From 9218b87f789b3fb0b1092a62825617a6a250d68e Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Wed, 8 Jun 2022 18:46:35 +0300
Subject: [PATCH] nginx-sso: use buildGoModule

---
 pkgs/servers/nginx-sso/default.nix | 19 ++++++++++++-------
 pkgs/servers/nginx-sso/rune.patch  | 13 +++++++++++++
 2 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 pkgs/servers/nginx-sso/rune.patch

diff --git a/pkgs/servers/nginx-sso/default.nix b/pkgs/servers/nginx-sso/default.nix
index 572f4d94e72b..56aa8205c5d1 100644
--- a/pkgs/servers/nginx-sso/default.nix
+++ b/pkgs/servers/nginx-sso/default.nix
@@ -1,19 +1,24 @@
-{ buildGoPackage, fetchFromGitHub, lib, nixosTests }:
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, nixosTests
+}:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "nginx-sso";
   version = "0.25.0";
-  rev = "v${version}";
-
-  goPackagePath = "github.com/Luzifer/nginx-sso";
 
   src = fetchFromGitHub {
-    inherit rev;
     owner = "Luzifer";
     repo = "nginx-sso";
-    sha256 = "0z5h92rpr1rcfk11ggsb9w4ipg93fcb9byll7vl4c0mfcqkpm2dr";
+    rev = "v${version}";
+    sha256 = "sha256-uYl6J2auAkboPpT6lRZzI70bCU9LvxfCdCyHfLNIsHw=";
   };
 
+  vendorSha256 = null;
+
+  patches = [ ./rune.patch ];
+
   postInstall = ''
     mkdir -p $out/share
     cp -R $src/frontend $out/share
diff --git a/pkgs/servers/nginx-sso/rune.patch b/pkgs/servers/nginx-sso/rune.patch
new file mode 100644
index 000000000000..5e5480787dec
--- /dev/null
+++ b/pkgs/servers/nginx-sso/rune.patch
@@ -0,0 +1,13 @@
+diff --git i/main.go w/main.go
+index bf80f3d..632f7d6 100644
+--- i/main.go
++++ w/main.go
+@@ -174,7 +174,7 @@ func handleAuthRequest(res http.ResponseWriter, r *http.Request) {
+ 	case plugins.ErrNoValidUserFound:
+ 		// No valid user found, check whether special anonymous "user" has access
+ 		// Username is set to 0x0 character to prevent accidental whitelist-match
+-		if mainCfg.ACL.HasAccess(string(0x0), nil, r) {
++		if mainCfg.ACL.HasAccess(string(rune(0x0)), nil, r) {
+ 			mainCfg.AuditLog.Log(auditEventValidate, r, map[string]string{"result": "anonymous access granted"}) // #nosec G104 - This is only logging
+ 			res.WriteHeader(http.StatusOK)
+ 			return