Merge branch 'main' into patch-2

.github/workflows/cli-publish.yml

@@ -0,0 +1,36 @@
+name: CLI
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v4
+        with:
+          go-version: stable
+      - uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --snapshot
+          workdir: ./backend
+        env:
+          GORELEASER_CURRENT_TAG: 'v0.0.0' # can be anything since we're using --snapshot
+      - run: |
+          mkdir -p dist/artifacts
+          cp dist/*.{tar.gz,zip} dist/artifacts
+        working-directory: ./backend
+      - name: Upload assets
+        uses: softprops/action-gh-release@v1
+        with:
+          files: ./backend/dist/artifacts/*
+          fail_on_unmatched_files: true

.gitignore

@@ -31,4 +31,4 @@ e2e/test-results/
 e2e/playwright-report/
 e2e/playwright/.cache/
 /backend/build_info/version.txt
-
+/backend/dist

README.md

@@ -14,7 +14,7 @@
 <img src="https://img.shields.io/twitter/follow/hanko_io?style=social" alt="Follow us on Twitter">
 
 # About Hanko
-Hanko is an open source authentication and user management solution with a focus on moving the login beyond passwords, while being 100% deployable today.
+Hanko is an open-source authentication and user management solution with a focus on moving the login beyond passwords while being 100% deployable today.
 
 - Built for [passkeys](https://www.passkeys.io) as introduced by Apple, Google, and Microsoft
 - Fast integration with Hanko Elements web components (login box and user profile)
@@ -25,7 +25,7 @@ Available for self-hosting and on [Hanko Cloud](https://www.hanko.io).
 Hanko is built and maintained by [Hanko.io](https://www.hanko.io), an active member of the [FIDO Alliance](https://fidoalliance.org/company/hanko/). This project is the sum of 5 years of experience implementing FIDO and WebAuthn-based authentication in different applications and platforms.
 
 # We take you on the journey beyond passwords ...
-... and make sure your users won't get lost on the way. Passwordless logins have been promised to us for quite some time. But until now, "passwordless" was mostly a compromise that only worked for some of the users and had some severe drawbacks that ultimately led to passwords still being present at almost every login. It's only very recently that passkeys were announced and the ecosystem of devices, browsers, and operating systems is finally ready to truly move beyond passwords.
+... and make sure your users won't get lost on the way. Passwordless logins have been promised to us for quite some time. But until now, "passwordless" was mostly a compromise that only worked for some of the users and had some severe drawbacks that ultimately led to passwords still being present at almost every login. It's only very recently that passkeys were announced, and the ecosystem of devices, browsers, and operating systems is finally ready to truly move beyond passwords.
 
 With most devices and browsers now shipping with passkey support and convenient built-in authentication technology like Touch ID, Face ID, and Windows Hello, a much better login experience is enabled that will replace passwords for good. Hanko is built for that shift.
 
@@ -38,7 +38,7 @@ The main building blocks of the Hanko project are
 - [hanko-frontend-sdk](/frontend/frontend-sdk/README.md) - A client package for using the Hanko API
 
 The remainder of the repository consists of:
-- [quickstart](/quickstart) - A quickstart example app, showing off Hanko's login experience and acting as a reference implementation
+- [quickstart](/quickstart) - A quickstart example app showing off Hanko's login experience and acting as a reference implementation
 - [examples](frontend/examples) - Example implementations for a number of frameworks
 - [docs](/docs) - The Hanko documentation ([docs.hanko.io](https://docs.hanko.io))
 
@@ -48,19 +48,18 @@ The remainder of the repository consists of:
    - Bare metal:
       - Head over to the [backend](/backend/README.md) section to learn how to get it up and running for your own project. Use [Hanko Cloud](https://cloud.hanko.io) for a hosted backend.
    - Docker:
-     -  If you prefer to use [Docker](https://www.docker.com/) to run the project locally, please visit the [Run the quickstart](./quickstart/README.md#run-the-quickstart) for information on how to run the project. This will create everything including frontend and backend components. 
+     -  If you prefer to use [Docker](https://www.docker.com/) to run the project locally, please visit the [Run the quickstart](./quickstart/README.md#run-the-quickstart) for information on how to run the project. This will create everything, including frontend and backend components. 
         -  If you wish to keep only the backend components, you can modify the [quickstart.yaml](./deploy/docker-compose/quickstart.yaml) to remove the unnecessary services. To make changes to the configuration to meet your needs, modify [config.yaml](./deploy/docker-compose/config.yaml).
 3. Then, integrate [hanko-elements](/frontend/elements/README.md) – we provide [example applications](frontend/examples/README.md) and [guides](https://docs.hanko.io/guides/frontend) for your favourite frontend framework in the official documentation
 4. if you have an [enterprise license](/backend/ee) or use [Hanko Cloud](https://cloud.hanko.io) you can also integrate [SAML SSO](/docs). Feel free to use [this guide](https://docs.hanko.io/guides/frontend) to start with SAML SSO
 
-If you want to use the Hanko backend API but prefer to build your own UI, you can still make use of the [hanko-frontend-sdk](/frontend/frontend-sdk/README.md). It forms the basis of our web components and the client it provides handles communication with the [Hanko backend API](https://docs.hanko.io/api-reference/introduction) and saves you the time of rolling your own.
+If you want to use the Hanko backend API but prefer to build your own UI, you can still make use of the [hanko-frontend-sdk](/frontend/frontend-sdk/README.md). It forms the basis of our web components, and the client it provides handles communication with the [Hanko backend API](https://docs.hanko.io/api-reference/introduction) and saves you the time of rolling your own.
 
 # Contact us
 Schedule a Hanko demo. Learn how Hanko will speed up your registration and login flows with passkeys.
 
 <a target="_blank" href="https://cal.com/team/hanko/demo"><img alt="Book us with Cal.com"  src="https://cal.com/book-with-cal-light.svg" /></a>
 
-
 # Roadmap
 We are currently in **Beta** and may introduce breaking changes. Watch our releases, leave a star, join our [Discord community](https://www.hanko.io/community), or sign up to our [product news](https://www.hanko.io/updates) to follow the development. Here's a brief overview of our roadmap:
 
@@ -86,27 +85,34 @@ We are currently in **Beta** and may introduce breaking changes. Watch our relea
 |✅| i18n & custom translations |
 |✅| User import |
 |✅| Disable sign-ups |
-|⚙️| Enterprise SSO (OIDC/SAML) |
+|✅| User export |
+|✅| Enterprise SSO (SAML) |
 |⚙️| API-supported auth flows |
-|⚙️| Mobile SDKs |
-|⚙️| Basic email templating & i8n |
+|⚙️| Passkey-only and OAuth-only configurations |
+|⚙️| Username support (non-email) |
 | | 2FA for securing passcodes & passwords |
+| | Email templating & i18n |
 | | Webhooks |
 | | Refresh tokens / sessions |
+| | `<hanko-menu>` avatar / menu web component |
+| | 📢 Hanko 1.0 Release |
+| | Mobile SDKs |
 | | Sign in with Microsoft |
 | | OIDC support |
 
+
 Additional features that have been requested or that we would like to build but are currently not on the roadmap:
+- Custom user data / fields
 - Privileged sessions & step-up authentication
-- Bot protection / Captcha
+- Bot protection / CAPTCHA
 - SMS passcode delivery
 
 # Community
 ## Questions, bugs, ideas
 If you have any questions or issues, please check this project's [Q&A section in discussions](https://github.com/teamhanko/hanko/discussions/categories/q-a) and the [open issues](https://github.com/teamhanko/hanko/issues). Feel free to comment on existing issues or create a new issue if you encounter any bugs or have a feature request. For yet unanswered questions, feedback, or new ideas, please open a new discussion.
 
 ## Discord community & X
-We invite you to join our growing [Discord community](https://www.hanko.io/community) if you want to get the latest updates on passkeys, WebAuthn, and this project, or if you just want to chat with us. You can also [follow us on Twitter](https://x.com/hanko_io).
+We invite you to join our growing [Discord community](https://www.hanko.io/community) if you want to get the latest updates on passkeys, WebAuthn, and this project or if you just want to chat with us. You can also [follow us on Twitter](https://x.com/hanko_io).
 
 <p align="center">
     <a href="https://www.hanko.io/community">

backend/.goreleaser.yaml

@@ -0,0 +1,24 @@
+before:
+  hooks:
+    - go mod tidy
+    - go generate ./...
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+
+archives:
+  - format: tar.gz
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    format_overrides:
+    - goos: windows
+      format: zip

backend/README.md

@@ -51,7 +51,7 @@ To get the Hanko backend up and running you need to:
 5. [Configure JSON Web Key Set generation](#configure-json-web-key-set-generation)
 6. [Configure WebAuthn](#configure-webauthn)
 7. [Configure CORS](#configure-cors)
-8. [Start the backend](#run-the-backend)
+8. [Start the backend](#start-the-backend)
 
 ### Run a database
 
@@ -327,12 +327,14 @@ endpoints). These can be started separately or in a single command.
 docker run --mount type=bind,source=<PATH-TO-CONFIG-FILE>,target=/config/config.yaml -p 8000:8000 -it ghcr.io/teamhanko/hanko:latest serve public
 ```
 
-> **Note** The `<PATH-TO-CONFIG-FILE>` must be an absolute path to your config file created above.
+##### Using pre-built binaries
 
-The service is now available at `localhost:8000`.
+Each [GitHub release](https://github.com/teamhanko/hanko/releases) (> 0.9.0) has `hanko`'s binary assets uploaded to it. Alternatively you can use
+a tool like [eget](https://github.com/zyedidia/eget) to install binaries from releases on GitHub:
 
-`8000` is the default port for the public API. It can be [customized](./docs/Config.md) in the configuration through
-the `server.public.address` option.
+```bash
+eget teamhanko/hanko
+```
 
 ##### From source
 
@@ -346,6 +348,11 @@ Then run:
 ./hanko serve public --config <PATH-TO-CONFIG-FILE>
 ```
 
+> **Note** The `<PATH-TO-CONFIG-FILE>` must be an absolute path to your config file created above.
+
+`8000` is the default port for the public API. It can be [customized](./docs/Config.md) in the configuration through
+the `server.public.address` option.
+
 The service is now available at `localhost:8000`.
 
 #### Start the admin API

backend/go.mod

@@ -3,7 +3,7 @@ module github.com/teamhanko/hanko/backend
 go 1.20
 
 require (
-	github.com/brianvoe/gofakeit/v6 v6.23.2
+	github.com/brianvoe/gofakeit/v6 v6.24.0
 	github.com/fatih/structs v1.1.0
 	github.com/go-playground/validator/v10 v10.15.5
 	github.com/go-sql-driver/mysql v1.7.1
@@ -15,6 +15,7 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/gomodule/redigo v1.8.9
+	github.com/google/uuid v1.4.0
 	github.com/h2non/gock v1.2.0
 	github.com/invopop/jsonschema v0.12.0
 	github.com/jackc/pgconn v1.14.1
@@ -23,13 +24,14 @@ require (
 	github.com/labstack/echo-contrib v0.15.0
 	github.com/labstack/echo-jwt/v4 v4.2.0
 	github.com/labstack/echo/v4 v4.11.2
-	github.com/lestrrat-go/jwx/v2 v2.0.14
+	github.com/lestrrat-go/jwx/v2 v2.0.15
 	github.com/lib/pq v1.10.9
-	github.com/mocktools/go-smtp-mock/v2 v2.1.0
-	github.com/nicksnyder/go-i18n/v2 v2.2.1
+	github.com/nicksnyder/go-i18n/v2 v2.2.2
 	github.com/ory/dockertest/v3 v3.10.0
 	github.com/pkg/errors v0.9.1
 	github.com/rs/zerolog v1.31.0
+	github.com/russellhaering/gosaml2 v0.9.1
+	github.com/russellhaering/goxmldsig v1.4.0
 	github.com/sethvargo/go-limiter v0.7.2
 	github.com/sethvargo/go-redisstore v0.3.0
 	github.com/spf13/cobra v1.7.0
@@ -87,7 +89,6 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-tpm v0.9.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
@@ -105,7 +106,6 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	github.com/labstack/gommon v0.4.0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
@@ -139,8 +139,6 @@ require (
 	github.com/prometheus/common v0.40.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rogpeppe/go-internal v1.10.0 // indirect
-	github.com/russellhaering/gosaml2 v0.9.1 // indirect
-	github.com/russellhaering/goxmldsig v1.3.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect