tinyauthapp · steveiliop56 · Aug 29, 2025 · Aug 26, 2025 · Aug 27, 2025 · Aug 27, 2025
diff --git a/.env.example b/.env.example
@@ -1,7 +1,5 @@
 PORT=3000
 ADDRESS=0.0.0.0
-SECRET=app_secret
-SECRET_FILE=app_secret_file
 APP_URL=http://localhost:3000
 USERS=your_user_password_hash
 USERS_FILE=users_file
@@ -30,4 +28,6 @@ APP_TITLE=Tinyauth SSO
 FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
 OAUTH_AUTO_REDIRECT=none
 BACKGROUND_IMAGE=some_image_url
-GENERIC_SKIP_SSL=false
+GENERIC_SKIP_SSL=false
+RESOURCES_DIR=/data/resources
+DATABASE_PATH=/data/tinyauth.db
diff --git a/Dockerfile b/Dockerfile
@@ -51,4 +51,6 @@ COPY --from=builder /tinyauth/tinyauth ./
 
 EXPOSE 3000
 
+VOLUME ["/data"]
+
 ENTRYPOINT ["./tinyauth"]
diff --git a/cmd/root.go b/cmd/root.go
@@ -28,7 +28,6 @@ var rootCmd = &cobra.Command{
 		}
 
 		// Check if secrets have a file associated with them
-		conf.Secret = utils.GetSecret(conf.Secret, conf.SecretFile)
 		conf.GithubClientSecret = utils.GetSecret(conf.GithubClientSecret, conf.GithubClientSecretFile)
 		conf.GoogleClientSecret = utils.GetSecret(conf.GoogleClientSecret, conf.GoogleClientSecretFile)
 		conf.GenericClientSecret = utils.GetSecret(conf.GenericClientSecret, conf.GenericClientSecretFile)
@@ -77,8 +76,6 @@ func init() {
 	}{
 		{"port", 3000, "Port to run the server on."},
 		{"address", "0.0.0.0", "Address to bind the server to."},
-		{"secret", "", "Secret to use for the cookie."},
-		{"secret-file", "", "Path to a file containing the secret."},
 		{"app-url", "", "The Tinyauth URL."},
 		{"users", "", "Comma separated list of users in the format username:hash."},
 		{"users-file", "", "Path to a file containing users in the format username:hash."},
@@ -115,6 +112,7 @@ func init() {
 		{"ldap-insecure", false, "Skip certificate verification for the LDAP server."},
 		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
 		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
+		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
 	}
 
 	for _, opt := range configOptions {

diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -40,6 +40,7 @@ services:
       - ./cmd:/tinyauth/cmd
       - ./main.go:/tinyauth/main.go
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./data:/data
     ports:
       - 3000:3000
       - 4000:4000

diff --git a/docker-compose.example.yml b/docker-compose.example.yml
@@ -20,9 +20,10 @@ services:
     container_name: tinyauth
     image: ghcr.io/steveiliop56/tinyauth:v3
     environment:
-      - SECRET=some-random-32-chars-string
       - APP_URL=https://tinyauth.example.com
       - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
+    volumes:
+      - ./data:/data
     labels:
       traefik.enable: true
       traefik.http.routers.tinyauth.rule: Host(`tinyauth.example.com`)

diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/cenkalti/backoff/v5 v5.0.3
 	github.com/gin-gonic/gin v1.10.1
 	github.com/go-playground/validator/v10 v10.27.0
+	github.com/golang-migrate/migrate/v4 v4.18.3
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
@@ -14,6 +15,9 @@ require (
 	github.com/spf13/viper v1.20.1
 	github.com/traefik/paerser v0.2.2
 	golang.org/x/crypto v0.41.0
+	gorm.io/driver/sqlite v1.6.0
+	gorm.io/gorm v1.30.1
+	modernc.org/sqlite v1.38.2
 )
 
 require (
@@ -23,22 +27,34 @@ require (
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/glebarez/go-sqlite v1.21.2 // indirect
+	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
+	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
 	golang.org/x/term v0.34.0 // indirect
 	gotest.tools/v3 v3.5.2 // indirect
+	modernc.org/libc v1.66.3 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.11.0 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
 
 require (
-	github.com/Microsoft/go-winio v0.4.14 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/boombuler/barcode v1.0.2 // indirect
Original file line number	Diff line number	Diff line change
Expand Up		@@ -51,4 +51,6 @@ COPY --from=builder /tinyauth/tinyauth ./

		EXPOSE 3000

		VOLUME ["/data"]

		ENTRYPOINT ["./tinyauth"]