refactor: use binary and randomize credentials in tinyauth (#4632)

Author: steveiliop56

ct/alpine-tinyauth.sh

@@ -1,15 +1,15 @@
 #!/usr/bin/env bash
 source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2025 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
+# Author: Slaviša Arežina (tremor021) | Co-Author: Stavros (steveiliop56)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/steveiliop56/tinyauth
 
-APP="Alpine-tinyauth"
+APP="Alpine-Tinyauth"
 var_tags="${var_tags:-alpine;auth}"
 var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-3}"
+var_ram="${var_ram:-256}"
+var_disk="${var_disk:-2}"
 var_os="${var_os:-alpine}"
 var_version="${var_version:-3.21}"
 var_unprivileged="${var_unprivileged:-1}"
@@ -25,34 +25,23 @@ function update_script() {
     exit 1
   fi
 
-  msg_info "Updating Alpine Packages"
+  msg_info "Updating packages"
   $STD apk -U upgrade
-  msg_ok "Updated Alpine Packages"
+  msg_ok "Updated packages"
 
-  msg_info "Updating tinyauth"
+  msg_info "Updating Tinyauth"
   RELEASE=$(curl -s https://api.github.com/repos/steveiliop56/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+  
   if [ "${RELEASE}" != "$(cat /opt/tinyauth_version.txt)" ] || [ ! -f /opt/tinyauth_version.txt ]; then
     $STD service tinyauth stop
-    temp_file=$(mktemp)
-    cp /opt/tinyauth/.env /opt
-    rm -rf /opt/tinyauth
-    mkdir -p /opt/tinyauth
-    curl -fsSL "https://github.com/steveiliop56/tinyauth/archive/refs/tags/v${RELEASE}.tar.gz" -o "$temp_file"
-    tar -xzf "$temp_file" -C /opt/tinyauth --strip-components=1
-    cd /opt/tinyauth/frontend
-    $STD bun install
-    $STD bun run build
-    mv dist /opt/tinyauth/internal/assets/
-    cd /opt/tinyauth
-    $STD go mod download
-    CGO_ENABLED=0 go build -ldflags "-s -w"
-    cp /opt/.env /opt/tinyauth
-    echo "${RELEASE}" >/opt/tinyauth_version.txt
-    rm -f "$temp_file"
-    msg_info "Restarting tinyauth"
+    rm -f /opt/tinyauth/tinyauth
+    curl -fsSL "https://github.com/steveiliop56/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
+    chmod +x /opt/tinyauth/tinyauth
+    echo "${RELEASE}" > /opt/tinyauth_version.txt
+    msg_info "Restarting Tinyauth"
     $STD service tinyauth start
-    msg_ok "Restarted tinyauth"
-    msg_ok "Updated tinyauth"
+    msg_ok "Restarted Tinyauth"
+    msg_ok "Updated Tinyauth"
   else
     msg_ok "No update required. ${APP} is already at ${RELEASE}"
   fi

frontend/public/json/alpine-tinyauth.json

@@ -1,5 +1,5 @@
 {
-  "name": "Alpine-tinyauth",
+  "name": "Alpine-Tinyauth",
   "slug": "alpine-tinyauth",
   "categories": [
     6
@@ -9,19 +9,19 @@
   "updateable": true,
   "privileged": false,
   "interface_port": 3000,
-  "documentation": "https://tinyauth.app/docs/getting-started.html",
-  "website": "https://tinyauth.app/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/tinyauth.webp",
+  "documentation": "https://tinyauth.app",
   "config_path": "/opt/tinyauth/.env",
-  "description": "Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic provider to all of your docker apps. It is designed for traefik but it can be extended to work with all reverse proxies like caddy and nginx.",
+  "website": "https://tinyauth.app",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/tinyauth.webp",
+  "description": "Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic provider to all of your docker apps.",
   "install_methods": [
     {
       "type": "default",
       "script": "ct/alpine-tinyauth.sh",
       "resources": {
         "cpu": 1,
         "ram": 256,
-        "hdd": 3,
+        "hdd": 2,
         "os": "alpine",
         "version": "3.21"
       }
@@ -32,7 +32,7 @@
       "resources": {
         "cpu": 1,
         "ram": 256,
-        "hdd": 3,
+        "hdd": 2,
         "os": "alpine",
         "version": "3.21"
       }
@@ -44,8 +44,8 @@
   },
   "notes": [
     {
-      "type": "info",
-      "text": "`cat ~/tinyauth.creds` to view login credentials"
+      "text": "The default credentials are located in `/opt/tinyauth/credentials.txt`.",
+      "type": "info"
     }
   ]
 }

install/alpine-tinyauth-install.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # Copyright (c) 2021-2025 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
+# Author: Slaviša Arežina (tremor021) | Co-Author: Stavros (steveiliop56)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/steveiliop56/tinyauth
 
@@ -14,44 +14,44 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apk add --no-cache \
-  npm \
-  go
+$STD apk add --no-cache curl openssl apache2-utils
 msg_ok "Installed Dependencies"
 
-msg_info "Installing tinyauth"
-temp_file=$(mktemp)
-$STD npm install -g bun
+msg_info "Installing Tinyauth"
 mkdir -p /opt/tinyauth
+
 RELEASE=$(curl -s https://api.github.com/repos/steveiliop56/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-curl -fsSL "https://github.com/steveiliop56/tinyauth/archive/refs/tags/v${RELEASE}.tar.gz" -o "$temp_file"
-tar -xzf "$temp_file" -C /opt/tinyauth --strip-components=1
-cd /opt/tinyauth/frontend
-$STD bun install
-$STD bun run build
-mv dist /opt/tinyauth/internal/assets/
-cd /opt/tinyauth
-$STD go mod download
-CGO_ENABLED=0 go build -ldflags "-s -w"
-{
-  echo "tinyauth Credentials"
-  echo "Username: [email protected]"
-  echo "Password: admin"
-} >>~/tinyauth.creds
+curl -fsSL "https://github.com/steveiliop56/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
+chmod +x /opt/tinyauth/tinyauth
+
+PASSWORD=$(openssl rand -base64 8 | tr -dc 'a-zA-Z0-9' | head -c 8)
+USER=$(htpasswd -Bbn "tinyauth" "${PASSWORD}")
+
+cat <<EOF > /opt/tinyauth/credentials.txt
+Tinyauth Credentials
+Username: tinyauth
+Password: ${PASSWORD}
+EOF
+
 echo "${RELEASE}" >/opt/tinyauth_version.txt
-msg_ok "Installed tinyauth"
+msg_ok "Installed Tinyauth"
+
+read -p "${TAB3}Enter your Tinyauth subdomain (e.g. https://tinyauth.example.com): " app_url
+
+msg_info "Creating Tinyauth Service"
+SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32)
+
+cat <<EOF >/opt/tinyauth/.env
+SECRET=${SECRET}
+USERS=${USER}
+APP_URL=${app_url}
+EOF
 
-msg_info "Enabling tinyauth Service"
-SECRET=$(head -c 16 /dev/urandom | xxd -p -c 16 | tr -d '\n')
-{
-  echo "SECRET=${SECRET}"
-  echo "[email protected]:\$2a\$10\$CrTK.W7WXSClo3ZY1yJUFupg5UdV8WNcynEhZhJFNjhGQB.Ga0ZDm"
-  echo "APP_URL=http://localhost:3000"
-} >>/opt/tinyauth/.env
+sed -i -e 's/\$/\$\$/g' /opt/tinyauth/.env
 
 cat <<EOF >/etc/init.d/tinyauth
 #!/sbin/openrc-run
-description="tinyauth Service"
+description="Tinyauth Service"
 
 command="/opt/tinyauth/tinyauth"
 directory="/opt/tinyauth"
@@ -72,11 +72,11 @@ EOF
 
 chmod +x /etc/init.d/tinyauth
 $STD rc-update add tinyauth default
-msg_ok "Enabled tinyauth Service"
+msg_ok "Enabled Tinyauth Service"
 
-msg_info "Starting tinyauth"
+msg_info "Starting Tinyauth"
 $STD service tinyauth start
-msg_ok "Started tinyauth"
+msg_ok "Started Tinyauth"
 
 motd_ssh
 customize