From eadb31ffae1addb4a99c5383b9659337b1936e30 Mon Sep 17 00:00:00 2001
From: devydave <yannick-dev@tutanota.com>
Date: Tue, 17 Feb 2026 16:37:47 +0100
Subject: [PATCH] feat: add healthcheck and remove unused user variable

---
 .env.sample |  1 -
 README.md   | 28 ++++++++++++++++++++++------
 compose.yml | 27 +++++++++++----------------
 3 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/.env.sample b/.env.sample
index 93d3713..840f6d8 100644
--- a/.env.sample
+++ b/.env.sample
@@ -7,7 +7,6 @@ DOMAIN=tinyauth.example.com
 
 LETS_ENCRYPT_ENV=production
 
-SECRET_USERS_VERSION=v1
 SECRET_CLIENT_SECRET_VERSION=v1
 
 AUTH_URL=https://example.com/auth/v1/oidc/authorize
diff --git a/README.md b/README.md
index 6125f8a..4c48c33 100644
--- a/README.md
+++ b/README.md
@@ -1,24 +1,40 @@
 # tinyauth
 
-> One line description of the recipe
+> Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your apps.
 
 <!-- metadata -->
 
-* **Category**: Apps
+* **Category**: Utilities
 * **Status**: 0
-* **Image**: [`tinyauth`](https://hub.docker.com/r/tinyauth), 4, upstream
-* **Healthcheck**: No
+* **Image**: [`tinyauth`](https://ghcr.io/steveiliop56/tinyauth), 4, upstream
+* **Healthcheck**: Yes
 * **Backups**: No
 * **Email**: No
 * **Tests**: No
-* **SSO**: No
+* **SSO**: Yes
 
 <!-- endmetadata -->
 
 ## Quick start
 
-* `abra app new tinyauth --secrets`
+* `abra app new tinyauth`
+* `abra app secret insert <app-name> client_secret v1 yoursecret`
 * `abra app config <app-name>`
 * `abra app deploy <app-name>`
 
+### Using the app with other services
+When using tinyauth you probably need to set `TINY_MIDDLEWARE`. This variable needs to match the `STACK_NAME` of this app.
+For example this app is deployed at `auth.example.com` the `TINY_MIDDLEWARE` should be `auth_example_com`. 
+
+## Add support to other recipes
+1. Add an extension compose file with the following content.
+```yaml
+services:
+	  app:
+	    deploy:
+	      labels:
+	        - "traefik.http.routers.${STACK_NAME}.middlewares=${TINY_MIDDLEWARE}"
+```
+2. Add the `TINY_MIDDLEWARE` variable. 
+
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
diff --git a/compose.yml b/compose.yml
index 91c7377..0784391 100644
--- a/compose.yml
+++ b/compose.yml
@@ -31,27 +31,22 @@ services:
     environment:
       APP_URL: "https://${DOMAIN}"
       DISABLE_ANALYTICS: "true"
-      #USERS_FILE: /run/secrets/users
-      PROVIDERS_SSO_AUTH_URL: ${AUTH_URL}	
+      PROVIDERS_SSO_AUTH_URL: ${AUTH_URL}
       PROVIDERS_SSO_CLIENT_ID: ${CLIENT_ID}
-      PROVIDERS_SSO_CLIENT_SECRET_FILE: /run/secrets/client_secret	
-      PROVIDERS_SSO_REDIRECT_URL:	https://${DOMAIN}/api/oauth/callback/sso
-      PROVIDERS_SSO_SCOPES:	${SCOPES}
+      PROVIDERS_SSO_CLIENT_SECRET_FILE: /run/secrets/client_secret
+      PROVIDERS_SSO_REDIRECT_URL: https://${DOMAIN}/api/oauth/callback/sso
+      PROVIDERS_SSO_SCOPES: ${SCOPES}
       PROVIDERS_SSO_TOKEN_URL: ${TOKEN_URL}
       PROVIDERS_SSO_USER_INFO_URL: ${USER_INFO_URL}
     secrets:
-      - users
-      - client_secret 
-    # healthcheck:
-    #   test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
-    #   interval: 5s
-    #   timeout: 3s
-    #   retries: 10
-    #   start_period: 1m
+      - client_secret
+    healthcheck:
+      test: ["CMD", "tinyauth", "healthcheck"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+      start_period: 5s
 secrets:
-  users:
-    name: ${STACK_NAME}_users_${SECRET_USERS_VERSION}
-    external: true
   client_secret:
     name: ${STACK_NAME}_client_secret_${SECRET_CLIENT_SECRET_VERSION}
     external: true