Allow migrating up and down

Add basic way to get backend from query (#48 )
Because polyculeconnect is a OIDC proxy, we need to know which auth backend to use. This is provided using a query param or a form, so we need to get it from our own middleware. This commit adds the following elements: - basic DB storage for the backends - support for DB migrations and a first test migration (not definitive) - middleware to get the backend from the request and put it in the context - test that the backend exists in the auth flow
2024-08-16 11:29:19 +02:00 · 2024-08-16 11:29:19 +02:00 · 2024-08-16 11:29:19 +02:00 · 2024-08-10 16:41:55 +02:00 · 2024-08-10 16:41:55 +02:00
39 changed files with 854 additions and 277 deletions
--- a/.forgejo/workflows/docker-build-push-master.yml
+++ b/.forgejo/workflows/docker-build-push-master.yml
@ -0,0 +1,21 @@
+on:
+  push:
+    branches:
+      - "main"
+jobs:
+  docker-build-push:
+    runs-on: cth-ubuntu-latest
+    steps:
+      - name: set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: login to repository
+        uses: docker/login-action@v3
+        with:
+          registry: git.faercol.me
+          username: ${{ secrets.DOCKER_LOGIN }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: build and push image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: git.faercol.me/polyculeconnect/polyculeconnect:latest
--- a/.forgejo/workflows/docker-build-push-tag.yml
+++ b/.forgejo/workflows/docker-build-push-tag.yml
@ -0,0 +1,21 @@
+on:
+  push:
+    tags:
+      - "**"
+jobs:
+  docker-build-push:
+    runs-on: cth-ubuntu-latest
+    steps:
+      - name: set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: login to repository
+        uses: docker/login-action@v3
+        with:
+          registry: git.faercol.me
+          username: ${{ secrets.DOCKER_LOGIN }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: build and push image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: git.faercol.me/polyculeconnect/polyculeconnect:${{ gitea.ref_name }}
--- a/.forgejo/workflows/docker-build.yml
+++ b/.forgejo/workflows/docker-build.yml
@ -0,0 +1,16 @@
+on:
+  push:
+    branches:
+      - "**"
+      - "!main"
+jobs:
+  docker-build-only:
+    runs-on: cth-ubuntu-latest
+    steps:
+      - name: set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: build image (build only)
+        uses: docker/build-push-action@v6
+        with:
+          push: false
+          tags: git.faercol.me/polyculeconnect/polyculeconnect
--- a/.forgejo/workflows/go-test.yml
+++ b/.forgejo/workflows/go-test.yml
@ -0,0 +1,17 @@
+on:
+  push:
+    branches:
+      - "**"
+jobs:
+  go-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22
+      - name: Run unit tests
+        run: make -C polyculeconnect test
+      - name: Build go package
+        run: make -C polyculeconnect build
--- a/.woodpecker/deploy.yml
+++ b/.woodpecker/deploy.yml
@ -1,57 +0,0 @@
-steps:
-  docker-build-only:
-    image: woodpeckerci/plugin-docker-buildx
-    privileged: true
-    settings:
-      repo: git.faercol.me/polyculeconnect/polyculeconnect
-      tags: latest
-      dry_run: true
-      platforms:
-        - linux/amd64
-        # - linux/arm64
-    when:
-      - event: pull_request
-      - event: push
-        branch:
-          exclude: [main]
-
-  docker-build-push:
-    image: woodpeckerci/plugin-docker-buildx
-    privileged: true
-    settings:
-      repo: git.faercol.me/polyculeconnect/polyculeconnect
-      registry: git.faercol.me
-      tags: latest
-      username:
-        from_secret: git_username
-      password:
-        from_secret: git_password
-      platforms:
-        - linux/amd64
-        # - linux/arm64
-    when:
-      - event: push
-        branch: main
-
-  docker-push-tag:
-    image: woodpeckerci/plugin-docker-buildx
-    privileged: true
-    settings:
-      registry: git.faercol.me
-      repo: git.faercol.me/polyculeconnect/polyculeconnect
-      auto_tag: true
-      platforms:
-        - linux/amd64
-        # - linux/arm64
-      username:
-        from_secret: git_username
-      password:
-        from_secret: git_password
-    when:
-      - event: tag
-
-depends_on:
-  - test
-
-when:
-  event: [push, tag]
--- a/.woodpecker/test.yml
+++ b/.woodpecker/test.yml
@ -1,13 +0,0 @@
-steps:
-  go-test:
-    image: golang
-    commands:
-      - make -C polyculeconnect test
-
-  go-build:
-    image: golang
-    commands:
-      - make -C polyculeconnect build
-
-when:
-  event: [push, tag]
--- a/README.md
+++ b/README.md
@ -1,7 +1,6 @@
 # PolyculeConnect

-[![status-badge](https://ci-polycule-connect.chapoline.me/api/badges/1/status.svg)](https://ci-polycule-connect.chapoline.me/repos/1)
-[![status-badge](https://ci-server.internal.faercol.me/api/badges/2/status.svg)](https://ci-server.internal.faercol.me/repos/2)
+[![status-badge](https://git.faercol.me/PolyculeConnect/polycule-connect/badges/workflows/go-test.yml/badge.svg?branch=main)](https://ci-polycule-connect.chapoline.me/repos/1)

 ![Project logo](./polyculeconnect/static/img/logo-text.png)

--- a/polyculeconnect/cmd/app/remove.go
+++ b/polyculeconnect/cmd/app/remove.go
@ -13,9 +13,7 @@ import (
 var appRemoveCmd = &cobra.Command{
 	Use:   "remove <app_client_id>",
 	Short: "Remove an app",
-	Long: `Remove the app with the given ID from the database.
-
-If the app is not found in the database, no error is returned`,
+	Long:  `Remove the app with the given ID from the database.`,
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		removeApp(args[0])
--- a/polyculeconnect/cmd/app/show.go
+++ b/polyculeconnect/cmd/app/show.go
@ -15,8 +15,8 @@ var appShowCmd = &cobra.Command{
 	Short: "Display installed apps",
 	Long: `Display the configuration for the apps.

-Pass the commands without arguments to display the list of currently installed apps
-Pass the optional 'id' argument to display the configuration for this specific app`,
+Optional parameters:
+- app-id: id of the application to display. If empty, display the list of available apps instead`,
 	Args: cobra.MaximumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		s := utils.InitStorage(utils.InitConfig(""))
--- a/polyculeconnect/cmd/backend/backend.go
+++ b/polyculeconnect/cmd/backend/backend.go
@ -9,13 +9,8 @@ import (

 var backendCmd = &cobra.Command{
 	Use:   "backend",
-	Short: "A brief description of your command",
-	Long: `A longer description that spans multiple lines and likely contains examples
-and usage of using your command. For example:
-
-Cobra is a CLI library for Go that empowers applications.
-This application is a tool to generate the needed files
-to quickly create a Cobra application.`,
+	Short: "Handle authentication backends",
+	Long:  `Add, Remove or Show currently installed authentication backends`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("backend called")
 	},
--- a/polyculeconnect/cmd/backend/remove.go
+++ b/polyculeconnect/cmd/backend/remove.go
@ -13,9 +13,7 @@ import (
 var backendRemoveCmd = &cobra.Command{
 	Use:   "remove <backend_id>",
 	Short: "Remove a backend",
-	Long: `Remove the backend with the given ID from the database.
-
-If the backend is not found in the database, no error is returned`,
+	Long:  `Remove the backend with the given ID from the database.`,
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		removeBackend(args[0])
--- a/polyculeconnect/cmd/backend/show.go
+++ b/polyculeconnect/cmd/backend/show.go
@ -15,8 +15,8 @@ var backendShowCmd = &cobra.Command{
 	Short: "Display installed backends",
 	Long: `Display the configuration for the backends.

-Pass the commands without arguments to display the list of currently installed backends
-Pass the optional 'id' argument to display the configuration for this specific backend`,
+Optional parameters:
+- app-id: id of the backend to display. If empty, display the list of available backends instead`,
 	Args: cobra.MaximumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		s := utils.InitStorage(utils.InitConfig(""))
--- a/polyculeconnect/cmd/db/connect.go
+++ b/polyculeconnect/cmd/db/connect.go
@ -52,14 +52,4 @@ func connectToDB(conf *config.AppConfig) error {

 func init() {
 	dbCmd.AddCommand(connectCmd)
-
-	// Here you will define your flags and configuration settings.
-
-	// Cobra supports Persistent Flags which will work for this command
-	// and all subcommands, e.g.:
-	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
-
-	// Cobra supports local flags which will only run when this command
-	// is called directly, e.g.:
-	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }
--- a/polyculeconnect/cmd/db/db.go
+++ b/polyculeconnect/cmd/db/db.go
@ -14,14 +14,4 @@ var dbCmd = &cobra.Command{

 func init() {
 	cmd.RootCmd.AddCommand(dbCmd)
-
-	// Here you will define your flags and configuration settings.
-
-	// Cobra supports Persistent Flags which will work for this command
-	// and all subcommands, e.g.:
-	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
-
-	// Cobra supports local flags which will only run when this command
-	// is called directly, e.g.:
-	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }
--- a/polyculeconnect/cmd/db/destroy.go
+++ b/polyculeconnect/cmd/db/destroy.go
@ -47,14 +47,4 @@ func deleteDB(conf *config.AppConfig) error {

 func init() {
 	dbCmd.AddCommand(destroyCmd)
-
-	// Here you will define your flags and configuration settings.
-
-	// Cobra supports Persistent Flags which will work for this command
-	// and all subcommands, e.g.:
-	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
-
-	// Cobra supports local flags which will only run when this command
-	// is called directly, e.g.:
-	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }
--- a/polyculeconnect/cmd/db/migrate.go
+++ b/polyculeconnect/cmd/db/migrate.go
@ -0,0 +1,96 @@
+package db
+
+import (
+	"fmt"
+	"strconv"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
+	"github.com/golang-migrate/migrate/v4"
+	"github.com/golang-migrate/migrate/v4/database/sqlite3"
+	_ "github.com/golang-migrate/migrate/v4/source/file"
+	"github.com/spf13/cobra"
+)
+
+// migrateCmd represents the db migrate command
+var migrateCmd = &cobra.Command{
+	Use:   "migrate",
+	Short: "Run the database migrations",
+	Long:  `Run the database migrations.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		conf := utils.InitConfig("")
+		up, nbSteps := parseArgs(args)
+		if err := runMigrations(conf, up, nbSteps); err != nil {
+			utils.Failf("Failed to run migrations: %s", err.Error())
+		}
+	},
+}
+
+func parseArgs(args []string) (bool, int) {
+	if len(args) == 0 {
+		return true, 0
+	}
+	var actionUp bool
+	switch args[0] {
+	case "up":
+		actionUp = true
+	case "down":
+		actionUp = false
+	default:
+		actionUp = true
+	}
+
+	nbSteps := 0
+	if len(args) > 1 {
+		var err error
+		nbSteps, err = strconv.Atoi(args[1])
+		if err != nil {
+			return actionUp, 0
+		}
+	}
+
+	return actionUp, nbSteps
+}
+
+func runMigrations(conf *config.AppConfig, up bool, nbSteps int) error {
+	storage, err := db.New(*conf)
+	if err != nil {
+		return fmt.Errorf("failed to connect to db: %w", err)
+	}
+	driver, err := sqlite3.WithInstance(storage.DB(), &sqlite3.Config{})
+	if err != nil {
+		return fmt.Errorf("failed to open sqlite3 driver: %w", err)
+	}
+
+	m, err := migrate.NewWithDatabaseInstance("file://migrations", "", driver)
+	if err != nil {
+		return fmt.Errorf("failed to init migrator: %w", err)
+	}
+
+	if nbSteps > 0 {
+		multiplier := 1
+		if !up {
+			multiplier = -1
+		}
+		return m.Steps(multiplier * nbSteps)
+	}
+	if up {
+		return m.Up()
+	}
+	return m.Down()
+}
+
+func init() {
+	dbCmd.AddCommand(migrateCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+}
--- a/polyculeconnect/cmd/root.go
+++ b/polyculeconnect/cmd/root.go
@ -12,9 +12,6 @@ var RootCmd = &cobra.Command{
 	Short: "You're in their DMs, I'm in their SSO",
 	Long: `PolyculeConnect is a SSO OpenIDConnect provider which allows multiple authentication backends,
 and enables authentication federation among several infrastructures.`,
-	// Uncomment the following line if your bare application
-	// has an action associated with it:
-	// Run: func(cmd *cobra.Command, args []string) { },
 }

 // Execute adds all child commands to the root command and sets flags appropriately.
@ -27,16 +24,5 @@ func Execute() {
 }

 func init() {
-	// Here you will define your flags and configuration settings.
-	// Cobra supports persistent flags, which, if defined here,
-	// will be global for your application.
-
-	// rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.polyculeconnect.yaml)")
-
-	// Cobra also supports local flags, which will only run
-	// when this action is called directly.
-	// rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
-
-	// Disable the default `completion` command to generate the autocompletion files
 	RootCmd.Root().CompletionOptions.DisableDefaultCmd = true
 }
--- a/polyculeconnect/cmd/serve/serve.go
+++ b/polyculeconnect/cmd/serve/serve.go
@ -2,19 +2,22 @@ package serve

 import (
 	"context"
+	"log/slog"
 	"os"
 	"os/signal"
 	"time"

 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
-	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/middlewares"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/server"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services"
-	dex_server "github.com/dexidp/dex/server"
-	"github.com/prometheus/client_golang/prometheus"
 	"github.com/spf13/cobra"
+	"github.com/zitadel/oidc/v3/pkg/op"
+	"go.uber.org/zap/exp/zapslog"
 )

 var configPath string
@ -41,43 +44,44 @@ func serve() {

 	storageType := utils.InitStorage(conf)
 	logger.L.Infof("Initialized storage backend %q", conf.StorageType)
-	dexConf := dex_server.Config{
-		Web: dex_server.WebConfig{
-			Dir:   conf.StaticDir,
-			Theme: "default",
-		},
-		Storage:                storageType,
-		Issuer:                 conf.Issuer,
-		SupportedResponseTypes: []string{"code"},
-		SkipApprovalScreen:     false,
-		AllowedOrigins:         []string{"*"},
-		Logger:                 logger.L,
-		PrometheusRegistry:     prometheus.NewRegistry(),
-	}

 	logger.L.Info("Initializing authentication backends")

-	dex_server.ConnectorsConfig[connector.TypeRefuseAll] = func() dex_server.ConnectorConfig { return new(connector.RefuseAllConfig) }
-	connectors, err := dexConf.Storage.ListConnectors()
+	// dex_server.ConnectorsConfig[connector.TypeRefuseAll] = func() dex_server.ConnectorConfig { return new(connector.RefuseAllConfig) }
+	// connectors, err := dexConf.Storage.ListConnectors()
+	// if err != nil {
+	// 	logger.L.Fatalf("Failed to get existing connectors: %s", err.Error())
+	// }
+	// var connectorIDs []string
+	// for _, conn := range connectors {
+	// 	connectorIDs = append(connectorIDs, conn.ID)
+	// }
+
+	userDB, err := db.New(*conf)
 	if err != nil {
-		logger.L.Fatalf("Failed to get existing connectors: %s", err.Error())
+		utils.Failf("failed to init user DB: %s", err.Error())
 	}
-	var connectorIDs []string
-	for _, conn := range connectors {
-		connectorIDs = append(connectorIDs, conn.ID)
+
+	st := storage.Storage{LocalStorage: userDB}
+	opConf := op.Config{}
+	slogger := slog.New(zapslog.NewHandler(logger.L.Desugar().Core(), nil))
+	// slogger :=
+	options := []op.Option{
+		op.WithAllowInsecure(),
+		op.WithLogger(slogger),
+		op.WithHttpInterceptors(middlewares.WithBackendFromRequestMiddleware),
+	}
+	provider, err := op.NewProvider(&opConf, &st, op.StaticIssuer(conf.Issuer), options...)
+	if err != nil {
+		utils.Failf("failed to init OIDC provider: %s", err.Error())
 	}

 	if err := services.AddDefaultBackend(storageType); err != nil {
 		logger.L.Errorf("Failed to add connector for backend RefuseAll to stage: %s", err.Error())
 	}

-	dexSrv, err := dex_server.NewServer(mainCtx, dexConf)
-	if err != nil {
-		logger.L.Fatalf("Failed to init dex server: %s", err.Error())
-	}
-
 	logger.L.Info("Initializing server")
-	s, err := server.New(conf, dexSrv, logger.L)
+	s, err := server.New(conf, provider, logger.L)
 	if err != nil {
 		logger.L.Fatalf("Failed to initialize server: %s", err.Error())
 	}
@ -113,15 +117,5 @@ func serve() {

 func init() {
 	cmd.RootCmd.AddCommand(serveCmd)
-
-	// Here you will define your flags and configuration settings.
-
-	// Cobra supports Persistent Flags which will work for this command
-	// and all subcommands, e.g.:
-	// serveCmd.PersistentFlags().String("foo", "", "A help for foo")
-
-	// Cobra supports local flags which will only run when this command
-	// is called directly, e.g.:
-	// serveCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 	serveCmd.Flags().StringVarP(&configPath, "config", "c", "config.json", "Path to the JSON configuration file")
 }
--- a/polyculeconnect/config/config.go
+++ b/polyculeconnect/config/config.go
@ -9,7 +9,7 @@ import (

 	"github.com/dexidp/dex/connector/oidc"
 	"github.com/kelseyhightower/envconfig"
-	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
 )

 const (
@ -32,7 +32,7 @@ const (
 )

 const (
-	defaultLogLevel = logrus.InfoLevel
+	defaultLogLevel = zap.InfoLevel

 	defaultServerMode      = ModeNet
 	defaultServerHost      = "0.0.0.0"
@ -126,7 +126,7 @@ func (c *jsonConf) initValues(ac *AppConfig) {
 }

 type AppConfig struct {
-	LogLevel      logrus.Level  `envconfig:"LOG_LEVEL"`
+	LogLevel      zap.AtomicLevel `envconfig:"LOG_LEVEL"`
 	ServerMode    ListeningMode   `envconfig:"SERVER_MODE"`
 	Host          string          `envconfig:"SERVER_HOST"`
 	Port          int             `envconfig:"SERVER_PORT"`
@ -139,7 +139,7 @@ type AppConfig struct {

 func defaultConfig() AppConfig {
 	return AppConfig{
-		LogLevel:    defaultLogLevel,
+		LogLevel:    zap.NewAtomicLevelAt(defaultLogLevel),
 		ServerMode:  defaultServerMode,
 		Host:        defaultServerHost,
 		Port:        defaultServerPort,
@ -162,13 +162,12 @@ func defaultConfig() AppConfig {
 	}
 }

-func parseLevel(lvlStr string) logrus.Level {
-	for _, lvl := range logrus.AllLevels {
-		if lvl.String() == lvlStr {
-			return lvl
+func parseLevel(lvlStr string) zap.AtomicLevel {
+	var res zap.AtomicLevel
+	if err := res.UnmarshalText([]byte(lvlStr)); err != nil {
+		return zap.NewAtomicLevelAt(zap.InfoLevel)
 	}
-	}
-	return logrus.InfoLevel
+	return res
 }

 func (ac *AppConfig) UnmarshalJSON(data []byte) error {
--- a/polyculeconnect/controller/ui/static.go
+++ b/polyculeconnect/controller/ui/static.go
@ -9,7 +9,7 @@ import (
 	"path/filepath"

 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/helpers"
-	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
 )

 const StaticRoute = "/static/"
@ -30,12 +30,12 @@ func (sc *StaticController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 }

 type IndexController struct {
-	l                     *logrus.Logger
+	l                     *zap.SugaredLogger
 	downstreamConstroller http.Handler
 	baseDir               string
 }

-func NewIndexController(l *logrus.Logger, downstream http.Handler, baseDir string) *IndexController {
+func NewIndexController(l *zap.SugaredLogger, downstream http.Handler, baseDir string) *IndexController {
 	return &IndexController{
 		l:                     l,
 		downstreamConstroller: downstream,
--- a/polyculeconnect/go.mod
+++ b/polyculeconnect/go.mod
@ -1,19 +1,26 @@
 module git.faercol.me/faercol/polyculeconnect/polyculeconnect

-go 1.20
+go 1.21
+
+toolchain go1.22.6

 require (
 	github.com/dexidp/dex v0.0.0-20231014000322-089f374d4f3e
+	github.com/go-jose/go-jose/v4 v4.0.4
+	github.com/golang-migrate/migrate/v4 v4.17.1
+	github.com/google/uuid v1.6.0
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/prometheus/client_golang v1.17.0
+	github.com/mattn/go-sqlite3 v1.14.17
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
+	github.com/zitadel/oidc/v3 v3.27.0
+	go.uber.org/zap v1.24.0
+	go.uber.org/zap/exp v0.2.0
 )

 require (
-	cloud.google.com/go/compute v1.23.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/AppsFlyer/go-sundheit v0.5.0 // indirect
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@ -21,54 +28,69 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/beevik/etree v1.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/coreos/go-oidc/v3 v3.6.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dexidp/dex/api/v2 v2.1.1-0.20231014000322-089f374d4f3e // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
+	github.com/go-chi/chi/v5 v5.1.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.6 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.3.1 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
-	github.com/mattn/go-sqlite3 v1.14.17 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
+	github.com/muhlemmer/gu v0.3.1 // indirect
+	github.com/muhlemmer/httpforwarded v0.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.17.0 // indirect
 	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.11.1 // indirect
+	github.com/rs/cors v1.11.0 // indirect
 	github.com/russellhaering/goxmldsig v1.4.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/zitadel/logging v0.6.0 // indirect
+	github.com/zitadel/schema v1.3.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.13.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/api v0.147.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
-	google.golang.org/grpc v1.58.3 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	google.golang.org/api v0.150.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/polyculeconnect/go.sum
+++ b/polyculeconnect/go.sum
@ -1,8 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
-cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
-cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
-cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/AppsFlyer/go-sundheit v0.5.0 h1:/VxpyigCfJrq1r97mn9HPiAB2qrhcTFHwNIIDr15CZM=
 github.com/AppsFlyer/go-sundheit v0.5.0/go.mod h1:2ZM0BnfqT/mljBQO224VbL5XH06TgWuQ6Cn+cTtCpTY=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
@ -19,8 +17,12 @@ github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1L
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/beevik/etree v1.2.0 h1:l7WETslUG/T+xOPs47dtd6jov2Ii/8/OjCldk5fYfQw=
 github.com/beevik/etree v1.2.0/go.mod h1:aiPf89g/1k3AShMVAzriilpcE4R/Vuor90y83zVZWFc=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I=
+github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@ -48,19 +50,31 @@ github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=
 github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/golang-migrate/migrate/v4 v4.17.1 h1:4zQ6iqL6t6AiItphxJctQb3cFqWiSpMnX7wLTPnnYO4=
+github.com/golang-migrate/migrate/v4 v4.17.1/go.mod h1:m8hinFyWBn0SA4QKHuKh175Pm9wjmxj3S2Mia7dbXzM=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@ -79,21 +93,32 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
@ -108,11 +133,13 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
@ -125,6 +152,10 @@ github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMK
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM=
+github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM=
+github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/vWUetyzY=
+github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@ -143,6 +174,9 @@ github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/russellhaering/goxmldsig v1.4.0 h1:8UcDh/xGyQiyrW+Fq5t8f+l2DLB1+zlhYzkPUJ7Qhys=
 github.com/russellhaering/goxmldsig v1.4.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@ -160,8 +194,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
@ -170,22 +205,44 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zitadel/logging v0.6.0 h1:t5Nnt//r+m2ZhhoTmoPX+c96pbMarqJvW1Vq6xFTank=
+github.com/zitadel/logging v0.6.0/go.mod h1:Y4CyAXHpl3Mig6JOszcV5Rqqsojj+3n7y2F591Mp/ow=
+github.com/zitadel/oidc/v3 v3.27.0 h1:zeYpyRH0UcgdCjVHUYzSsqf1jbSwVMPVxYKOnRXstgU=
+github.com/zitadel/oidc/v3 v3.27.0/go.mod h1:ZwBEqSviCpJVZiYashzo53bEGRGXi7amE5Q8PpQg9IM=
+github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
+github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
+go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
+go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go.uber.org/zap/exp v0.2.0 h1:FtGenNNeCATRB3CmB/yEUnjEFeJWpB/pMcy7e2bKPYs=
+go.uber.org/zap/exp v0.2.0/go.mod h1:t0gqAIdh1MfKv9EwN/dLwfZnJxe9ITAZN78HEWPFWDQ=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 h1:fGZugkZk2UgYBxtpKmvub51Yno1LJDeEsRp2xGD+0gY=
-golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 h1:pVgRXcIictcr+lBQIFeiwuwtDIs4eL21OuM9nyAADmo=
+golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@ -196,7 +253,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@ -204,18 +260,19 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
+golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -229,8 +286,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@ -238,14 +295,14 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@ -256,26 +313,26 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
-google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
+google.golang.org/api v0.150.0 h1:Z9k22qD289SZ8gCJrk4DrWXkNjtfvKAUo/l1ma8eBYE=
+google.golang.org/api v0.150.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
-google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:AB/lmRny7e2pLhFEYIbl5qkDAUt2h0ZRO4wGPhZf+ik=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
-google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@ -287,8 +344,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
@ -299,6 +356,7 @@ gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/polyculeconnect/helpers/helpers.go
+++ b/polyculeconnect/helpers/helpers.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
 )

 type ContextKey string
@ -16,7 +16,7 @@ type ResponseInfo struct {
 	ContentLength int
 }

-func HandleResponse(w http.ResponseWriter, r *http.Request, returncode int, content []byte, l *logrus.Logger) {
+func HandleResponse(w http.ResponseWriter, r *http.Request, returncode int, content []byte, l *zap.SugaredLogger) {
 	w.WriteHeader(returncode)
 	n, err := w.Write(content)
 	if err != nil {
--- a/polyculeconnect/internal/db/backend/backend.go
+++ b/polyculeconnect/internal/db/backend/backend.go
@ -0,0 +1,46 @@
+package backend
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
+)
+
+var ErrNotFound = errors.New("backend not found")
+
+// const backendRows = `"id", "name", "oidc_id", "oidc_secret"`
+const backendRows = `"id", "name"`
+
+type BackendDB interface {
+	GetBackendByName(ctx context.Context, name string) (*model.Backend, error)
+}
+
+type sqlBackendDB struct {
+	db *sql.DB
+}
+
+func backendFromRow(row sql.Row) (*model.Backend, error) {
+	var res model.Backend
+
+	if err := row.Scan(&res.ID, &res.Name); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, ErrNotFound
+		}
+		return nil, fmt.Errorf("invalid format for backend: %w", err)
+	}
+	return &res, nil
+}
+
+func (db *sqlBackendDB) GetBackendByName(ctx context.Context, name string) (*model.Backend, error) {
+	query := fmt.Sprintf(`SELECT %s FROM "backend" WHERE "name" = ?`, backendRows)
+	fmt.Println(query, name)
+	row := db.db.QueryRowContext(ctx, query, name)
+	return backendFromRow(*row)
+}
+
+func New(db *sql.DB) *sqlBackendDB {
+	return &sqlBackendDB{db: db}
+}
--- a/polyculeconnect/internal/db/base.go
+++ b/polyculeconnect/internal/db/base.go
@ -0,0 +1,40 @@
+package db
+
+import (
+	"database/sql"
+	"fmt"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db/backend"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db/client"
+)
+
+type Storage interface {
+	DB() *sql.DB
+	ClientStorage() client.ClientDB
+	BackendStorage() backend.BackendDB
+}
+
+type sqlStorage struct {
+	db *sql.DB
+}
+
+func (s *sqlStorage) DB() *sql.DB {
+	return s.db
+}
+
+func (s *sqlStorage) ClientStorage() client.ClientDB {
+	return client.New(s.db)
+}
+
+func (s *sqlStorage) BackendStorage() backend.BackendDB {
+	return backend.New(s.db)
+}
+
+func New(conf config.AppConfig) (Storage, error) {
+	db, err := sql.Open("sqlite3", conf.StorageConfig.File)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open DB: %w", err)
+	}
+	return &sqlStorage{db: db}, nil
+}
--- a/polyculeconnect/internal/db/client/client.go
+++ b/polyculeconnect/internal/db/client/client.go
@ -0,0 +1,60 @@
+package client
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
+	_ "github.com/mattn/go-sqlite3"
+)
+
+var ErrNotFound = errors.New("not found")
+
+const clientRows = `"client"."id", "client"."secret", "client"."redirect_uris", "client"."trusted_peers", "client"."name"`
+
+type ClientDB interface {
+	GetClientByID(ctx context.Context, id string) (*model.Client, error)
+}
+
+type sqlClientDB struct {
+	db *sql.DB
+}
+
+func strArrayToSlice(rawVal string) []string {
+	var res []string
+	if err := json.Unmarshal([]byte(rawVal), &res); err != nil {
+		return nil
+	}
+	return res
+}
+
+func clientFromRow(row *sql.Row) (*model.Client, error) {
+	var res model.Client
+	redirectURIsStr := ""
+	trustedPeersStr := ""
+
+	if err := row.Scan(&res.ID, &res.Secret, &redirectURIsStr, &trustedPeersStr, &res.Name); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, ErrNotFound
+		}
+		return nil, fmt.Errorf("invalid format for client: %w", err)
+	}
+
+	res.ClientConfig.RedirectURIs = strArrayToSlice(redirectURIsStr)
+	res.ClientConfig.TrustedPeers = strArrayToSlice(trustedPeersStr)
+
+	return &res, nil
+}
+
+func (db *sqlClientDB) GetClientByID(ctx context.Context, id string) (*model.Client, error) {
+	query := fmt.Sprintf(`SELECT %s FROM "client" WHERE "id" = ?`, clientRows)
+	row := db.db.QueryRowContext(ctx, query, id)
+	return clientFromRow(row)
+}
+
+func New(db *sql.DB) *sqlClientDB {
+	return &sqlClientDB{db: db}
+}
--- a/polyculeconnect/internal/middlewares/logger.go
+++ b/polyculeconnect/internal/middlewares/logger.go
@ -5,7 +5,7 @@ import (
 	"net/http"
 	"time"

-	"github.com/sirupsen/logrus"
+	"go.uber.org/zap"
 )

 type loggedResponseWriter struct {
@ -33,7 +33,7 @@ func (lr *loggedResponseWriter) WriteHeader(statusCode int) {
 }

 type LoggerMiddleware struct {
-	l *logrus.Logger
+	l *zap.SugaredLogger
 	h http.Handler
 }

--- a/polyculeconnect/internal/middlewares/middlewarechain.go
+++ b/polyculeconnect/internal/middlewares/middlewarechain.go
@ -0,0 +1,14 @@
+package middlewares
+
+import (
+	"net/http"
+
+	"go.uber.org/zap"
+)
+
+func WithLogger(handler http.Handler, l *zap.SugaredLogger) http.Handler {
+	return &LoggerMiddleware{
+		l: l,
+		h: handler,
+	}
+}
--- a/polyculeconnect/internal/middlewares/test.go
+++ b/polyculeconnect/internal/middlewares/test.go
@ -0,0 +1,40 @@
+package middlewares
+
+import (
+	"context"
+	"net/http"
+)
+
+const (
+	backendNameQueryParam = "connector_id"
+	backendCtxKeyName     = "backendName"
+)
+
+type BackendFromRequestMiddleware struct {
+	h http.Handler
+}
+
+func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		// TODO: handle this better
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	backendName := r.Form.Get(backendNameQueryParam)
+	// TODO this should be explicitly handled
+	if backendName == "" {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte("no backend id provided"))
+		return
+	}
+
+	// TODO we should test that this backend actually exists here
+
+	ctx := context.WithValue(r.Context(), backendCtxKeyName, backendName)
+	m.h.ServeHTTP(w, r.WithContext(ctx))
+}
+
+func WithBackendFromRequestMiddleware(input http.Handler) http.Handler {
+	return &BackendFromRequestMiddleware{h: input}
+}
--- a/polyculeconnect/internal/model/backend.go
+++ b/polyculeconnect/internal/model/backend.go
@ -0,0 +1,10 @@
+package model
+
+import "github.com/google/uuid"
+
+type Backend struct {
+	ID         uuid.UUID
+	Name       string
+	OIDCID     string
+	OIDCSecret string
+}
--- a/polyculeconnect/internal/model/client.go
+++ b/polyculeconnect/internal/model/client.go
@ -0,0 +1,88 @@
+package model
+
+import (
+	"time"
+
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v3/pkg/op"
+)
+
+type ClientConfig struct {
+	ID           string
+	Secret       string
+	RedirectURIs []string
+	TrustedPeers []string
+	Name         string
+}
+
+type Client struct {
+	ClientConfig
+}
+
+func (c Client) GetID() string {
+	return c.ClientConfig.ID
+}
+
+func (c Client) RedirectURIs() []string {
+	return c.ClientConfig.RedirectURIs
+}
+
+func (c Client) PostLogoutRedirectURIs() []string {
+	return nil
+}
+
+func (c Client) ApplicationType() op.ApplicationType {
+	return op.ApplicationTypeWeb // TODO: should we support more?
+}
+
+func (c Client) AuthMethod() oidc.AuthMethod {
+	return oidc.AuthMethodNone
+}
+
+func (c Client) ResponseTypes() []oidc.ResponseType {
+	return []oidc.ResponseType{oidc.ResponseTypeCode}
+}
+
+func (c Client) GrantTypes() []oidc.GrantType {
+	return []oidc.GrantType{oidc.GrantTypeCode}
+}
+
+func (c Client) LoginURL(id string) string {
+	return id
+}
+
+func (c Client) AccessTokenType() op.AccessTokenType {
+	return op.AccessTokenTypeJWT
+}
+
+func (c Client) IDTokenLifetime() time.Duration {
+	return 1 * time.Hour
+}
+
+func (c Client) DevMode() bool {
+	return true
+}
+
+func (c Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string {
+	return func(scopes []string) []string {
+		return scopes
+	}
+}
+
+func (c Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string {
+	return func(scopes []string) []string {
+		return scopes
+	}
+}
+
+func (c Client) IsScopeAllowed(scope string) bool {
+	return true
+}
+
+func (c Client) IDTokenUserinfoClaimsAssertion() bool {
+	return true
+}
+
+func (c Client) ClockSkew() time.Duration {
+	return 0
+}
--- a/polyculeconnect/internal/storage/local.go
+++ b/polyculeconnect/internal/storage/local.go
@ -0,0 +1,4 @@
+package storage
+
+type LocalStorage struct {
+}
--- a/polyculeconnect/internal/storage/storage.go
+++ b/polyculeconnect/internal/storage/storage.go
@ -0,0 +1,146 @@
+package storage
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
+	"github.com/go-jose/go-jose/v4"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v3/pkg/op"
+)
+
+func ErrNotImplemented(name string) error {
+	return fmt.Errorf("%s is not implemented", name)
+}
+
+// Storage implements the Storage interface from zitadel/oidc/op
+type Storage struct {
+	LocalStorage db.Storage
+}
+
+/*
+Auth storage interface
+*/
+func (s *Storage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (op.AuthRequest, error) {
+	// validate that the connector is correct
+	backendName, ok := stringFromCtx(ctx, "backendName")
+	if !ok {
+		return nil, errors.New("no backend name provided")
+	}
+	_, err := s.LocalStorage.BackendStorage().GetBackendByName(ctx, backendName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get backend: %w", err)
+	}
+
+	return nil, ErrNotImplemented("CreateAuthRequest")
+}
+
+func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) {
+	return nil, ErrNotImplemented("AuthRequestByID")
+}
+
+func (s *Storage) AuthRequestByCode(ctx context.Context, requestCode string) (op.AuthRequest, error) {
+	return nil, ErrNotImplemented("AuthRequestByCode")
+}
+
+func (s *Storage) SaveAuthCode(ctx context.Context, id string, code string) error {
+	return ErrNotImplemented("SaveAuthCode")
+}
+
+func (s *Storage) DeleteAuthRequest(ctx context.Context, id string) error {
+	return ErrNotImplemented("DeleteAuthRequest")
+}
+
+func (s *Storage) CreateAccessToken(ctx context.Context, req op.TokenRequest) (accessTokenID string, expiration time.Time, err error) {
+	return "", time.Time{}, ErrNotImplemented("CreateAccessToken")
+}
+
+func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error) {
+	return "", "", time.Time{}, ErrNotImplemented("CreateAccessAndRefreshTokens")
+}
+
+func (s *Storage) TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (op.RefreshTokenRequest, error) {
+	return nil, ErrNotImplemented("TokenRequestByRefreshToken")
+}
+
+func (s *Storage) TerminateSession(ctx context.Context, userID string, clientID string) error {
+	return ErrNotImplemented("TerminateSession")
+}
+
+func (s *Storage) RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error {
+	return nil
+}
+
+func (s *Storage) GetRefreshTokenInfo(ctx context.Context, clientID string, stoken string) (string, string, error) {
+	return "", "", ErrNotImplemented("GetRefreshTokenInfo")
+}
+
+func (s *Storage) SigningKey(ctx context.Context) (op.SigningKey, error) {
+	return nil, ErrNotImplemented("SigningKey")
+}
+
+func (s *Storage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error) {
+	return nil, ErrNotImplemented("SignatureAlgorithms")
+}
+
+func (s *Storage) KeySet(ctx context.Context) ([]op.Key, error) {
+	return nil, ErrNotImplemented("KeySet")
+}
+
+/*
+	OP storage
+*/
+
+func (s *Storage) GetClientByClientID(ctx context.Context, clientID string) (op.Client, error) {
+	clt, err := s.LocalStorage.ClientStorage().GetClientByID(ctx, clientID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get client from local storage: %w", err)
+	}
+
+	return clt, nil
+}
+
+func (s *Storage) AuthorizeClientIDSecret(ctx context.Context, clientID, clientSecret string) error {
+	return ErrNotImplemented("AuthorizeClientIDSecret")
+}
+
+func (s *Storage) SetUserinfoFromScopes(ctx context.Context, userinfo *oidc.UserInfo, userID, clientID string, scopes []string) error {
+	return ErrNotImplemented("SetUserinfoFromScopes")
+}
+
+func (s *Storage) SetUserinfoFromToken(ctx context.Context, userinfo *oidc.UserInfo, tokenID, subject, origin string) error {
+	return ErrNotImplemented("SetUserinfoFromToken")
+}
+
+func (s *Storage) SetIntrospectionFromToken(ctx context.Context, userinfo *oidc.IntrospectionResponse, tokenID, subject, clientID string) error {
+	return ErrNotImplemented("SetIntrospectionFromToken")
+}
+
+func (s *Storage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]interface{}, error) {
+	return nil, ErrNotImplemented("GetPrivateClaimsFromScopes")
+}
+
+func (s *Storage) GetKeyByIDAndClientID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error) {
+	return nil, ErrNotImplemented("GetKeyByIDAndClientID")
+}
+
+func (s *Storage) ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error) {
+	return nil, ErrNotImplemented("ValidateJWTProfileScopes")
+}
+
+func (s *Storage) Health(ctx context.Context) error {
+	return ErrNotImplemented("Health")
+}
+
+func stringFromCtx(ctx context.Context, key string) (string, bool) {
+	rawVal := ctx.Value(key)
+	if rawVal == nil {
+		return "", false
+	}
+
+	val, ok := rawVal.(string)
+	return val, ok
+}
--- a/polyculeconnect/logger/logger.go
+++ b/polyculeconnect/logger/logger.go
@ -1,10 +1,28 @@
 package logger

-import "github.com/sirupsen/logrus"
+import (
+	"fmt"

-var L *logrus.Logger
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+
+var L *zap.SugaredLogger
+
+func Init(level zap.AtomicLevel) {
+	conf := zap.Config{
+		Level:            level,
+		Encoding:         "console",
+		OutputPaths:      []string{"stdout"},
+		ErrorOutputPaths: []string{"stderr"},
+		EncoderConfig:    zap.NewDevelopmentEncoderConfig(),
+	}
+	conf.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder
+
+	if l, err := conf.Build(); err != nil {
+		panic(fmt.Errorf("failed to init logger: %w", err))
+	} else {
+		L = l.Sugar()
+	}

-func Init(level logrus.Level) {
-	L = logrus.New()
-	L.SetLevel(level)
 }
--- a/polyculeconnect/middlewares/middlewarechain.go
+++ b/polyculeconnect/middlewares/middlewarechain.go
@ -1,14 +0,0 @@
-package middlewares
-
-import (
-	"net/http"
-
-	"github.com/sirupsen/logrus"
-)
-
-func WithLogger(handler http.Handler, l *logrus.Logger) http.Handler {
-	return &LoggerMiddleware{
-		l: l,
-		h: handler,
-	}
-}
--- a/polyculeconnect/migrations/0_create_backend_table.down.sql
+++ b/polyculeconnect/migrations/0_create_backend_table.down.sql
@ -0,0 +1 @@
+DROP TABLE "backend";
--- a/polyculeconnect/migrations/0_create_backend_table.up.sql
+++ b/polyculeconnect/migrations/0_create_backend_table.up.sql
@ -0,0 +1,4 @@
+CREATE TABLE "backend" (
+    id TEXT NOT NULL PRIMARY KEY,
+    name TEXT NOT NULL UNIQUE
+);
--- a/polyculeconnect/polyculeconnect.db
+++ b/polyculeconnect/polyculeconnect.db
--- a/polyculeconnect/server/server.go
+++ b/polyculeconnect/server/server.go
@ -10,9 +10,9 @@ import (

 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/ui"
-	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/middlewares"
-	dex_server "github.com/dexidp/dex/server"
-	"github.com/sirupsen/logrus"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/middlewares"
+	"github.com/zitadel/oidc/v3/pkg/op"
+	"go.uber.org/zap"
 )

 type Server struct {
@ -24,7 +24,7 @@ type Server struct {
 	address     string
 	handler     *http.ServeMux
 	controllers map[string]http.Handler
-	l           *logrus.Logger
+	l           *zap.SugaredLogger
 }

 func newUnixListener(sockPath string) (net.Listener, error) {
@ -42,7 +42,7 @@ func newUnixListener(sockPath string) (net.Listener, error) {
 	return sock, nil
 }

-func New(appConf *config.AppConfig, dexSrv *dex_server.Server, logger *logrus.Logger) (*Server, error) {
+func New(appConf *config.AppConfig, oidcHandler *op.Provider, logger *zap.SugaredLogger) (*Server, error) {
 	var listener net.Listener
 	var addr string
 	var err error
@ -65,7 +65,7 @@ func New(appConf *config.AppConfig, dexSrv *dex_server.Server, logger *logrus.Lo

 	controllers := map[string]http.Handler{
 		ui.StaticRoute: middlewares.WithLogger(ui.NewStaticController(appConf.StaticDir), logger),
-		"/":            middlewares.WithLogger(ui.NewIndexController(logger, dexSrv, appConf.StaticDir), logger),
+		"/":            middlewares.WithLogger(ui.NewIndexController(logger, oidcHandler, appConf.StaticDir), logger),
 	}

 	m := http.NewServeMux()
Author	SHA1	Message	Date
Melora Hugues	9ba477174d	Allow migrating up and down Some checks failed / docker-build-only (push) Failing after 41s Details / go-test (push) Failing after 1m24s Details	2024-08-16 11:29:19 +02:00
Melora Hugues	64e48a5689	Add basic way to get backend from query (#48 ) Because polyculeconnect is a OIDC proxy, we need to know which auth backend to use. This is provided using a query param or a form, so we need to get it from our own middleware. This commit adds the following elements: - basic DB storage for the backends - support for DB migrations and a first test migration (not definitive) - middleware to get the backend from the request and put it in the context - test that the backend exists in the auth flow	2024-08-16 11:29:19 +02:00
Melora Hugues	f3060bee3b	feat: start replacing dex with zitadel (#48 ) Start the process of replacing dex with zitadel, this commit is absolutely not prod-ready, basically we just added zitatel, and the necessary elements to make it work to at least getting a client from the DB - replace logrus with zap - start our own storage for the users - instanciate zitaled on start - allow getting client using the ID from the DB	2024-08-16 11:29:19 +02:00
Melora Hugues	344589829b	Chore: remove generated cobra comments and improve help messages Some checks failed / docker-build-only (push) Successful in 1m58s Details / docker-build-push (push) Failing after 9s Details / go-test (push) Successful in 1m8s Details	2024-08-10 16:41:55 +02:00
Melora Hugues	f53b67fa81	Chore: replace woodpecker with forgejo actions	2024-08-10 16:41:55 +02:00