release: 0.51.1

refactor: fix type errors
fix: allow LDAP users to update their locale
2025-12-17 02:32:59 +03:00 · 2025-05-03 23:42:47 +02:00 · 2025-05-03 23:42:17 +02:00 · 2025-05-03 23:32:56 +02:00 · 2025-05-03 23:25:22 +02:00 · 2025-05-03 22:53:55 +02:00
25 changed files with 6017 additions and 5628 deletions
--- a/.version
+++ b/.version
@@ -1 +1 @@
-0.51.0
+0.51.1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
 ## [](https://github.com/pocket-id/pocket-id/compare/v0.51.0...v) (2025-05-03)
 ### Bug Fixes
 * allow LDAP users to update their locale ([0b9cbf4](https://github.com/pocket-id/pocket-id/commit/0b9cbf47e36a332cfd854aa92e761264fb3e4795))
 * last name still showing as required on account form ([#492](https://github.com/pocket-id/pocket-id/issues/492)) ([cf3fe0b](https://github.com/pocket-id/pocket-id/commit/cf3fe0be84f6365f5d4eb08c1b47905962a48a0d))
 * non admin users weren't able to call the end session endpoint ([6bd6cef](https://github.com/pocket-id/pocket-id/commit/6bd6cefaa6dc571a319a6a1c2b2facc2404eadd3))
 ## [](https://github.com/pocket-id/pocket-id/compare/v0.50.0...v) (2025-04-28)
--- a/backend/cmd/main.go
+++ b/backend/cmd/main.go
@@ -1,6 +1,8 @@
 package main
 import (
 	"log"
 	"github.com/pocket-id/pocket-id/backend/internal/bootstrap"
 )
@@ -9,5 +11,8 @@ import (
 // @description.markdown
 func main() {
-	bootstrap.Bootstrap()
+	err := bootstrap.Bootstrap()
 	if err != nil {
 		log.Fatal(err.Error())
 	}
 }
--- a/backend/internal/bootstrap/bootstrap.go
+++ b/backend/internal/bootstrap/bootstrap.go
@@ -2,25 +2,69 @@ package bootstrap
 import (
 	"context"
 	"fmt"
 	"log"
 	"time"
 	_ "github.com/golang-migrate/migrate/v4/source/file"
-	"github.com/pocket-id/pocket-id/backend/internal/service"
+	"github.com/pocket-id/pocket-id/backend/internal/job"
 	"github.com/pocket-id/pocket-id/backend/internal/utils"
 	"github.com/pocket-id/pocket-id/backend/internal/utils/signals"
 )
-func Bootstrap() {
+func Bootstrap() error {
 	// Get a context that is canceled when the application is stopping
 	ctx := signals.SignalContext(context.Background())
 	initApplicationImages()
 	// Perform migrations for changes
 	migrateConfigDBConnstring()
 	db := newDatabase()
 	appConfigService := service.NewAppConfigService(ctx, db)
 	migrateKey()
-	initRouter(ctx, db, appConfigService)
+	// Connect to the database
 	db := newDatabase()
 	// Create all services
 	svc, err := initServices(ctx, db)
 	if err != nil {
 		return fmt.Errorf("failed to initialize services: %w", err)
 	}
 	// Init the job scheduler
 	scheduler, err := job.NewScheduler()
 	if err != nil {
 		return fmt.Errorf("failed to create job scheduler: %w", err)
 	}
 	err = registerScheduledJobs(ctx, db, svc, scheduler)
 	if err != nil {
 		return fmt.Errorf("failed to register scheduled jobs: %w", err)
 	}
 	// Init the router
 	router := initRouter(db, svc)
 	// Run all background serivces
 	// This call blocks until the context is canceled
 	err = utils.
 		NewServiceRunner(router, scheduler.Run).
 		Run(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to run services: %w", err)
 	}
 	// Invoke all shutdown functions
 	// We give these a timeout of 5s
 	shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer shutdownCancel()
 	err = utils.
 		// TODO: Add shutdown services here
 		NewServiceRunner().
 		Run(shutdownCtx)
 	if err != nil {
 		log.Printf("Error shutting down services: %v", err)
 	}
 	return nil
 }
--- a/backend/internal/bootstrap/e2etest_router_bootstrap.go
+++ b/backend/internal/bootstrap/e2etest_router_bootstrap.go
@@ -12,9 +12,9 @@ import (
 // When building for E2E tests, add the e2etest controller
 func init() {
-	registerTestControllers = []func(apiGroup *gin.RouterGroup, db *gorm.DB, appConfigService *service.AppConfigService, jwtService *service.JwtService){
+	registerTestControllers = []func(apiGroup *gin.RouterGroup, db *gorm.DB, svc *services){
-		func(apiGroup *gin.RouterGroup, db *gorm.DB, appConfigService *service.AppConfigService, jwtService *service.JwtService) {
+		func(apiGroup *gin.RouterGroup, db *gorm.DB, svc *services) {
-			testService := service.NewTestService(db, appConfigService, jwtService)
+			testService := service.NewTestService(db, svc.appConfigService, svc.jwtService)
 			controller.NewTestController(apiGroup, testService)
 		},
 	}
--- a/backend/internal/bootstrap/router_bootstrap.go
+++ b/backend/internal/bootstrap/router_bootstrap.go
@@ -9,27 +9,28 @@ import (
 	"time"
 	"github.com/gin-gonic/gin"
 	"github.com/pocket-id/pocket-id/backend/internal/common"
 	"github.com/pocket-id/pocket-id/backend/internal/controller"
 	"github.com/pocket-id/pocket-id/backend/internal/job"
 	"github.com/pocket-id/pocket-id/backend/internal/middleware"
 	"github.com/pocket-id/pocket-id/backend/internal/service"
 	"github.com/pocket-id/pocket-id/backend/internal/utils/systemd"
 	"golang.org/x/time/rate"
 	"gorm.io/gorm"
 	"github.com/pocket-id/pocket-id/backend/internal/common"
 	"github.com/pocket-id/pocket-id/backend/internal/controller"
 	"github.com/pocket-id/pocket-id/backend/internal/middleware"
 	"github.com/pocket-id/pocket-id/backend/internal/utils"
 	"github.com/pocket-id/pocket-id/backend/internal/utils/systemd"
 )
 // This is used to register additional controllers for tests
-var registerTestControllers []func(apiGroup *gin.RouterGroup, db *gorm.DB, appConfigService *service.AppConfigService, jwtService *service.JwtService)
+var registerTestControllers []func(apiGroup *gin.RouterGroup, db *gorm.DB, svc *services)
-func initRouter(ctx context.Context, db *gorm.DB, appConfigService *service.AppConfigService) {
+func initRouter(db *gorm.DB, svc *services) utils.Service {
-	err := initRouterInternal(ctx, db, appConfigService)
+	runner, err := initRouterInternal(db, svc)
 	if err != nil {
 		log.Fatalf("failed to init router: %v", err)
 	}
 	return runner
 }
-func initRouterInternal(ctx context.Context, db *gorm.DB, appConfigService *service.AppConfigService) error {
+func initRouterInternal(db *gorm.DB, svc *services) (utils.Service, error) {
 	// Set the appropriate Gin mode based on the environment
 	switch common.EnvConfig.AppEnv {
 	case "production":
@@ -43,23 +44,6 @@ func initRouterInternal(ctx context.Context, db *gorm.DB, appConfigService *serv
 	r := gin.Default()
 	r.Use(gin.Logger())
 	// Initialize services
 	emailService, err := service.NewEmailService(appConfigService, db)
 	if err != nil {
 		return fmt.Errorf("unable to create email service: %w", err)
 	}
 	geoLiteService := service.NewGeoLiteService(ctx)
 	auditLogService := service.NewAuditLogService(db, appConfigService, emailService, geoLiteService)
 	jwtService := service.NewJwtService(appConfigService)
 	webauthnService := service.NewWebAuthnService(db, jwtService, auditLogService, appConfigService)
 	userService := service.NewUserService(db, jwtService, auditLogService, emailService, appConfigService)
 	customClaimService := service.NewCustomClaimService(db)
 	oidcService := service.NewOidcService(db, jwtService, appConfigService, auditLogService, customClaimService)
 	userGroupService := service.NewUserGroupService(db, appConfigService)
 	ldapService := service.NewLdapService(db, appConfigService, userService, userGroupService)
 	apiKeyService := service.NewApiKeyService(db, emailService)
 	rateLimitMiddleware := middleware.NewRateLimitMiddleware()
 	// Setup global middleware
@@ -67,56 +51,31 @@ func initRouterInternal(ctx context.Context, db *gorm.DB, appConfigService *serv
 	r.Use(middleware.NewErrorHandlerMiddleware().Add())
 	r.Use(rateLimitMiddleware.Add(rate.Every(time.Second), 60))
 	scheduler, err := job.NewScheduler()
 	if err != nil {
 		return fmt.Errorf("failed to create job scheduler: %w", err)
 	}
 	err = scheduler.RegisterLdapJobs(ctx, ldapService, appConfigService)
 	if err != nil {
 		return fmt.Errorf("failed to register LDAP jobs in scheduler: %w", err)
 	}
 	err = scheduler.RegisterDbCleanupJobs(ctx, db)
 	if err != nil {
 		return fmt.Errorf("failed to register DB cleanup jobs in scheduler: %w", err)
 	}
 	err = scheduler.RegisterFileCleanupJobs(ctx, db)
 	if err != nil {
 		return fmt.Errorf("failed to register file cleanup jobs in scheduler: %w", err)
 	}
 	err = scheduler.RegisterApiKeyExpiryJob(ctx, apiKeyService, appConfigService)
 	if err != nil {
 		return fmt.Errorf("failed to register API key expiration jobs in scheduler: %w", err)
 	}
 	// Run the scheduler in a background goroutine, until the context is canceled
 	go scheduler.Run(ctx)
 	// Initialize middleware for specific routes
-	authMiddleware := middleware.NewAuthMiddleware(apiKeyService, userService, jwtService)
+	authMiddleware := middleware.NewAuthMiddleware(svc.apiKeyService, svc.userService, svc.jwtService)
 	fileSizeLimitMiddleware := middleware.NewFileSizeLimitMiddleware()
 	// Set up API routes
 	apiGroup := r.Group("/api")
-	controller.NewApiKeyController(apiGroup, authMiddleware, apiKeyService)
+	controller.NewApiKeyController(apiGroup, authMiddleware, svc.apiKeyService)
-	controller.NewWebauthnController(apiGroup, authMiddleware, middleware.NewRateLimitMiddleware(), webauthnService, appConfigService)
+	controller.NewWebauthnController(apiGroup, authMiddleware, middleware.NewRateLimitMiddleware(), svc.webauthnService, svc.appConfigService)
-	controller.NewOidcController(apiGroup, authMiddleware, fileSizeLimitMiddleware, oidcService, jwtService)
+	controller.NewOidcController(apiGroup, authMiddleware, fileSizeLimitMiddleware, svc.oidcService, svc.jwtService)
-	controller.NewUserController(apiGroup, authMiddleware, middleware.NewRateLimitMiddleware(), userService, appConfigService)
+	controller.NewUserController(apiGroup, authMiddleware, middleware.NewRateLimitMiddleware(), svc.userService, svc.appConfigService)
-	controller.NewAppConfigController(apiGroup, authMiddleware, appConfigService, emailService, ldapService)
+	controller.NewAppConfigController(apiGroup, authMiddleware, svc.appConfigService, svc.emailService, svc.ldapService)
-	controller.NewAuditLogController(apiGroup, auditLogService, authMiddleware)
+	controller.NewAuditLogController(apiGroup, svc.auditLogService, authMiddleware)
-	controller.NewUserGroupController(apiGroup, authMiddleware, userGroupService)
+	controller.NewUserGroupController(apiGroup, authMiddleware, svc.userGroupService)
-	controller.NewCustomClaimController(apiGroup, authMiddleware, customClaimService)
+	controller.NewCustomClaimController(apiGroup, authMiddleware, svc.customClaimService)
 	// Add test controller in non-production environments
 	if common.EnvConfig.AppEnv != "production" {
 		for _, f := range registerTestControllers {
-			f(apiGroup, db, appConfigService, jwtService)
+			f(apiGroup, db, svc)
 		}
 	}
 	// Set up base routes
 	baseGroup := r.Group("/")
-	controller.NewWellKnownController(baseGroup, jwtService)
+	controller.NewWellKnownController(baseGroup, svc.jwtService)
 	// Set up the server
 	srv := &http.Server{
@@ -129,41 +88,46 @@ func initRouterInternal(ctx context.Context, db *gorm.DB, appConfigService *serv
 	// Set up the listener
 	listener, err := net.Listen("tcp", srv.Addr)
 	if err != nil {
-		return fmt.Errorf("failed to create TCP listener: %w", err)
+		return nil, fmt.Errorf("failed to create TCP listener: %w", err)
 	}
-	log.Printf("Server listening on %s", srv.Addr)
+	// Service runner function
 	runFn := func(ctx context.Context) error {
 		log.Printf("Server listening on %s", srv.Addr)
-	// Notify systemd that we are ready
+		// Start the server in a background goroutine
-	err = systemd.SdNotifyReady()
+		go func() {
-	if err != nil {
+			defer listener.Close()
 		log.Printf("[WARN] Unable to notify systemd that the service is ready: %v", err)
 		// continue to serve anyway since it's not that important
 	}
-	// Start the server in a background goroutine
+			// Next call blocks until the server is shut down
-	go func() {
+			srvErr := srv.Serve(listener)
-		defer listener.Close()
+			if srvErr != http.ErrServerClosed {
 				log.Fatalf("Error starting app server: %v", srvErr)
 			}
 		}()
-		// Next call blocks until the server is shut down
+		// Notify systemd that we are ready
-		srvErr := srv.Serve(listener)
+		err = systemd.SdNotifyReady()
-		if srvErr != http.ErrServerClosed {
+		if err != nil {
-			log.Fatalf("Error starting app server: %v", srvErr)
+			// Log the error only
 			log.Printf("[WARN] Unable to notify systemd that the service is ready: %v", err)
 		}
 	}()
-	// Block until the context is canceled
+		// Block until the context is canceled
-	<-ctx.Done()
+		<-ctx.Done()
-	// Handle graceful shutdown
+		// Handle graceful shutdown
-	// Note we use the background context here as ctx has been canceled already
+		// Note we use the background context here as ctx has been canceled already
-	shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second)
+		shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second)
-	shutdownErr := srv.Shutdown(shutdownCtx) //nolint:contextcheck
+		shutdownErr := srv.Shutdown(shutdownCtx) //nolint:contextcheck
-	shutdownCancel()
+		shutdownCancel()
-	if shutdownErr != nil {
+		if shutdownErr != nil {
-		// Log the error only (could be context canceled)
+			// Log the error only (could be context canceled)
-		log.Printf("[WARN] App server shutdown error: %v", shutdownErr)
+			log.Printf("[WARN] App server shutdown error: %v", shutdownErr)
 		}
 		return nil
 	}
-	return nil
+	return runFn, nil
 }
--- a/backend/internal/bootstrap/scheduler_bootstrap.go
+++ b/backend/internal/bootstrap/scheduler_bootstrap.go
@@ -0,0 +1,35 @@
 package bootstrap
 import (
 	"context"
 	"fmt"
 	"gorm.io/gorm"
 	"github.com/pocket-id/pocket-id/backend/internal/job"
 )
 func registerScheduledJobs(ctx context.Context, db *gorm.DB, svc *services, scheduler *job.Scheduler) error {
 	err := scheduler.RegisterLdapJobs(ctx, svc.ldapService, svc.appConfigService)
 	if err != nil {
 		return fmt.Errorf("failed to register LDAP jobs in scheduler: %w", err)
 	}
 	err = scheduler.RegisterGeoLiteUpdateJobs(ctx, svc.geoLiteService)
 	if err != nil {
 		return fmt.Errorf("failed to register GeoLite DB update service: %w", err)
 	}
 	err = scheduler.RegisterDbCleanupJobs(ctx, db)
 	if err != nil {
 		return fmt.Errorf("failed to register DB cleanup jobs in scheduler: %w", err)
 	}
 	err = scheduler.RegisterFileCleanupJobs(ctx, db)
 	if err != nil {
 		return fmt.Errorf("failed to register file cleanup jobs in scheduler: %w", err)
 	}
 	err = scheduler.RegisterApiKeyExpiryJob(ctx, svc.apiKeyService, svc.appConfigService)
 	if err != nil {
 		return fmt.Errorf("failed to register API key expiration jobs in scheduler: %w", err)
 	}
 	return nil
 }
--- a/backend/internal/bootstrap/services_bootstrap.go
+++ b/backend/internal/bootstrap/services_bootstrap.go
@@ -0,0 +1,51 @@
 package bootstrap
 import (
 	"context"
 	"fmt"
 	"gorm.io/gorm"
 	"github.com/pocket-id/pocket-id/backend/internal/service"
 )
 type services struct {
 	appConfigService   *service.AppConfigService
 	emailService       *service.EmailService
 	geoLiteService     *service.GeoLiteService
 	auditLogService    *service.AuditLogService
 	jwtService         *service.JwtService
 	webauthnService    *service.WebAuthnService
 	userService        *service.UserService
 	customClaimService *service.CustomClaimService
 	oidcService        *service.OidcService
 	userGroupService   *service.UserGroupService
 	ldapService        *service.LdapService
 	apiKeyService      *service.ApiKeyService
 }
 // Initializes all services
 // The context should be used by services only for initialization, and not for running
 func initServices(initCtx context.Context, db *gorm.DB) (svc *services, err error) {
 	svc = &services{}
 	svc.appConfigService = service.NewAppConfigService(initCtx, db)
 	svc.emailService, err = service.NewEmailService(db, svc.appConfigService)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create email service: %w", err)
 	}
 	svc.geoLiteService = service.NewGeoLiteService()
 	svc.auditLogService = service.NewAuditLogService(db, svc.appConfigService, svc.emailService, svc.geoLiteService)
 	svc.jwtService = service.NewJwtService(svc.appConfigService)
 	svc.userService = service.NewUserService(db, svc.jwtService, svc.auditLogService, svc.emailService, svc.appConfigService)
 	svc.customClaimService = service.NewCustomClaimService(db)
 	svc.oidcService = service.NewOidcService(db, svc.jwtService, svc.appConfigService, svc.auditLogService, svc.customClaimService)
 	svc.userGroupService = service.NewUserGroupService(db, svc.appConfigService)
 	svc.ldapService = service.NewLdapService(db, svc.appConfigService, svc.userService, svc.userGroupService)
 	svc.apiKeyService = service.NewApiKeyService(db, svc.emailService)
 	svc.webauthnService = service.NewWebAuthnService(db, svc.jwtService, svc.auditLogService, svc.appConfigService)
 	return svc, nil
 }
--- a/backend/internal/controller/oidc_controller.go
+++ b/backend/internal/controller/oidc_controller.go
@@ -30,8 +30,8 @@ func NewOidcController(group *gin.RouterGroup, authMiddleware *middleware.AuthMi
 	group.POST("/oidc/token", oc.createTokensHandler)
 	group.GET("/oidc/userinfo", oc.userInfoHandler)
 	group.POST("/oidc/userinfo", oc.userInfoHandler)
-	group.POST("/oidc/end-session", authMiddleware.WithSuccessOptional().Add(), oc.EndSessionHandler)
+	group.POST("/oidc/end-session", authMiddleware.WithAdminNotRequired().WithSuccessOptional().Add(), oc.EndSessionHandler)
-	group.GET("/oidc/end-session", authMiddleware.WithSuccessOptional().Add(), oc.EndSessionHandler)
+	group.GET("/oidc/end-session", authMiddleware.WithAdminNotRequired().WithSuccessOptional().Add(), oc.EndSessionHandler)
 	group.POST("/oidc/introspect", oc.introspectTokenHandler)
 	group.GET("/oidc/clients", authMiddleware.Add(), oc.listClientsHandler)
--- a/backend/internal/job/geoloite_update_job.go
+++ b/backend/internal/job/geoloite_update_job.go
@@ -0,0 +1,45 @@
 package job
 import (
 	"context"
 	"log"
 	"time"
 	"github.com/pocket-id/pocket-id/backend/internal/service"
 )
 type GeoLiteUpdateJobs struct {
 	geoLiteService *service.GeoLiteService
 }
 func (s *Scheduler) RegisterGeoLiteUpdateJobs(ctx context.Context, geoLiteService *service.GeoLiteService) error {
 	// Check if the service needs periodic updating
 	if geoLiteService.DisableUpdater() {
 		// Nothing to do
 		return nil
 	}
 	jobs := &GeoLiteUpdateJobs{geoLiteService: geoLiteService}
 	// Register the job to run every day, at 5 minutes past midnight
 	err := s.registerJob(ctx, "UpdateGeoLiteDB", "5 * */1 * *", jobs.updateGoeLiteDB)
 	if err != nil {
 		return err
 	}
 	// Run the job immediately on startup, with a 1s delay
 	go func() {
 		time.Sleep(time.Second)
 		err = jobs.updateGoeLiteDB(ctx)
 		if err != nil {
 			// Log the error only, but don't return it
 			log.Printf("Failed to Update GeoLite database: %v", err)
 		}
 	}()
 	return nil
 }
 func (j *GeoLiteUpdateJobs) updateGoeLiteDB(ctx context.Context) error {
 	return j.geoLiteService.UpdateDatabase(ctx)
 }
--- a/backend/internal/job/scheduler.go
+++ b/backend/internal/job/scheduler.go
@@ -26,7 +26,7 @@ func NewScheduler() (*Scheduler, error) {
 // Run the scheduler.
 // This function blocks until the context is canceled.
-func (s *Scheduler) Run(ctx context.Context) {
+func (s *Scheduler) Run(ctx context.Context) error {
 	log.Println("Starting job scheduler")
 	s.scheduler.Start()
@@ -39,6 +39,8 @@ func (s *Scheduler) Run(ctx context.Context) {
 	} else {
 		log.Println("Job scheduler shut down")
 	}
 	return nil
 }
 func (s *Scheduler) registerJob(ctx context.Context, name string, interval string, job func(ctx context.Context) error) error {
--- a/backend/internal/service/app_config_service.go
+++ b/backend/internal/service/app_config_service.go
@@ -26,12 +26,12 @@ type AppConfigService struct {
 	db       *gorm.DB
 }
-func NewAppConfigService(ctx context.Context, db *gorm.DB) *AppConfigService {
+func NewAppConfigService(initCtx context.Context, db *gorm.DB) *AppConfigService {
 	service := &AppConfigService{
 		db: db,
 	}
-	err := service.LoadDbConfig(ctx)
+	err := service.LoadDbConfig(initCtx)
 	if err != nil {
 		log.Fatalf("Failed to initialize app config service: %v", err)
 	}
--- a/backend/internal/service/email_service.go
+++ b/backend/internal/service/email_service.go
@@ -33,7 +33,7 @@ type EmailService struct {
 	textTemplates    map[string]*ttemplate.Template
 }
-func NewEmailService(appConfigService *AppConfigService, db *gorm.DB) (*EmailService, error) {
+func NewEmailService(db *gorm.DB, appConfigService *AppConfigService) (*EmailService, error) {
 	htmlTemplates, err := email.PrepareHTMLTemplates(emailTemplatesPaths)
 	if err != nil {
 		return nil, fmt.Errorf("prepare html templates: %w", err)
--- a/backend/internal/service/geolite_service.go
+++ b/backend/internal/service/geolite_service.go
@@ -23,7 +23,7 @@ import (
 type GeoLiteService struct {
 	disableUpdater bool
-	mutex          sync.Mutex
+	mutex          sync.RWMutex
 }
 var localhostIPNets = []*net.IPNet{
@@ -42,25 +42,22 @@ var tailscaleIPNets = []*net.IPNet{
 }
 // NewGeoLiteService initializes a new GeoLiteService instance and starts a goroutine to update the GeoLite2 City database.
-func NewGeoLiteService(ctx context.Context) *GeoLiteService {
+func NewGeoLiteService() *GeoLiteService {
 	service := &GeoLiteService{}
 	if common.EnvConfig.MaxMindLicenseKey == "" && common.EnvConfig.GeoLiteDBUrl == common.MaxMindGeoLiteCityUrl {
-		// Warn the user, and disable the updater.
+		// Warn the user, and disable the periodic updater
 		log.Println("MAXMIND_LICENSE_KEY environment variable is empty. The GeoLite2 City database won't be updated.")
 		service.disableUpdater = true
 	}
 	go func() {
 		err := service.updateDatabase(ctx)
 		if err != nil {
 			log.Printf("Failed to update GeoLite2 City database: %v", err)
 		}
 	}()
 	return service
 }
 func (s *GeoLiteService) DisableUpdater() bool {
 	return s.disableUpdater
 }
 // GetLocationByIP returns the country and city of the given IP address.
 func (s *GeoLiteService) GetLocationByIP(ipAddress string) (country, city string, err error) {
 	// Check the IP address against known private IP ranges
@@ -83,8 +80,8 @@ func (s *GeoLiteService) GetLocationByIP(ipAddress string) (country, city string
 	}
 	// Race condition between reading and writing the database.
-	s.mutex.Lock()
+	s.mutex.RLock()
-	defer s.mutex.Unlock()
+	defer s.mutex.RUnlock()
 	db, err := maxminddb.Open(common.EnvConfig.GeoLiteDBPath)
 	if err != nil {
@@ -92,7 +89,10 @@ func (s *GeoLiteService) GetLocationByIP(ipAddress string) (country, city string
 	}
 	defer db.Close()
-	addr := netip.MustParseAddr(ipAddress)
+	addr, err := netip.ParseAddr(ipAddress)
 	if err != nil {
 		return "", "", fmt.Errorf("failed to parse IP address: %w", err)
 	}
 	var record struct {
 		City struct {
@@ -112,18 +112,13 @@ func (s *GeoLiteService) GetLocationByIP(ipAddress string) (country, city string
 }
 // UpdateDatabase checks the age of the database and updates it if it's older than 14 days.
-func (s *GeoLiteService) updateDatabase(parentCtx context.Context) error {
+func (s *GeoLiteService) UpdateDatabase(parentCtx context.Context) error {
 	if s.disableUpdater {
 		// Avoid updating the GeoLite2 City database.
 		return nil
 	}
 	if s.isDatabaseUpToDate() {
-		log.Println("GeoLite2 City database is up-to-date.")
+		log.Println("GeoLite2 City database is up-to-date")
 		return nil
 	}
-	log.Println("Updating GeoLite2 City database...")
+	log.Println("Updating GeoLite2 City database")
 	downloadUrl := fmt.Sprintf(common.EnvConfig.GeoLiteDBUrl, common.EnvConfig.MaxMindLicenseKey)
 	ctx, cancel := context.WithTimeout(parentCtx, 10*time.Minute)
@@ -145,7 +140,8 @@ func (s *GeoLiteService) updateDatabase(parentCtx context.Context) error {
 	}
 	// Extract the database file directly to the target path
-	if err := s.extractDatabase(resp.Body); err != nil {
+	err = s.extractDatabase(resp.Body)
 	if err != nil {
 		return fmt.Errorf("failed to extract database: %w", err)
 	}
@@ -179,10 +175,9 @@ func (s *GeoLiteService) extractDatabase(reader io.Reader) error {
 	// Iterate over the files in the tar archive
 	for {
 		header, err := tarReader.Next()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			break
-		}
+		} else if err != nil {
 		if err != nil {
 			return fmt.Errorf("failed to read tar archive: %w", err)
 		}
--- a/backend/internal/service/user_service.go
+++ b/backend/internal/service/user_service.go
@@ -262,13 +262,13 @@ func (s *UserService) createUserInternal(ctx context.Context, input dto.UserCrea
 	return user, nil
 }
-func (s *UserService) UpdateUser(ctx context.Context, userID string, updatedUser dto.UserCreateDto, updateOwnUser bool, allowLdapUpdate bool) (model.User, error) {
+func (s *UserService) UpdateUser(ctx context.Context, userID string, updatedUser dto.UserCreateDto, updateOwnUser bool, isLdapSync bool) (model.User, error) {
 	tx := s.db.Begin()
 	defer func() {
 		tx.Rollback()
 	}()
-	user, err := s.updateUserInternal(ctx, userID, updatedUser, updateOwnUser, allowLdapUpdate, tx)
+	user, err := s.updateUserInternal(ctx, userID, updatedUser, updateOwnUser, isLdapSync, tx)
 	if err != nil {
 		return model.User{}, err
 	}
@@ -292,19 +292,23 @@ func (s *UserService) updateUserInternal(ctx context.Context, userID string, upd
 		return model.User{}, err
 	}
-	// Disallow updating the user if it is an LDAP group and LDAP is enabled
+	// Check if this is an LDAP user and LDAP is enabled
-	if !isLdapSync && user.LdapID != nil && s.appConfigService.GetDbConfig().LdapEnabled.IsTrue() {
+	isLdapUser := user.LdapID != nil && s.appConfigService.GetDbConfig().LdapEnabled.IsTrue()
 		return model.User{}, &common.LdapUserUpdateError{}
 	}
-	user.FirstName = updatedUser.FirstName
+	// For LDAP users, only allow updating the locale unless it's an LDAP sync
-	user.LastName = updatedUser.LastName
+	if !isLdapSync && isLdapUser {
-	user.Email = updatedUser.Email
+		// Only update the locale for LDAP users
-	user.Username = updatedUser.Username
+		user.Locale = updatedUser.Locale
-	user.Locale = updatedUser.Locale
+	} else {
-	if !updateOwnUser {
+		user.FirstName = updatedUser.FirstName
-		user.IsAdmin = updatedUser.IsAdmin
+		user.LastName = updatedUser.LastName
-		user.Disabled = updatedUser.Disabled
+		user.Email = updatedUser.Email
 		user.Username = updatedUser.Username
 		user.Locale = updatedUser.Locale
 		if !updateOwnUser {
 			user.IsAdmin = updatedUser.IsAdmin
 			user.Disabled = updatedUser.Disabled
 		}
 	}
 	err = tx.
--- a/backend/internal/utils/servicerunner.go
+++ b/backend/internal/utils/servicerunner.go
@@ -0,0 +1,58 @@
 package utils
 import (
 	"context"
 	"errors"
 )
 // Source:
 // https://github.com/ItalyPaleAle/traefik-forward-auth/blob/v3.5.1/pkg/utils/servicerunner.go
 // Copyright (c) 2018, Thom Seddon & Contributors Copyright (c) 2023, Alessandro Segala & Contributors
 // License: MIT (https://github.com/ItalyPaleAle/traefik-forward-auth/blob/v3.5.1/LICENSE.md)
 // Service is a background service
 type Service func(ctx context.Context) error
 // ServiceRunner oversees a number of services running in background
 type ServiceRunner struct {
 	services []Service
 }
 // NewServiceRunner creates a new ServiceRunner
 func NewServiceRunner(services ...Service) *ServiceRunner {
 	return &ServiceRunner{
 		services: services,
 	}
 }
 // Run all background services
 func (r *ServiceRunner) Run(ctx context.Context) error {
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 	errCh := make(chan error)
 	for _, service := range r.services {
 		go func(service Service) {
 			// Run the service
 			rErr := service(ctx)
 			// Ignore context canceled errors here as they generally indicate that the service is stopping
 			if rErr != nil && !errors.Is(rErr, context.Canceled) {
 				errCh <- rErr
 				return
 			}
 			errCh <- nil
 		}(service)
 	}
 	// Wait for all services to return
 	errs := make([]error, 0)
 	for range len(r.services) {
 		err := <-errCh
 		if err != nil {
 			errs = append(errs, err)
 		}
 	}
 	return errors.Join(errs...)
 }
--- a/backend/internal/utils/servicerunner_test.go
+++ b/backend/internal/utils/servicerunner_test.go
@@ -0,0 +1,125 @@
 package utils
 import (
 	"context"
 	"errors"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/require"
 )
 // Source:
 // https://github.com/ItalyPaleAle/traefik-forward-auth/blob/v3.5.1/pkg/utils/servicerunner.go
 // Copyright (c) 2018, Thom Seddon & Contributors Copyright (c) 2023, Alessandro Segala & Contributors
 // License: MIT (https://github.com/ItalyPaleAle/traefik-forward-auth/blob/v3.5.1/LICENSE.md)
 func TestServiceRunner_Run(t *testing.T) {
 	t.Run("successful services", func(t *testing.T) {
 		// Create a service that just returns no error after 0.2s
 		successService := func(ctx context.Context) error {
 			time.Sleep(200 * time.Millisecond)
 			return nil
 		}
 		// Create a service runner with two success services
 		runner := NewServiceRunner(successService, successService)
 		// Run the services with a timeout to avoid hanging if something goes wrong
 		ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second)
 		defer cancel()
 		// Run should return nil when all services succeed
 		err := runner.Run(ctx)
 		require.NoError(t, err)
 	})
 	t.Run("service with error", func(t *testing.T) {
 		// Create a service that returns an error
 		expectedErr := errors.New("service failed")
 		errorService := func(ctx context.Context) error {
 			return expectedErr
 		}
 		// Create a service runner with one error service and one success service
 		successService := func(ctx context.Context) error {
 			time.Sleep(200 * time.Millisecond)
 			return nil
 		}
 		runner := NewServiceRunner(errorService, successService)
 		// Run the services with a timeout
 		ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second)
 		defer cancel()
 		// Run should return the error
 		err := runner.Run(ctx)
 		require.Error(t, err)
 		// The error should contain our expected error
 		require.ErrorIs(t, err, expectedErr)
 	})
 	t.Run("context canceled", func(t *testing.T) {
 		// Create a service that waits until context is canceled
 		waitingService := func(ctx context.Context) error {
 			<-ctx.Done()
 			return ctx.Err()
 		}
 		// Create another service that returns no error quickly
 		quickService := func(ctx context.Context) error {
 			return nil
 		}
 		runner := NewServiceRunner(waitingService, quickService)
 		// Create a context that we can cancel
 		ctx, cancel := context.WithCancel(t.Context())
 		// Run the runner in a goroutine
 		errCh := make(chan error)
 		go func() {
 			errCh <- runner.Run(ctx)
 		}()
 		// Cancel the context to trigger service shutdown
 		cancel()
 		// Wait for the runner to finish with a timeout
 		select {
 		case err := <-errCh:
 			require.NoError(t, err, "expected nil error (context.Canceled should be ignored)")
 		case <-time.After(5 * time.Second):
 			t.Fatal("test timed out waiting for runner to finish")
 		}
 	})
 	t.Run("multiple errors", func(t *testing.T) {
 		// Create two services that return different errors
 		err1 := errors.New("error 1")
 		err2 := errors.New("error 2")
 		service1 := func(ctx context.Context) error {
 			return err1
 		}
 		service2 := func(ctx context.Context) error {
 			return err2
 		}
 		runner := NewServiceRunner(service1, service2)
 		// Run the services
 		ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second)
 		defer cancel()
 		// Run should join all errors
 		err := runner.Run(ctx)
 		require.Error(t, err)
 		// Check that both errors are included
 		require.ErrorIs(t, err, err1)
 		require.ErrorIs(t, err, err2)
 	})
 }
--- a/frontend/messages/it-IT.json
+++ b/frontend/messages/it-IT.json
@@ -93,7 +93,7 @@
 	"application_configuration": "Configurazione dell'applicazione",
 	"settings": "Impostazioni",
 	"update_pocket_id": "Aggiorna Pocket ID",
-	"powered_by": "Alimentato da",
+	"powered_by": "Powered by",
 	"see_your_account_activities_from_the_last_3_months": "Visualizza le attività del tuo account degli ultimi 3 mesi.",
 	"time": "Ora",
 	"event": "Evento",
--- a/frontend/messages/ru-RU.json
+++ b/frontend/messages/ru-RU.json
@@ -343,8 +343,8 @@
 	"callback_url_description": "URL-адреса, предоставленные клиентом. Поддерживаются wildcard-адреса (*), но лучше всего избегать их для лучшей безопасности.",
 	"api_key_expiration": "Истечение срока действия API ключа",
 	"send_an_email_to_the_user_when_their_api_key_is_about_to_expire": "Отправлять пользователю письмо, когда истечет срок действия API ключа.",
-	"authorize_device": "Authorize Device",
+	"authorize_device": "Авторизовать устройство",
-	"the_device_has_been_authorized": "The device has been authorized.",
+	"the_device_has_been_authorized": "Устройство авторизовано.",
-	"enter_code_displayed_in_previous_step": "Enter the code that was displayed in the previous step.",
+	"enter_code_displayed_in_previous_step": "Введите код, который был отображен на предыдущем шаге.",
 	"authorize": "Авторизируйте"
 }
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pocket-id-frontend",
-  "version": "0.51.0",
+  "version": "0.51.1",
  "private": true,
  "type": "module",
  "scripts": {
@@ -57,6 +57,6 @@
    "tslib": "^2.8.1",
    "typescript": "^5.7.3",
    "typescript-eslint": "^8.21.0",
-    "vite": "^6.2.6"
+    "vite": "^6.3.4"
  }
 }
--- a/frontend/src/lib/components/form/form-input.svelte
+++ b/frontend/src/lib/components/form/form-input.svelte
@@ -17,7 +17,7 @@
 		onInput,
 		...restProps
 	}: HTMLAttributes<HTMLDivElement> & {
-		input?: FormInput<string | boolean | number | Date>;
+		input?: FormInput<string | boolean | number | Date | undefined>;
 		label?: string;
 		description?: string;
 		placeholder?: string;
--- a/frontend/src/routes/settings/account/account-form.svelte
+++ b/frontend/src/routes/settings/account/account-form.svelte
@@ -7,7 +7,6 @@
 	import type { UserCreate } from '$lib/types/user.type';
 	import { axiosErrorToast } from '$lib/utils/error-util';
 	import { createForm } from '$lib/utils/form-util';
 	import { BookUser } from 'lucide-svelte';
 	import { toast } from 'svelte-sonner';
 	import { z } from 'zod';
@@ -29,7 +28,7 @@
 	const formSchema = z.object({
 		firstName: z.string().min(1).max(50),
-		lastName: z.string().min(1).max(50),
+		lastName: z.string().max(50).optional(),
 		username: z
 			.string()
 			.min(2)
--- a/frontend/src/routes/settings/admin/users/[id]/+page.svelte
+++ b/frontend/src/routes/settings/admin/users/[id]/+page.svelte
@@ -6,6 +6,7 @@
 	import { Button } from '$lib/components/ui/button';
 	import * as Card from '$lib/components/ui/card';
 	import UserGroupSelection from '$lib/components/user-group-selection.svelte';
 	import { m } from '$lib/paraglide/messages';
 	import CustomClaimService from '$lib/services/custom-claim-service';
 	import UserService from '$lib/services/user-service';
 	import appConfigStore from '$lib/stores/application-configuration-store';
@@ -14,7 +15,6 @@
 	import { LucideChevronLeft } from 'lucide-svelte';
 	import { toast } from 'svelte-sonner';
 	import UserForm from '../user-form.svelte';
 	import { m } from '$lib/paraglide/messages';
 	let { data } = $props();
 	let user = $state({
@@ -75,7 +75,7 @@
 	<title
 		>{m.user_details_firstname_lastname({
 			firstName: user.firstName,
-			lastName: user.lastName
+			lastName: user.lastName ?? ''
 		})}</title
 	>
 </svelte:head>
--- a/frontend/src/routes/settings/admin/users/user-list.svelte
+++ b/frontend/src/routes/settings/admin/users/user-list.svelte
@@ -34,7 +34,7 @@
 	async function deleteUser(user: User) {
 		openConfirmDialog({
-			title: m.delete_firstname_lastname({ firstName: user.firstName, lastName: user.lastName }),
+			title: m.delete_firstname_lastname({ firstName: user.firstName, lastName: user.lastName ?? "" }),
 			message: m.are_you_sure_you_want_to_delete_this_user(),
 			confirm: {
 				label: m.delete(),
@@ -67,7 +67,7 @@
 	async function disableUser(user: User) {
 		openConfirmDialog({
-			title: m.disable_firstname_lastname({ firstName: user.firstName, lastName: user.lastName }),
+			title: m.disable_firstname_lastname({ firstName: user.firstName, lastName: user.lastName ?? "" }),
 			message: m.are_you_sure_you_want_to_disable_this_user(),
 			confirm: {
 				label: m.disable(),
Author	SHA1	Message	Date
Elias Schneider	dbacdb5bf0	release: 0.51.1	2025-05-03 23:42:47 +02:00
Elias Schneider	f4c6cff461	refactor: fix type errors	2025-05-03 23:42:17 +02:00
Elias Schneider	0b9cbf47e3	fix: allow LDAP users to update their locale	2025-05-03 23:32:56 +02:00
Alessandro (Ale) Segala	bda178c2bb	refactor: complete graceful shutdown implementation and add service runner (#493 )	2025-05-03 23:25:22 +02:00
Elias Schneider	6bd6cefaa6	fix: non admin users weren't able to call the end session endpoint	2025-05-03 22:53:55 +02:00
dependabot[bot]	83be1e0b49	chore(deps-dev): bump vite from 6.2.6 to 6.3.4 in /frontend in the npm_and_yarn group across 1 directory (#496 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-30 14:53:30 -05:00
Kyle Mendell	cf3fe0be84	fix: last name still showing as required on account form (#492 ) Co-authored-by: Kyle Mendell <kmendell@ofkm.us>	2025-04-29 20:24:16 +02:00
Elias Schneider	ec76e1c111	chore(translations): update translations via Crowdin (#491 )	2025-04-29 00:04:12 -05:00