null

_LYB-24

Should be done after LYB-9, and is a convenience config for OAuth2.

_{From SyncLinear.com | LYB-10}

allow a proxy to handle authentication, and trust configurable headers for Username, Email, Groups, Roles.

_{From SyncLinear.com | LYB-12}

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Errored

These updates encountered an error and will be retried. Click on a checkbox below to force a retry now.

• Update module github.com/go-chi/chi to v5

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update module github.com/knadh/koanf to v2

Detected dependencies

gomod

go.mod

• go 1.21.4
• github.com/go-chi/chi v1.5.5
• github.com/go-chi/render v1.0.3
• github.com/gookit/validate v1.5.1
• github.com/knadh/koanf v1.5.0
• github.com/mpalmer/gorm-zerolog v0.1.0
• github.com/prometheus/client_golang v1.17.0
• github.com/rs/zerolog v1.31.0
• github.com/segmentio/ksuid v1.0.4
• github.com/spf13/cobra v1.8.0
• github.com/spf13/pflag v1.0.5
• github.com/stretchr/testify v1.8.4
• github.com/swaggo/http-swagger/v2 v2.0.2
• github.com/swaggo/swag v1.16.2
• github.com/tj/assert v0.0.3
• gorm.io/driver/sqlite v1.5.4
• gorm.io/gorm v1.25.5

---

• Check this box to trigger a request for Renovate to run again on this repository

JWT Middleware should look for a JWT on each request, either via Cookie or Header. If the JWT is found, resolve it to a user, and write the claims & token to the Context object in the web request. If a JWT is NOT found, redirect to the configured login mechanism.

Not Included:

• Handling Claim creation. For now, create a single static claim to create plumbing. Actual Claims will be handled in an Authorization task.

_{From SyncLinear.com | LYB-7}

To Create and Test the JWT Creation Flow, start with a "StaticAuth" class, which will eventually be deleted, or hidden behind a "dev-mode" flag. StaticAuth accepts a plaintext user & password.

Success Criteria:

• A User can be authenticated via a static login endpoint.
• On Login, a JWT is generated.
• JWT is set as a cookie in the response
• JWT is returned in the body of the response.

Stretch:

• Consider how the claims should be handled by the client. Should they be read directly from the decoded JWT? or should the server offload this, and write them to the response?

_{From SyncLinear.com | LYB-6}

Success Criteria:

• GORM can log Queries & Log Lines to the general Zerolog Logger
• Query Logging can be configured via it's own configuration value.

_{From SyncLinear.com | LYB-1}

Authentication will happen via "AuthProviders", which are able to handle login events. Logging in should create a JWT, and a middleware should handle populating the User object & their claims to the context from the JWT.

Example here:
https://github.com/rtrox/spotify-sentry/tree/main/internal/auth

auth middleware, though, should end up in the middleware package.

_{From SyncLinear.com | LYB-5}

This provider has Lybbr.io acting as the source of truth for users. creation/update/deletion endpoints will be needed for users, as well as password handling, including encryption (bcrypt unless there is something newer to user).

_{From SyncLinear.com | LYB-13}

Right now, we're using WithContext in each handler — this is super error prone, as it's easy to miss a call site. Move context to be a required parameter in the Store methods directly to prevent this bug.

_{From SyncLinear.com | LYB-27}

Success Criteria:

Users can be authenticated via OAuth2. If an authenticated OAuth2 request does not resolve to an existing user, a user should be created automatically. the OAuth2 provider will be expected to handle limiting authentication to specific users if needed.

Out of Scope:

• Group / Role authorization. This will be handled in a later ticket.

_{From SyncLinear.com | LYB-9}

To be filled out with tasks as we get closer. This epic covers creating lybbrio role types or action types, encapsulating these roles/actions in JWT Claims, and sourcing those roles/actions from providers.

_{From SyncLinear.com | LYB-14}

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: .github/renovate.json5
Error type: Invalid JSON5 (parsing failed)
Message: JSON5.parse error: JSON5: invalid character '\"' at 33:3

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update docker/metadata-action digest to a64d048
• fix(deps): update module github.com/knadh/koanf/v2 to v2.1.1
• fix(deps): update module github.com/spf13/cobra to v1.8.1
• fix(deps): update module github.com/vektah/gqlparser/v2 to v2.5.16
• fix(deps): update module gorm.io/gorm to v1.25.11
• fix(deps): update module entgo.io/contrib to v0.5.0
• fix(deps): update module github.com/jackc/pgx/v5 to v5.6.0
• fix(deps): update module github.com/rs/zerolog to v1.33.0
• fix(deps): update module golang.org/x/crypto to v0.25.0
• chore(deps): update docker/build-push-action action to v6
• chore(deps): update golangci/golangci-lint-action action to v6
• chore(deps): update goreleaser/goreleaser-action action to v6
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update module github.com/99designs/gqlgen to v0.17.49
• fix(deps): update module github.com/golang-jwt/jwt/v5 to v5.2.1
• fix(deps): update module gorm.io/driver/sqlite to v1.5.6
• fix(deps): update module entgo.io/ent to v0.13.1
• fix(deps): update module github.com/go-chi/chi/v5 to v5.1.0
• fix(deps): update module github.com/go-playground/validator/v10 to v10.22.0
• fix(deps): update module github.com/prometheus/client_golang to v1.19.1
• fix(deps): update module github.com/stretchr/testify to v1.9.0
• fix(deps): update module golang.org/x/net to v0.27.0
• chore(deps): update dorny/paths-filter action to v3
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

dockerfile

Dockerfile

• golang 1.22-alpine

github-actions

.github/workflows/docker-image.yaml

• actions/checkout v4
• docker/metadata-action v5
• docker/setup-qemu-action v3
• docker/setup-buildx-action v3
• docker/login-action v3
• docker/build-push-action v5
• actions/upload-artifact v4
• actions/download-artifact v4
• docker/setup-buildx-action v3
• docker/login-action v3
• docker/metadata-action 232fc64e3a4e54539e087c5976439ea54be0959d

.github/workflows/on-tag.yaml

• actions/checkout v4
• rickstaa/action-contains-tag v1
• actions/checkout v4
• actions/setup-go v5
• goreleaser/goreleaser-action v5

.github/workflows/tests.yaml

• actions/checkout v4
• dorny/paths-filter v2
• actions/checkout v4
• actions/setup-python v5
• pre-commit/action v3.0.1
• actions/checkout v4
• actions/setup-go v5
• actions/setup-go v5
• golangci/golangci-lint-action v3
• actions/checkout v4
• dorny/paths-filter v2
• actions/setup-go v5

gomod

go.mod

• go 1.21
• entgo.io/contrib v0.4.5
• entgo.io/ent v0.12.5
• github.com/99designs/gqlgen v0.17.43
• github.com/go-chi/chi/v5 v5.0.11
• github.com/go-chi/render v1.0.3
• github.com/go-playground/validator/v10 v10.17.0
• github.com/golang-jwt/jwt/v5 v5.2.0
• github.com/google/uuid v1.6.0
• github.com/hashicorp/go-multierror v1.1.1
• github.com/jackc/pgx/v5 v5.5.5
• github.com/knadh/koanf/providers/confmap v0.1.0
• github.com/knadh/koanf/providers/env v0.1.0
• github.com/knadh/koanf/providers/posflag v0.1.0
• github.com/knadh/koanf/v2 v2.1.0
• github.com/magefile/mage v1.15.0
• github.com/mattn/go-sqlite3 v1.14.22
• github.com/mpalmer/gorm-zerolog v0.1.0
• github.com/prometheus/client_golang v1.18.0
• github.com/rs/zerolog v1.32.0
• github.com/segmentio/ksuid v1.0.4
• github.com/spf13/cobra v1.8.0
• github.com/spf13/pflag v1.0.5
• github.com/stretchr/testify v1.8.4
• github.com/tj/assert v0.0.3
• github.com/vektah/gqlparser/v2 v2.5.11
• golang.org/x/crypto v0.21.0
• golang.org/x/net v0.21.0
• gorm.io/driver/sqlite v1.5.4
• gorm.io/gorm v1.25.7

---

• Check this box to trigger a request for Renovate to run again on this repository

render.Render returns an error, which we're currently not checking. Fix it.

_{From SyncLinear.com | LYB-21}

#10

This is obviously going to need some work to migrate to new APIs/Methods.

_{From SyncLinear.com | LYB-23}

Requests to /api/* which error should return JSONified errors. This should be handled at the router level to ensure missing routes and other higher-order errors are JSONified. This should be confined to /api/* to ensure web routes can have pretty error pages.

_{From SyncLinear.com | LYB-20}

Same as LYB-10, Convenience config wrapper for Oauth2.

_{From SyncLinear.com | LYB-11}

Create a mechanism for creating & storing API Keys for users. These API Keys should be encrypted at rest, but retrievable by the user. API Keys are resolved to users, and JWTs Generated.

_{From SyncLinear.com | LYB-8}