <a name="readme-top"></a>
 <p align="center">
-<strong>gotrxx</strong> is a OAuth2 authorization server written in go, with support for <strong>Authorization Code Grant with PKCE</strong>, <strong>Client Credentials Grant</strong> and <strong>Password Grant</strong> (to mimic <a href="https://github.com/netlify/gotrue">gotrue</a>  behaviour). It is compatible with <a href="https://www.netlifycms.org/">netlifycms</a>.
+<strong>gotrxx</strong> is a OAuth2 authorization server written in go, with support for <strong>Authorization Code Grant with PKCE</strong>, <strong>Client Credentials Grant</strong> and <strong>Password Grant</strong> (to mimic <a href="https://github.com/netlify/gotrue">gotrue</a>  behaviour). It is compatible with <a href="https://decapcms.org/">decapcms</a> (formerly netlifycms).
 </p>
 
 [![GitHub go.mod](https://img.shields.io/github/go-mod/go-version/eisenwinter/gotrxx.svg)](https://github.com/eisenwinter/gotrxx) [![Go Report Card](https://goreportcard.com/badge/github.com/eisenwinter/gotrxx)](https://goreportcard.com/report/github.com/eisenwinter/gotrxx) [![Go](https://github.com/eisenwinter/gotrxx/actions/workflows/go.yml/badge.svg)](https://github.com/eisenwinter/gotrxx/actions/workflows/go.yml) [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) [![License](https://img.shields.io/badge/License-BSD_2--Clause-orange.svg)](https://opensource.org/licenses/BSD-2-Clause) [![DeepSource](https://deepsource.io/gh/eisenwinter/gotrxx.svg/?label=active+issues&show_trend=true&token=me84C5VKS4He2vcgb2VzJF2M)](https://deepsource.io/gh/eisenwinter/gotrxx/?ref=repository-badge) [![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits&logoColor=white)](https://conventionalcommits.org) [![view - Documentation](https://img.shields.io/badge/view-Documentation-blue)](https://eisenwinter.github.io/gotrxx "Go documentation")
@@ -15,7 +15,7 @@
 
 - **Authorization Code Grant** with Proof Key of Exchange for all your SPA and public needs.
 - **Client Credentials Grant** for all your Backend and confidential client needs.
-- **Password Grant** for netlifycms compatibility
+- **Password Grant** for ~~netlifycms~~ decapcms compatibility
 - **Discovery Endpoint** although it does **not** support OpenID-connect it has a discovery endpoint for convenient use with [oidc-client-ts](https://github.com/authts/oidc-client-ts)
 - **Flexible signing and verification choice**  (HS256, HS384, HS512, RS256, RS384, RS512) token signing and verification (very special thanks to [jwx](https://github.com/lestrrat-go/jwx))
 - **jwk** Endpoint when using RS* signing
@@ -41,15 +41,15 @@ Use this **if**
 - you have clients, friends, or family you wanna share certain (pre-approved) applications with them
 - you don't need OpenID-connect
 - a full-blown solution (ory, keycloak, identity server) is way too much
-- want to set up a self-hosted Netlify CMS setup with something else then gotrue
+- want to set up a self-hosted ~~Netlify CMS~~ decap CMS setup with something else then gotrue
 - want an authorizations server that works with either SQLite, Postgres or MariaDB/MySQL
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 ## Why
 
 Well, I went a bit overboard. It all started when a family member of mine wanted to edit the static site I made for her and I went on to set up a self-hosted
-version of netlify CMS. And things did not go as I wanted. Fast-forward - we are here after maniacally coding for weeks (okay it's been on and off for months at this point) because I disliked a few minor things about gotrue[^2].
+version of decap CMS. And things did not go as I wanted. Fast-forward - we are here after maniacally coding for weeks (okay it's been on and off for months at this point) because I disliked a few minor things about gotrue[^2].
 
 [^2]: gotrue still is a good and well-thought-out solution tough (only love)
 
@@ -59,7 +59,7 @@ version of netlify CMS. And things did not go as I wanted. Fast-forward - we are
 
 ### Building from source
 
-gotrxx is written and tested against Go 1.19+
+gotrxx is written and tested against Go 1~~.19~~.23+
 
 ```
 git clone https://github.com/eisenwinter/gotrxx.git

api/api.go

@@ -75,6 +75,7 @@ func compose(logger *zap.Logger,
 
 	connectRessource := connect.NewConnnectRessource(
 		logger.Named("connect_ressource"),
+		tokenAuth,
 		issuer,
 		rotator,
 		signInService,
@@ -84,6 +85,7 @@ func compose(logger *zap.Logger,
 	)
 	netlifyRessource := netlify.NewNetlifyRessource(
 		logger.Named("netlify_ressource"),
+		tokenAuth,
 		connectRessource,
 		rotator,
 	)
@@ -106,6 +108,7 @@ func compose(logger *zap.Logger,
 		manageRessource := management.NewManagementRessource(
 			logger.Named("management_ressource"),
 			*cfg,
+			tokenAuth,
 			manageUserService,
 			manageAppService,
 			manageAuthService,

api/app/connect/connect.go

@@ -15,11 +15,11 @@ import (
 )
 
 type ConnnectRessource struct {
-	logger *zap.Logger
-
-	issuer   TokenIssuer
-	rotator  TokenRotator
-	verifier TokenVerifier
+	logger    *zap.Logger
+	tokenAuth *jwtauth.JWTAuth
+	issuer    TokenIssuer
+	rotator   TokenRotator
+	verifier  TokenVerifier
 
 	userSignIn SignIner
 
@@ -46,7 +46,7 @@ func (c *ConnnectRessource) Router() *chi.Mux {
 	r.Post("/authorize", c.authorize)
 
 	r.Group(func(ri chi.Router) {
-		ri.Use(jwtauth.Authenticator)
+		ri.Use(jwtauth.Authenticator(c.tokenAuth))
 		//logout literally means `log out from all devices`
 		ri.Post("/logout", c.logout)
 		ri.Get("/userinfo", c.userinfo)
@@ -374,13 +374,15 @@ func validateRequiredField(field string, name string, w http.ResponseWriter,
 }
 
 func NewConnnectRessource(logger *zap.Logger,
+	tokenAuth *jwtauth.JWTAuth,
 	issuer TokenIssuer,
 	rotator TokenRotator,
 	userSignIn SignIner,
 	authService Authorizer,
 	appService ApplicationToClientIDMapper,
 	verifier TokenVerifier) *ConnnectRessource {
 	return &ConnnectRessource{logger: logger,
+		tokenAuth:  tokenAuth,
 		issuer:     issuer,
 		userSignIn: userSignIn,
 		rotator:    rotator,

api/app/management/manage.go

@@ -18,8 +18,9 @@ import (
 
 // ManagementRessource habours the headless admin endpoints
 type ManagementRessource struct {
-	log *zap.Logger
-	cfg config.Configuration
+	log       *zap.Logger
+	cfg       config.Configuration
+	tokenAuth *jwtauth.JWTAuth
 
 	userService   UserService
 	authService   AuthorizationService
@@ -54,7 +55,7 @@ func (m *ManagementRessource) Router() *chi.Mux {
 	})
 
 	r.Group(func(gr chi.Router) {
-		gr.Use(jwtauth.Authenticator)
+		gr.Use(jwtauth.Authenticator(m.tokenAuth))
 		gr.Use(adminOnlyMiddleWare(!m.cfg.JWT.NoRolesClaim, m.userService))
 		gr.Route("/applications", func(r chi.Router) {
 			r.With(pageinate).Get("/", m.listApplications)
@@ -125,13 +126,15 @@ type roleChecker interface {
 
 func NewManagementRessource(logger *zap.Logger,
 	cfg config.Configuration,
+	tokenAuth *jwtauth.JWTAuth,
 	userService UserService,
 	appService ApplicationService,
 	authService AuthorizationService,
 	roleService Lister,
 	inviteService Lister) *ManagementRessource {
 	return &ManagementRessource{
 		log:           logger,
+		tokenAuth:     tokenAuth,
 		cfg:           cfg,
 		userService:   userService,
 		authService:   authService,

api/app/netlify/netlify.go

@@ -17,7 +17,8 @@ import (
 const NetlifyClientID = "netlify-gotrue"
 
 type NetlifyRessource struct {
-	logger *zap.Logger
+	logger    *zap.Logger
+	tokenAuth *jwtauth.JWTAuth
 	//nelitfy ressource just wraps the underlying connect ressource
 	uc      *connect.ConnnectRessource
 	rotator *tokens.TokenRotator
@@ -37,7 +38,7 @@ func (n *NetlifyRessource) Router() *chi.Mux {
 	//this is the miniaml subset required for git-gateway and netlifycms
 	r.Post("/token", n.token)
 	r.Group(func(gr chi.Router) {
-		gr.Use(jwtauth.Authenticator)
+		gr.Use(jwtauth.Authenticator(n.tokenAuth))
 		gr.Get("/user", n.user)
 		gr.Post("/logout", n.logout)
 	})
@@ -242,10 +243,11 @@ func (*NetlifyRessource) settings(w http.ResponseWriter, r *http.Request) {
 
 func NewNetlifyRessource(
 	logger *zap.Logger,
+	tokenAuth *jwtauth.JWTAuth,
 	c *connect.ConnnectRessource,
 	rotator *tokens.TokenRotator,
 ) *NetlifyRessource {
-	return &NetlifyRessource{logger: logger, uc: c, rotator: rotator}
+	return &NetlifyRessource{logger: logger, tokenAuth: tokenAuth, uc: c, rotator: rotator}
 }
 
 type userInfoResponse struct {

config/configuration.go

@@ -19,7 +19,7 @@ type ServerConfiguration struct {
 
 // SMTPConfiguration contains the email settings
 type SMTPConfiguration struct {
-	Enabled  bool
+	Enable   bool
 	Host     string
 	Port     int
 	Username string

go.mod

@@ -1,91 +1,92 @@
 module github.com/eisenwinter/gotrxx
 
-go 1.19
+go 1.23
 
 require (
-	github.com/Masterminds/squirrel v1.5.3
-	github.com/adlio/schema v1.3.3
-	github.com/eisenwinter/fiql-sql-adapter v0.0.0-20221112174740-2b944181c580
-	github.com/go-chi/chi/v5 v5.0.8
+	github.com/Masterminds/squirrel v1.5.4
+	github.com/adlio/schema v1.3.6
+	github.com/eisenwinter/fiql-sql-adapter v0.0.5
+	github.com/go-chi/chi/v5 v5.1.0
 	github.com/go-chi/cors v1.2.1
-	github.com/go-chi/jwtauth/v5 v5.1.0
-	github.com/go-chi/render v1.0.2
+	github.com/go-chi/jwtauth/v5 v5.3.1
+	github.com/go-chi/render v1.0.3
 	github.com/go-mail/mail v2.3.1+incompatible
 	github.com/google/safehtml v0.1.0
-	github.com/google/uuid v1.3.0
-	github.com/gorilla/csrf v1.7.1
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/csrf v1.7.2
 	github.com/jackc/pgx v3.6.2+incompatible
-	github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba
+	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
 	github.com/jeremywohl/flatten/v2 v2.0.0-20211013061545-07e4a09fb8e4
-	github.com/jmoiron/sqlx v1.3.5
+	github.com/jmoiron/sqlx v1.4.0
 	github.com/joho/godotenv v1.5.1
-	github.com/lestrrat-go/jwx/v2 v2.0.11
-	github.com/mattn/go-sqlite3 v1.14.16
+	github.com/lestrrat-go/jwx/v2 v2.1.3
+	github.com/mattn/go-sqlite3 v1.14.24
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/spf13/cobra v1.6.1
-	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.4
+	github.com/spf13/cobra v1.8.1
+	github.com/spf13/viper v1.19.0
+	github.com/stretchr/testify v1.9.0
 	github.com/xlzd/gotp v0.1.0
-	go.uber.org/zap v1.24.0
-	golang.org/x/crypto v0.9.0
-	golang.org/x/term v0.8.0
-	golang.org/x/text v0.9.0
+	go.uber.org/zap v1.27.0
+	golang.org/x/crypto v0.29.0
+	golang.org/x/term v0.26.0
+	golang.org/x/text v0.20.0
 )
 
 require (
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/ajg/form v1.5.1 // indirect
-	github.com/benbjohnson/clock v1.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/eisenwinter/fiql-parser v0.1.1 // indirect
 	github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect
-	github.com/lestrrat-go/httprc v1.0.4 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/rogpeppe/go-internal v1.9.0 // indirect
+	github.com/lestrrat-go/httprc v1.0.6 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/sagikazarmark/locafero v0.6.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
 require (
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-sql-driver/mysql v1.7.0
-	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/go-sql-driver/mysql v1.8.1
+	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.14.0 // indirect
+	github.com/jackc/pgconn v1.14.3 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.3.2 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/pgtype v1.14.0 // indirect
-	github.com/jackc/pgx/v4 v4.18.1
+	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
+	github.com/jackc/pgtype v1.14.4 // indirect
+	github.com/jackc/pgx/v4 v4.18.3
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.1 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect; indirectndirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/multierr v1.10.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/mail.v2 v2.3.1 // indirect