1b72b0b5ad
Fix critical/severe issues in init, startup and shutdown
...
- auth: do not abort the server when authentication is disabled. auth.Init
is now always called; with disable-authentication it sets up an ephemeral
session store (SESSION_KEY not required) and registers no authenticators,
so the unconditional auth.GetAuthInstance() callers (server init,
api.New()) always get a valid instance.
- main: run the graceful-shutdown sequence on the startup-error path. runServer
derives a cancelable context and, on a server-start failure, cancels it and
waits so the metricstore final checkpoint / WAL rotation, archiver flush and
taskmanager shutdown actually run before exit.
- server: log the :80 HTTP->HTTPS redirect listener error instead of dropping it.
- archiver: guard Shutdown against being called when Start never ran
(avoids close(nil) panic / blocking on a nil workerDone).
- nats API: stop worker goroutines on shutdown via a stop channel + idempotent
Shutdown(); workers and subscription callbacks select on stop and the
channels are never closed, so no send-on-closed-channel can occur. Wired
into Server.Shutdown after the NATS client is closed.
- metricstore: make Shutdown idempotent (nil shutdownFunc, early return) and
release shutdownFuncMu before the checkpoint write.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
Entire-Checkpoint: 3c179f9caa8f
2026-06-05 10:16:28 +02:00
6f7e262f3f
Fix issues after security audit
...
Entire-Checkpoint: bc18358a9343
2026-06-04 18:33:30 +02:00
82c514b11a
Ease samesite cookie settings
...
Entire-Checkpoint: 2fe286e23a4a
2026-03-30 16:10:15 +02:00
6ebc9e88fa
Add more context information to auth failed log
...
Entire-Checkpoint: 2187cd89cb78
2026-03-18 06:56:01 +01:00
Christoph Kluge
348b6010e8
fix typo preventing template condition to work
2026-02-26 15:09:01 +01:00
8d6c6b819b
Update and port to cc-lib
2026-02-11 07:06:06 +01:00
fd9b76c6a7
Security hardening of ldap and oicd auth implementations
2026-02-09 09:12:06 +01:00
Michael Panzlaff
05abea87e7
Do not warn about unencrypted auth when encrypted revsere proxy is used
2026-01-22 14:06:34 +01:00
Michael Panzlaff
489ad44b9f
Make apiAllowedIPs optional
...
If our test and production instance just use *, one might as well make
that the default value. This should ease configuration for minimal
setups.
2026-01-15 16:08:29 +01:00
2ebab1e2e2
Reformat with gofumpt
2026-01-13 09:50:57 +01:00
8576ae458d
Switch to cc-lib v2
2025-12-24 09:24:18 +01:00
340efd7926
Refactor auth package
...
Fix security issues
Remove redundant code
Add documentation
Add units tests
2025-11-19 16:54:01 +01:00
d40c54b802
Refactor
2025-09-28 08:24:41 +02:00
4fc78bc382
Refactor variable namings and doc comments
2025-09-27 09:27:36 +02:00
Jan Eitzinger
df0e8eb228
Merge branch 'dev' into metricstore
2025-09-10 09:14:50 +02:00
Aditya Ujeniya
62565b9ae2
Combined metricstore api and functions
2025-09-08 11:29:27 +02:00
Christoph Kluge
2a91ca0cff
Merge branch 'dev' into rework_status_view
2025-08-13 14:29:19 +02:00
Christoph Kluge
bef832e45b
Build new statusDash, refine newRoofline data render
2025-08-07 16:10:11 +02:00
0754ba5292
Port configuration to ccConfig scheme
...
Decentralize config validation
Modularize configuration handling
2025-07-07 13:09:12 +02:00
639e1b9c6d
Port to cc-lib. Extend legal header.
2025-06-30 12:06:35 +02:00
f06b5f8fc0
Refactor
2025-05-16 17:37:36 +02:00
brinkcoder
61f0521072
fix: correct logging variable from err to ipErr in AuthApi
2025-04-25 22:37:16 +02:00
Christoph Kluge
1755a4a7df
remove separate userapiallowedips config and check
2025-04-14 11:58:42 +02:00
Christoph Kluge
fb6a4c3b87
review and move api endpoints secured check
2025-04-09 16:00:27 +02:00
exterr2f
7a61bae471
clarify error message for blocked user
2025-02-17 09:17:27 +01:00
exterr2f
e1b992526e
Improve rate limiting to combination of IP and username
2025-02-14 20:20:42 +01:00
exterr2f
b6b37ee68b
Add Rate Limiting based on IP and username
2025-02-14 12:41:28 +01:00
exterr2f
43cb1f1bff
Fix SessionMaxAge condition to correctly apply valid values
2025-02-14 11:44:46 +01:00
Christoph Kluge
e2efe71b33
Merge branch 'dev' of https://github.com/ClusterCockpit/cc-backend into dev
2024-11-28 15:18:14 +01:00
Christoph Kluge
2aef6ed9c0
fix: oversight error on redirect target
2024-11-28 15:18:07 +01:00
01b1136316
Fix Cookie settings, upgrade packages
2024-11-28 14:58:33 +01:00
Christoph Kluge
38ce40ae7d
feat: redirect to requested page after login, solves #281
2024-11-26 16:21:16 +01:00
Christoph Kluge
01102cb9b0
feat: add updateUserOnLogin config option for oidc, jwt
2024-10-23 16:17:47 +02:00
Christoph Kluge
1b5f4bff2c
feat: SyncUserOnLogin now updates name of token logged user
2024-09-09 10:32:26 +02:00
801607fc16
Refactor main
...
Convert components to Singletons
Restructure main package
Reduce dependencies
2024-07-16 12:08:10 +02:00
Christoph Kluge
3afe40083d
rename api userconfig to frontend, return json on api auth error
2024-07-05 11:48:06 +02:00
Christoph Kluge
1072d7b449
Improve auth handling of rest apis used in frontend for compatibility
2024-07-04 11:16:45 +02:00
Christoph Kluge
61eebc9fbd
Rework initial commit
...
- moved frontend configuration api to new subrouter for compatibility
2024-07-03 17:24:26 +02:00
fb8bbea99d
Remove year in copyright notice
2024-04-11 23:04:30 +02:00
6828c97415
Add central function to persist users on Login
2024-03-28 14:22:23 +01:00
e8fb5a0030
Add OpenID Connect authentication
...
Fixes #236
Template conditional not yet working
Needs more testing
2024-03-28 12:01:13 +01:00
f761900a3e
Add initial code for oidc authentication support
2024-03-13 09:37:12 +01:00
ebcae32e23
Update docs and cleanup
2023-08-18 15:56:11 +02:00
3028f60807
Reformat and add debug output
2023-08-18 11:59:16 +02:00
da551a0bb4
Repair broken error handlng
2023-08-18 11:00:13 +02:00
32b0c8bdd7
Refactor and cleanup Auth configuration
2023-08-18 10:43:06 +02:00
cfcf939339
Add config to jwt again
2023-08-18 08:57:56 +02:00
d51be5c308
Formatting and minor fixes
2023-08-18 08:49:25 +02:00
29552fadc3
Cleanup SyncOnLogin Handling
2023-08-17 14:02:04 +02:00
15231bc683
Cleanup and adapt to new structure
2023-08-17 12:34:30 +02:00
