From 689d330a75deab166327119b0c2de932e5bb27cb Mon Sep 17 00:00:00 2001
From: NLX-SeokHwanKong <seokhwan.kong@netlox.io>
Date: Thu, 13 Feb 2025 11:16:15 +0900
Subject: [PATCH 1/5] update oauth login logic

---
 api/restapi/configure_loxilb_rest_api.go | 12 ++---
 api/restapi/handler/auth.go              |  5 ++
 api/restapi/handler/oauth2.go            | 18 +++++--
 common/common.go                         |  4 ++
 go.mod                                   |  6 ++-
 go.sum                                   |  8 +++-
 pkg/loxinet/apiclient.go                 | 10 ++++
 pkg/loxinet/loxinet.go                   | 60 ++++++++++++++----------
 pkg/user/oauth_user.go                   | 58 +++++++++++++++++++++++
 9 files changed, 140 insertions(+), 41 deletions(-)
 create mode 100644 pkg/user/oauth_user.go

diff --git a/api/restapi/configure_loxilb_rest_api.go b/api/restapi/configure_loxilb_rest_api.go
index aff5a398..693ff928 100644
--- a/api/restapi/configure_loxilb_rest_api.go
+++ b/api/restapi/configure_loxilb_rest_api.go
@@ -227,13 +227,13 @@ func configureAPI(api *operations.LoxilbRestAPIAPI) http.Handler {
 		api.UsersPostAuthUsersHandler = users.PostAuthUsersHandlerFunc(handler.UsersPostUsers)
 		api.UsersDeleteAuthUsersIDHandler = users.DeleteAuthUsersIDHandlerFunc(handler.UsersDeleteUsers)
 		api.UsersPutAuthUsersIDHandler = users.PutAuthUsersIDHandlerFunc(handler.UsersPutUsers)
+	}
 
-		if opts.Opts.Oauth2Enable {
-			// OAuth2 API
-			handler.InitOAuthConfigs()
-			api.AuthGetOauthProviderHandler = auth.GetOauthProviderHandlerFunc(handler.AuthGetOauthProvider)
-			api.AuthGetOauthProviderCallbackHandler = auth.GetOauthProviderCallbackHandlerFunc(handler.AuthGetOauthProviderCallback)
-		}
+	if opts.Opts.Oauth2Enable {
+		// OAuth2 API
+		handler.InitOAuthConfigs()
+		api.AuthGetOauthProviderHandler = auth.GetOauthProviderHandlerFunc(handler.AuthGetOauthProvider)
+		api.AuthGetOauthProviderCallbackHandler = auth.GetOauthProviderCallbackHandlerFunc(handler.AuthGetOauthProviderCallback)
 	}
 
 	api.PreServerShutdown = func() {}
diff --git a/api/restapi/handler/auth.go b/api/restapi/handler/auth.go
index b5f4e591..04e4a162 100644
--- a/api/restapi/handler/auth.go
+++ b/api/restapi/handler/auth.go
@@ -41,7 +41,11 @@ import (
 //   - error: an error if the token is invalid or parsing fails.
 func BearerAuthAuth(tokenString string) (interface{}, error) {
 	if opts.Opts.UserServiceEnable {
+		// User DB based valaidation
 		return ApiHooks.NetUserValidate(tokenString)
+	} else if opts.Opts.Oauth2Enable {
+		// OAuth2 based validation
+		return ApiHooks.NetOauthUserValidate(tokenString)
 	} else {
 		return true, nil
 	}
@@ -78,6 +82,7 @@ func AuthPostLogout(params auth.PostAuthLogoutParams, principal interface{}) mid
 // Authorized function to handle authorization logic
 // requests are authorized based on the role of the user
 func Authorized() runtime.Authorizer {
+	// TODO: Add more roles and permissions logic for oauth users
 	if opts.Opts.UserServiceEnable {
 		return runtime.AuthorizerFunc(func(param *http.Request, principal interface{}) error {
 			permitInfo := principal.(string)
diff --git a/api/restapi/handler/oauth2.go b/api/restapi/handler/oauth2.go
index b33fb89d..65866b09 100644
--- a/api/restapi/handler/oauth2.go
+++ b/api/restapi/handler/oauth2.go
@@ -186,6 +186,8 @@ func AuthGetOauthProvider(params auth.GetOauthProviderParams) middleware.Respond
 // AuthGetOauthProviderCallback function
 // This function is used to get the OAuth provider callback
 func AuthGetOauthProviderCallback(params auth.GetOauthProviderCallbackParams) middleware.Responder {
+	var response models.OauthLoginResponse
+
 	provider := params.Provider
 	oauthConfig, exists := OAuthConfigs[provider]
 	if !exists {
@@ -259,9 +261,15 @@ func AuthGetOauthProviderCallback(params auth.GetOauthProviderCallbackParams) mi
 		}
 	}
 
-	tk.LogIt(tk.LogTrace, "User logged in email: %s, name: %s ", email, oauthName)
-	return auth.NewGetOauthProviderCallbackOK().WithPayload(&models.OauthLoginResponse{
-		ID:    oauthID,
-		Token: token.AccessToken,
-	})
+	tk.LogIt(tk.LogTrace, "Oauth User logged in email: %s, name: %s ", email, oauthName)
+	loginToken, valid, err := ApiHooks.NetOauthUserLogin(email, token.AccessToken)
+
+	if err != nil {
+		return &ResultResponse{Result: err.Error()}
+	}
+	if valid {
+		response.Token = loginToken
+		response.ID = oauthID
+	}
+	return auth.NewGetOauthProviderCallbackOK().WithPayload(&response)
 }
diff --git a/common/common.go b/common/common.go
index 5cb8d7f4..18c8e2e5 100644
--- a/common/common.go
+++ b/common/common.go
@@ -1126,5 +1126,9 @@ type NetHookInterface interface {
 	NetUserLogout(token string) error
 	NetUserValidate(token string) (interface{}, error)
 
+	// OAuth2
+	NetOauthUserLogin(usern_name, token string) (string, bool, error)
+	NetOauthUserValidate(token string) (interface{}, error)
+
 	NetHandlePanic()
 }
diff --git a/go.mod b/go.mod
index f87d240a..92a4101a 100644
--- a/go.mod
+++ b/go.mod
@@ -25,6 +25,7 @@ require (
 	github.com/vishvananda/netlink v1.2.1-beta.2
 	golang.org/x/crypto v0.31.0
 	golang.org/x/net v0.33.0
+	golang.org/x/oauth2 v0.10.0
 	golang.org/x/sys v0.28.0
 	google.golang.org/grpc v1.56.3
 	google.golang.org/protobuf v1.33.0
@@ -34,6 +35,8 @@ require (
 )
 
 require (
+	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
@@ -68,10 +71,10 @@ require (
 	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/oauth2 v0.10.0 // indirect
 	golang.org/x/term v0.27.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
@@ -99,6 +102,5 @@ require (
 	go.mongodb.org/mongo-driver v1.11.6 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 085dbf43..d96b2e6c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,7 @@
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -362,8 +366,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
 google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
 google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
diff --git a/pkg/loxinet/apiclient.go b/pkg/loxinet/apiclient.go
index d903c6df..e4a17e2f 100644
--- a/pkg/loxinet/apiclient.go
+++ b/pkg/loxinet/apiclient.go
@@ -810,6 +810,16 @@ func (na *NetAPIStruct) NetUserValidate(token string) (interface{}, error) {
 	return mh.UserService.ValidateToken(token)
 }
 
+// NetOauthUserLogin - User Log in loxilb using OAuth
+func (na *NetAPIStruct) NetOauthUserLogin(user_email, token string) (string, bool, error) {
+	return mh.OauthUserService.Login(user_email, token)
+}
+
+// NetOauthUserValidate - Validate a user in loxilb using OAuth
+func (na *NetAPIStruct) NetOauthUserValidate(token string) (interface{}, error) {
+	return mh.OauthUserService.ValidateToken(token)
+}
+
 // NetUserLogin - Validate a user in loxilb
 func (na *NetAPIStruct) NetUserLogout(tokenString string) error {
 	return mh.UserService.Logout(tokenString)
diff --git a/pkg/loxinet/loxinet.go b/pkg/loxinet/loxinet.go
index 39af422c..5432556c 100644
--- a/pkg/loxinet/loxinet.go
+++ b/pkg/loxinet/loxinet.go
@@ -60,32 +60,33 @@ const (
 )
 
 type loxiNetH struct {
-	dpEbpf      *DpEbpfH
-	dp          *DpH
-	zn          *ZoneH
-	zr          *Zone
-	mtx         sync.RWMutex
-	ticker      *time.Ticker
-	tDone       chan bool
-	sigCh       chan os.Signal
-	wg          sync.WaitGroup
-	bgp         *GoBgpH
-	sumDis      bool
-	pProbe      bool
-	has         *CIStateH
-	logger      *tk.Logger
-	ready       bool
-	self        int
-	rssEn       bool
-	eHooks      bool
-	lSockPolicy bool
-	sockMapEn   bool
-	cloudLabel  string
-	cloudHook   CloudHookInterface
-	cloudInst   string
-	disBPF      bool
-	pFile       *os.File
-	UserService *user.UserService
+	dpEbpf           *DpEbpfH
+	dp               *DpH
+	zn               *ZoneH
+	zr               *Zone
+	mtx              sync.RWMutex
+	ticker           *time.Ticker
+	tDone            chan bool
+	sigCh            chan os.Signal
+	wg               sync.WaitGroup
+	bgp              *GoBgpH
+	sumDis           bool
+	pProbe           bool
+	has              *CIStateH
+	logger           *tk.Logger
+	ready            bool
+	self             int
+	rssEn            bool
+	eHooks           bool
+	lSockPolicy      bool
+	sockMapEn        bool
+	cloudLabel       string
+	cloudHook        CloudHookInterface
+	cloudInst        string
+	disBPF           bool
+	pFile            *os.File
+	UserService      *user.UserService
+	OauthUserService *user.OauthUserService
 }
 
 // NodeWalker - an implementation of node walker interface
@@ -366,12 +367,19 @@ func loxiNetInit() {
 		// Spawn CI maintenance application
 		mh.has.CISpawn()
 	}
+
 	// Initialize the user service subsystem
 	if opts.Opts.UserServiceEnable {
 		tk.LogIt(tk.LogInfo, "User service enabled\n")
 		mh.UserService = user.NewUserService()
 	}
 
+	// Initialize the Oauth user service subsystem
+	if opts.Opts.Oauth2Enable {
+		tk.LogIt(tk.LogInfo, "Ouath User service enabled\n")
+		mh.OauthUserService = user.NewOauthUserService()
+	}
+
 	// Initialize the loxinet global ticker(s)
 	mh.tDone = make(chan bool)
 	mh.ticker = time.NewTicker(LoxinetTiVal * time.Second)
diff --git a/pkg/user/oauth_user.go b/pkg/user/oauth_user.go
new file mode 100644
index 00000000..08cfbb3f
--- /dev/null
+++ b/pkg/user/oauth_user.go
@@ -0,0 +1,58 @@
+package user
+
+import (
+	"errors"
+	"time"
+
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/loxilb-io/loxilb/pkg/db"
+	"github.com/patrickmn/go-cache"
+)
+
+const (
+	OauthCacheExpirationTime  = 10 // 10 minutes
+	OauthCacheCleanupInterval = 15 // 15 minutes
+)
+
+type OauthUserService struct {
+	Cache *cache.Cache
+}
+
+// NewUserService creates a new UserService instance.
+func NewOauthUserService() *OauthUserService {
+	// Initialize the in-memory cache with expiration and cleanup intervals from the config
+	c := cache.New(time.Duration(OauthCacheExpirationTime)*time.Minute, time.Duration(OauthCacheCleanupInterval)*time.Minute)
+	return &OauthUserService{Cache: c}
+}
+
+// ValidateToken validates a token using the in-memory cache and the api callback
+func (s *OauthUserService) ValidateToken(token string) (interface{}, error) {
+	// Check the cache first
+	if caches, found := s.Cache.Get(token); found {
+		return caches, nil
+	} else {
+		return nil, errors.New("token not found")
+	}
+}
+
+func (s *OauthUserService) Login(username, token string) (string, bool, error) {
+	// Save token
+	// Store token in cache
+	role := "admin"
+
+	combined := username + "|" + role
+	s.Cache.Set(token, combined, db.TokenExpirationMinutes*time.Minute)
+
+	return token, true, nil
+}
+
+// Logout deletes the token from the cache and the database.
+func (s *OauthUserService) Logout(token string) error {
+	// Remove the token from the cache
+	if _, found := s.Cache.Get(token); found {
+		s.Cache.Delete(token)
+		return nil
+	} else {
+		return errors.New("token not found")
+	}
+}

From 631c99e3bb57500275df835e83c1a6e7fe34e330 Mon Sep 17 00:00:00 2001
From: NLX-SeokHwanKong <seokhwan.kong@netlox.io>
Date: Fri, 14 Feb 2025 11:52:50 +0900
Subject: [PATCH 2/5] add validation check when enable oauth2

---
 main.go            |  6 ++++++
 options/options.go | 51 ++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 48 insertions(+), 9 deletions(-)

diff --git a/main.go b/main.go
index e214c54f..be683d0b 100644
--- a/main.go
+++ b/main.go
@@ -40,6 +40,12 @@ func main() {
 		os.Exit(1)
 	}
 
+	// Validate options
+	if err := opts.ValidateOpts(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
 	if opts.Opts.Version {
 		fmt.Printf("loxilb version: %s %s\n", common.Version, common.BuildInfo)
 		os.Exit(0)
diff --git a/options/options.go b/options/options.go
index b2aafa6b..50a74130 100644
--- a/options/options.go
+++ b/options/options.go
@@ -1,6 +1,8 @@
 package options
 
 import (
+	"fmt"
+
 	"github.com/jessevdk/go-flags"
 )
 
@@ -47,13 +49,44 @@ var Opts struct {
 	DatabaseUser         string         `long:"databaseuser" description:"Database user" default:"root"`
 	DatabasePasswordPath string         `long:"databasepasswordpath" description:"Database password" default:"/etc/loxilb/mysql_password"`
 	DatabaseName         string         `long:"databasename" description:"Database name" default:"loxilb_db"`
-	// Oauth2 Options
-	Oauth2Enable             bool   `long:"oauth2" description:"Enable user oauth2 service for loxilb"`
-	Oauth2Provider           string `long:"oauth2provider" description:"Oauth2 provider name" default:"google"`
-	Oauth2GoogleClientID     string `long:"oauth2google-clientid" description:"Oauth2 google client id"`
-	Oauth2GoogleClientSecret string `long:"oauth2google-clientsecret" description:"Oauth2 google client secret"`
-	Oauth2GoogleRedirectURL  string `long:"oauth2google-redirecturl" description:"Oauth2 google redirect url"`
-	Oauth2GithubClientID     string `long:"oauth2github-clientid" description:"Oauth2 github client id"`
-	Oauth2GithubClientSecret string `long:"oauth2github-clientsecret" description:"Oauth2 github client secret"`
-	Oauth2GithubRedirectURL  string `long:"oauth2github-redirecturl" description:"Oauth2 github redirect url"`
+
+	// Oauth2 Options as input arguemtns
+	Oauth2Enable   bool   `long:"oauth2" description:"Enable user oauth2 service for loxilb"`
+	Oauth2Provider string `long:"oauth2provider" description:"Oauth2 provider name" default:"google"`
+
+	// Oauth2 secure informations
+	Oauth2GoogleClientID     string `long:"oauth2google-clientid" description:"Oauth2 google client id" env:"OAUTH2_GOOGLE_CLIENT_ID"`
+	Oauth2GoogleClientSecret string `long:"oauth2google-clientsecret" description:"Oauth2 google client secret" env:"OAUTH2_GOOGLE_CLIENT_SECRET"`
+	Oauth2GoogleRedirectURL  string `long:"oauth2google-redirecturl" description:"Oauth2 google redirect url" env:"OAUTH2_GOOGLE_REDIRECT_URL"`
+	Oauth2GithubClientID     string `long:"oauth2github-clientid" description:"Oauth2 github client id" env:"OAUTH2_GITHUB_CLIENT_ID"`
+	Oauth2GithubClientSecret string `long:"oauth2github-clientsecret" description:"Oauth2 github client secret" env:"OAUTH2_GITHUB_CLIENT_SECRET"`
+	Oauth2GithubRedirectURL  string `long:"oauth2github-redirecturl" description:"Oauth2 github redirect url" env:"OAUTH2_GITHUB_REDIRECT_URL"`
+}
+
+// ValidateOpts checks if the required environment variables are set when Oauth2Enable is true
+func ValidateOpts() error {
+	// Check if Oauth2Enable is true
+	if Opts.Oauth2Enable {
+		// check if the oauth2provider is set to google or github
+		if Opts.Oauth2Provider != "google" && Opts.Oauth2Provider != "github" {
+			return fmt.Errorf("oauth2provider must be set to google or github")
+		}
+
+		// chech if the oauth2provider is set to google
+		if Opts.Oauth2Provider == "google" {
+			// check if the required environment variables for google oauth2 are set
+			if Opts.Oauth2GoogleClientID == "" || Opts.Oauth2GoogleClientSecret == "" || Opts.Oauth2GoogleRedirectURL == "" {
+				return fmt.Errorf("Oauth2 google client id, client secret and redirect url are required but not set")
+			}
+		}
+
+		// chech if the oauth2provider is set to github
+		if Opts.Oauth2Provider == "github" {
+			// check if the required environment variables for github oauth2 are set
+			if Opts.Oauth2GithubClientID == "" || Opts.Oauth2GithubClientSecret == "" || Opts.Oauth2GithubRedirectURL == "" {
+				return fmt.Errorf("Oauth2 github client id, client secret and redirect url are required but not set")
+			}
+		}
+	}
+	return nil
 }

From ecbad5ef44be15365853e5714cfc9b543bbba6dd Mon Sep 17 00:00:00 2001
From: NLX-SeokHwanKong <seokhwan.kong@netlox.io>
Date: Fri, 14 Feb 2025 12:08:47 +0900
Subject: [PATCH 3/5] Multiple Oauth2 supports & validation

---
 options/options.go | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/options/options.go b/options/options.go
index 50a74130..f97370e5 100644
--- a/options/options.go
+++ b/options/options.go
@@ -2,6 +2,7 @@ package options
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/jessevdk/go-flags"
 )
@@ -52,7 +53,7 @@ var Opts struct {
 
 	// Oauth2 Options as input arguemtns
 	Oauth2Enable   bool   `long:"oauth2" description:"Enable user oauth2 service for loxilb"`
-	Oauth2Provider string `long:"oauth2provider" description:"Oauth2 provider name" default:"google"`
+	Oauth2Provider string `long:"oauth2provider" description:"Oauth2 provider names, comma-separated" default:"google"`
 
 	// Oauth2 secure informations
 	Oauth2GoogleClientID     string `long:"oauth2google-clientid" description:"Oauth2 google client id" env:"OAUTH2_GOOGLE_CLIENT_ID"`
@@ -67,24 +68,22 @@ var Opts struct {
 func ValidateOpts() error {
 	// Check if Oauth2Enable is true
 	if Opts.Oauth2Enable {
-		// check if the oauth2provider is set to google or github
-		if Opts.Oauth2Provider != "google" && Opts.Oauth2Provider != "github" {
-			return fmt.Errorf("oauth2provider must be set to google or github")
-		}
-
-		// chech if the oauth2provider is set to google
-		if Opts.Oauth2Provider == "google" {
-			// check if the required environment variables for google oauth2 are set
-			if Opts.Oauth2GoogleClientID == "" || Opts.Oauth2GoogleClientSecret == "" || Opts.Oauth2GoogleRedirectURL == "" {
-				return fmt.Errorf("Oauth2 google client id, client secret and redirect url are required but not set")
-			}
-		}
+		// Split the Oauth2Provider string into a slice of providers
+		providers := strings.Split(Opts.Oauth2Provider, ",")
 
-		// chech if the oauth2provider is set to github
-		if Opts.Oauth2Provider == "github" {
-			// check if the required environment variables for github oauth2 are set
-			if Opts.Oauth2GithubClientID == "" || Opts.Oauth2GithubClientSecret == "" || Opts.Oauth2GithubRedirectURL == "" {
-				return fmt.Errorf("Oauth2 github client id, client secret and redirect url are required but not set")
+		// Iterate over each provider and validate the required environment variables
+		for _, provider := range providers {
+			switch provider {
+			case "google":
+				if Opts.Oauth2GoogleClientID == "" || Opts.Oauth2GoogleClientSecret == "" || Opts.Oauth2GoogleRedirectURL == "" {
+					return fmt.Errorf("Oauth2 google client id, client secret and redirect url are required but not set")
+				}
+			case "github":
+				if Opts.Oauth2GithubClientID == "" || Opts.Oauth2GithubClientSecret == "" || Opts.Oauth2GithubRedirectURL == "" {
+					return fmt.Errorf("Oauth2 github client id, client secret and redirect url are required but not set")
+				}
+			default:
+				return fmt.Errorf("unsupported oauth2 provider: %s", provider)
 			}
 		}
 	}

From a9a51110daa9142f36ada7e552d83c5c9655cb74 Mon Sep 17 00:00:00 2001
From: NLX-SeokHwanKong <seokhwan.kong@netlox.io>
Date: Fri, 14 Feb 2025 14:58:05 +0900
Subject: [PATCH 4/5] fix mis configuration in cici common file

---
 cicd/common.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cicd/common.sh b/cicd/common.sh
index 16e0157c..580deb87 100644
--- a/cicd/common.sh
+++ b/cicd/common.sh
@@ -14,9 +14,9 @@ hexist="$vrn$hn"
 lxdocker="ghcr.io/loxilb-io/loxilb:latest"
 hostdocker="ghcr.io/loxilb-io/nettest:latest"
 cluster_opts=""
-extra_opts="-p"
+extra_opts=""
 ka_opts=""
-docker_extra_opts="-p 11111:11111"
+docker_extra_opts=""
 #var=$(lsb_release -r | cut -f2)
 #if [[ $var == *"22.04"* ]];then
 #  lxdocker="ghcr.io/loxilb-io/loxilb:latestu22"

From 5e7e05beb6bcfed14984690b21f2b5c664d81f64 Mon Sep 17 00:00:00 2001
From: Seokhwan Kong <seokhwan.kong@netlox.io>
Date: Fri, 14 Feb 2025 19:21:19 +0900
Subject: [PATCH 5/5] formatting updates

---
 api/models/error_count_metrics.go | 6 +++---
 api/restapi/server.go             | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/models/error_count_metrics.go b/api/models/error_count_metrics.go
index 06a7c2ea..b2a2486a 100644
--- a/api/models/error_count_metrics.go
+++ b/api/models/error_count_metrics.go
@@ -20,7 +20,7 @@ import (
 type ErrorCountMetrics struct {
 
 	// total errors
-	TotalErrors float64 `json:"total_errors"`
+	TotalErrors float64 `json:"total_errors,omitempty"`
 
 	// total errors per service
 	TotalErrorsPerService []*ErrorCountMetricsTotalErrorsPerServiceItems0 `json:"total_errors_per_service"`
@@ -124,10 +124,10 @@ func (m *ErrorCountMetrics) UnmarshalBinary(b []byte) error {
 type ErrorCountMetricsTotalErrorsPerServiceItems0 struct {
 
 	// name
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 
 	// value
-	Value float64 `json:"value"`
+	Value float64 `json:"value,omitempty"`
 }
 
 // Validate validates this error count metrics total errors per service items0
diff --git a/api/restapi/server.go b/api/restapi/server.go
index 10544451..c61df9e2 100644
--- a/api/restapi/server.go
+++ b/api/restapi/server.go
@@ -3,12 +3,12 @@
 package restapi
 
 import (
-	"github.com/loxilb-io/loxilb/options"
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"github.com/loxilb-io/loxilb/options"
 	"log"
 	"net"
 	"net/http"