Skip to content

feat: add support for oauth whitelist file (#817)#826

Open
djedditt wants to merge 1 commit intotinyauthapp:mainfrom
djedditt:feat/oauth-whitelist-file
Open

feat: add support for oauth whitelist file (#817)#826
djedditt wants to merge 1 commit intotinyauthapp:mainfrom
djedditt:feat/oauth-whitelist-file

Conversation

@djedditt
Copy link
Copy Markdown

@djedditt djedditt commented Apr 29, 2026
edited by coderabbitai Bot
Loading

Fixes #817.

Added TINYAUTH_OAUTH_WHITELISTFILE support for loading whitelist entries from a file, merged with the existing inline whitelist config. This follows the same pattern as auth users/usersfile. Extracted shared inline/file parsing into reusable string utils.

Summary by CodeRabbit

Release Notes

  • New Features
    • OAuth domain whitelist can now be loaded from an external file path, providing a flexible alternative to inline configuration for easier management and updates of authorized OAuth domains.

@dosubot dosubot Bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Apr 29, 2026
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 29, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This change introduces file-based OAuth whitelist support, enabling whitelists to be loaded from a filesystem path (TINYAUTH_OAUTH_WHITELISTFILE) as an alternative to inline comma-separated values. A new utility function consolidates values from both sources during bootstrap initialization, and the auth service consumes the consolidated result from application context.

Changes

Cohort / File(s) Summary
Configuration & Utilities
internal/config/config.go, internal/utils/string_utils.go, internal/utils/string_utils_test.go		 Added WhitelistFile field to OAuthConfig struct. Introduced ParseNonEmptyLines and GetStringList utility functions to parse multi-line text and merge inline config values with file-based entries; includes comprehensive test coverage.
Bootstrap Integration
internal/bootstrap/app_bootstrap.go, internal/bootstrap/service_bootstrap.go		 Modified app bootstrap to load consolidated OAuth whitelist during Setup via GetStringList, storing result in context. Updated service bootstrap to consume whitelist from context instead of raw config.
Refactoring
internal/utils/user_utils.go		 Simplified GetUsers to delegate string aggregation and file handling to the new GetStringList utility, reducing manual parsing logic.
Documentation
.env.example		 Added environment variable documentation for TINYAUTH_OAUTH_WHITELISTFILE.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 OAuth whitelists now take flight,
From files instead of comma-delimited sight!
No more string truncation woes and pain,
Configuration's hopping down a cleaner lane.
Parse those lines, trim that space—
Bootstrap loads with newfound grace! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding support for OAuth whitelist file configuration, matching the PR's core objective.
Linked Issues check ✅ Passed The PR successfully implements the requested OAuth whitelist file support following the USERS/USERSFILE pattern, reading from file or inline config.
Out of Scope Changes check ✅ Passed All changes are in scope: new config field, utility functions for parsing, OAuth whitelist file loading, and refactored user utilities to use shared helpers.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Review rate limit: 2/3 reviews remaining, refill in 20 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
internal/utils/string_utils_test.go (1)

4-4: Harden temp-file test setup to avoid collisions and OS-specific assertions.

Line 69 and Line 87 use fixed /tmp/... paths, and Line 88 asserts an OS-specific error string. Prefer t.TempDir() + errors.Is(err, os.ErrNotExist) for stable tests.

Proposed test hardening diff 
 import (
+	"errors"
 	"os"
+	"path/filepath"
 	"testing"
@@
 func TestGetStringList(t *testing.T) {
-	file, err := os.Create("/tmp/tinyauth_list_test_file")
-	assert.NilError(t, err)
-
-	_, err = file.WriteString(" third@example.com \n\n fourth@example.com \n")
-	assert.NilError(t, err)
-
-	err = file.Close()
-	assert.NilError(t, err)
-	defer os.Remove("/tmp/tinyauth_list_test_file")
+	tmpDir := t.TempDir()
+	filePath := filepath.Join(tmpDir, "tinyauth_list_test_file")
+	err := os.WriteFile(filePath, []byte(" third@example.com \n\n fourth@example.com \n"), 0o600)
+	assert.NilError(t, err)
 
-	values, err := utils.GetStringList([]string{" first@example.com ", "", "second@example.com"}, "/tmp/tinyauth_list_test_file")
+	values, err := utils.GetStringList([]string{" first@example.com ", "", "second@example.com"}, filePath)
 	assert.NilError(t, err)
 	assert.DeepEqual(t, []string{"first@example.com", "second@example.com", "third@example.com", "fourth@example.com"}, values)
@@
-	values, err = utils.GetStringList(nil, "/tmp/non_existing_list_file")
-	assert.ErrorContains(t, err, "no such file or directory")
+	values, err = utils.GetStringList(nil, filepath.Join(tmpDir, "non_existing_list_file"))
+	assert.Assert(t, errors.Is(err, os.ErrNotExist))
 	assert.DeepEqual(t, []string{}, values)
 }

Also applies to: 69-90

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@internal/utils/string_utils_test.go` at line 4, Tests in
internal/utils/string_utils_test.go use hard-coded /tmp/... paths and assert
OS-specific error text; update the failing test setup to use t.TempDir() to
create unique temp directories and files, construct expected paths relative to
that temp dir instead of using fixed /tmp paths, and replace string equality on
the error with errors.Is(err, os.ErrNotExist) (importing "errors" and "os" as
needed). Locate the test function(s) that reference the fixed paths and the
error assertion (search for the hard-coded "/tmp/" literals and the assertion
comparing err.Error()) and modify them to use t.TempDir(), build paths with
filepath.Join, and use errors.Is for the non-existence check.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@internal/utils/string_utils_test.go`:
- Line 4: Tests in internal/utils/string_utils_test.go use hard-coded /tmp/...
paths and assert OS-specific error text; update the failing test setup to use
t.TempDir() to create unique temp directories and files, construct expected
paths relative to that temp dir instead of using fixed /tmp paths, and replace
string equality on the error with errors.Is(err, os.ErrNotExist) (importing
"errors" and "os" as needed). Locate the test function(s) that reference the
fixed paths and the error assertion (search for the hard-coded "/tmp/" literals
and the assertion comparing err.Error()) and modify them to use t.TempDir(),
build paths with filepath.Join, and use errors.Is for the non-existence check.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b5b80f72-6e46-43a7-abcc-42c066793a67

📥 Commits

Reviewing files that changed from the base of the PR and between d51e3ef and 6b5a6bd.

📒 Files selected for processing (7)
  • .env.example
  • internal/bootstrap/app_bootstrap.go
  • internal/bootstrap/service_bootstrap.go
  • internal/config/config.go
  • internal/utils/string_utils.go
  • internal/utils/string_utils_test.go
  • internal/utils/user_utils.go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] add OAUTH_WHITELISTFILE support (file-based alternative to OAUTH_WHITELIST env var)

1 participant

@djedditt