doc: add missing info about recreate:true

chore: tidy deps
Merge pull request 'Transformation du layer `circuitbreaker` en `authn-network`' (#22 ) from authn-network into develop
2024-05-17 17:43:04 +02:00 · 2024-05-17 17:34:55 +02:00 · 2024-05-17 17:30:19 +02:00 · 2024-05-17 17:29:26 +02:00 · 2024-05-17 15:46:57 +02:00 · 2024-05-17 15:44:28 +02:00
101 changed files with 3540 additions and 1688 deletions
--- a/3
+++ b/3
@ -1,4 +1,4 @@
-FROM reg.cadoles.com/proxy_cache/library/golang:1.21.6 AS BUILD
+FROM reg.cadoles.com/proxy_cache/library/golang:1.22.0 AS BUILD

 RUN apt-get update \
    && apt-get install -y make
@ -23,6 +23,7 @@ RUN make GORELEASER_ARGS='build --rm-dist --single-target --snapshot' goreleaser
 # Patch config
 RUN /src/dist/bouncer_linux_amd64_v1/bouncer -c '' config dump > /src/dist/bouncer_linux_amd64_v1/config.yml \
    && yq -i '.layers.queue.templateDir = "/usr/share/bouncer/layers/queue/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.layers.authn.templateDir = "/usr/share/bouncer/layers/authn/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
    && yq -i '.admin.auth.privateKey = "/etc/bouncer/admin-key.json"' /src/dist/bouncer_linux_amd64_v1/config.yml \
    && yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml \
    && yq -i '.redis.writeTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
--- a/6
+++ b/6
@ -19,7 +19,11 @@ OPENWRT_DEVICE ?= 192.168.1.1
 SIEGE_URLS_FILE ?= misc/siege/urls.txt
 SIEGE_CONCURRENCY ?= 100

-watch: tools/modd/bin/modd deps ## Watching updated files - live reload
+data/bootstrap.d/dummy.yml:
+	mkdir -p data/bootstrap.d
+	cp misc/bootstrap.d/dummy.yml data/bootstrap.d/dummy.yml
+
+watch: tools/modd/bin/modd deps data/bootstrap.d/dummy.yml ## Watching updated files - live reload
 	( set -o allexport && source .env && set +o allexport && tools/modd/bin/modd )

 .PHONY: test
--- a/doc/README.md
+++ b/doc/README.md
@ -19,6 +19,7 @@
 ### Utilisation

 - [(FR) - Ajouter un layer de type "file d'attente"](./fr/tutorials/add-queue-layer.md)
+- [(FR) - Ajouter une authentification OpenID Connect](./fr/tutorials/add-oidc-authn-layer.md)
 - [(FR) - Amorçage d'un serveur Bouncer via la configuration](./fr/tutorials/bootstrapping.md)
 - [(FR) - Intégration avec Kubernetes](./fr/tutorials/kubernetes-integration.md)

--- a/doc/fr/general-architecture.md
+++ b/doc/fr/general-architecture.md
@ -5,14 +5,16 @@
 ### Déploiement mono-noeud

 ![](../resources/deployment_fr.png)
+
 ## Terminologie

 Voici une liste des termes utilisés dans le lexique Bouncer.
+
 ### Proxy

 Un "proxy" est une entité logique définissant le relation suivante:

- Un ou plusieurs patrons de filtrage sous la forme `<host>:<port>`. Ceux ci identifient le ou les domaines associés à l'entité;
+- Un ou plusieurs patrons de filtrage sous la forme d'un patron d'URL avec le caractère `*` comme caractère générique. Ceux ci identifient le ou les domaines/chemins associés à l'entité;
 - Une URL cible qui servira de base pour la réécriture des requêtes.

 Un "proxy" peut avoir zéro ou plusieurs "layers" associés.
@ -27,4 +29,4 @@ Un "layer" (calque) est une entité logique définissant un traitement à appliq

 Un "layer" peut être activé ou désactivé.

-Un "layer" a un poids qui définit son niveau de priorité dans la pile de traitement (plus son poids est élevé plus il est prioritaire).
+Un "layer" a un poids qui définit son niveau de priorité dans la pile de traitement (plus son poids est élevé plus il est prioritaire).
--- a/doc/fr/references/admin_api.md
+++ b/doc/fr/references/admin_api.md
@ -147,7 +147,9 @@ Lister les proxies existants
      {
        "name": "myproxy",
        "weight": 0,
-        "enabled": false
+        "enabled": false,
+        "createdAt": "2018-12-10T13:45:00.000Z",
+        "updatedAt": "2018-12-10T13:45:00.000Z"
      }
    ]
  }
@ -179,3 +181,218 @@ Supprimer le proxy
 #### Source

 Voir [`internal/admin/proxy_route.go#deleteProxy()`](../../../internal/admin/proxy_route.go#deleteProxy)
+
+### `POST /api/v1/proxies/{proxyName}/layers`
+
+Créer un nouveau layer pour un proxy donné
+
+#### Paramètres
+
+- `{proxyName}` - Nom du proxy sur lequel créer le layer
+
+#### Exemple de corps de requête
+
+```json
+{
+  "name": "mylayer", // OBLIGATOIRE - Nom du layer
+  "type": "<layer_type>", // OBLIGATOIRE - Type du layer, voir doc/fr/references/layers
+  "options": {} // OPTIONNEL - Options associées au layer, voir doc/fr/references/layers
+}
+```
+
+#### Exemple de résultat
+
+```json
+{
+  "data": {
+    "layer": {
+      "name": "mylayer",
+      "type": "<layer_type>",
+      "enabled": false,
+      "weight": 0,
+      "options": {},
+      "createdAt": "2018-12-10T13:45:00.000Z",
+      "updatedAt": "2018-12-10T13:45:00.000Z"
+    }
+  }
+}
+```
+
+#### Source
+
+Voir [`internal/admin/layer_route.go#createLayer()`](../../../internal/admin/layer_route.go#createLayer)
+
+### `GET /api/v1/proxies/{proxyName}/layers/{layerName}`
+
+Récupérer les informations complètes sur un layer
+
+#### Paramètres
+
+- `{proxyName}` - Nom du proxy parent
+- `{layerName}` - Nom du layer
+
+#### Exemple de résultat
+
+```json
+{
+  "data": {
+    "layer": {
+      "name": "mylayer",
+      "type": "<layer_type>",
+      "enabled": false,
+      "weight": 0,
+      "options": {},
+      "createdAt": "2018-12-10T13:45:00.000Z",
+      "updatedAt": "2018-12-10T13:45:00.000Z"
+    }
+  }
+}
+```
+
+#### Source
+
+Voir [`internal/admin/layer_route.go#getLayer()`](../../../internal/admin/layer_route.go#getLayer)
+
+### `PUT /api/v1/proxies/{proxyName}/layers/{layerName}`
+
+Modifier un layer
+
+#### Paramètres
+
+- `{proxyName}` - Nom du proxy parent
+- `{layerName}` - Nom du layer
+
+#### Exemple de corps de requête
+
+```json
+{
+  "weight": 100, // OPTIONNEL - Poids à associer au layer
+  "enabled": true, // OPTIONNEL - Activer/désactiver le layer
+  "options": {} // OPTIONNEL - Modifier les options associées au layer, voir doc/fr/references/layers
+}
+```
+
+#### Exemple de résultat
+
+```json
+{
+  "data": {
+    "layer": {
+      "name": "mylayer",
+      "type": "<layer_type>",
+      "enabled": false,
+      "weight": 0,
+      "options": {},
+      "createdAt": "2018-12-10T13:45:00.000Z",
+      "updatedAt": "2018-12-10T13:45:00.000Z"
+    }
+  }
+}
+```
+
+#### Source
+
+Voir [`internal/admin/layer_route.go#updateLayer()`](../../../internal/admin/layer_route.go#updateLayer)
+
+### `GET /api/v1/proxies/{proxyName}/layers?names={name1,name2,...}`
+
+Lister les layers existants
+
+#### Paramètres
+
+- `{proxyName}` - Nom du proxy parent
+- `{names}` - Optionnel - Liste des noms de proxy à appliquer en tant que filtre
+
+#### Exemple de résultat
+
+```json
+{
+  "data": {
+    "layers": [
+      {
+        "name": "mylayer",
+        "weight": 0,
+        "enabled": false,
+        "createdAt": "2018-12-10T13:45:00.000Z",
+        "updatedAt": "2018-12-10T13:45:00.000Z"
+      }
+    ]
+  }
+}
+```
+
+#### Source
+
+Voir [`internal/admin/layer_route.go#queryLayers()`](../../../internal/admin/layer_route.go#queryLayers)
+
+## `DELETE /api/v1/proxies/{proxyName}/layers/{layerName}`
+
+Supprimer le layer
+
+#### Paramètres
+
+- `{proxyName}` - Nom du proxy parent
+- `{layerName}` - Nom du layer
+
+#### Exemple de résultat
+
+```json
+{
+  "data": {
+    "layerName": "mylayer"
+  }
+}
+```
+
+#### Source
+
+Voir [`internal/admin/layer_route.go#deleteLayer()`](../../../internal/admin/layer_route.go#deleteLayer)
+
+### `GET /api/v1/definitions/layers?types={type1,type2,...}`
+
+Lister les définitions des types de layer disponibles.
+
+#### Paramètres
+
+- `{types}` - Optionnel - Liste des types de layer à appliquer en tant que filtre
+
+#### Exemple de résultat
+
+```json
+{
+  "data": {
+    "definitions": [
+      {
+        "type": "queue",
+        "options": {
+          "type": "object",
+          "properties": {
+            "capacity": {
+              "title": "Capacité d'accueil de la file d'attente",
+              "default": 1000,
+              "type": "number",
+              "minimum": 0
+            },
+            "keepAlive": {
+              "title": "Temps de vie d'une session utilisateur sans activité",
+              "description": "Durée sous forme de chaîne de caractères. Voir https://pkg.go.dev/time#ParseDuration pour plus d'informations.",
+              "default": "1m",
+              "type": "string"
+            },
+            "matchURLs": {
+              "title": "Liste de filtrage des URLs sur lesquelles le layer est actif",
+              "description": "Par exemple, si vous souhaitez limiter votre layer à l'ensemble d'une section '`/blog`' d'un site, vous pouvez déclarer la valeur `['*/blog*']`. Les autres URLs du site ne seront pas affectées par ce layer.",
+              "default": ["*"],
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          },
+          "additionalProperties": false
+        }
+      }
+    ]
+  }
+}
+```
--- a/doc/fr/references/layers/README.md
+++ b/doc/fr/references/layers/README.md
@ -2,5 +2,5 @@

 Vous trouverez ci-dessous la liste des entités "Layer" activables sur vos entité "Proxy":

+- [Authn (`authn-*`)](./authn/README.md) - Authentification des accès (SSO)
 - [Queue](./queue.md) - File d'attente dynamique
- [Circuit Breaker](./circuitbreaker.md) - Coupure d'accès à un site ou une sous section de celui ci
--- a/doc/fr/references/layers/authn/README.md
+++ b/doc/fr/references/layers/authn/README.md
@ -0,0 +1,62 @@
+# Les layers `authn-*`
+
+Les layers `authn-*` permettent d'activer différents modes d'authentification au sein d'un proxy Bouncer.
+
+Les informations liées à l'utilisateur authentifié sont ensuite injectables dans les entêtes HTTP de la requête permettant ainsi une authentification unique("SSO") basée sur les entêtes HTTP ("Trusted headers SSO").
+
+## Layers
+
+- [`authn-oidc`](./oidc.md) - Authentification OpenID Connect
+- [`authn-network`](./network.md) - Authentification par origine d'accès réseau
+
+## Schéma des options
+
+En plus de leurs options spécifiques tous les layers `authn-*` partagent un certain nombre d'options communes.
+
+Voir le [schéma](../../../../../internal/proxy/director/layer/authn/layer-options.json).
+
+## Règles d'injection d'entêtes
+
+L'option `headers.rules` permet de définir une liste de règles utilisant un DSL définissant de manière dynamique quels entêtes seront injectés dans la requête transitant par le layer.
+
+La liste des instructions est exécutée séquentiellement.
+
+Bouncer utilise le projet [`expr`](https://expr-lang.org/) comme DSL. En plus des fonctionnalités natives du langage, Bouncer ajoute un certain nombre de fonctions spécifiques à son contexte.
+
+Le comportement des règles par défaut est le suivant:
+
+1. L'ensemble des entêtes HTTP correspondant au patron `Remote-*` sont supprimés ;
+2. L'identifiant de l'utilisateur identifié (`user.subject`) est exporté sous la forme de l'entête HTTP `Remote-User` ;
+3. L'ensemble des attributs de l'utilisateur identifié (`user.attrs`) sont exportés sous la forme `Remote-User-Attr-<name>` où `<name>` est le nom de l'attribut en minuscule, avec les `_` transformés en `-`.
+
+### Fonctions
+
+#### `set_header(name string, value string)`
+
+Définir la valeur d'une entête HTTP via son nom `name` et sa valeur `value`.
+
+#### `del_headers(pattern string)`
+
+Supprimer un ou plusieurs entêtes HTTP dont le nom correspond au patron `pattern`.
+
+Le patron est défini par une chaîne comprenant un ou plusieurs caractères `*`, signifiant un ou plusieurs caractères arbitraires.
+
+### Environnement
+
+Les règles ont accès aux variables suivantes pendant leur exécution.
+
+#### `user`
+
+L'utilisateur identifié par le layer.
+
+```json
+{
+  // Identifiant de l'utilisateur, tel que récupéré par le layer
+  "subject": "<string>",
+  // Table associative des attributs associés à l'utilisateur
+  // La liste de ces attributs dépend du layer d'authentification
+  "attrs": {
+    "key": "<value>"
+  }
+}
+```
--- a/doc/fr/references/layers/authn/network.md
+++ b/doc/fr/references/layers/authn/network.md
@ -0,0 +1,50 @@
+# Layer `authn-network`
+
+## Description
+
+Ce layer permet d'ajouter une authentification par origine réseau au service distant.
+
+## Type
+
+`authn-network`
+
+## Schéma des options
+
+Les options disponibles pour le layer sont décrites via un [schéma JSON](https://json-schema.org/specification). Elles sont documentées dans le [schéma visible ici](../../../../../internal/proxy/director/layer/authn/network/layer-options.json).
+
+En plus de ces options spécifiques le layer peut également être configuré via [les options communes aux layers `authn-*`](../../../../../internal/proxy/director/layer/authn/layer-options.json).
+
+## Objet `user` et attributs
+
+L'objet `user` exposé au moteur de règles sera construit de la manière suivante:
+
+- `user.subject` sera initialisé avec le couple `<remote_address>:<remote_port>` ;
+- `user.attrs` sera vide.
+
+## Métriques
+
+Les [métriques Prometheus](../../metrics.md) suivantes sont exposées par ce layer.
+
+### `bouncer_layer_authn_network_forbidden_total{layer=<layerName>,proxy=<proxyName>}`
+
+- **Type:** `counter`
+- **Description**: Nombre total de tentatives d'accès bloquées
+- **Exemple**
+
+  ```
+  # HELP bouncer_layer_authn_network_forbidden_total Bouncer's authn-network layer total forbbiden accesses
+  # TYPE bouncer_layer_authn_network_forbidden_total counter
+  bouncer_layer_authn_network_forbidden_total{layer="network",proxy="dummy"} 1
+  ```
+
+### `bouncer_layer_authn_network_authorized_total{layer=<layerName>,proxy=<proxyName>}`
+
+- **Type:** `counter`
+- **Description**: Nombre total de tentatives d'accès autorisées
+- **Exemple**
+
+  ```
+  # HELP bouncer_layer_authn_network_authorized_total Bouncer's authn-network layer total authorized accesses
+  # TYPE bouncer_layer_authn_network_authorized_total counter
+  bouncer_layer_authn_network_authorized_total{layer="network",proxy="dummy"} 2
+  ```
--- a/doc/fr/references/layers/authn/oidc.md
+++ b/doc/fr/references/layers/authn/oidc.md
@ -0,0 +1,72 @@
+# Layer `authn-oidc`
+
+## Description
+
+Ce layer permet d'ajouter une authentification OpenID Connect au service distant.
+
+Voir le tutoriel ["Ajouter une authentification OpenID Connect"](../../../tutorials/add-oidc-authn-layer.md) pour plus d'informations quant à son utilisation.
+
+## Type
+
+`authn-oidc`
+
+## Schéma des options
+
+Les options disponibles pour le layer sont décrites via un [schéma JSON](https://json-schema.org/specification). Elles sont documentées dans le [schéma visible ici](../../../../../internal/proxy/director/layer/authn/oidc/layer-options.json).
+
+En plus de ces options spécifiques le layer peut également être configuré via [les options communes aux layers `authn-*`](../../../../../internal/proxy/director/layer/authn/layer-options.json).
+
+## Objet `user` et attributs
+
+L'objet `user` exposé au moteur de règles sera construit de la manière suivante:
+
+- `user.subject` sera initialisé avec la valeur du [claim](https://openid.net/specs/openid-connect-core-1_0.html#Claims) `sub` extrait de l'`idToken` récupéré lors de l'authentification ;
+- `user.attrs` comportera les propriétés suivantes:
+
+  - L'ensemble des `claims` provenant de l'`idToken` seront transposés en `claim_<name>` (ex: `idToken.iss` sera transposé en `user.attrs.claim_iss`) ;
+  - `user.attrs.access_token`: le jeton d'accès associé à l'authentification ;
+  - `user.attrs.refresh_token`: le jeton de rafraîchissement associé à l'authentification (si disponible, en fonction des `scopes` demandés par le client) ;
+  - `user.attrs.token_expiry`: Horodatage Unix (en secondes) associé à la date d'expiration du jeton d'accès ;
+  - `user.attrs.logout_url`: URL de déconnexion pour la suppression de la session Bouncer.
+
+    **Attention** Cette URL ne permet dans la plupart des cas que de supprimer la session côté Bouncer. La suppression de la session côté fournisseur d'identité est conditionné à la présence ou non de l'attribut [`end_session_endpoint`](https://openid.net/specs/openid-connect-session-1_0-17.html#OPMetadata) dans les données du point d'entrée de découverte de service (`.wellknown/openid-configuration`).
+
+## Métriques
+
+Les [métriques Prometheus](../../metrics.md) suivantes sont exposées par ce layer.
+
+### `bouncer_layer_authn_oidc_login_requests_total{layer=<layerName>,proxy=<proxyName>}`
+
+- **Type:** `counter`
+- **Description**: Nombre total de demandes d'authentification
+- **Exemple**
+
+  ```
+  # HELP bouncer_layer_authn_oidc_login_requests_total Bouncer's authn-oidc layer total login requests
+  # TYPE bouncer_layer_authn_oidc_login_requests_total counter
+  bouncer_layer_authn_oidc_login_requests_total{layer="my-layer",proxy="my-proxy"} 1
+  ```
+
+### `bouncer_layer_authn_oidc_login_successes_total{layer=<layerName>,proxy=<proxyName>}`
+
+- **Type:** `counter`
+- **Description**: Nombre total d'authentifications réussies
+- **Exemple**
+
+  ```
+  # HELP bouncer_layer_authn_oidc_login_successes_total Bouncer's authn-oidc layer total login successes
+  # TYPE bouncer_layer_authn_oidc_login_successes_total counter
+  bouncer_layer_authn_oidc_login_successes_total{layer="my-layer",proxy="my-proxy"} 1
+  ```
+
+### `bouncer_layer_authn_oidc_logout_total{layer=<layerName>,proxy=<proxyName>}`
+
+- **Type:** `counter`
+- **Description**: Nombre total de déconnexions
+- **Exemple**
+
+  ```
+  # HELP bouncer_layer_authn_oidc_logout_total Bouncer's authn-oidc layer total logouts
+  # TYPE bouncer_layer_authn_oidc_logout_total counter
+  bouncer_layer_authn_oidc_logout_total{layer="my-layer",proxy="my-proxy"} 1
+  ```
--- a/doc/fr/references/layers/circuitbreaker.md
+++ b/doc/fr/references/layers/circuitbreaker.md
@ -1,41 +0,0 @@
-# Layer "Circuit Breaker"
-
-## Description
-
-Ce layer permet de bloquer l'accès à un site (ou une section de celui ci) ciblé par un proxy.
-
-## Type
-
-`circuitbreaker`
-
-## Options
-
-### `authorizedCIDRs`
-
- **Type:** `[]string`
- **Valeur par défaut:** `[]`
- **Description:** Autoriser les adresses distantes contenues dans un des masques réseau (en notation ["CIDR"](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) définis à contourner la restriction d'accès.
-
-### `matchURLs`
-
- **Type:** `[]string`
- **Valeur par défaut:** `["*"]`
- **Description:** Limiter l'action du layer à cette liste de patrons d'URLs. 
-
-    Par exemple, si vous souhaitez limiter votre restriction d'accès à l'ensemble d'une section "`/blog`" d'un site, vous pouvez déclarer la valeur `["*/blog*"]`. Les autres URLs du site ne seront pas affectées par la restriction.
-
-### `templateBlock`
-
- **Type:** `string`
- **Valeur par défaut:** `"default"`
- **Description:** Bloc du template HTML pour effectuer le rendu de la page indiquant la restriction d'accès.
-
-    Voir le [fichier de configuration de référence](../../../../misc/packaging/common/config.yml), section `layers.circuitbreaker` pour voir les options permettant de personnaliser le chemin du répertoire contenant les templates.
-
-## Schéma
-
-Voir le [schéma JSON](../../../../internal/proxy/director/layer/circuitbreaker/layer-options.json).
-
-## Métriques
-
-_Aucune [métrique Prometheus](../metrics.md) n'est exportée par ce layer._
--- a/doc/fr/tutorials/add-oidc-authn-layer.md
+++ b/doc/fr/tutorials/add-oidc-authn-layer.md
@ -0,0 +1,81 @@
+# Ajouter une authentification OpenID Connect
+
+Dans ce tutoriel nous verrons comment ajouter un layer de type `oidc-authn` à un proxy pour ajouter une authentification OpenID Connect à notre service distant.
+
+## Prérequis
+
+### Création d'une application OAuth2
+
+Pour réaliser ce tutoriel nous allons utiliser la forge Cadoles comme fournisseur d'identité. Vous devrez donc créer une application OAuth2 avec votre compte Cadoles sur https://forge.cadoles.com/user/settings/applications et collecter les informations suivantes:
+
+- Identifiant du client ;
+- Secret du client.
+
+Concernant l'URL de redirection, si vous ne modifiez pas l'option `oidc.loginCallbackPath` vous devrez renseigner une URL répondant au modèle suivant:
+
+```
+<base_url>/.bouncer/authn/oidc/<proxy_name>/<layer_name>/callback
+```
+
+Où
+
+- `<base_url>` est l'URL de base d'accès à votre instance Bouncer, par exemple `http://localhost:8080` si vous avez travaillez avec une instance Bouncer locale avec la configuration par défaut ;
+- `<proxy_name>` est le nom du proxy créé dans Bouncer, dans ce tutoriel `my-proxy` ;
+- `<layer_name>` est le nom du layer créé dans Bouncer, dans ce tutoriel `my-layer`.
+
+### Démarrer le serveur `dummy` pour l'introspection des entêtes reçus
+
+Bouncer intègre un serveur de test qui permet l'introspection des entêtes HTTP reçus dans la requête. Nous allons utiliser celui ci comme service distant afin de visualiser les entêtes générés par notre layer d'authentification.
+
+Pour le lancer:
+
+```shell
+# Avec le binaire
+bouncer server dummy run
+
+# Avec Docker
+docker run -it --rm -p 8082:8082 --read-only reg.cadoles.com/cadoles/bouncer:latest bouncer server dummy run
+```
+
+Par défaut ce serveur écoute sur le port 8082. Il est possible de modifier l'adresse d'écoute via le drapeau `--address`.
+
+## Étapes
+
+1. Avec le client d'administration de Bouncer en ligne de commande, créer un nouveau proxy
+
+   ```shell
+   bouncer admin proxy create --proxy-name my-proxy --proxy-to http://localhost:8082
+   ```
+
+   Où http://localhost:8082 est l'adresse de notre serveur `dummy` de test, lancé dans les prérequis.
+
+2. Activer le proxy `my-proxy`
+
+   ```shell
+   bouncer admin proxy update --proxy-name my-proxy --proxy-enabled
+   ```
+
+3. À ce stade, vous devriez pouvoir afficher la page du serveur `dummy` en ouvrant l'URL de votre instance Bouncer, par exemple `http://localhost:8080` si vous avez travaillez avec une instance Bouncer locale avec la configuration par défaut
+
+4. Créer un layer de type `authn-oidc` pour notre nouveau proxy
+
+   ```shell
+   bouncer admin layer create --proxy-name my-proxy --layer-name my-layer --layer-type authn-oidc
+   ```
+
+5. Configurer le nouveau layer `my-layer` avec les options collectée dans les prérequis et l'activer
+
+   ```shell
+   bouncer admin layer update --proxy-name my-proxy --layer-name my-layer --layer-options '{ "oidc":{"clientId": "<clientId>", "clientSecret":"<clientSecret>", "issuerURL": "https://forge.cadoles.com/" }}' --layer-enabled
+   ```
+
+   Où:
+
+   - `<clientId>` est l'identifiant du client OIDC récupéré dans les prérequis ;
+   - `<clientSecret>` est le secret du client OIDC récupéré dans les prérequis.
+
+6. À ce stade en ouvrant l'URL de votre instance Bouncer vous devriez être redirigé vers la forge Cadoles vous demandant de vous authentifier. Une fois authentifié vous devriez arriver sur la page du serveur `dummy` avec les nouveaux entêtes liés à votre authentification (entêtes `Remote-User-*`).
+
+## Ressources
+
+- [Référence du layer `authn-oidc`](../../fr/references/layers/authn/oidc.md)
--- a/doc/fr/tutorials/bootstrapping.md
+++ b/doc/fr/tutorials/bootstrapping.md
@ -2,7 +2,7 @@

 Il est possible d'amorcer des données par défaut (i.e. des "proxies" et "layers" associés) via la configuration du serveur d'administration.

-> **Attention** Ce mécanisme de modifiera pas des proxies déjà existants dans la base de données du serveur Bouncer. Autrement dit, si un proxy est déjà pré-existant lors du démarrage du serveur Bouncer, il ne sera pas modifié.
+> **Attention** Par défaut ce mécanisme de modifiera pas des proxies déjà existants dans la base de données du serveur Bouncer. Autrement dit, si un proxy est déjà pré-existant lors du démarrage du serveur Bouncer, il ne sera pas modifié. Vous pouvez utiliser l'attribut `recreate: true` pour modifier ce comportement.

 La définition des proxies et layers par défaut s'effectue dans la section `bootstrap` du fichier de configuration. Deux possibilités pour définir les proxys à charger par défaut:

@ -35,6 +35,7 @@ bootstrap:
  proxies:
  #     my-proxy:
  #         enabled: true                       # Activer/désactiver le proxy
+  #         recreate: false                     # Forcer ou non la recréation du proxy même si celui existe
  #         from: ["*"]                         # Filtre d'origine d'activation du proxy
  #         to: "https://example.net"           # Destination du proxy
  #         weight: 0                           # Priorité du proxy
--- a/doc/fr/tutorials/create-custom-layer.md
+++ b/doc/fr/tutorials/create-custom-layer.md
@ -5,7 +5,9 @@ Dans ce tutoriel, nous verrons comment implémenter un layer personnalisé qui p
 ## Prérequis

 Avoir un environnement de développement local fonctionnel. Voir tutoriel ["Démarrer avec les sources"](./getting-started-with-sources.md).
+
 ## Étapes
+
 ### Préparer la structure de base du nouveau layer

 Une implémetation d'un layer se compose majoritairement de 3 éléments:
@ -16,120 +18,118 @@ Une implémetation d'un layer se compose majoritairement de 3 éléments:

 1. Créer le répertoire du `package` Go qui contiendra le code de votre layer. Celui ci s'appelera `basicauth`:

-    ```
-    mkdir -p internal/proxy/director/layer/basicauth
-    ```
+   ```
+   mkdir -p internal/proxy/director/layer/basicauth
+   ```

 2. Créer la structure de base du layer:

-    ```go
-    // Fichier internal/proxy/director/layer/basicauth/basicauth.go
+   ```go
+   // Fichier internal/proxy/director/layer/basicauth/basicauth.go

-    package basicauth
+   package basicauth

-    import (
-        proxy "forge.cadoles.com/Cadoles/go-proxy"
-        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-        "forge.cadoles.com/cadoles/bouncer/internal/store"
-    )
+   import (
+       proxy "forge.cadoles.com/Cadoles/go-proxy"
+       "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+       "forge.cadoles.com/cadoles/bouncer/internal/store"
+   )

-    // On définit le "type" (la chaîne de caractères) qui
-    // sera associé à notre layer
-    const LayerType store.LayerType = "basicauth"
+   // On définit le "type" (la chaîne de caractères) qui
+   // sera associé à notre layer
+   const LayerType store.LayerType = "basicauth"

-    // On déclare la structure qui
-    // servira de socle pour notre layer
-    type BasicAuth struct{}
+   // On déclare la structure qui
+   // servira de socle pour notre layer
+   type BasicAuth struct{}

-    // Les deux méthodes suivantes, attachées à 
-    // notre structure BasicAuth, permettent de remplir
-    // le contrat définit par l'interface 
-    // director.MiddlewareLayer
+   // Les deux méthodes suivantes, attachées à
+   // notre structure BasicAuth, permettent de remplir
+   // le contrat définit par l'interface
+   // director.MiddlewareLayer

-    // LayerType implements director.MiddlewareLayer.
-    func (*BasicAuth) LayerType() store.LayerType {
-        return LayerType
-    }
+   // LayerType implements director.MiddlewareLayer.
+   func (*BasicAuth) LayerType() store.LayerType {
+       return LayerType
+   }

-    // C'est dans la méthode "Middleware" qu'on pourra implémenter la
-    // logique appliquée par notre layer.
-    // En l'état actuel l'exécution de la méthode provoquera un panic().
+   // C'est dans la méthode "Middleware" qu'on pourra implémenter la
+   // logique appliquée par notre layer.
+   // En l'état actuel l'exécution de la méthode provoquera un panic().

-    // Middleware implements director.MiddlewareLayer.
-    func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
-        panic("unimplemented")
-    }
+   // Middleware implements director.MiddlewareLayer.
+   func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
+       panic("unimplemented")
+   }

-    func New() *BasicAuth {
-        return &BasicAuth{}
-    }
+   func New() *BasicAuth {
+       return &BasicAuth{}
+   }

-    // Cette déclaration permet de profiter
-    // des capacités du compilateur pour s'assurer
-    // que la structure BasicAuth remplie toujours le
-    // contrat imposé par l'interface director.MiddlewareLayer
-    var _ director.MiddlewareLayer = &BasicAuth{}
-    ```
+   // Cette déclaration permet de profiter
+   // des capacités du compilateur pour s'assurer
+   // que la structure BasicAuth remplie toujours le
+   // contrat imposé par l'interface director.MiddlewareLayer
+   var _ director.MiddlewareLayer = &BasicAuth{}
+   ```

 3. Créer le schéma JSON qui sera associé aux options possibles pour notre layer:

-    ```json
-    // Fichier internal/proxy/director/layer/basicauth/layer-options.json
+   ```json
+   // Fichier internal/proxy/director/layer/basicauth/layer-options.json

-    {
-        "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/basicauth-layer-options",
-        "title": "BasicAuth layer options",
-        "type": "object",
-        "properties": {},
-        "additionalProperties": false
-    }
-    ```
+   {
+     "type": "object",
+     "properties": {},
+     "additionalProperties": false
+   }
+   ```

 4. Puis créer le fichier Go qui embarquera ces données dans notre binaire via le package [`embed`](https://pkg.go.dev/embed):

-    ```go
-    // Fichier internal/proxy/director/layer/basicauth/layer_options.go
+   ```go
+   // Fichier internal/proxy/director/layer/basicauth/layer_options.go

-    package basicauth
+   package basicauth

-    import (
-        _ "embed"
-    )
+   import (
+       _ "embed"
+   )

-    //go:embed layer-options.json
-    var RawLayerOptionsSchema []byte
-    ```
+   //go:embed layer-options.json
+   var RawLayerOptionsSchema []byte
+   ```

 5. Enfin, créer le fichier d'amorçage pour référencer notre nouveau layer avec Bouncer:

-    ```go
-    // Fichier internal/setup/basicauth_layer.go
+   ```go
+   // Fichier internal/setup/basicauth_layer.go

-    package setup
+   package setup

-    import (
-        "forge.cadoles.com/cadoles/bouncer/internal/config"
-        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/basicauth"
-    )
+   import (
+       "forge.cadoles.com/cadoles/bouncer/internal/config"
+       "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+       "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/basicauth"
+   )

-    // On créait une function d'initialisation qui enregistra les éléments suivants auprès de Bouncer:
-    // - Notre nouveau type de layer
-    // - Une fonction capable de créer une instance de notre layer
-    // - Le schéma associé aux options de notre layer
-    func init() {
-        RegisterLayer(basicauth.LayerType, setupBasicAuthLayer, basicauth.RawLayerOptionsSchema)
-    }
+   // On créait une function d'initialisation qui enregistra les éléments suivants auprès de Bouncer:
+   // - Notre nouveau type de layer
+   // - Une fonction capable de créer une instance de notre layer
+   // - Le schéma associé aux options de notre layer
+   func init() {
+       RegisterLayer(basicauth.LayerType, setupBasicAuthLayer, basicauth.RawLayerOptionsSchema)
+   }

-    // La fonction de création de notre layer
-    // reçoit automatiquement la configuration actuelle de Bouncer.
-    
-    // Une layer plus avancé pourrait être configurable de cette manière
-    // en créant une nouvelle section de configuration dédiée.
-    func setupBasicAuthLayer(conf *config.Config) (director.Layer, error) {
-        return &basicauth.BasicAuth{}, nil
-    }
-    ```
+   // La fonction de création de notre layer
+   // reçoit automatiquement la configuration actuelle de Bouncer.
+
+   // Une layer plus avancé pourrait être configurable de cette manière
+   // en créant une nouvelle section de configuration dédiée.
+   func setupBasicAuthLayer(conf *config.Config) (director.Layer, error) {
+       return &basicauth.BasicAuth{}, nil
+   }
+   ```

 ## Tester l'intégration de notre nouveau layer

@ -137,41 +137,41 @@ Une implémetation d'un layer se compose majoritairement de 3 éléments:

 1. Vérifier que notre layer est bien référencé en exécutant la commande:

-    ```
-    ./bin/bouncer admin layer create --help
-    ```
+   ```
+   ./bin/bouncer admin layer create --help
+   ```

-    La sortie devrait ressembler à:
+   La sortie devrait ressembler à:

-    ```
-    NAME:
-    bouncer admin layer create - Create layer
+   ```
+   NAME:
+   bouncer admin layer create - Create layer

-    USAGE:
-    bouncer admin layer create [command options] [arguments...]
+   USAGE:
+   bouncer admin layer create [command options] [arguments...]

-    OPTIONS:
-    --layer-type LAYER_TYPE        Set LAYER_TYPE as layer's type (available: [basicauth queue])
-    [...]
-    ```
+   OPTIONS:
+   --layer-type LAYER_TYPE        Set LAYER_TYPE as layer's type (available: [basicauth queue])
+   [...]
+   ```

-    Comme vous devriez le voir nous pouvons désormais créer des layers de type `basicauth`.
+   Comme vous devriez le voir nous pouvons désormais créer des layers de type `basicauth`.

 2. Créer un proxy puis une instance de notre nouveau layer associée à celui ci:

-    ```bash
-    # Créer un proxy
-    ./bin/bouncer admin proxy create --proxy-name cadoles --proxy-to https://www.cadoles.com
+   ```bash
+   # Créer un proxy
+   ./bin/bouncer admin proxy create --proxy-name cadoles --proxy-to https://www.cadoles.com

-    # Activer celui-ci
-    ./bin/bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true
+   # Activer celui-ci
+   ./bin/bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true

-    # Ajouter un layer de notre nouveau type à notre proxy
-    ./bin/bouncer admin layer create --proxy-name cadoles --layer-name mybasicauth --layer-type basicauth
+   # Ajouter un layer de notre nouveau type à notre proxy
+   ./bin/bouncer admin layer create --proxy-name cadoles --layer-name mybasicauth --layer-type basicauth

-    # Activer notre nouveau layer
-    ./bin/bouncer admin layer update --proxy-name cadoles --layer-name mybasicauth --layer-enabled=true
-    ```
+   # Activer notre nouveau layer
+   ./bin/bouncer admin layer update --proxy-name cadoles --layer-name mybasicauth --layer-enabled=true
+   ```

 **Notre layer est actif** ! Cependant il est loin d'être fonctionnel. En effet, si vous faites un:

@ -188,7 +188,7 @@ Vous n'aurez guère en retour qu'un:
 > Host: localhost:8080
 > User-Agent: curl/8.1.2
 > Accept: */*
-> 
+>
 * Empty reply from server
 * Closing connection 0
 curl: (52) Empty reply from server
@ -210,237 +210,234 @@ Nous allons modifier la méthode `Middleware(layer *store.Layer) proxy.Middlewar

 1. Modifier le fichier contenant la structure de notre layer de la manière suivante:

-    ```go
-    // Fichier internal/proxy/director/layer/basicauth/basicauth.go
+   ```go
+   // Fichier internal/proxy/director/layer/basicauth/basicauth.go

-    // [...]
+   // [...]

-    // Middleware implements director.MiddlewareLayer.
-    func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
-        // La méthode doit retourner un "Middleware" qui est un alias
-        // pour les fonctions généralement utilisées
-        // dans les librairies http en Go pour créer
-        // une fonction d'interception/transformation de requête.
-        return func(next http.Handler) http.Handler {
-            fn := func(w http.ResponseWriter, r *http.Request) {
-                // On récupère les identifiants "basic auth" transmis (ou non)
-                // avec la requête
-                username, password, ok := r.BasicAuth()
+   // Middleware implements director.MiddlewareLayer.
+   func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
+       // La méthode doit retourner un "Middleware" qui est un alias
+       // pour les fonctions généralement utilisées
+       // dans les librairies http en Go pour créer
+       // une fonction d'interception/transformation de requête.
+       return func(next http.Handler) http.Handler {
+           fn := func(w http.ResponseWriter, r *http.Request) {
+               // On récupère les identifiants "basic auth" transmis (ou non)
+               // avec la requête
+               username, password, ok := r.BasicAuth()

-                // On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
-                unauthorized := func() {
-                    // On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
-                    // de la popup d'authentification dans le navigateur web de l'utilisateur.
-                    w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
+               // On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
+               unauthorized := func() {
+                   // On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
+                   // de la popup d'authentification dans le navigateur web de l'utilisateur.
+                   w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)

-                    // On retoure un code d'erreur HTTP 401 (Unauthorized)
-                    http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-                }
+                   // On retoure un code d'erreur HTTP 401 (Unauthorized)
+                   http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+               }

-                if !ok {
-                    // L'entête Authorization est absente ou ne correspondant
-                    // pas à du Basic Auth, on retourne une erreur HTTP 401 et
-                    // on interrompt le traitement de la requête ici
-                    unauthorized()
+               if !ok {
+                   // L'entête Authorization est absente ou ne correspondant
+                   // pas à du Basic Auth, on retourne une erreur HTTP 401 et
+                   // on interrompt le traitement de la requête ici
+                   unauthorized()

-                    return
-                }
+                   return
+               }

-                // On vérifie les identifiants associés à la requête
-                isAuthenticated := authenticate(username, password)
+               // On vérifie les identifiants associés à la requête
+               isAuthenticated := authenticate(username, password)

-                // Si les identifiants sont non reconnus alors
-                // on interrompt le traitement de la requête
-                if !isAuthenticated {
-                    unauthorized()
+               // Si les identifiants sont non reconnus alors
+               // on interrompt le traitement de la requête
+               if !isAuthenticated {
+                   unauthorized()

-                    return
-                }
+                   return
+               }

-                // L'authentification a réussie ! On passe la main au handler HTTP suivant
-                next.ServeHTTP(w, r)
-            }
+               // L'authentification a réussie ! On passe la main au handler HTTP suivant
+               next.ServeHTTP(w, r)
+           }

-            return http.HandlerFunc(fn)
-        }
-    }
+           return http.HandlerFunc(fn)
+       }
+   }

-    // La méthode authenticate() prend un couple d'identifiants
-    // est vérifie en temps constant si ceux ci correspondent à un couple
-    // d'identifiants attendus.
-    func authenticate(username, password string) bool {
-        // On génère une empreinte au format sha256 pour nos identifiants
-        usernameHash := sha256.Sum256([]byte(username))
-        passwordHash := sha256.Sum256([]byte(password))
+   // La méthode authenticate() prend un couple d'identifiants
+   // est vérifie en temps constant si ceux ci correspondent à un couple
+   // d'identifiants attendus.
+   func authenticate(username, password string) bool {
+       // On génère une empreinte au format sha256 pour nos identifiants
+       usernameHash := sha256.Sum256([]byte(username))
+       passwordHash := sha256.Sum256([]byte(password))

-        // On effectue de même avec les identifiants attendus.
-        // Pour l'instant, on utilise un couple d'identifiants en "dur".
-        expectedUsernameHash := sha256.Sum256([]byte("foo"))
-        expectedPasswordHash := sha256.Sum256([]byte("baz"))
+       // On effectue de même avec les identifiants attendus.
+       // Pour l'instant, on utilise un couple d'identifiants en "dur".
+       expectedUsernameHash := sha256.Sum256([]byte("foo"))
+       expectedPasswordHash := sha256.Sum256([]byte("baz"))

-        // On utilise la méthode subtle.ConstantTimeCompare()
-        // pour faire la comparaison des identifiants en temps constant
-        // et ainsi éviter les attaques par timing.
-        usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
-        passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)
+       // On utilise la méthode subtle.ConstantTimeCompare()
+       // pour faire la comparaison des identifiants en temps constant
+       // et ainsi éviter les attaques par timing.
+       usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
+       passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)

-        // L'utilisateur est authentifié si son nom et son mot de passe
-        // correspondent avec ceux attendus.
-        return usernameMatch && passwordMatch
-    }
-    ```
+       // L'utilisateur est authentifié si son nom et son mot de passe
+       // correspondent avec ceux attendus.
+       return usernameMatch && passwordMatch
+   }
+   ```

 2. Dans votre navigateur, essayez d'ouvrir l'URL http://127.0.0.1:8080. La popup d'authentification devrait s'afficher et vous devriez pouvoir utiliser les identifiants définis dans la fonction `authenticate()` pour vous authentifier et accéder au site de Cadoles !

-    > **Note** Essayez de désactiver le layer. L'authentification est automatiquement désactivée également !
+   > **Note** Essayez de désactiver le layer. L'authentification est automatiquement désactivée également !

 ## Déclarer des options pour pouvoir utiliser des identifiants dynamiques

 En l'état actuel notre layer est fonctionnel. Cependant il souffre d'un problème notable: les identifiants attendus sont statiques et embarqués en dur dans le code. Nous allons utiliser le schéma associé à nos options, jusqu'alors vide, pour pouvoir créer une paire d'identifiants attendus dynamique.

-
 1. Modifier le schéma JSON des options de notre layer:

-    ```json
-    // Fichier internal/proxy/director/layer/basicauth/layer-options.json
+   ```json
+   // Fichier internal/proxy/director/layer/basicauth/layer-options.json

-    {
-        "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/basicauth-layer-options",
-        "title": "BasicAuth layer options",
-        "type": "object",
-        "properties": {
-            "username": {
-                "type": "string"
-            },
-            "password": {
-                "type": "string"
-            }
-        },
-        "additionalProperties": false
-    }
-    ```
+   {
+     "type": "object",
+     "properties": {
+       "username": {
+         "type": "string"
+       },
+       "password": {
+         "type": "string"
+       }
+     },
+     "additionalProperties": false
+   }
+   ```

 2. On modifie notre méthode `Middleware()` et la fonction `authenticate()` pour utiliser ces nouvelles options:

-    ```go
-    package basicauth
+   ```go
+   package basicauth

-    import (
-        "crypto/sha256"
-        "crypto/subtle"
-        "net/http"
+   import (
+       "crypto/sha256"
+       "crypto/subtle"
+       "net/http"

-        proxy "forge.cadoles.com/Cadoles/go-proxy"
-        "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-        "forge.cadoles.com/cadoles/bouncer/internal/store"
-        "gitlab.com/wpetit/goweb/logger"
-    )
+       proxy "forge.cadoles.com/Cadoles/go-proxy"
+       "forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+       "forge.cadoles.com/cadoles/bouncer/internal/store"
+       "gitlab.com/wpetit/goweb/logger"
+   )

-    const LayerType store.LayerType = "basicauth"
+   const LayerType store.LayerType = "basicauth"

-    type BasicAuth struct{}
+   type BasicAuth struct{}

-    // LayerType implements director.MiddlewareLayer.
-    func (*BasicAuth) LayerType() store.LayerType {
-        return LayerType
-    }
+   // LayerType implements director.MiddlewareLayer.
+   func (*BasicAuth) LayerType() store.LayerType {
+       return LayerType
+   }

-    // Middleware implements director.MiddlewareLayer.
-    func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
-        // La méthode doit retourner un "Middleware" qui est un alias
-        // pour les fonctions généralement utilisées
-        // dans les librairies http en Go pour créer
-        // une fonction d'interception/transformation de requête.
-        return func(next http.Handler) http.Handler {
-            fn := func(w http.ResponseWriter, r *http.Request) {
-                // On récupère les identifiants "basic auth" transmis (ou non)
-                // avec la requête
-                username, password, ok := r.BasicAuth()
+   // Middleware implements director.MiddlewareLayer.
+   func (*BasicAuth) Middleware(layer *store.Layer) proxy.Middleware {
+       // La méthode doit retourner un "Middleware" qui est un alias
+       // pour les fonctions généralement utilisées
+       // dans les librairies http en Go pour créer
+       // une fonction d'interception/transformation de requête.
+       return func(next http.Handler) http.Handler {
+           fn := func(w http.ResponseWriter, r *http.Request) {
+               // On récupère les identifiants "basic auth" transmis (ou non)
+               // avec la requête
+               username, password, ok := r.BasicAuth()

-                // On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
-                unauthorized := func() {
-                    // On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
-                    // de la popup d'authentification dans le navigateur web de l'utilisateur.
-                    w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
+               // On créait une méthode locale pour gérer le cas d'une erreur d'authentification.
+               unauthorized := func() {
+                   // On ajoute cette entête HTTP à la réponse pour déclencher l'affichage
+                   // de la popup d'authentification dans le navigateur web de l'utilisateur.
+                   w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)

-                    // On retoure un code d'erreur HTTP 401 (Unauthorized)
-                    http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-                }
+                   // On retoure un code d'erreur HTTP 401 (Unauthorized)
+                   http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+               }

-                if !ok {
-                    // L'entête Authorization est absente ou ne correspondant
-                    // pas à du Basic Auth, on retourne une erreur HTTP 401 et
-                    // on interrompt le traitement de la requête ici
-                    unauthorized()
+               if !ok {
+                   // L'entête Authorization est absente ou ne correspondant
+                   // pas à du Basic Auth, on retourne une erreur HTTP 401 et
+                   // on interrompt le traitement de la requête ici
+                   unauthorized()

-                    return
-                }
+                   return
+               }

-                // On extrait les identifiants des options associées à notre layer
-                expectedUsername, usernameExists := layer.Options["username"].(string)
-                expectedPassword, passwordExists := layer.Options["password"].(string)
+               // On extrait les identifiants des options associées à notre layer
+               expectedUsername, usernameExists := layer.Options["username"].(string)
+               expectedPassword, passwordExists := layer.Options["password"].(string)

-                // Si le nom d'utilisateur ou le mot de passe attendu n'existe pas
-                // alors on retourne une erreur HTTP 500 à l'utilisateur.
-                if !usernameExists || !passwordExists {
-                    logger.Error(r.Context(), "basicauth layer missing password or username option")
-                    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+               // Si le nom d'utilisateur ou le mot de passe attendu n'existe pas
+               // alors on retourne une erreur HTTP 500 à l'utilisateur.
+               if !usernameExists || !passwordExists {
+                   logger.Error(r.Context(), "basicauth layer missing password or username option")
+                   http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

-                    return
-                }
+                   return
+               }

-                // On vérifie les identifiants associés à la requête
-                isAuthenticated := authenticate(username, password, expectedUsername, expectedPassword)
+               // On vérifie les identifiants associés à la requête
+               isAuthenticated := authenticate(username, password, expectedUsername, expectedPassword)

-                // Si les identifiants sont non reconnus alors
-                // on interrompt le traitement de la requête
-                if !isAuthenticated {
-                    unauthorized()
+               // Si les identifiants sont non reconnus alors
+               // on interrompt le traitement de la requête
+               if !isAuthenticated {
+                   unauthorized()

-                    return
-                }
+                   return
+               }

-                // L'authentification a réussie ! On passe la main au handler HTTP suivant
-                next.ServeHTTP(w, r)
-            }
+               // L'authentification a réussie ! On passe la main au handler HTTP suivant
+               next.ServeHTTP(w, r)
+           }

-            return http.HandlerFunc(fn)
-        }
-    }
+           return http.HandlerFunc(fn)
+       }
+   }

-    func authenticate(username, password string, expectedUsername, expectedPassword string) bool {
-        // On génère une empreinte au format sha256 pour nos identifiants
-        usernameHash := sha256.Sum256([]byte(username))
-        passwordHash := sha256.Sum256([]byte(password))
+   func authenticate(username, password string, expectedUsername, expectedPassword string) bool {
+       // On génère une empreinte au format sha256 pour nos identifiants
+       usernameHash := sha256.Sum256([]byte(username))
+       passwordHash := sha256.Sum256([]byte(password))

-        // On effectue de même avec les identifiants attendus.
-        expectedUsernameHash := sha256.Sum256([]byte(expectedUsername))
-        expectedPasswordHash := sha256.Sum256([]byte(expectedPassword))
+       // On effectue de même avec les identifiants attendus.
+       expectedUsernameHash := sha256.Sum256([]byte(expectedUsername))
+       expectedPasswordHash := sha256.Sum256([]byte(expectedPassword))

-        // On utilise la méthode subtle.ConstantTimeCompare()
-        // pour faire la comparaison des identifiants en temps constant
-        // et ainsi éviter les attaques par timing.
-        usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
-        passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)
+       // On utilise la méthode subtle.ConstantTimeCompare()
+       // pour faire la comparaison des identifiants en temps constant
+       // et ainsi éviter les attaques par timing.
+       usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
+       passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)

-        // L'utilisateur est authentifié si son nom et son mot de passe
-        // correspondent avec ceux attendus.
-        return usernameMatch && passwordMatch
-    }
+       // L'utilisateur est authentifié si son nom et son mot de passe
+       // correspondent avec ceux attendus.
+       return usernameMatch && passwordMatch
+   }

-    func New() *BasicAuth {
-        return &BasicAuth{}
-    }
+   func New() *BasicAuth {
+       return &BasicAuth{}
+   }

-    var _ director.MiddlewareLayer = &BasicAuth{}
-    ```
+   var _ director.MiddlewareLayer = &BasicAuth{}
+   ```

 3. Modifiez votre layer via la commande d'administration pour déclarer une paire d'identifiants:

-    ```bash
-    ./bin/bouncer admin layer update --proxy-name cadoles --layer-name mybasicauth --layer-options='{"username":"jdoe","password":"notsosecret"}'
-    ```
+   ```bash
+   ./bin/bouncer admin layer update --proxy-name cadoles --layer-name mybasicauth --layer-options='{"username":"jdoe","password":"notsosecret"}'
+   ```

 4. Essayer d'accéder à l'adresse http://127.0.0.1:8080 avec votre navigateur. La popup d'authentification devrait s'afficher et vous devriez pouvoir vous authentifier avec le nouveau couple d'identifiants définis dans les options de votre layer !

-> **Note** Vous pouvez modifier les identifiants plusieurs fois via la commande et vérifier que la fenêtre s'affiche toujours à nouveau, demandant les nouveaux identifiants.
+> **Note** Vous pouvez modifier les identifiants plusieurs fois via la commande et vérifier que la fenêtre s'affiche toujours à nouveau, demandant les nouveaux identifiants.
--- a/go.mod
+++ b/go.mod
@ -9,31 +9,36 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/bsm/redislock v0.9.4
 	github.com/btcsuite/btcd/btcutil v1.1.3
+	github.com/coreos/go-oidc/v3 v3.10.0
+	github.com/dchest/uniuri v1.2.0
 	github.com/drone/envsubst v1.0.3
+	github.com/expr-lang/expr v1.16.7
 	github.com/getsentry/sentry-go v0.22.0
-	github.com/go-chi/chi/v5 v5.0.8
-	github.com/jedib0t/go-pretty/v6 v6.4.6
+	github.com/go-chi/chi/v5 v5.0.10
+	github.com/gorilla/sessions v1.2.2
 	github.com/mitchellh/mapstructure v1.4.1
 	github.com/oklog/ulid/v2 v2.1.0
 	github.com/ory/dockertest/v3 v3.10.0
 	github.com/prometheus/client_golang v1.16.0
 	github.com/qri-io/jsonschema v0.2.1
 	github.com/redis/go-redis/v9 v9.0.4
+	golang.org/x/oauth2 v0.13.0
 	k8s.io/api v0.29.3
 	k8s.io/apimachinery v0.29.3
 	k8s.io/client-go v0.29.3
 )

 require (
-	cloud.google.com/go v0.99.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/charmbracelet/lipgloss v0.7.1 // indirect
 	github.com/containerd/continuity v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
@ -42,6 +47,7 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
@ -51,18 +57,23 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/jedib0t/go-pretty/v6 v6.4.9 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2 // indirect
@ -71,7 +82,7 @@ require (
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/qri-io/jsonpointer v0.1.1 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
@ -79,12 +90,12 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/oauth2 v0.10.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220314164441-57ef72a4c106 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@ -97,17 +108,13 @@ require (
 )

 require (
-	cdr.dev/slog v1.4.2 // indirect
-	github.com/alecthomas/chroma v0.10.0 // indirect
+	cdr.dev/slog v1.6.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/dlclark/regexp2 v1.9.0 // indirect
-	github.com/fatih/color v1.15.0 // indirect
 	github.com/go-chi/cors v1.2.1
 	github.com/go-playground/locales v0.14.0 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/uuid v1.3.0
 	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
@ -118,20 +125,18 @@ require (
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/lib/pq v1.10.0 // indirect
 	github.com/lithammer/shortuuid/v4 v4.0.0
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.18 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/urfave/cli/v2 v2.25.3
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b
-	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	gitlab.com/wpetit/goweb v0.0.0-20240226160244-6b2826c79f88
+	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/tools v0.16.1 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gopkg.in/go-playground/validator.v9 v9.29.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1
 )
--- a/go.sum
+++ b/go.sum
@ -1,62 +1,18 @@
-cdr.dev/slog v1.4.0/go.mod h1:C5OL99WyuOK8YHZdYY57dAPN1jK2WJlCdq2VP6xeQns=
-cdr.dev/slog v1.4.2 h1:fIfiqASYQFJBZiASwL825atyzeA96NsqSxx2aL61P8I=
-cdr.dev/slog v1.4.2/go.mod h1:0EkH+GkFNxizNR+GAXUEdUHanxUH5t9zqPILmPM/Vn8=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.49.0/go.mod h1:hGvAdzcWNbyuxS3nWhD7H2cIJxjRRTRLQVB0bdputVY=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.99.0 h1:y/cM2iqGgGi5D5DQZl6D9STN/3dR/Vx5Mp8s752oJTY=
-cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+cdr.dev/slog v1.6.1 h1:IQjWZD0x6//sfv5n+qEhbu3wBkmtBQY5DILXNvMaIv4=
+cdr.dev/slog v1.6.1/go.mod h1:eHEYQLaZvxnIAXC+XdTSNLb/kgA/X2RVSF72v5wsxEI=
+cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
+cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/logging v1.7.0 h1:CJYxlNNNNAMkHp9em/YEXcfJg+rPDg7YfwoRpMU+t5I=
+cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M=
+cloud.google.com/go/longrunning v0.5.1 h1:Fr7TXftcqTudoyRJa113hyaqlGdiBQkp0Gq7tErFDWI=
+cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc=
 forge.cadoles.com/Cadoles/go-proxy v0.0.0-20230701194111-c6b3d482cca6 h1:FTk0ZoaV5N8Tkps5Da5RrDMZZXSHZIuD67Hy1Y4fsos=
 forge.cadoles.com/Cadoles/go-proxy v0.0.0-20230701194111-c6b3d482cca6/go.mod h1:o8ZK5v/3J1dRmklFVn1l6WHAyQ3LgegyHjRIT8KLAFw=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
-github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
@ -67,19 +23,9 @@ github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2y
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
-github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
-github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI=
-github.com/alecthomas/chroma v0.7.0/go.mod h1:1U/PfCsTALWWYHDnsIQkxEBM0+6LLe0v8+RSVMOwxeY=
-github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek=
-github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s=
-github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0=
-github.com/alecthomas/kong v0.1.17-0.20190424132513-439c674f7ae0/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI=
-github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI=
-github.com/alecthomas/kong-hcl v0.1.8-0.20190615233001-b21fea9723c8/go.mod h1:MRgZdU3vrFd05IQ89AxUZ0aYdF39BYoNFa324SodPCA=
-github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao=
@ -110,28 +56,17 @@ github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtE
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
 github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
 github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E=
+github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
+github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
+github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
@ -140,12 +75,12 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
-github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk=
 github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g=
+github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY=
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
@ -153,11 +88,6 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3
 github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
-github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
-github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
-github.com/dlclark/regexp2 v1.9.0 h1:pTK/l/3qYIKaRXuHnEnIf7Y5NxfRPfpb7dis6/gdlVI=
-github.com/dlclark/regexp2 v1.9.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
 github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/docker v20.10.13+incompatible h1:5s7uxnKZG+b8hYWlPYUi6x1Sjpq2MSt96d15eLZeHyw=
@ -170,47 +100,33 @@ github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
 github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/expr-lang/expr v1.16.7 h1:gCIiHt5ODA0xIaDbD0DPKyZpM9Drph3b3lolYAYq2Kw=
+github.com/expr-lang/expr v1.16.7/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/getsentry/sentry-go v0.22.0 h1:XNX9zKbv7baSEI65l+H1GEJgSeIC1c7EN5kluWaP6dM=
 github.com/getsentry/sentry-go v0.22.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
-github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0=
-github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
+github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
+github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
 github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
 github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
 github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
 github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
@ -223,115 +139,52 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.2-0.20191216170541-340f1ebe299e/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI=
-github.com/gorilla/handlers v1.4.1/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/jedib0t/go-pretty/v6 v6.4.6 h1:v6aG9h6Uby3IusSSEjHaZNXpHFhzqMmjXcPq1Rjl9Jw=
-github.com/jedib0t/go-pretty/v6 v6.4.6/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs=
+github.com/jedib0t/go-pretty/v6 v6.4.9 h1:vZ6bjGg2eBSrJn365qlxGcaWu09Id+LHtrfDWlB2Usc=
+github.com/jedib0t/go-pretty/v6 v6.4.9/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@ -339,12 +192,9 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF
 github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@ -352,7 +202,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
@ -371,28 +220,20 @@ github.com/lib/pq v1.10.0 h1:Zx5DJFEYQXio93kgXnQ09fXNiUKsqv4OUEu2UtGcB1E=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lithammer/shortuuid/v4 v4.0.0 h1:QRbbVkfgNippHOS8PXDkti4NaWeyYfcBTHtw7k08o4c=
 github.com/lithammer/shortuuid/v4 v4.0.0/go.mod h1:Zs8puNcrvf2rV9rTH51ZLLcj7ZXqQI3lv67aw4KiB1Y=
+github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
-github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
@ -406,9 +247,12 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
+github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
+github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
+github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
+github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
 github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
@ -435,11 +279,9 @@ github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.m
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
-github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
 github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
 github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -448,7 +290,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
 github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
@ -461,10 +302,10 @@ github.com/qri-io/jsonschema v0.2.1 h1:NNFoKms+kut6ABPf6xiKNM5214jzxAhDBrPHCJ97W
 github.com/qri-io/jsonschema v0.2.1/go.mod h1:g7DPkiOsK1xv6T/Ao5scXRkd+yTFygcANPBaaqW+VrI=
 github.com/redis/go-redis/v9 v9.0.4 h1:FC82T+CHJ/Q/PdyLW++GeCO+Ol59Y4T7R4jbgjvktgc=
 github.com/redis/go-redis/v9 v9.0.4/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@ -481,7 +322,6 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@ -492,7 +332,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@ -507,8 +346,6 @@ github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.25.3 h1:VJkt6wvEBOoSjPFQvOkv6iWIrsJyCrKGtCtxXWwmGeY=
 github.com/urfave/cli/v2 v2.25.3/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
@ -519,299 +356,106 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b h1:nkvOl8TCj/mErADnwFFynjxBtC+hHsrESw6rw56JGmg=
-gitlab.com/wpetit/goweb v0.0.0-20230419082146-a94d9ed7202b/go.mod h1:3sus4zjoUv1GB7eDLL60QaPkUnXJCWBpjvbe0jWifeY=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+gitlab.com/wpetit/goweb v0.0.0-20240226160244-6b2826c79f88 h1:dsyRrmhp7fl/YaY1YIzz7lm9qfIFI5KpKNbXwuhTULA=
+gitlab.com/wpetit/goweb v0.0.0-20240226160244-6b2826c79f88/go.mod h1:bg+TN16Rq2ygLQbB4VDSHQFNouAEzcy3AAutStehllA=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
+go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
 golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
-golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
@ -819,154 +463,32 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
-golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220314164441-57ef72a4c106 h1:ErU+UA6wxadoU8nWrsy5MZUVBs75K17zUCsUCIfrXCE=
-google.golang.org/genproto v0.0.0-20220314164441-57ef72a4c106/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
+google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 h1:2FZP5XuJY9zQyGM5N0rtovnoXjiMUEIUMvw0m9wlpLc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
@ -977,7 +499,6 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@ -989,13 +510,6 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo=
 gotest.tools/v3 v3.3.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
 k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
 k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
@ -1008,9 +522,6 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
--- a/internal/admin/bootstrap.go
+++ b/internal/admin/bootstrap.go
@ -22,23 +22,33 @@ func (s *Server) bootstrapProxies(ctx context.Context) error {
 	layerRepo := s.layerRepository

 	lockTimeout := time.Duration(s.bootstrapConfig.LockTimeout)
-	locker := redis.NewLocker(s.redisClient)
+	locker := redis.NewLocker(s.redisClient, int(s.bootstrapConfig.MaxConnectionRetries))

 	err := locker.WithLock(ctx, "bouncer-admin-bootstrap", lockTimeout, func(ctx context.Context) error {
 		logger.Info(ctx, "bootstrapping proxies")

 		for proxyName, proxyConfig := range s.bootstrapConfig.Proxies {
+			loopCtx := logger.With(ctx, logger.F("proxyName", proxyName), logger.F("proxyFrom", proxyConfig.From), logger.F("proxyTo", proxyConfig.To))
+
 			_, err := s.proxyRepository.GetProxy(ctx, proxyName)
 			if !errors.Is(err, store.ErrNotFound) {
 				if err != nil {
 					return errors.WithStack(err)
 				}

-				logger.Info(ctx, "ignoring existing proxy", logger.F("proxyName", proxyName))
-				continue
+				if proxyConfig.Recreate {
+					logger.Info(loopCtx, "force recreating proxy")
+
+					if err := s.deleteProxyAndLayers(ctx, proxyName); err != nil {
+						return errors.WithStack(err)
+					}
+				} else {
+					logger.Info(loopCtx, "ignoring existing proxy")
+					continue
+				}
 			}

-			logger.Info(ctx, "creating proxy", logger.F("proxyName", proxyName))
+			logger.Info(loopCtx, "creating proxy")

 			if _, err := proxyRepo.CreateProxy(ctx, proxyName, string(proxyConfig.To), proxyConfig.From...); err != nil {
 				return errors.WithStack(err)
--- a/internal/admin/definition_route.go
+++ b/internal/admin/definition_route.go
@ -0,0 +1,56 @@
+package admin
+
+import (
+	"encoding/json"
+	"net/http"
+	"slices"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/setup"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/api"
+)
+
+type QueryLayerDefinitionResponse struct {
+	Definitions []store.LayerDefinition `json:"definitions"`
+}
+
+func (s *Server) queryLayerDefinition(w http.ResponseWriter, r *http.Request) {
+	typesFilter, ok := getStringableSliceValues(w, r, "types", nil, transformLayerType)
+	if !ok {
+		return
+	}
+
+	existingTypes := setup.GetLayerTypes()
+
+	slices.Sort(existingTypes)
+
+	definitions := make([]store.LayerDefinition, 0, len(existingTypes))
+
+	for _, layerType := range existingTypes {
+		if len(typesFilter) != 0 && !slices.Contains(typesFilter, layerType) {
+			continue
+		}
+
+		schema, err := setup.GetLayerOptionsRawSchema(layerType)
+		if err != nil {
+			logAndCaptureError(r.Context(), "could not retrieve layer options schema", errors.WithStack(err))
+			api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
+
+			return
+		}
+
+		definitions = append(definitions, store.LayerDefinition{
+			Type:    layerType,
+			Options: json.RawMessage(schema),
+		})
+	}
+
+	api.DataResponse(w, http.StatusOK, QueryLayerDefinitionResponse{
+		Definitions: definitions,
+	})
+}
+
+func transformLayerType(v string) (store.LayerType, error) {
+	return store.LayerType(v), nil
+}
--- a/internal/admin/proxy_route.go
+++ b/internal/admin/proxy_route.go
@ -101,7 +101,7 @@ func (s *Server) deleteProxy(w http.ResponseWriter, r *http.Request) {

 	ctx := r.Context()

-	if err := s.proxyRepository.DeleteProxy(ctx, proxyName); err != nil {
+	if err := s.deleteProxyAndLayers(ctx, proxyName); err != nil {
 		if errors.Is(err, store.ErrNotFound) {
 			api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)

@ -114,23 +114,6 @@ func (s *Server) deleteProxy(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	layers, err := s.layerRepository.QueryLayers(ctx, proxyName)
-	if err != nil {
-		logAndCaptureError(ctx, "could not query proxy's layers", errors.WithStack(err))
-		api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
-
-		return
-	}
-
-	for _, layer := range layers {
-		if err := s.layerRepository.DeleteLayer(ctx, proxyName, layer.Name); err != nil {
-			logAndCaptureError(ctx, "could not delete layer", errors.WithStack(err))
-			api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
-
-			return
-		}
-	}
-
 	api.DataResponse(w, http.StatusOK, DeleteProxyResponse{
 		ProxyName: proxyName,
 	})
@ -302,7 +285,7 @@ func getStringSliceValues(w http.ResponseWriter, r *http.Request, param string,
 	return defaultValue, true
 }

-func getStringableSliceValues[T ~string](w http.ResponseWriter, r *http.Request, param string, defaultValue []T, validate func(string) (T, error)) ([]T, bool) {
+func getStringableSliceValues[T ~string](w http.ResponseWriter, r *http.Request, param string, defaultValue []T, transform func(string) (T, error)) ([]T, bool) {
 	rawValue := r.URL.Query().Get(param)

 	if rawValue != "" {
@ -310,7 +293,7 @@ func getStringableSliceValues[T ~string](w http.ResponseWriter, r *http.Request,
 		values := make([]T, 0, len(rawValues))

 		for _, rv := range rawValues {
-			v, err := validate(rv)
+			v, err := transform(rv)
 			if err != nil {
 				logAndCaptureError(r.Context(), "could not parse ids slice param", errors.WithStack(err))
 				api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeMalformedRequest, nil)
--- a/internal/admin/server.go
+++ b/internal/admin/server.go
@ -161,6 +161,10 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 				jwt.NewAuthenticator(s.publicKeys, string(s.serverConfig.Auth.Issuer), jwt.DefaultAcceptableSkew),
 			))

+			r.Route("/definitions", func(r chi.Router) {
+				r.With(assertReadAccess).Get("/layers", s.queryLayerDefinition)
+			})
+
 			r.Route("/proxies", func(r chi.Router) {
 				r.With(assertReadAccess).Get("/", s.queryProxy)
 				r.With(assertWriteAccess).Post("/", s.createProxy)
--- a/internal/admin/util.go
+++ b/internal/admin/util.go
@ -0,0 +1,29 @@
+package admin
+
+import (
+	"context"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+)
+
+func (s *Server) deleteProxyAndLayers(ctx context.Context, proxyName store.ProxyName) error {
+	if err := s.proxyRepository.DeleteProxy(ctx, proxyName); err != nil {
+		if !errors.Is(err, store.ErrNotFound) {
+			return errors.WithStack(err)
+		}
+	}
+
+	layers, err := s.layerRepository.QueryLayers(ctx, proxyName)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	for _, layer := range layers {
+		if err := s.layerRepository.DeleteLayer(ctx, proxyName, layer.Name); err != nil {
+			return errors.WithStack(err)
+		}
+	}
+
+	return nil
+}
--- a/internal/client/query_layer_definition.go
+++ b/internal/client/query_layer_definition.go
@ -0,0 +1,61 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/admin"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+)
+
+type QueryLayerDefinitionOptionFunc func(*QueryLayerDefinitionOptions)
+
+type QueryLayerDefinitionOptions struct {
+	Options []OptionFunc
+	Types   []store.LayerType
+}
+
+func WithQueryLayerDefinitionOptions(funcs ...OptionFunc) QueryLayerDefinitionOptionFunc {
+	return func(opts *QueryLayerDefinitionOptions) {
+		opts.Options = funcs
+	}
+}
+
+func WithQueryLayerDefinitionTypes(types ...store.LayerType) QueryLayerDefinitionOptionFunc {
+	return func(opts *QueryLayerDefinitionOptions) {
+		opts.Types = types
+	}
+}
+
+func (c *Client) QueryLayerDefinition(ctx context.Context, funcs ...QueryLayerDefinitionOptionFunc) ([]store.LayerDefinition, error) {
+	options := &QueryLayerDefinitionOptions{}
+	for _, fn := range funcs {
+		fn(options)
+	}
+
+	query := url.Values{}
+
+	if options.Types != nil && len(options.Types) > 0 {
+		query.Set("types", joinSlice(options.Types))
+	}
+
+	path := fmt.Sprintf("/api/v1/definitions/layers?%s", query.Encode())
+
+	response := withResponse[admin.QueryLayerDefinitionResponse]()
+
+	if options.Options == nil {
+		options.Options = make([]OptionFunc, 0)
+	}
+
+	if err := c.apiGet(ctx, path, &response, options.Options...); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	if response.Error != nil {
+		return nil, errors.WithStack(response.Error)
+	}
+
+	return response.Data.Definitions, nil
+}
--- a/internal/command/admin/definition/layer/query.go
+++ b/internal/command/admin/definition/layer/query.go
@ -0,0 +1,63 @@
+package layer
+
+import (
+	"os"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/client"
+	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
+	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
+)
+
+func QueryCommand() *cli.Command {
+	return &cli.Command{
+		Name:  "query",
+		Usage: "Query layer definitions",
+		Flags: clientFlag.ComposeFlags(
+			&cli.StringSliceFlag{
+				Name:  "with-type",
+				Usage: "use `WITH_TYPE` as query filter",
+			},
+		),
+		Action: func(ctx *cli.Context) error {
+			baseFlags := clientFlag.GetBaseFlags(ctx)
+
+			token, err := clientFlag.GetToken(baseFlags)
+			if err != nil {
+				return errors.WithStack(apierr.Wrap(err))
+			}
+
+			options := make([]client.QueryLayerDefinitionOptionFunc, 0)
+
+			rawTypes := ctx.StringSlice("with-type")
+			if len(rawTypes) > 0 {
+				layerTypes := func(rawLayerTypes []string) []store.LayerType {
+					layerTypes := make([]store.LayerType, len(rawLayerTypes))
+					for i, layerType := range rawLayerTypes {
+						layerTypes[i] = store.LayerType(layerType)
+					}
+					return layerTypes
+				}(rawTypes)
+				options = append(options, client.WithQueryLayerDefinitionTypes(layerTypes...))
+			}
+
+			client := client.New(baseFlags.ServerURL, client.WithToken(token))
+
+			proxies, err := client.QueryLayerDefinition(ctx.Context, options...)
+			if err != nil {
+				return errors.WithStack(apierr.Wrap(err))
+			}
+
+			hints := layerDefinitionHints(baseFlags.OutputMode)
+
+			if err := format.Write(baseFlags.Format, os.Stdout, hints, clientFlag.AsAnySlice(proxies)...); err != nil {
+				return errors.WithStack(err)
+			}
+
+			return nil
+		},
+	}
+}
--- a/internal/command/admin/definition/layer/root.go
+++ b/internal/command/admin/definition/layer/root.go
@ -0,0 +1,15 @@
+package layer
+
+import (
+	"github.com/urfave/cli/v2"
+)
+
+func Root() *cli.Command {
+	return &cli.Command{
+		Name:  "layer",
+		Usage: "Execute actions related to layer definitions",
+		Subcommands: []*cli.Command{
+			QueryCommand(),
+		},
+	}
+}
--- a/internal/command/admin/definition/layer/util.go
+++ b/internal/command/admin/definition/layer/util.go
@ -0,0 +1,13 @@
+package layer
+
+import "gitlab.com/wpetit/goweb/cli/format"
+
+func layerDefinitionHints(outputMode format.OutputMode) format.Hints {
+	return format.Hints{
+		OutputMode: outputMode,
+		Props: []format.Prop{
+			format.NewProp("Type", "Type"),
+			format.NewProp("Options", "Options"),
+		},
+	}
+}
--- a/internal/command/admin/definition/root.go
+++ b/internal/command/admin/definition/root.go
@ -0,0 +1,16 @@
+package definition
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/definition/layer"
+	"github.com/urfave/cli/v2"
+)
+
+func Root() *cli.Command {
+	return &cli.Command{
+		Name:  "definition",
+		Usage: "Execute actions related to definitions",
+		Subcommands: []*cli.Command{
+			layer.Root(),
+		},
+	}
+}
--- a/internal/command/admin/flag/flag.go
+++ b/internal/command/admin/flag/flag.go
@ -6,10 +6,10 @@ import (
 	"os"
 	"strings"

-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"forge.cadoles.com/cadoles/bouncer/internal/format/table"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
+	"gitlab.com/wpetit/goweb/cli/format/table"
 )

 func ComposeFlags(flags ...cli.Flag) []cli.Flag {
--- a/internal/command/admin/layer/create.go
+++ b/internal/command/admin/layer/create.go
@ -9,9 +9,9 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	layerFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func CreateCommand() *cli.Command {
--- a/internal/command/admin/layer/delete.go
+++ b/internal/command/admin/layer/delete.go
@ -8,10 +8,10 @@ import (
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	layerFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func DeleteCommand() *cli.Command {
--- a/internal/command/admin/layer/get.go
+++ b/internal/command/admin/layer/get.go
@ -8,9 +8,9 @@ import (
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	layerFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func GetCommand() *cli.Command {
--- a/internal/command/admin/layer/query.go
+++ b/internal/command/admin/layer/query.go
@ -7,10 +7,10 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func QueryCommand() *cli.Command {
--- a/internal/command/admin/layer/update.go
+++ b/internal/command/admin/layer/update.go
@ -10,10 +10,10 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	layerFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func UpdateCommand() *cli.Command {
--- a/internal/command/admin/layer/util.go
+++ b/internal/command/admin/layer/util.go
@ -1,8 +1,8 @@
 package layer

 import (
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"forge.cadoles.com/cadoles/bouncer/internal/format/table"
+	"gitlab.com/wpetit/goweb/cli/format"
+	"gitlab.com/wpetit/goweb/cli/format/table"
 )

 func layerHeaderHints(outputMode format.OutputMode) format.Hints {
--- a/internal/command/admin/proxy/create.go
+++ b/internal/command/admin/proxy/create.go
@ -9,9 +9,9 @@ import (
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func CreateCommand() *cli.Command {
--- a/internal/command/admin/proxy/delete.go
+++ b/internal/command/admin/proxy/delete.go
@ -7,10 +7,10 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func DeleteCommand() *cli.Command {
--- a/internal/command/admin/proxy/get.go
+++ b/internal/command/admin/proxy/get.go
@ -7,9 +7,9 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func GetCommand() *cli.Command {
--- a/internal/command/admin/proxy/query.go
+++ b/internal/command/admin/proxy/query.go
@ -6,10 +6,10 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/client"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/apierr"
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func QueryCommand() *cli.Command {
--- a/internal/command/admin/proxy/update.go
+++ b/internal/command/admin/proxy/update.go
@ -9,9 +9,9 @@ import (
 	clientFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/flag"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
 	proxyFlag "forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy/flag"
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/cli/format"
 )

 func UpdateCommand() *cli.Command {
--- a/internal/command/admin/proxy/util.go
+++ b/internal/command/admin/proxy/util.go
@ -1,8 +1,8 @@
 package proxy

 import (
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"forge.cadoles.com/cadoles/bouncer/internal/format/table"
+	"gitlab.com/wpetit/goweb/cli/format"
+	"gitlab.com/wpetit/goweb/cli/format/table"
 )

 func proxyHeaderHints(outputMode format.OutputMode) format.Hints {
--- a/internal/command/admin/root.go
+++ b/internal/command/admin/root.go
@ -1,6 +1,7 @@
 package admin

 import (
+	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/definition"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/layer"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/admin/proxy"
 	"github.com/urfave/cli/v2"
@ -13,6 +14,7 @@ func Root() *cli.Command {
 		Subcommands: []*cli.Command{
 			proxy.Root(),
 			layer.Root(),
+			definition.Root(),
 		},
 	}
 }
--- a/internal/command/server/dummy/index.gohtml
+++ b/internal/command/server/dummy/index.gohtml
@ -0,0 +1,65 @@
+<html>
+  <body>
+    <h1>Received request</h1>
+    <h2>Incoming headers</h2>
+    <table style="width: 100%">
+      <thead>
+        <tr>
+          <th>Key</th>
+          <th>Value</th>
+        </tr>
+      </thead>
+      <tbody>
+        {{ range $key, $val := .Request.Header }}
+        <tr>
+          <td>
+            <b>{{ $key }}</b>
+          </td>
+          <td>
+            <code>{{ $val }}</code>
+          </td>
+        </tr>
+        {{
+          end
+        }}
+      </tbody>
+    </table>
+    <h2>Incoming cookies</h2>
+    <table style="width: 100%">
+      <thead>
+        <tr>
+          <th>Name</th>
+          <th>Domain</th>
+          <th>Path</th>
+          <th>Secure</th>
+          <th>MaxAge</th>
+          <th>HttpOnly</th>
+          <th>SameSite</th>
+          <th>Expires</th>
+          <th>Value</th>
+        </tr>
+      </thead>
+      <tbody>
+        {{ range $cookie := .Request.Cookies }}
+        <tr>
+          <td>
+            <b>{{ $cookie.Name }}</b>
+          </td>
+          <td>{{ $cookie.Domain }}</td>
+          <td>{{ $cookie.Path }}</td>
+          <td>{{ $cookie.Secure }}</td>
+          <td>{{ $cookie.MaxAge }}</td>
+          <td>{{ $cookie.HttpOnly }}</td>
+          <td>{{ $cookie.SameSite }}</td>
+          <td>{{ $cookie.Expires }}</td>
+          <td>
+            <code>{{ $cookie.Value }}</code>
+          </td>
+        </tr>
+        {{
+          end
+        }}
+      </tbody>
+    </table>
+  </body>
+</html>
--- a/internal/command/server/dummy/root.go
+++ b/internal/command/server/dummy/root.go
@ -0,0 +1,15 @@
+package dummy
+
+import (
+	"github.com/urfave/cli/v2"
+)
+
+func Root() *cli.Command {
+	return &cli.Command{
+		Name:  "dummy",
+		Usage: "Dummy server related commands",
+		Subcommands: []*cli.Command{
+			RunCommand(),
+		},
+	}
+}
--- a/internal/command/server/dummy/run.go
+++ b/internal/command/server/dummy/run.go
@ -0,0 +1,69 @@
+package dummy
+
+import (
+	"html/template"
+	"net/http"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/command/common"
+	"github.com/pkg/errors"
+	"github.com/urfave/cli/v2"
+	"gitlab.com/wpetit/goweb/logger"
+
+	_ "embed"
+)
+
+var (
+	//go:embed index.gohtml
+	indexTmpl string
+)
+
+func RunCommand() *cli.Command {
+	flags := common.Flags()
+
+	return &cli.Command{
+		Name:        "run",
+		Usage:       "Run the dummy server",
+		Description: "The dummy server is a very basic web application allowing the debug of incoming requests",
+		Flags: append(flags, &cli.StringFlag{
+			Name:  "address",
+			Usage: "the dummy server listening address",
+			Value: ":8082",
+		}),
+		Action: func(ctx *cli.Context) error {
+			address := ctx.String("address")
+
+			conf, err := common.LoadConfig(ctx)
+			if err != nil {
+				return errors.Wrap(err, "could not load configuration")
+			}
+
+			logger.SetFormat(logger.Format(conf.Logger.Format))
+			logger.SetLevel(logger.Level(conf.Logger.Level))
+
+			tmpl, err := template.New("").Parse(indexTmpl)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+
+			handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				data := struct {
+					Request *http.Request
+				}{
+					Request: r,
+				}
+
+				if err := tmpl.Execute(w, data); err != nil {
+					logger.Error(ctx.Context, "could not execute template", logger.E(errors.WithStack(err)))
+				}
+			})
+
+			logger.Info(ctx.Context, "listening", logger.F("address", address))
+
+			if err := http.ListenAndServe(address, handler); err != nil {
+				return errors.WithStack(err)
+			}
+
+			return nil
+		},
+	}
+}
--- a/internal/command/server/root.go
+++ b/internal/command/server/root.go
@ -2,6 +2,7 @@ package server

 import (
 	"forge.cadoles.com/cadoles/bouncer/internal/command/server/admin"
+	"forge.cadoles.com/cadoles/bouncer/internal/command/server/dummy"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/server/proxy"
 	"github.com/urfave/cli/v2"
 )
@ -13,6 +14,7 @@ func Root() *cli.Command {
 		Subcommands: []*cli.Command{
 			proxy.Root(),
 			admin.Root(),
+			dummy.Root(),
 		},
 	}
 }
--- a/internal/config/bootstrap.go
+++ b/internal/config/bootstrap.go
@ -12,9 +12,10 @@ import (
 )

 type BootstrapConfig struct {
-	Proxies     map[store.ProxyName]BootstrapProxyConfig `yaml:"proxies"`
-	Dir         InterpolatedString                       `yaml:"dir"`
-	LockTimeout InterpolatedDuration                     `yaml:"lockTimeout"`
+	Proxies              map[store.ProxyName]BootstrapProxyConfig `yaml:"proxies"`
+	Dir                  InterpolatedString                       `yaml:"dir"`
+	LockTimeout          InterpolatedDuration                     `yaml:"lockTimeout"`
+	MaxConnectionRetries InterpolatedInt                          `yaml:"maxRetries"`
 }

 func (c *BootstrapConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
@ -46,11 +47,12 @@ func (c *BootstrapConfig) UnmarshalYAML(unmarshal func(interface{}) error) error
 }

 type BootstrapProxyConfig struct {
-	Enabled InterpolatedBool                         `yaml:"enabled"`
-	Weight  InterpolatedInt                          `yaml:"weight"`
-	To      InterpolatedString                       `yaml:"to"`
-	From    InterpolatedStringSlice                  `yaml:"from"`
-	Layers  map[store.LayerName]BootstrapLayerConfig `yaml:"layers"`
+	Enabled  InterpolatedBool                         `yaml:"enabled"`
+	Weight   InterpolatedInt                          `yaml:"weight"`
+	To       InterpolatedString                       `yaml:"to"`
+	From     InterpolatedStringSlice                  `yaml:"from"`
+	Layers   map[store.LayerName]BootstrapLayerConfig `yaml:"layers"`
+	Recreate InterpolatedBool                         `yaml:"recreate"`
 }

 type BootstrapLayerConfig struct {
@ -62,8 +64,9 @@ type BootstrapLayerConfig struct {

 func NewDefaultBootstrapConfig() BootstrapConfig {
 	return BootstrapConfig{
-		Dir:         "",
-		LockTimeout: *NewInterpolatedDuration(30 * time.Second),
+		Dir:                  "",
+		LockTimeout:          *NewInterpolatedDuration(30 * time.Second),
+		MaxConnectionRetries: 10,
 	}
 }

--- a/internal/config/layers.go
+++ b/internal/config/layers.go
@ -3,8 +3,8 @@ package config
 import "time"

 type LayersConfig struct {
-	Queue          QueueLayerConfig          `yaml:"queue"`
-	CircuitBreaker CircuitBreakerLayerConfig `yaml:"circuitbreaker"`
+	Queue QueueLayerConfig `yaml:"queue"`
+	Authn AuthnLayerConfig `yaml:"authn"`
 }

 func NewDefaultLayersConfig() LayersConfig {
@ -13,8 +13,8 @@ func NewDefaultLayersConfig() LayersConfig {
 			TemplateDir:      "./layers/queue/templates",
 			DefaultKeepAlive: NewInterpolatedDuration(time.Minute),
 		},
-		CircuitBreaker: CircuitBreakerLayerConfig{
-			TemplateDir: "./layers/circuitbreaker/templates",
+		Authn: AuthnLayerConfig{
+			TemplateDir: "./layers/authn/templates",
 		},
 	}
 }
@ -24,6 +24,6 @@ type QueueLayerConfig struct {
 	DefaultKeepAlive *InterpolatedDuration `yaml:"defaultKeepAlive"`
 }

-type CircuitBreakerLayerConfig struct {
+type AuthnLayerConfig struct {
 	TemplateDir InterpolatedString `yaml:"templateDir"`
 }
--- a/internal/config/redis.go
+++ b/internal/config/redis.go
@ -9,19 +9,21 @@ const (
 )

 type RedisConfig struct {
-	Adresses     InterpolatedStringSlice `yaml:"addresses"`
-	Master       InterpolatedString      `yaml:"master"`
-	ReadTimeout  InterpolatedDuration    `yaml:"readTimeout"`
-	WriteTimeout InterpolatedDuration    `yaml:"writeTimeout"`
-	DialTimeout  InterpolatedDuration    `yaml:"dialTimeout"`
+	Adresses       InterpolatedStringSlice `yaml:"addresses"`
+	Master         InterpolatedString      `yaml:"master"`
+	ReadTimeout    InterpolatedDuration    `yaml:"readTimeout"`
+	WriteTimeout   InterpolatedDuration    `yaml:"writeTimeout"`
+	DialTimeout    InterpolatedDuration    `yaml:"dialTimeout"`
+	LockMaxRetries InterpolatedInt         `yaml:"lockMaxRetries"`
 }

 func NewDefaultRedisConfig() RedisConfig {
 	return RedisConfig{
-		Adresses:     InterpolatedStringSlice{"localhost:6379"},
-		Master:       "",
-		ReadTimeout:  InterpolatedDuration(30 * time.Second),
-		WriteTimeout: InterpolatedDuration(30 * time.Second),
-		DialTimeout:  InterpolatedDuration(30 * time.Second),
+		Adresses:       InterpolatedStringSlice{"localhost:6379"},
+		Master:         "",
+		ReadTimeout:    InterpolatedDuration(30 * time.Second),
+		WriteTimeout:   InterpolatedDuration(30 * time.Second),
+		DialTimeout:    InterpolatedDuration(30 * time.Second),
+		LockMaxRetries: 10,
 	}
 }
--- a/internal/format/json/writer.go
+++ b/internal/format/json/writer.go
@ -1,38 +0,0 @@
-package json
-
-import (
-	"encoding/json"
-	"io"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"github.com/pkg/errors"
-)
-
-const Format format.Format = "json"
-
-func init() {
-	format.Register(Format, NewWriter())
-}
-
-type Writer struct{}
-
-// Format implements format.Writer.
-func (*Writer) Write(writer io.Writer, hints format.Hints, data ...any) error {
-	encoder := json.NewEncoder(writer)
-
-	if hints.OutputMode == format.OutputModeWide {
-		encoder.SetIndent("", " ")
-	}
-
-	if err := encoder.Encode(data); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}
-
-func NewWriter() *Writer {
-	return &Writer{}
-}
-
-var _ format.Writer = &Writer{}
--- a/internal/format/prop.go
+++ b/internal/format/prop.go
@ -1,49 +0,0 @@
-package format
-
-type PropHintName string
-
-type PropHintFunc func() (PropHintName, any)
-
-type Prop struct {
-	name  string
-	label string
-	hints map[PropHintName]any
-}
-
-func (p *Prop) Name() string {
-	return p.name
-}
-
-func (p *Prop) Label() string {
-	return p.label
-}
-
-func NewProp(name, label string, funcs ...PropHintFunc) Prop {
-	hints := make(map[PropHintName]any)
-	for _, fn := range funcs {
-		name, value := fn()
-		hints[name] = value
-	}
-
-	return Prop{name, label, hints}
-}
-
-func WithPropHint(name PropHintName, value any) PropHintFunc {
-	return func() (PropHintName, any) {
-		return name, value
-	}
-}
-
-func PropHint[T any](p Prop, name PropHintName, defaultValue T) T {
-	rawValue, exists := p.hints[name]
-	if !exists {
-		return defaultValue
-	}
-
-	value, ok := rawValue.(T)
-	if !ok {
-		return defaultValue
-	}
-
-	return value
-}
--- a/internal/format/registry.go
+++ b/internal/format/registry.go
@ -1,46 +0,0 @@
-package format
-
-import (
-	"io"
-
-	"github.com/pkg/errors"
-)
-
-type Format string
-
-type Registry map[Format]Writer
-
-var defaultRegistry = Registry{}
-
-var ErrUnknownFormat = errors.New("unknown format")
-
-func Write(format Format, writer io.Writer, hints Hints, data ...any) error {
-	formatWriter, exists := defaultRegistry[format]
-	if !exists {
-		return errors.WithStack(ErrUnknownFormat)
-	}
-
-	if hints.OutputMode == "" {
-		hints.OutputMode = OutputModeCompact
-	}
-
-	if err := formatWriter.Write(writer, hints, data...); err != nil {
-		return errors.WithStack(err)
-	}
-
-	return nil
-}
-
-func Available() []Format {
-	formats := make([]Format, 0, len(defaultRegistry))
-
-	for f := range defaultRegistry {
-		formats = append(formats, f)
-	}
-
-	return formats
-}
-
-func Register(format Format, writer Writer) {
-	defaultRegistry[format] = writer
-}
--- a/internal/format/table/prop.go
+++ b/internal/format/table/prop.go
@ -1,61 +0,0 @@
-package table
-
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"github.com/pkg/errors"
-)
-
-const (
-	hintCompactModeMaxColumnWidth format.PropHintName = "compactModeMaxColumnWidth"
-)
-
-func WithCompactModeMaxColumnWidth(max int) format.PropHintFunc {
-	return format.WithPropHint(hintCompactModeMaxColumnWidth, max)
-}
-
-func getProps(d any) []format.Prop {
-	props := make([]format.Prop, 0)
-
-	v := reflect.Indirect(reflect.ValueOf(d))
-	typeOf := v.Type()
-
-	for i := 0; i < v.NumField(); i++ {
-		name := typeOf.Field(i).Name
-		props = append(props, format.NewProp(name, name))
-	}
-
-	return props
-}
-
-func getFieldValue(obj any, name string) string {
-	v := reflect.Indirect(reflect.ValueOf(obj))
-
-	fieldValue := v.FieldByName(name)
-
-	if !fieldValue.IsValid() {
-		return ""
-	}
-
-	switch fieldValue.Kind() {
-	case reflect.Map:
-		fallthrough
-	case reflect.Struct:
-		fallthrough
-	case reflect.Slice:
-		fallthrough
-	case reflect.Interface:
-		json, err := json.Marshal(fieldValue.Interface())
-		if err != nil {
-			panic(errors.WithStack(err))
-		}
-
-		return string(json)
-
-	default:
-		return fmt.Sprintf("%v", fieldValue)
-	}
-}
--- a/internal/format/table/writer.go
+++ b/internal/format/table/writer.go
@ -1,80 +0,0 @@
-package table
-
-import (
-	"io"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"github.com/jedib0t/go-pretty/v6/table"
-)
-
-const Format format.Format = "table"
-
-const DefaultCompactModeMaxColumnWidth = 30
-
-func init() {
-	format.Register(Format, NewWriter(DefaultCompactModeMaxColumnWidth))
-}
-
-type Writer struct {
-	compactModeMaxColumnWidth int
-}
-
-// Write implements format.Writer.
-func (w *Writer) Write(writer io.Writer, hints format.Hints, data ...any) error {
-	t := table.NewWriter()
-
-	t.SetOutputMirror(writer)
-
-	var props []format.Prop
-
-	if hints.Props != nil {
-		props = hints.Props
-	} else {
-		if len(data) > 0 {
-			props = getProps(data[0])
-		} else {
-			props = make([]format.Prop, 0)
-		}
-	}
-
-	labels := table.Row{}
-
-	for _, p := range props {
-		labels = append(labels, p.Label())
-	}
-
-	t.AppendHeader(labels)
-
-	isCompactMode := hints.OutputMode == format.OutputModeCompact
-
-	for _, d := range data {
-		row := table.Row{}
-
-		for _, p := range props {
-			value := getFieldValue(d, p.Name())
-
-			compactModeMaxColumnWidth := format.PropHint(p,
-				hintCompactModeMaxColumnWidth,
-				w.compactModeMaxColumnWidth,
-			)
-
-			if isCompactMode && len(value) > compactModeMaxColumnWidth {
-				value = value[:compactModeMaxColumnWidth] + "..."
-			}
-
-			row = append(row, value)
-		}
-
-		t.AppendRow(row)
-	}
-
-	t.Render()
-
-	return nil
-}
-
-func NewWriter(compactModeMaxColumnWidth int) *Writer {
-	return &Writer{compactModeMaxColumnWidth}
-}
-
-var _ format.Writer = &Writer{}
--- a/internal/format/table/writer_test.go
+++ b/internal/format/table/writer_test.go
@ -1,86 +0,0 @@
-package table
-
-import (
-	"bytes"
-	"strings"
-	"testing"
-
-	"forge.cadoles.com/cadoles/bouncer/internal/format"
-	"github.com/pkg/errors"
-)
-
-type dummyItem struct {
-	MyString string
-	MyInt    int
-	MySub    subItem
-}
-
-type subItem struct {
-	MyBool bool
-}
-
-var dummyItems = []any{
-	dummyItem{
-		MyString: "Foo",
-		MyInt:    1,
-		MySub: subItem{
-			MyBool: false,
-		},
-	},
-	dummyItem{
-		MyString: "Bar",
-		MyInt:    0,
-		MySub: subItem{
-			MyBool: true,
-		},
-	},
-}
-
-func TestWriterNoHints(t *testing.T) {
-	var buf bytes.Buffer
-
-	writer := NewWriter(DefaultCompactModeMaxColumnWidth)
-
-	if err := writer.Write(&buf, format.Hints{}, dummyItems...); err != nil {
-		t.Fatalf("%+v", errors.WithStack(err))
-	}
-
-	expected := `+----------+-------+------------------+
-| MYSTRING | MYINT | MYSUB            |
-+----------+-------+------------------+
-| Foo      | 1     | {"MyBool":false} |
-| Bar      | 0     | {"MyBool":true}  |
-+----------+-------+------------------+`
-
-	if e, g := strings.TrimSpace(expected), strings.TrimSpace(buf.String()); e != g {
-		t.Errorf("buf.String(): expected \n%v\ngot\n%v", e, g)
-	}
-}
-
-func TestWriterWithPropHints(t *testing.T) {
-	var buf bytes.Buffer
-
-	writer := NewWriter(DefaultCompactModeMaxColumnWidth)
-
-	hints := format.Hints{
-		Props: []format.Prop{
-			format.NewProp("MyString", "MyString"),
-			format.NewProp("MyInt", "MyInt"),
-		},
-	}
-
-	if err := writer.Write(&buf, hints, dummyItems...); err != nil {
-		t.Fatalf("%+v", errors.WithStack(err))
-	}
-
-	expected := `+----------+-------+
-| MYSTRING | MYINT |
-+----------+-------+
-| Foo      | 1     |
-| Bar      | 0     |
-+----------+-------+`
-
-	if e, g := strings.TrimSpace(expected), strings.TrimSpace(buf.String()); e != g {
-		t.Errorf("buf.String(): expected \n%v\ngot\n%v", e, g)
-	}
-}
--- a/internal/format/writer.go
+++ b/internal/format/writer.go
@ -1,19 +0,0 @@
-package format
-
-import "io"
-
-type OutputMode string
-
-const (
-	OutputModeWide    OutputMode = "wide"
-	OutputModeCompact OutputMode = "compact"
-)
-
-type Hints struct {
-	Props      []Prop
-	OutputMode OutputMode
-}
-
-type Writer interface {
-	Write(writer io.Writer, hints Hints, data ...any) error
-}
--- a/internal/imports/format/format_import.go
+++ b/internal/imports/format/format_import.go
@ -1,6 +1,6 @@
 package format

 import (
-	_ "forge.cadoles.com/cadoles/bouncer/internal/format/json"
-	_ "forge.cadoles.com/cadoles/bouncer/internal/format/table"
+	_ "gitlab.com/wpetit/goweb/cli/format/json"
+	_ "gitlab.com/wpetit/goweb/cli/format/table"
 )
--- a/internal/lock/redis/locker.go
+++ b/internal/lock/redis/locker.go
@ -12,8 +12,8 @@ import (
 )

 type Locker struct {
-	client  redis.UniversalClient
-	timeout time.Duration
+	client     redis.UniversalClient
+	maxRetries int
 }

 // WithLock implements lock.Locker.
@ -26,33 +26,41 @@ func (l *Locker) WithLock(ctx context.Context, key string, timeout time.Duration

 	logger.Debug(ctx, "acquiring lock")

-	lock, err := locker.Obtain(ctx, key, timeout, &redislock.Options{
-		RetryStrategy: backoff,
-	})
-	if err != nil {
-		return errors.WithStack(err)
-	}
-
-	logger.Debug(ctx, "lock obtained")
-
-	defer func() {
-		if err := lock.Release(ctx); err != nil {
-			logger.Error(ctx, "could not release lock", logger.E(errors.WithStack(err)))
+	err := retryWithBackoff(ctx, l.maxRetries, func(ctx context.Context) error {
+		lock, err := locker.Obtain(ctx, key, timeout, &redislock.Options{
+			RetryStrategy: backoff,
+		})
+		if err != nil {
+			return errors.WithStack(err)
 		}

-		logger.Debug(ctx, "lock released")
-	}()
+		logger.Debug(ctx, "lock obtained")

-	if err := fn(ctx); err != nil {
+		defer func() {
+			if err := lock.Release(ctx); err != nil {
+				logger.Error(ctx, "could not release lock", logger.E(errors.WithStack(err)))
+			}
+
+			logger.Debug(ctx, "lock released")
+		}()
+
+		if err := fn(ctx); err != nil {
+			return errors.WithStack(err)
+		}
+
+		return nil
+	})
+	if err != nil {
 		return errors.WithStack(err)
 	}

 	return nil
 }

-func NewLocker(client redis.UniversalClient) *Locker {
+func NewLocker(client redis.UniversalClient, maxRetries int) *Locker {
 	return &Locker{
-		client: client,
+		client:     client,
+		maxRetries: maxRetries,
 	}
 }

--- a/internal/lock/redis/retry.go
+++ b/internal/lock/redis/retry.go
@ -0,0 +1,42 @@
+package redis
+
+import (
+	"context"
+	"time"
+
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+const (
+	baseWatchBackoffDelay = time.Millisecond * 500
+	maxDelay              = time.Minute * 10
+)
+
+func retryWithBackoff(ctx context.Context, attempts int, fn func(ctx context.Context) error) error {
+	backoffDelay := baseWatchBackoffDelay
+	count := 0
+
+	for {
+		err := fn(ctx)
+		if err == nil {
+			return nil
+		}
+
+		err = errors.WithStack(err)
+
+		count++
+		if count >= attempts {
+			return errors.Wrapf(err, "execution failed after %d attempts", attempts)
+		}
+
+		logger.Error(ctx, "error while executing func, retrying with backoff", logger.E(err), logger.F("backoffDelay", backoffDelay), logger.F("remainingAttempts", attempts-count))
+
+		time.Sleep(backoffDelay)
+
+		backoffDelay *= 2
+		if backoffDelay > maxDelay {
+			backoffDelay = maxDelay
+		}
+	}
+}
--- a/internal/proxy/director/context.go
+++ b/internal/proxy/director/context.go
@ -2,6 +2,7 @@ package director

 import (
 	"context"
+	"net/url"

 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
@ -10,8 +11,9 @@ import (
 type contextKey string

 const (
-	contextKeyProxy  contextKey = "proxy"
-	contextKeyLayers contextKey = "layers"
+	contextKeyProxy       contextKey = "proxy"
+	contextKeyLayers      contextKey = "layers"
+	contextKeyOriginalURL contextKey = "originalURL"
 )

 var (
@ -19,6 +21,19 @@ var (
 	errUnexpectedContextValue = errors.New("unexpected context value")
 )

+func withOriginalURL(ctx context.Context, url *url.URL) context.Context {
+	return context.WithValue(ctx, contextKeyOriginalURL, url)
+}
+
+func OriginalURL(ctx context.Context) (*url.URL, error) {
+	url, err := ctxValue[*url.URL](ctx, contextKeyOriginalURL)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return url, nil
+}
+
 func withProxy(ctx context.Context, proxy *store.Proxy) context.Context {
 	return context.WithValue(ctx, contextKeyProxy, proxy)
 }
--- a/internal/proxy/director/director.go
+++ b/internal/proxy/director/director.go
@ -28,7 +28,9 @@ func (d *Director) rewriteRequest(r *http.Request) (*http.Request, error) {
 	}

 	url := getRequestURL(r)
-	ctx = logger.With(r.Context(), logger.F("url", url.String()))
+
+	ctx = withOriginalURL(ctx, url)
+	ctx = logger.With(ctx, logger.F("url", url.String()))

 	var match *store.Proxy

--- a/internal/proxy/director/layer/authn/authenticator.go
+++ b/internal/proxy/director/layer/authn/authenticator.go
@ -0,0 +1,26 @@
+package authn
+
+import (
+	"net/http"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+)
+
+var (
+	ErrUnauthorized = errors.New("unauthorized")
+	ErrForbidden    = errors.New("forbidden")
+	ErrSkipRequest  = errors.New("skip request")
+)
+
+type Authenticator interface {
+	Authenticate(w http.ResponseWriter, r *http.Request, layer *store.Layer) (*User, error)
+}
+
+type PreAuthentication interface {
+	PreAuthentication(w http.ResponseWriter, r *http.Request, layer *store.Layer) error
+}
+
+type PostAuthentication interface {
+	PostAuthentication(w http.ResponseWriter, r *http.Request, layer *store.Layer, user *User) error
+}
--- a/internal/proxy/director/layer/authn/header.go
+++ b/internal/proxy/director/layer/authn/header.go
@ -0,0 +1,94 @@
+package authn
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
+	"github.com/expr-lang/expr"
+	"github.com/pkg/errors"
+)
+
+func (l *Layer) getRuleOptions(r *http.Request) []expr.Option {
+	options := make([]expr.Option, 0)
+
+	setHeader := expr.Function(
+		"set_header",
+		func(params ...any) (any, error) {
+			name := params[0].(string)
+			rawValue := params[1]
+
+			var value string
+			switch v := rawValue.(type) {
+			case []string:
+				value = strings.Join(v, ",")
+			case time.Time:
+				value = strconv.FormatInt(v.UTC().Unix(), 10)
+			case time.Duration:
+				value = strconv.FormatInt(int64(v.Seconds()), 10)
+			default:
+				value = fmt.Sprintf("%v", rawValue)
+			}
+
+			r.Header.Set(name, value)
+
+			return true, nil
+		},
+		new(func(string, string) bool),
+	)
+
+	options = append(options, setHeader)
+
+	delHeaders := expr.Function(
+		"del_headers",
+		func(params ...any) (any, error) {
+			pattern := params[0].(string)
+			deleted := false
+
+			for key := range r.Header {
+				if !wildcard.Match(key, pattern) {
+					continue
+				}
+
+				r.Header.Del(key)
+				deleted = true
+			}
+
+			return deleted, nil
+		},
+		new(func(string) bool),
+	)
+
+	options = append(options, delHeaders)
+
+	return options
+}
+
+func (l *Layer) injectHeaders(r *http.Request, options *LayerOptions, user *User) error {
+	rules := options.Headers.Rules
+	if len(rules) == 0 {
+		return nil
+	}
+
+	env := map[string]any{
+		"user": user,
+	}
+
+	rulesOptions := l.getRuleOptions(r)
+
+	for i, r := range rules {
+		program, err := expr.Compile(r, rulesOptions...)
+		if err != nil {
+			return errors.Wrapf(err, "could not compile header rule #%d", i)
+		}
+
+		if _, err := expr.Run(program, env); err != nil {
+			return errors.Wrapf(err, "could not execute header rule #%d", i)
+		}
+	}
+
+	return nil
+}
--- a/internal/proxy/director/layer/authn/layer-options.json
+++ b/internal/proxy/director/layer/authn/layer-options.json
@ -0,0 +1,54 @@
+{
+    "type": "object",
+    "properties": {
+        "matchURLs": {
+            "title": "Liste de filtrage des URLs sur lesquelles le layer est actif.",
+            "description": "Par exemple, si vous souhaitez limiter votre layer à l'ensemble d'une section '`/blog`' d'un site, vous pouvez déclarer la valeur `['*/blog*']`. Les autres URLs du site ne seront pas affectées par ce layer.",
+            "default": [
+                "*"
+            ],
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        },
+        "headers": {
+            "title": "Options de configuration du mécanisme d'injection d'entêtes HTTP liés à l'authentification",
+            "type": "object",
+            "properties": {
+                "rules": {
+                    "title": "Liste des règles définissant les actions d'injection/réécriture d'entêtes HTTP",
+                    "description": "Voir la documentation (ficher 'doc/fr/references/layers/authn/README.md', section 'Règles d'injection d'entêtes') pour plus d'informations sur le fonctionnement des règles",
+                    "type": "array",
+                    "default": [
+                        "del_headers('Remote-*')",
+                        "set_header('Remote-User', user.subject)",
+                        "map( toPairs(user.attrs), { let name = replace(lower(string(get(#, 0))), '_', '-'); set_header('Remote-User-Attr-' + name, get(#, 1)) })"
+                    ],
+                    "item": {
+                        "type": "string"
+                    }
+                }
+            },
+            "additionalProperties": false
+        },
+        "templates": {
+            "title": "Options de configuration des templates utilisés en fonction de l'état de l'authentification",
+            "type": "object",
+            "properties": {
+                "forbidden": {
+                    "title": "Options de configuration de rendu de la page affichée en cas d'accès interdit (HTTP 403 Forbidden)",
+                    "type": "object",
+                    "properties": {
+                        "block": {
+                            "title": "Nom du bloc au sein du template à exécuter",
+                            "description": "Voir fichier 'layers/authn/templates/forbidden.gohtml'",
+                            "type": "string",
+                            "default": "default"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
--- a/internal/proxy/director/layer/authn/layer.go
+++ b/internal/proxy/director/layer/authn/layer.go
@ -0,0 +1,166 @@
+package authn
+
+import (
+	"html/template"
+	"net/http"
+	"path/filepath"
+
+	"forge.cadoles.com/Cadoles/go-proxy"
+	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/Masterminds/sprig/v3"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+type Layer struct {
+	layerType store.LayerType
+	auth      Authenticator
+
+	templateDir string
+}
+
+func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
+	return func(next http.Handler) http.Handler {
+		fn := func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+
+			options, err := fromStoreOptions(layer.Options)
+			if err != nil {
+				logger.Error(ctx, "could not parse layer options", logger.E(errors.WithStack(err)))
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+				return
+			}
+
+			if preAuth, ok := l.auth.(PreAuthentication); ok {
+				if err := preAuth.PreAuthentication(w, r, layer); err != nil {
+					if errors.Is(err, ErrSkipRequest) {
+						return
+					}
+
+					logger.Error(ctx, "could not execute pre-auth hook", logger.E(errors.WithStack(err)))
+					http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+					return
+				}
+			}
+
+			matches := wildcard.MatchAny(r.URL.String(), options.MatchURLs...)
+			if !matches {
+				next.ServeHTTP(w, r)
+
+				return
+			}
+
+			user, err := l.auth.Authenticate(w, r, layer)
+			if err != nil {
+				if errors.Is(err, ErrSkipRequest) {
+					return
+				}
+
+				if errors.Is(err, ErrForbidden) {
+					l.renderForbiddenPage(w, r, layer, options, user)
+					return
+				}
+
+				logger.Error(ctx, "could not authenticate user", logger.E(errors.WithStack(err)))
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+				return
+			}
+
+			if err := l.injectHeaders(r, options, user); err != nil {
+				if errors.Is(err, ErrForbidden) {
+					l.renderForbiddenPage(w, r, layer, options, user)
+					return
+				}
+
+				logger.Error(ctx, "could not inject headers", logger.E(errors.WithStack(err)))
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+				return
+			}
+
+			if postAuth, ok := l.auth.(PostAuthentication); ok {
+				if err := postAuth.PostAuthentication(w, r, layer, user); err != nil {
+					if errors.Is(err, ErrSkipRequest) {
+						return
+					}
+
+					if errors.Is(err, ErrForbidden) {
+						l.renderForbiddenPage(w, r, layer, options, user)
+						return
+					}
+
+					logger.Error(ctx, "could not execute post-auth hook", logger.E(errors.WithStack(err)))
+					http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+					return
+				}
+			}
+
+			next.ServeHTTP(w, r)
+		}
+
+		return http.HandlerFunc(fn)
+	}
+}
+
+func (l *Layer) renderForbiddenPage(w http.ResponseWriter, r *http.Request, layer *store.Layer, options *LayerOptions, user *User) {
+	w.WriteHeader(http.StatusForbidden)
+	l.renderPage(w, r, layer, "forbidden", options.Templates.Forbidden.Block, user)
+}
+
+func (l *Layer) renderPage(w http.ResponseWriter, r *http.Request, layer *store.Layer, page string, block string, user *User) {
+	ctx := r.Context()
+
+	pattern := filepath.Join(l.templateDir, page+".gohtml")
+
+	logger.Info(ctx, "loading authn templates", logger.F("pattern", pattern))
+
+	tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern)
+	if err != nil {
+		logger.Error(ctx, "could not load authn templates", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
+	templateData := struct {
+		Layer *store.Layer
+		User  *User
+	}{
+		Layer: layer,
+		User:  user,
+	}
+
+	w.Header().Add("Cache-Control", "no-cache")
+
+	w.WriteHeader(http.StatusOK)
+
+	if err := tmpl.ExecuteTemplate(w, block, templateData); err != nil {
+		logger.Error(ctx, "could not render authn page", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+}
+
+// LayerType implements director.MiddlewareLayer
+func (l *Layer) LayerType() store.LayerType {
+	return l.layerType
+}
+
+func NewLayer(layerType store.LayerType, auth Authenticator, funcs ...OptionFunc) *Layer {
+	opts := NewOptions(funcs...)
+
+	return &Layer{
+		layerType:   layerType,
+		auth:        auth,
+		templateDir: opts.TemplateDir,
+	}
+}
+
+var _ director.MiddlewareLayer = &Layer{}
--- a/internal/proxy/director/layer/authn/layer_options.go
+++ b/internal/proxy/director/layer/authn/layer_options.go
@ -0,0 +1,107 @@
+package authn
+
+import (
+	"reflect"
+	"time"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/mitchellh/mapstructure"
+	"github.com/pkg/errors"
+)
+
+type LayerOptions struct {
+	MatchURLs []string         `mapstructure:"matchURLs"`
+	Headers   HeadersOptions   `mapstructure:"headers"`
+	Templates TemplatesOptions `mapstructure:"templates"`
+}
+
+type HeadersOptions struct {
+	Rules []string `mapstructure:"rules"`
+}
+
+type TemplatesOptions struct {
+	Forbidden TemplateOptions `mapstructure:"forbidden"`
+}
+
+type TemplateOptions struct {
+	Block string `mapstructure:"block"`
+}
+
+func DefaultLayerOptions() LayerOptions {
+	return LayerOptions{
+		MatchURLs: []string{"*"},
+		Headers: HeadersOptions{
+			Rules: []string{
+				"del_headers('Remote-*')",
+				"set_header('Remote-User', user.subject)",
+				`map(
+					toPairs(user.attrs), {
+						let name = replace(lower(string(get(#, 0))), '_', '-');
+						set_header(
+							'Remote-User-Attr-' + name, 
+							get(#, 1)
+						) 
+					})
+				`,
+			},
+		},
+		Templates: TemplatesOptions{
+			Forbidden: TemplateOptions{
+				Block: "default",
+			},
+		},
+	}
+
+}
+
+func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
+	layerOptions := DefaultLayerOptions()
+
+	if err := FromStoreOptions(storeOptions, &layerOptions); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return &layerOptions, nil
+}
+
+func FromStoreOptions(storeOptions store.LayerOptions, dest any) error {
+	config := mapstructure.DecoderConfig{
+		Result:     dest,
+		ZeroFields: true,
+		DecodeHook: mapstructure.ComposeDecodeHookFunc(
+			toDurationHookFunc(),
+		),
+	}
+
+	decoder, err := mapstructure.NewDecoder(&config)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	if err := decoder.Decode(storeOptions); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+func toDurationHookFunc() mapstructure.DecodeHookFunc {
+	return func(
+		f reflect.Type,
+		t reflect.Type,
+		data interface{}) (interface{}, error) {
+		if t != reflect.TypeOf(*new(time.Duration)) {
+			return data, nil
+		}
+
+		switch f.Kind() {
+		case reflect.String:
+			return time.ParseDuration(data.(string))
+		case reflect.Int64:
+			return time.Duration(data.(int64) * int64(time.Second)), nil
+		default:
+			return data, nil
+		}
+		// Convert it by parsing
+	}
+}
--- a/internal/proxy/director/layer/authn/network/authenticator.go
+++ b/internal/proxy/director/layer/authn/network/authenticator.go
@ -0,0 +1,83 @@
+package network
+
+import (
+	"context"
+	"net"
+	"net/http"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+type Authenticator struct {
+}
+
+// Authenticate implements authn.Authenticator.
+func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, layer *store.Layer) (*authn.User, error) {
+	ctx := r.Context()
+
+	options, err := fromStoreOptions(layer.Options)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	matches, err := a.matchAnyAuthorizedCIDRs(ctx, r.RemoteAddr, options.AuthorizedCIDRs)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	user := authn.NewUser(r.RemoteAddr, map[string]any{})
+
+	if !matches {
+		metricForbiddenTotal.With(prometheus.Labels{
+			metricLabelLayer: string(layer.Name),
+			metricLabelProxy: string(layer.Proxy),
+		}).Add(1)
+
+		return user, errors.WithStack(authn.ErrForbidden)
+	}
+
+	metricAuthorizedTotal.With(prometheus.Labels{
+		metricLabelLayer: string(layer.Name),
+		metricLabelProxy: string(layer.Proxy),
+	}).Add(1)
+
+	return user, nil
+}
+
+func (a *Authenticator) matchAnyAuthorizedCIDRs(ctx context.Context, remoteHostPort string, CIDRs []string) (bool, error) {
+	remoteHost, _, err := net.SplitHostPort(remoteHostPort)
+	if err != nil {
+		return false, errors.WithStack(err)
+	}
+
+	remoteAddr := net.ParseIP(remoteHost)
+	if remoteAddr == nil {
+		return false, errors.Errorf("remote host '%s' is not a valid ip address", remoteHost)
+	}
+
+	for _, rawCIDR := range CIDRs {
+		_, net, err := net.ParseCIDR(rawCIDR)
+		if err != nil {
+			return false, errors.WithStack(err)
+		}
+
+		match := net.Contains(remoteAddr)
+		if !match {
+			continue
+		}
+
+		return true, nil
+	}
+
+	logger.Debug(ctx, "comparing remote host with authorized cidrs", logger.F("remoteAddr", remoteAddr))
+
+	return false, nil
+}
+
+var (
+	_ authn.Authenticator = &Authenticator{}
+)
--- a/internal/proxy/director/layer/authn/network/layer-options.json
+++ b/internal/proxy/director/layer/authn/network/layer-options.json
@ -0,0 +1,14 @@
+{
+    "type": "object",
+    "properties": {
+        "authorizedCIDRs": {
+            "title": "Liste des adresses réseau d'origine autorisées (au format CIDR)",
+            "default": [],
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        }
+    },
+    "additionalProperties": false
+}
--- a/internal/proxy/director/layer/authn/network/layer.go
+++ b/internal/proxy/director/layer/authn/network/layer.go
@ -0,0 +1,12 @@
+package network
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+)
+
+const LayerType store.LayerType = "authn-network"
+
+func NewLayer(funcs ...authn.OptionFunc) *authn.Layer {
+	return authn.NewLayer(LayerType, &Authenticator{}, funcs...)
+}
--- a/internal/proxy/director/layer/circuitbreaker/layer_options.go
+++ b/internal/proxy/director/layer/circuitbreaker/layer_options.go
@ -1,20 +1,21 @@
-package circuitbreaker
+package network

 import (
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 )

 type LayerOptions struct {
-	MatchURLs       []string `mapstructure:"matchURLs"`
+	authn.LayerOptions
 	AuthorizedCIDRs []string `mapstructure:"authorizedCIDRs"`
 	TemplateBlock   string   `mapstructure:"templateBlock"`
 }

 func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
 	layerOptions := LayerOptions{
-		MatchURLs:       []string{"*"},
+		LayerOptions:    authn.DefaultLayerOptions(),
 		AuthorizedCIDRs: []string{},
 		TemplateBlock:   "default",
 	}
--- a/internal/proxy/director/layer/authn/network/metrics.go
+++ b/internal/proxy/director/layer/authn/network/metrics.go
@ -0,0 +1,31 @@
+package network
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
+)
+
+const (
+	metricNamespace  = "bouncer_layer_authn_network"
+	metricLabelProxy = "proxy"
+	metricLabelLayer = "layer"
+)
+
+var (
+	metricAuthorizedTotal = promauto.NewCounterVec(
+		prometheus.CounterOpts{
+			Name:      "authorized_total",
+			Help:      "Bouncer's authn-network layer total authorized accesses",
+			Namespace: metricNamespace,
+		},
+		[]string{metricLabelProxy, metricLabelLayer},
+	)
+	metricForbiddenTotal = promauto.NewCounterVec(
+		prometheus.CounterOpts{
+			Name:      "forbidden_total",
+			Help:      "Bouncer's authn-network layer total forbbiden accesses",
+			Namespace: metricNamespace,
+		},
+		[]string{metricLabelProxy, metricLabelLayer},
+	)
+)
--- a/internal/proxy/director/layer/circuitbreaker/schema.go
+++ b/internal/proxy/director/layer/circuitbreaker/schema.go
@ -1,4 +1,4 @@
-package circuitbreaker
+package network

 import (
 	_ "embed"
--- a/internal/proxy/director/layer/authn/oidc/authenticator.go
+++ b/internal/proxy/director/layer/authn/oidc/authenticator.go
@ -0,0 +1,278 @@
+package oidc
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gorilla/sessions"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+type Authenticator struct {
+	store sessions.Store
+}
+
+func (a *Authenticator) PreAuthentication(w http.ResponseWriter, r *http.Request, layer *store.Layer) error {
+	ctx := r.Context()
+
+	originalURL, err := director.OriginalURL(ctx)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	options, err := fromStoreOptions(layer.Options)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Name))
+	if err != nil {
+		logger.Error(ctx, "could not retrieve session", logger.E(errors.WithStack(err)))
+	}
+
+	redirectURL := a.getRedirectURL(layer.Proxy, layer.Name, originalURL, options)
+	logoutURL := a.getLogoutURL(layer.Proxy, layer.Name, originalURL, options)
+
+	client, err := a.getClient(options, redirectURL.String())
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	switch r.URL.Path {
+	case redirectURL.Path:
+		if err := client.HandleCallback(w, r, sess); err != nil {
+			return errors.WithStack(err)
+		}
+
+		metricLoginSuccessesTotal.With(prometheus.Labels{
+			metricLabelLayer: string(layer.Name),
+			metricLabelProxy: string(layer.Proxy),
+		}).Add(1)
+
+	case logoutURL.Path:
+		postLogoutRedirectURL := options.OIDC.PostLogoutRedirectURL
+		if options.OIDC.PostLogoutRedirectURL == "" {
+			postLogoutRedirectURL = originalURL.Scheme + "://" + originalURL.Host
+		}
+
+		if err := client.HandleLogout(w, r, sess, postLogoutRedirectURL); err != nil {
+			return errors.WithStack(err)
+		}
+
+		metricLogoutsTotal.With(prometheus.Labels{
+			metricLabelLayer: string(layer.Name),
+			metricLabelProxy: string(layer.Proxy),
+		}).Add(1)
+	}
+
+	return nil
+}
+
+// Authenticate implements authn.Authenticator.
+func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, layer *store.Layer) (*authn.User, error) {
+	ctx := r.Context()
+
+	originalURL, err := director.OriginalURL(ctx)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	options, err := fromStoreOptions(layer.Options)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	sess, err := a.store.Get(r, a.getCookieName(options.Cookie.Name, layer.Name))
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	defer func() {
+		if err := sess.Save(r, w); err != nil {
+			logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err)))
+		}
+	}()
+
+	sess.Options.Domain = options.Cookie.Domain
+	sess.Options.HttpOnly = options.Cookie.HTTPOnly
+	sess.Options.MaxAge = int(options.Cookie.MaxAge.Seconds())
+	sess.Options.Path = options.Cookie.Path
+
+	switch options.Cookie.SameSite {
+	case "lax":
+		sess.Options.SameSite = http.SameSiteLaxMode
+	case "strict":
+		sess.Options.SameSite = http.SameSiteStrictMode
+	case "none":
+		sess.Options.SameSite = http.SameSiteNoneMode
+	default:
+		sess.Options.SameSite = http.SameSiteDefaultMode
+	}
+
+	redirectURL := a.getRedirectURL(layer.Proxy, layer.Name, originalURL, options)
+
+	client, err := a.getClient(options, redirectURL.String())
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	idToken, err := client.Authenticate(w, r, sess)
+	if err != nil {
+		if errors.Is(err, ErrLoginRequired) {
+			metricLoginRequestsTotal.With(prometheus.Labels{
+				metricLabelLayer: string(layer.Name),
+				metricLabelProxy: string(layer.Proxy),
+			}).Add(1)
+
+			return nil, errors.WithStack(authn.ErrSkipRequest)
+		}
+
+		return nil, errors.WithStack(err)
+	}
+
+	user, err := a.toUser(idToken, layer.Proxy, layer.Name, originalURL, options, sess)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return user, nil
+}
+
+type claims struct {
+	Issuer     string         `json:"iss"`
+	Subject    string         `json:"sub"`
+	Expiration int64          `json:"exp"`
+	IssuedAt   int64          `json:"iat"`
+	AuthTime   int64          `json:"auth_time"`
+	Nonce      string         `json:"nonce"`
+	ACR        string         `json:"acr"`
+	AMR        string         `json:"amr"`
+	AZP        string         `json:"amp"`
+	Others     map[string]any `json:"-"`
+}
+
+func (c claims) AsAttrs() map[string]any {
+	attrs := make(map[string]any)
+
+	for key, val := range c.Others {
+		if val != nil {
+			attrs["claim_"+key] = val
+		}
+	}
+
+	attrs["claim_iss"] = c.Issuer
+	attrs["claim_sub"] = c.Subject
+	attrs["claim_exp"] = c.Expiration
+	attrs["claim_iat"] = c.IssuedAt
+
+	if c.AuthTime != 0 {
+		attrs["claim_auth_time"] = c.AuthTime
+	}
+
+	if c.Nonce != "" {
+		attrs["claim_nonce"] = c.Nonce
+	}
+
+	if c.ACR != "" {
+		attrs["claim_arc"] = c.ACR
+	}
+
+	if c.AMR != "" {
+		attrs["claim_amr"] = c.AMR
+	}
+
+	if c.AZP != "" {
+		attrs["claim_azp"] = c.AZP
+	}
+
+	return attrs
+}
+
+func (a *Authenticator) toUser(idToken *oidc.IDToken, proxyName store.ProxyName, layerName store.LayerName, originalURL *url.URL, options *LayerOptions, sess *sessions.Session) (*authn.User, error) {
+	var claims claims
+
+	if err := idToken.Claims(&claims); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	if err := idToken.Claims(&claims.Others); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	attrs := claims.AsAttrs()
+
+	logoutURL := a.getLogoutURL(proxyName, layerName, originalURL, options)
+	attrs["logout_url"] = logoutURL.String()
+
+	if accessToken, exists := sess.Values[sessionKeyAccessToken]; exists && accessToken != nil {
+		attrs["access_token"] = accessToken
+	}
+
+	if refreshToken, exists := sess.Values[sessionKeyRefreshToken]; exists && refreshToken != nil {
+		attrs["refresh_token"] = refreshToken
+	}
+
+	if tokenExpiry, exists := sess.Values[sessionKeyTokenExpiry]; exists && tokenExpiry != nil {
+		attrs["token_expiry"] = tokenExpiry
+	}
+
+	user := authn.NewUser(idToken.Subject, attrs)
+
+	return user, nil
+}
+
+func (a *Authenticator) getRedirectURL(proxyName store.ProxyName, layerName store.LayerName, u *url.URL, options *LayerOptions) *url.URL {
+	return &url.URL{
+		Scheme: u.Scheme,
+		Host:   u.Host,
+		Path:   fmt.Sprintf(options.OIDC.LoginCallbackPath, fmt.Sprintf("%s/%s", proxyName, layerName)),
+	}
+}
+
+func (a *Authenticator) getLogoutURL(proxyName store.ProxyName, layerName store.LayerName, u *url.URL, options *LayerOptions) *url.URL {
+	return &url.URL{
+		Scheme: u.Scheme,
+		Host:   u.Host,
+		Path:   fmt.Sprintf(options.OIDC.LogoutPath, fmt.Sprintf("%s/%s", proxyName, layerName)),
+	}
+}
+
+func (a *Authenticator) getClient(options *LayerOptions, redirectURL string) (*Client, error) {
+	ctx := context.Background()
+
+	if options.OIDC.SkipIssuerVerification {
+		ctx = oidc.InsecureIssuerURLContext(ctx, options.OIDC.IssuerURL)
+	}
+
+	provider, err := oidc.NewProvider(ctx, options.OIDC.IssuerURL)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not create oidc provider")
+	}
+
+	client := NewClient(
+		WithCredentials(options.OIDC.ClientID, options.OIDC.ClientSecret),
+		WithProvider(provider),
+		WithRedirectURL(redirectURL),
+		WithScopes(options.OIDC.Scopes...),
+		WithAuthParams(options.OIDC.AuthParams),
+	)
+
+	return client, nil
+}
+
+func (a *Authenticator) getCookieName(cookieName string, layerName store.LayerName) string {
+	return fmt.Sprintf("%s_%s", cookieName, layerName)
+}
+
+var (
+	_ authn.PreAuthentication = &Authenticator{}
+	_ authn.Authenticator     = &Authenticator{}
+)
--- a/internal/proxy/director/layer/authn/oidc/client.go
+++ b/internal/proxy/director/layer/authn/oidc/client.go
@ -0,0 +1,291 @@
+package oidc
+
+import (
+	"bytes"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/dchest/uniuri"
+	"github.com/gorilla/sessions"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+	"golang.org/x/oauth2"
+)
+
+const (
+	sessionKeyAccessToken          = "access-token"
+	sessionKeyRefreshToken         = "refresh-token"
+	sessionKeyTokenExpiry          = "token-expiry"
+	sessionKeyIDToken              = "id-token"
+	sessionKeyPostLoginRedirectURL = "post-login-redirect-url"
+	sessionKeyLoginState           = "login-state"
+	sessionKeyLoginNonce           = "login-nonce"
+)
+
+var (
+	ErrLoginRequired = errors.New("login required")
+)
+
+type Client struct {
+	oauth2     *oauth2.Config
+	provider   *oidc.Provider
+	verifier   *oidc.IDTokenVerifier
+	authParams map[string]string
+}
+
+func (c *Client) Verifier() *oidc.IDTokenVerifier {
+	return c.verifier
+}
+
+func (c *Client) Provider() *oidc.Provider {
+	return c.provider
+}
+
+func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session) (*oidc.IDToken, error) {
+	idToken, err := c.getIDToken(r, sess)
+	if err != nil {
+		logger.Error(r.Context(), "could not retrieve idtoken", logger.E(errors.WithStack(err)))
+
+		c.login(w, r, sess)
+
+		return nil, errors.WithStack(ErrLoginRequired)
+	}
+
+	return idToken, nil
+}
+
+func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Session) {
+	ctx := r.Context()
+
+	state := uniuri.New()
+	nonce := uniuri.New()
+
+	originalURL, err := director.OriginalURL(ctx)
+	if err != nil {
+		logger.Error(ctx, "could not retrieve original url", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
+	sess.Values[sessionKeyLoginState] = state
+	sess.Values[sessionKeyLoginNonce] = nonce
+	sess.Values[sessionKeyPostLoginRedirectURL] = originalURL.String()
+
+	if err := sess.Save(r, w); err != nil {
+		logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err)))
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+
+		return
+	}
+
+	authCodeOptions := []oauth2.AuthCodeOption{}
+	authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce))
+
+	for key, val := range c.authParams {
+		authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam(key, val))
+	}
+
+	authCodeURL := c.oauth2.AuthCodeURL(
+		state,
+		authCodeOptions...,
+	)
+
+	http.Redirect(w, r, authCodeURL, http.StatusFound)
+}
+
+func (c *Client) HandleCallback(w http.ResponseWriter, r *http.Request, sess *sessions.Session) error {
+	token, _, rawIDToken, err := c.validate(r, sess)
+	if err != nil {
+		return errors.Wrap(err, "could not validate oidc token")
+	}
+
+	sess.Values[sessionKeyIDToken] = rawIDToken
+	sess.Values[sessionKeyAccessToken] = token.AccessToken
+	sess.Values[sessionKeyRefreshToken] = token.RefreshToken
+	sess.Values[sessionKeyTokenExpiry] = token.Expiry.UTC().Unix()
+
+	if err := sess.Save(r, w); err != nil {
+		return errors.WithStack(err)
+	}
+
+	rawPostLoginRedirectURL, exists := sess.Values[sessionKeyPostLoginRedirectURL]
+	if !exists {
+		return errors.Wrap(err, "could not find post login redirect url")
+	}
+
+	postLoginRedirectURL, ok := rawPostLoginRedirectURL.(string)
+	if !ok {
+		return errors.Wrapf(err, "unexpected value '%v' for post login redirect url", rawPostLoginRedirectURL)
+	}
+
+	http.Redirect(w, r, postLoginRedirectURL, http.StatusTemporaryRedirect)
+
+	return nil
+}
+
+func (c *Client) HandleLogout(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLogoutRedirectURL string) error {
+	state := uniuri.New()
+	sess.Values[sessionKeyLoginState] = state
+
+	ctx := r.Context()
+
+	rawIDToken, err := c.getRawIDToken(sess)
+	if err != nil {
+		logger.Error(ctx, "could not retrieve raw id token", logger.E(errors.WithStack(err)))
+	}
+
+	sess.Values[sessionKeyIDToken] = nil
+	sess.Values[sessionKeyAccessToken] = nil
+	sess.Values[sessionKeyRefreshToken] = nil
+	sess.Values[sessionKeyTokenExpiry] = nil
+	sess.Options.MaxAge = -1
+
+	if err := sess.Save(r, w); err != nil {
+		return errors.Wrap(err, "could not save session")
+	}
+
+	if rawIDToken == "" {
+		http.Redirect(w, r, postLogoutRedirectURL, http.StatusFound)
+		return nil
+	}
+
+	sessionEndURL, err := c.sessionEndURL(rawIDToken, state, postLogoutRedirectURL)
+	if err != nil {
+		return errors.Wrap(err, "could not retrieve session end url")
+	}
+
+	if sessionEndURL != "" {
+		http.Redirect(w, r, sessionEndURL, http.StatusFound)
+	} else {
+		http.Redirect(w, r, postLogoutRedirectURL, http.StatusFound)
+	}
+
+	return nil
+}
+
+func (c *Client) sessionEndURL(idTokenHint, state, postLogoutRedirectURL string) (string, error) {
+	sessionEndEndpoint := &struct {
+		URL string `json:"end_session_endpoint"`
+	}{}
+
+	if err := c.provider.Claims(&sessionEndEndpoint); err != nil {
+		return "", errors.Wrap(err, "could not unmarshal claims")
+	}
+
+	if sessionEndEndpoint.URL == "" {
+		return "", nil
+	}
+
+	var buf bytes.Buffer
+	buf.WriteString(sessionEndEndpoint.URL)
+
+	v := url.Values{}
+
+	if idTokenHint != "" {
+		v.Set("id_token_hint", idTokenHint)
+	}
+
+	if postLogoutRedirectURL != "" {
+		v.Set("post_logout_redirect_uri", postLogoutRedirectURL)
+	}
+
+	if state != "" {
+		v.Set("state", state)
+	}
+
+	if strings.Contains(sessionEndEndpoint.URL, "?") {
+		buf.WriteByte('&')
+	} else {
+		buf.WriteByte('?')
+	}
+
+	buf.WriteString(v.Encode())
+
+	return buf.String(), nil
+}
+
+func (c *Client) validate(r *http.Request, sess *sessions.Session) (*oauth2.Token, *oidc.IDToken, string, error) {
+	ctx := r.Context()
+
+	rawStoredState := sess.Values[sessionKeyLoginState]
+	receivedState := r.URL.Query().Get("state")
+
+	storedState, ok := rawStoredState.(string)
+	if !ok {
+		return nil, nil, "", errors.New("could not find state in session")
+	}
+
+	if receivedState != storedState {
+		return nil, nil, "", errors.New("state mismatch")
+	}
+
+	code := r.URL.Query().Get("code")
+
+	token, err := c.oauth2.Exchange(ctx, code)
+	if err != nil {
+		return nil, nil, "", errors.Wrap(err, "could not exchange token")
+	}
+
+	rawIDToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		return nil, nil, "", errors.New("could not find id token")
+	}
+
+	idToken, err := c.verifier.Verify(ctx, rawIDToken)
+	if err != nil {
+		return nil, nil, "", errors.Wrap(err, "could not verify id token")
+	}
+
+	return token, idToken, rawIDToken, nil
+}
+
+func (c *Client) getRawIDToken(sess *sessions.Session) (string, error) {
+	rawIDToken, ok := sess.Values[sessionKeyIDToken].(string)
+	if !ok || rawIDToken == "" {
+		return "", errors.New("invalid id token")
+	}
+
+	return rawIDToken, nil
+}
+
+func (c *Client) getIDToken(r *http.Request, sess *sessions.Session) (*oidc.IDToken, error) {
+	rawIDToken, err := c.getRawIDToken(sess)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not retrieve raw idtoken")
+	}
+
+	idToken, err := c.verifier.Verify(r.Context(), rawIDToken)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not verify id token")
+	}
+
+	return idToken, nil
+}
+
+func NewClient(funcs ...ClientOptionFunc) *Client {
+	opts := NewClientOptions(funcs...)
+
+	oauth2 := &oauth2.Config{
+		ClientID:     opts.ClientID,
+		ClientSecret: opts.ClientSecret,
+		Endpoint:     opts.Provider.Endpoint(),
+		RedirectURL:  opts.RedirectURL,
+		Scopes:       opts.Scopes,
+	}
+
+	verifier := opts.Provider.Verifier(&oidc.Config{
+		ClientID:        opts.ClientID,
+		SkipIssuerCheck: opts.SkipIssuerCheck,
+	})
+
+	return &Client{
+		oauth2:     oauth2,
+		provider:   opts.Provider,
+		verifier:   verifier,
+		authParams: opts.AuthParams,
+	}
+}
--- a/internal/proxy/director/layer/authn/oidc/client_options.go
+++ b/internal/proxy/director/layer/authn/oidc/client_options.go
@ -0,0 +1,76 @@
+package oidc
+
+import (
+	"context"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+)
+
+type ClientOptions struct {
+	Provider        *oidc.Provider
+	ClientID        string
+	ClientSecret    string
+	RedirectURL     string
+	Scopes          []string
+	AuthParams      map[string]string
+	SkipIssuerCheck bool
+}
+
+type ClientOptionFunc func(*ClientOptions)
+
+func WithRedirectURL(url string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.RedirectURL = url
+	}
+}
+
+func WithCredentials(clientID, clientSecret string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.ClientID = clientID
+		opt.ClientSecret = clientSecret
+	}
+}
+
+func WithScopes(scopes ...string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.Scopes = scopes
+	}
+}
+
+func WithAuthParams(params map[string]string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.AuthParams = params
+	}
+}
+
+func WithSkipIssuerCheck(skip bool) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.SkipIssuerCheck = skip
+	}
+}
+
+func NewProvider(ctx context.Context, issuer string, skipIssuerVerification bool) (*oidc.Provider, error) {
+	if skipIssuerVerification {
+		ctx = oidc.InsecureIssuerURLContext(ctx, issuer)
+	}
+
+	return oidc.NewProvider(ctx, issuer)
+}
+
+func WithProvider(provider *oidc.Provider) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.Provider = provider
+	}
+}
+
+func NewClientOptions(funcs ...ClientOptionFunc) *ClientOptions {
+	opt := &ClientOptions{
+		Scopes: []string{oidc.ScopeOpenID, "profile"},
+	}
+
+	for _, f := range funcs {
+		f(opt)
+	}
+
+	return opt
+}
--- a/internal/proxy/director/layer/authn/oidc/layer-options.json
+++ b/internal/proxy/director/layer/authn/oidc/layer-options.json
@ -0,0 +1,125 @@
+{
+    "type": "object",
+    "properties": {
+        "oidc": {
+            "title": "Configuration du client OpenID Connect",
+            "type": "object",
+            "properties": {
+                "clientId": {
+                    "title": "Identifiant du client OpenID Connect",
+                    "type": "string"
+                },
+                "clientSecret": {
+                    "title": "Secret du client OpenID Connect",
+                    "type": "string"
+                },
+                "issuerURL": {
+                    "title": "URL de base du fournisseur OpenID Connect (racine du .well-known/openid-configuration)",
+                    "type": "string"
+                },
+                "postLogoutRedirectURL": {
+                    "title": "URL de redirection après déconnexion",
+                    "type": "string"
+                },
+                "scopes": {
+                    "title": "Scopes associés au client OpenID Connect",
+                    "default": [
+                        "openid"
+                    ],
+                    "type": "array",
+                    "item": {
+                        "type": "string"
+                    }
+                },
+                "authParams": {
+                    "title": "Paramètres d'URL supplémentaires à ajouter à la requête d'authentification OpenID Connect",
+                    "default": {},
+                    "description": "L'ensemble des clés valeurs renseignées seront transformées en variables d'URL lors de la requête d'authentification initiale. Permet par exemple d'ajouter les 'acr_values' requises par certains fournisseurs d'identité OpenID Connect.",
+                    "type": "object",
+                    "patternProperties": {
+                        ".*": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "loginCallbackPath": {
+                    "title": "Chemin associé à l'URL de callback OpenID Connect",
+                    "default": "/.bouncer/authn/oidc/%s/callback",
+                    "description": "Le marqueur '%s' peut être utilisé pour injecter l'espace de nom '<proxy>/<layer>'.",
+                    "type": "string"
+                },
+                "logoutPath": {
+                    "title": "Chemin associé à l'URL de déconnexion",
+                    "default": "/.bouncer/authn/oidc/%s/logout",
+                    "description": "Le marqueur '%s' peut être utilisé pour injecter l'espace de nom '<proxy>/<layer>'.",
+                    "type": "string"
+                },
+                "skipIssuerVerification": {
+                    "title": "Activer/désactiver la vérification de concordance de l'identifiant du fournisseur d'identité",
+                    "default": false,
+                    "type": "boolean"
+                }
+            },
+            "additionalProperties": false,
+            "required": [
+                "clientId",
+                "clientSecret",
+                "issuerURL"
+            ]
+        },
+        "cookie": {
+            "title": "Configuration du cookie porteur de la session utilisateur",
+            "type": "object",
+            "properties": {
+                "name": {
+                    "title": "Nom du cookie",
+                    "default": "_bouncer_authn_oidc",
+                    "type": "string"
+                },
+                "domain": {
+                    "title": "Domaine associé au cookie",
+                    "description": "Par défaut le domaine associé à la requête HTTP",
+                    "type": "string"
+                },
+                "path": {
+                    "title": "Chemin associé au cookie",
+                    "type": "string",
+                    "default": "/"
+                },
+                "sameSite": {
+                    "title": "Attribut sameSite du cookie",
+                    "description": "Voir https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value",
+                    "type": "string",
+                    "enum": [
+                        "lax",
+                        "none",
+                        "strict",
+                        ""
+                    ],
+                    "default": ""
+                },
+                "httpOnly": {
+                    "title": "Interdire ou non l'accès au cookie en Javascript",
+                    "type": "boolean",
+                    "default": false
+                },
+                "secure": {
+                    "title": "Transmettre le cookie uniquement en HTTPS",
+                    "type": "boolean",
+                    "default": false
+                },
+                "maxAge": {
+                    "title": "Temps de vie du cookie et de la session associée.",
+                    "description": "Voir https://pkg.go.dev/time#ParseDuration pour le format attendu.",
+                    "default": "1h",
+                    "type": "string"
+                }
+            },
+            "additionalProperties": false
+        }
+    },
+    "additionalProperties": false,
+    "required": [
+        "oidc"
+    ]
+}
--- a/internal/proxy/director/layer/authn/oidc/layer.go
+++ b/internal/proxy/director/layer/authn/oidc/layer.go
@ -0,0 +1,13 @@
+package oidc
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/gorilla/sessions"
+)
+
+const LayerType store.LayerType = "authn-oidc"
+
+func NewLayer(store sessions.Store) *authn.Layer {
+	return authn.NewLayer(LayerType, &Authenticator{store: store})
+}
--- a/internal/proxy/director/layer/authn/oidc/layer_options.go
+++ b/internal/proxy/director/layer/authn/oidc/layer_options.go
@ -0,0 +1,62 @@
+package oidc
+
+import (
+	"time"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
+	"github.com/pkg/errors"
+)
+
+const defaultCookieName = "_bouncer_authn_oidc"
+
+type LayerOptions struct {
+	authn.LayerOptions
+	OIDC   OIDCOptions   `mapstructure:"oidc"`
+	Cookie CookieOptions `mapstructure:"cookie"`
+}
+
+type OIDCOptions struct {
+	ClientID               string            `mapstructure:"clientId"`
+	ClientSecret           string            `mapstructure:"clientSecret"`
+	LoginCallbackPath      string            `mapstructure:"loginCallbackPath"`
+	LogoutPath             string            `mapstructure:"logoutPath"`
+	IssuerURL              string            `mapstructure:"issuerURL"`
+	SkipIssuerVerification bool              `mapstructure:"skipIssuerVerification"`
+	PostLogoutRedirectURL  string            `mapstructure:"postLogoutRedirectURL"`
+	Scopes                 []string          `mapstructure:"scopes"`
+	AuthParams             map[string]string `mapstructure:"authParams"`
+}
+
+type CookieOptions struct {
+	Name     string        `mapstructure:"name"`
+	Domain   string        `mapstructure:"domain"`
+	Path     string        `mapstructure:"path"`
+	SameSite string        `mapstructure:"sameSite"`
+	Secure   bool          `mapstructure:"secure"`
+	HTTPOnly bool          `mapstructure:"httpOnly"`
+	MaxAge   time.Duration `mapstructure:"maxAge"`
+}
+
+func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
+	layerOptions := LayerOptions{
+		LayerOptions: authn.DefaultLayerOptions(),
+		OIDC: OIDCOptions{
+			LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback",
+			LogoutPath:        "/.bouncer/authn/oidc/%s/logout",
+			Scopes:            []string{"openid"},
+		},
+		Cookie: CookieOptions{
+			Name:     defaultCookieName,
+			Path:     "/",
+			HTTPOnly: true,
+			MaxAge:   time.Hour,
+		},
+	}
+
+	if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return &layerOptions, nil
+}
--- a/internal/proxy/director/layer/authn/oidc/metrics.go
+++ b/internal/proxy/director/layer/authn/oidc/metrics.go
@ -0,0 +1,39 @@
+package oidc
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
+)
+
+const (
+	metricNamespace  = "bouncer_layer_authn_oidc"
+	metricLabelProxy = "proxy"
+	metricLabelLayer = "layer"
+)
+
+var (
+	metricLoginRequestsTotal = promauto.NewCounterVec(
+		prometheus.CounterOpts{
+			Name:      "login_requests_total",
+			Help:      "Bouncer's authn-oidc layer total login requests",
+			Namespace: metricNamespace,
+		},
+		[]string{metricLabelProxy, metricLabelLayer},
+	)
+	metricLoginSuccessesTotal = promauto.NewCounterVec(
+		prometheus.CounterOpts{
+			Name:      "login_successes_total",
+			Help:      "Bouncer's authn-oidc layer total login successes",
+			Namespace: metricNamespace,
+		},
+		[]string{metricLabelProxy, metricLabelLayer},
+	)
+	metricLogoutsTotal = promauto.NewCounterVec(
+		prometheus.CounterOpts{
+			Name:      "logout_total",
+			Help:      "Bouncer's authn-oidc layer total logouts",
+			Namespace: metricNamespace,
+		},
+		[]string{metricLabelProxy, metricLabelLayer},
+	)
+)
--- a/internal/proxy/director/layer/authn/oidc/schema.go
+++ b/internal/proxy/director/layer/authn/oidc/schema.go
@ -0,0 +1,8 @@
+package oidc
+
+import (
+	_ "embed"
+)
+
+//go:embed layer-options.json
+var RawLayerOptionsSchema []byte
--- a/internal/proxy/director/layer/circuitbreaker/options.go
+++ b/internal/proxy/director/layer/circuitbreaker/options.go
@ -1,4 +1,4 @@
-package circuitbreaker
+package authn

 type Options struct {
 	TemplateDir string
@ -6,10 +6,16 @@ type Options struct {

 type OptionFunc func(*Options)

-func defaultOptions() *Options {
-	return &Options{
+func NewOptions(funcs ...OptionFunc) *Options {
+	opts := &Options{
 		TemplateDir: "./templates",
 	}
+
+	for _, fn := range funcs {
+		fn(opts)
+	}
+
+	return opts
 }

 func WithTemplateDir(templateDir string) OptionFunc {
--- a/internal/proxy/director/layer/authn/schema.go
+++ b/internal/proxy/director/layer/authn/schema.go
@ -0,0 +1,8 @@
+package authn
+
+import (
+	_ "embed"
+)
+
+//go:embed layer-options.json
+var RawLayerOptionsSchema []byte
--- a/internal/proxy/director/layer/authn/user.go
+++ b/internal/proxy/director/layer/authn/user.go
@ -0,0 +1,17 @@
+package authn
+
+type User struct {
+	Subject string         `json:"subject" expr:"subject"`
+	Attrs   map[string]any `json:"attrs" expr:"attrs"`
+}
+
+func NewUser(subject string, attrs map[string]any) *User {
+	if attrs == nil {
+		attrs = make(map[string]any)
+	}
+
+	return &User{
+		Subject: subject,
+		Attrs:   attrs,
+	}
+}
--- a/internal/proxy/director/layer/circuitbreaker/layer-options.json
+++ b/internal/proxy/director/layer/circuitbreaker/layer-options.json
@ -1,23 +0,0 @@
-{
-    "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/circuitbreaker-layer-options",
-    "title": "Circuit breaker layer options",
-    "type": "object",
-    "properties": {
-        "matchURLs": {
-            "type": "array",
-            "items": {
-                "type": "string"
-            }
-        },
-        "authorizedCIDRs": {
-            "type": "array",
-            "items": {
-                "type": "string"
-            }
-        },
-        "templateBlock": {
-            "type": "string"
-        }
-    },
-    "additionalProperties": false
-}
--- a/internal/proxy/director/layer/circuitbreaker/layer.go
+++ b/internal/proxy/director/layer/circuitbreaker/layer.go
@ -1,151 +0,0 @@
-package circuitbreaker
-
-import (
-	"context"
-	"html/template"
-	"net"
-	"net/http"
-	"path/filepath"
-	"sync"
-
-	"forge.cadoles.com/Cadoles/go-proxy"
-	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-	"forge.cadoles.com/cadoles/bouncer/internal/store"
-	"github.com/Masterminds/sprig/v3"
-	"github.com/pkg/errors"
-	"gitlab.com/wpetit/goweb/logger"
-)
-
-const LayerType store.LayerType = "circuitbreaker"
-
-type Layer struct {
-	templateDir string
-	loadOnce    sync.Once
-	tmpl        *template.Template
-}
-
-// LayerType implements director.MiddlewareLayer
-func (l *Layer) LayerType() store.LayerType {
-	return LayerType
-}
-
-// Middleware implements director.MiddlewareLayer
-func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
-	return func(h http.Handler) http.Handler {
-		fn := func(w http.ResponseWriter, r *http.Request) {
-			ctx := r.Context()
-
-			options, err := fromStoreOptions(layer.Options)
-			if err != nil {
-				logger.Error(ctx, "could not parse layer options", logger.E(errors.WithStack(err)))
-				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-				return
-			}
-
-			matches, err := l.matchAnyAuthorizedCIDRs(ctx, r.RemoteAddr, options.AuthorizedCIDRs)
-			if err != nil {
-				logger.Error(ctx, "could not match authorized cidrs", logger.E(errors.WithStack(err)))
-				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-				return
-			}
-
-			if matches {
-				h.ServeHTTP(w, r)
-
-				return
-			}
-
-			matches = wildcard.MatchAny(r.URL.String(), options.MatchURLs...)
-			if !matches {
-				h.ServeHTTP(w, r)
-
-				return
-			}
-
-			l.renderCircuitBreakerPage(w, r, layer, options)
-		}
-
-		return http.HandlerFunc(fn)
-	}
-}
-
-func (l *Layer) matchAnyAuthorizedCIDRs(ctx context.Context, remoteHostPort string, CIDRs []string) (bool, error) {
-	remoteHost, _, err := net.SplitHostPort(remoteHostPort)
-	if err != nil {
-		return false, errors.WithStack(err)
-	}
-
-	remoteAddr := net.ParseIP(remoteHost)
-	if remoteAddr == nil {
-		return false, errors.Errorf("remote host '%s' is not a valid ip address", remoteHost)
-	}
-
-	for _, rawCIDR := range CIDRs {
-		_, net, err := net.ParseCIDR(rawCIDR)
-		if err != nil {
-			return false, errors.WithStack(err)
-		}
-
-		match := net.Contains(remoteAddr)
-		if !match {
-			continue
-		}
-
-		return true, nil
-	}
-
-	logger.Debug(ctx, "comparing remote host with authorized cidrs", logger.F("remoteAddr", remoteAddr))
-
-	return false, nil
-}
-
-func (l *Layer) renderCircuitBreakerPage(w http.ResponseWriter, r *http.Request, layer *store.Layer, options *LayerOptions) {
-	ctx := r.Context()
-
-	pattern := filepath.Join(l.templateDir, "*.gohtml")
-
-	logger.Info(ctx, "loading circuit breaker page templates", logger.F("pattern", pattern))
-
-	tmpl, err := template.New("").Funcs(sprig.FuncMap()).ParseGlob(pattern)
-	if err != nil {
-		logger.Error(ctx, "could not load circuit breaker templates", logger.E(errors.WithStack(err)))
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-		return
-	}
-
-	templateData := struct {
-		Layer        *store.Layer
-		LayerOptions *LayerOptions
-	}{
-		Layer:        layer,
-		LayerOptions: options,
-	}
-
-	w.Header().Add("Cache-Control", "no-cache")
-
-	w.WriteHeader(http.StatusOK)
-
-	if err := tmpl.ExecuteTemplate(w, options.TemplateBlock, templateData); err != nil {
-		logger.Error(ctx, "could not render circuit breaker page", logger.E(errors.WithStack(err)))
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-
-		return
-	}
-}
-
-func New(funcs ...OptionFunc) *Layer {
-	opts := defaultOptions()
-	for _, fn := range funcs {
-		fn(opts)
-	}
-
-	return &Layer{
-		templateDir: opts.TemplateDir,
-	}
-}
-
-var _ director.MiddlewareLayer = &Layer{}
--- a/internal/proxy/director/layer/queue/queue.go
+++ b/internal/proxy/director/layer/queue/queue.go
@ -254,7 +254,7 @@ func (q *Queue) updateMetrics(ctx context.Context, proxyName store.ProxyName, la
 }

 func (q *Queue) getCookieName(layerName store.LayerName) string {
-	return fmt.Sprintf("_%s_%s", LayerType, layerName)
+	return fmt.Sprintf("_bouncer_%s_%s", LayerType, layerName)
 }

 func New(adapter Adapter, funcs ...OptionFunc) *Queue {
--- a/internal/proxy/director/layer/queue/schema/layer-options.json
+++ b/internal/proxy/director/layer/queue/schema/layer-options.json
@ -1,16 +1,24 @@
 {
-    "$id": "https://forge.cadoles.com/cadoles/bouncer/schemas/queue-layer-options",
-    "title": "Queue layer options",
    "type": "object",
    "properties": {
        "capacity": {
+            "title": "Capacité d'accueil de la file d'attente",
+            "default": 1000,
            "type": "number",
            "minimum": 0
        },
        "keepAlive": {
+            "title": "Temps de vie d'une session utilisateur sans activité",
+            "description": "Durée sous forme de chaîne de caractères. Voir https://pkg.go.dev/time#ParseDuration pour plus d'informations.",
+            "default": "1m",
            "type": "string"
        },
        "matchURLs": {
+            "title": "Liste de filtrage des URLs sur lesquelles le layer est actif",
+            "description": "Par exemple, si vous souhaitez limiter votre layer à l'ensemble d'une section '`/blog`' d'un site, vous pouvez déclarer la valeur `['*/blog*']`. Les autres URLs du site ne seront pas affectées par ce layer.",
+            "default": [
+                "*"
+            ],
            "type": "array",
            "items": {
                "type": "string"
--- a/internal/schema/extend.go
+++ b/internal/schema/extend.go
@ -0,0 +1,36 @@
+package schema
+
+import (
+	"encoding/json"
+
+	"github.com/pkg/errors"
+)
+
+func Extend(base []byte, schema []byte) ([]byte, error) {
+	var (
+		extension map[string]any
+		extended  map[string]any
+	)
+
+	if err := json.Unmarshal(base, &extended); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	if err := json.Unmarshal(schema, &extension); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	props := extension["properties"].(map[string]any)
+	extendedProps := extended["properties"].(map[string]any)
+	for key, val := range props {
+		extendedProps[key] = val
+	}
+	extended["properties"] = extendedProps
+
+	data, err := json.MarshalIndent(extended, "", " ")
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return data, nil
+}
--- a/internal/session/adapter/redis/adapter.go
+++ b/internal/session/adapter/redis/adapter.go
@ -0,0 +1,62 @@
+package redis
+
+import (
+	"context"
+	"time"
+
+	"forge.cadoles.com/cadoles/bouncer/internal/session"
+	"github.com/pkg/errors"
+	"github.com/redis/go-redis/v9"
+)
+
+type StoreAdapter struct {
+	client redis.UniversalClient
+}
+
+// Del implements authn.StoreAdapter.
+func (s *StoreAdapter) Del(ctx context.Context, key string) error {
+	if err := s.client.Del(ctx, key).Err(); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+// Get implements authn.StoreAdapter.
+func (s *StoreAdapter) Get(ctx context.Context, key string) ([]byte, error) {
+	cmd := s.client.Get(ctx, key)
+
+	if err := cmd.Err(); err != nil {
+		if errors.Is(err, redis.Nil) {
+			return nil, errors.WithStack(session.ErrNotFound)
+		}
+
+		return nil, errors.WithStack(err)
+	}
+
+	data, err := cmd.Bytes()
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return data, nil
+}
+
+// Set implements authn.StoreAdapter.
+func (s *StoreAdapter) Set(ctx context.Context, key string, data []byte, ttl time.Duration) error {
+	if err := s.client.Set(ctx, key, data, ttl).Err(); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+func NewStoreAdapter(client redis.UniversalClient) *StoreAdapter {
+	return &StoreAdapter{
+		client: client,
+	}
+}
+
+var (
+	_ session.StoreAdapter = &StoreAdapter{}
+)
--- a/internal/session/options.go
+++ b/internal/session/options.go
@ -0,0 +1,47 @@
+package session
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/gorilla/sessions"
+)
+
+type Options struct {
+	Session   sessions.Options
+	KeyPrefix string
+}
+
+type OptionFunc func(opts *Options)
+
+func NewOptions(funcs ...OptionFunc) *Options {
+	opts := &Options{
+		Session: sessions.Options{
+			Path:     "/",
+			Domain:   "",
+			MaxAge:   int(time.Hour.Seconds()),
+			HttpOnly: true,
+			Secure:   false,
+			SameSite: http.SameSiteDefaultMode,
+		},
+		KeyPrefix: "session:",
+	}
+
+	for _, fn := range funcs {
+		fn(opts)
+	}
+
+	return opts
+}
+
+func WithSessionOptions(options sessions.Options) OptionFunc {
+	return func(opts *Options) {
+		opts.Session = options
+	}
+}
+
+func WithKeyPrefix(prefix string) OptionFunc {
+	return func(opts *Options) {
+		opts.KeyPrefix = prefix
+	}
+}
--- a/internal/session/store.go
+++ b/internal/session/store.go
@ -0,0 +1,182 @@
+package session
+
+import (
+	"bytes"
+	"context"
+	"crypto/rand"
+	"encoding/base32"
+	"encoding/gob"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gorilla/sessions"
+	"github.com/pkg/errors"
+)
+
+var (
+	ErrNotFound = errors.New("not found")
+)
+
+type StoreAdapter interface {
+	Set(ctx context.Context, key string, data []byte, ttl time.Duration) error
+	Del(ctx context.Context, key string) error
+	Get(ctx context.Context, key string) ([]byte, error)
+}
+
+type Store struct {
+	adapter    StoreAdapter
+	options    sessions.Options
+	keyPrefix  string
+	keyGen     KeyGenFunc
+	serializer SessionSerializer
+}
+
+type KeyGenFunc func() (string, error)
+
+func NewStore(adapter StoreAdapter, funcs ...OptionFunc) *Store {
+	opts := NewOptions(funcs...)
+	rs := &Store{
+		options:    opts.Session,
+		adapter:    adapter,
+		keyPrefix:  opts.KeyPrefix,
+		keyGen:     generateRandomKey,
+		serializer: GobSerializer{},
+	}
+
+	return rs
+}
+
+func (s *Store) Get(r *http.Request, name string) (*sessions.Session, error) {
+	return sessions.GetRegistry(r).Get(s, name)
+}
+
+func (s *Store) New(r *http.Request, name string) (*sessions.Session, error) {
+	session := sessions.NewSession(s, name)
+	opts := s.options
+	session.Options = &opts
+	session.IsNew = true
+
+	c, err := r.Cookie(name)
+	if err != nil {
+		return session, nil
+	}
+	session.ID = c.Value
+
+	err = s.load(r.Context(), session)
+	if err == nil {
+		session.IsNew = false
+	} else if !errors.Is(err, ErrNotFound) {
+		return nil, errors.WithStack(err)
+	}
+
+	return session, nil
+}
+
+func (s *Store) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
+	if session.Options.MaxAge <= 0 {
+		if err := s.delete(r.Context(), session); err != nil {
+			return errors.WithStack(err)
+		}
+		http.SetCookie(w, sessions.NewCookie(session.Name(), "", session.Options))
+		return nil
+	}
+
+	if session.ID == "" {
+		id, err := s.keyGen()
+		if err != nil {
+			return errors.Wrap(err, "failed to generate session id")
+		}
+		session.ID = id
+	}
+	if err := s.save(r.Context(), session); err != nil {
+		return errors.WithStack(err)
+	}
+
+	http.SetCookie(w, sessions.NewCookie(session.Name(), session.ID, session.Options))
+	return nil
+}
+
+func (s *Store) Options(opts sessions.Options) {
+	s.options = opts
+}
+
+func (s *Store) KeyPrefix(keyPrefix string) {
+	s.keyPrefix = keyPrefix
+}
+
+func (s *Store) KeyGen(f KeyGenFunc) {
+	s.keyGen = f
+}
+
+func (s *Store) Serializer(ss SessionSerializer) {
+	s.serializer = ss
+}
+
+func (s *Store) save(ctx context.Context, session *sessions.Session) error {
+	b, err := s.serializer.Serialize(session)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	if err := s.adapter.Set(ctx, s.keyPrefix+session.ID, b, time.Duration(session.Options.MaxAge)*time.Second); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+// load reads session from Redis
+func (s *Store) load(ctx context.Context, session *sessions.Session) error {
+	data, err := s.adapter.Get(ctx, s.keyPrefix+session.ID)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	return s.serializer.Deserialize(data, session)
+}
+
+// delete deletes session in Redis
+func (s *Store) delete(ctx context.Context, session *sessions.Session) error {
+	if err := s.adapter.Del(ctx, s.keyPrefix+session.ID); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+// SessionSerializer provides an interface for serialize/deserialize a session
+type SessionSerializer interface {
+	Serialize(s *sessions.Session) ([]byte, error)
+	Deserialize(b []byte, s *sessions.Session) error
+}
+
+// Gob serializer
+type GobSerializer struct{}
+
+func (gs GobSerializer) Serialize(s *sessions.Session) ([]byte, error) {
+	buf := new(bytes.Buffer)
+	enc := gob.NewEncoder(buf)
+
+	if err := enc.Encode(s.Values); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return buf.Bytes(), nil
+
+}
+
+func (gs GobSerializer) Deserialize(d []byte, s *sessions.Session) error {
+	dec := gob.NewDecoder(bytes.NewBuffer(d))
+	return dec.Decode(&s.Values)
+}
+
+// generateRandomKey returns a new random key
+func generateRandomKey() (string, error) {
+	k := make([]byte, 64)
+	if _, err := io.ReadFull(rand.Reader, k); err != nil {
+		return "", errors.WithStack(err)
+	}
+	return strings.TrimRight(base32.StdEncoding.EncodeToString(k), "="), nil
+}
--- a/internal/setup/authn_network_layer.go
+++ b/internal/setup/authn_network_layer.go
@ -0,0 +1,27 @@
+package setup
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/config"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn/network"
+	"forge.cadoles.com/cadoles/bouncer/internal/schema"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	extended, err := schema.Extend(authn.RawLayerOptionsSchema, network.RawLayerOptionsSchema)
+	if err != nil {
+		panic(errors.Wrap(err, "could not extend authn base layer options schema"))
+	}
+
+	RegisterLayer(network.LayerType, setupAuthnNetworkLayer, extended)
+}
+
+func setupAuthnNetworkLayer(conf *config.Config) (director.Layer, error) {
+	options := []authn.OptionFunc{
+		authn.WithTemplateDir(string(conf.Layers.Authn.TemplateDir)),
+	}
+
+	return network.NewLayer(options...), nil
+}
--- a/internal/setup/authn_oidc_layer.go
+++ b/internal/setup/authn_oidc_layer.go
@ -0,0 +1,29 @@
+package setup
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/config"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn/oidc"
+	"forge.cadoles.com/cadoles/bouncer/internal/schema"
+	"forge.cadoles.com/cadoles/bouncer/internal/session"
+	"forge.cadoles.com/cadoles/bouncer/internal/session/adapter/redis"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	extended, err := schema.Extend(authn.RawLayerOptionsSchema, oidc.RawLayerOptionsSchema)
+	if err != nil {
+		panic(errors.Wrap(err, "could not extend authn base layer options schema"))
+	}
+
+	RegisterLayer(oidc.LayerType, setupAuthnOIDCLayer, extended)
+}
+
+func setupAuthnOIDCLayer(conf *config.Config) (director.Layer, error) {
+	rdb := newRedisClient(conf.Redis)
+	adapter := redis.NewStoreAdapter(rdb)
+	store := session.NewStore(adapter)
+
+	return oidc.NewLayer(store), nil
+}
--- a/internal/setup/circuitbreaker_layer.go
+++ b/internal/setup/circuitbreaker_layer.go
@ -1,21 +0,0 @@
-package setup
-
-import (
-	"forge.cadoles.com/cadoles/bouncer/internal/config"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
-	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/circuitbreaker"
-)
-
-func init() {
-	RegisterLayer(circuitbreaker.LayerType, setupCircuitBreakerLayer, circuitbreaker.RawLayerOptionsSchema)
-}
-
-func setupCircuitBreakerLayer(conf *config.Config) (director.Layer, error) {
-	options := []circuitbreaker.OptionFunc{
-		circuitbreaker.WithTemplateDir(string(conf.Layers.CircuitBreaker.TemplateDir)),
-	}
-
-	return circuitbreaker.New(
-		options...,
-	), nil
-}
--- a/internal/setup/default_registry.go
+++ b/internal/setup/default_registry.go
@ -25,6 +25,15 @@ func GetLayerOptionsSchema(layerType store.LayerType) (*jsonschema.Schema, error
 	return schema, nil
 }

+func GetLayerOptionsRawSchema(layerType store.LayerType) ([]byte, error) {
+	schema, err := defaultRegistry.GetLayerOptionsRawSchema(layerType)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return schema, nil
+}
+
 func GetLayers(ctx context.Context, conf *config.Config) ([]director.Layer, error) {
 	layers, err := defaultRegistry.GetLayers(ctx, conf)
 	if err != nil {
--- a/internal/setup/integrations.go
+++ b/internal/setup/integrations.go
@ -28,7 +28,7 @@ func SetupIntegrations(ctx context.Context, conf *config.Config) ([]integration.

 func setupKubernetesIntegration(ctx context.Context, conf *config.Config) (*kubernetes.Integration, error) {
 	client := newRedisClient(conf.Redis)
-	locker := redis.NewLocker(client)
+	locker := redis.NewLocker(client, 10)

 	integration := kubernetes.NewIntegration(
 		kubernetes.WithReaderTokenSecret(string(conf.Integrations.Kubernetes.ReaderTokenSecret)),
--- a/internal/setup/lock.go
+++ b/internal/setup/lock.go
@ -10,6 +10,6 @@ import (

 func SetupLocker(ctx context.Context, conf *config.Config) (lock.Locker, error) {
 	client := newRedisClient(conf.Redis)
-	locker := redis.NewLocker(client)
+	locker := redis.NewLocker(client, int(conf.Redis.LockMaxRetries))
 	return locker, nil
 }
--- a/internal/setup/registry.go
+++ b/internal/setup/registry.go
@ -28,13 +28,22 @@ func (r *Registry) RegisterLayer(layerType store.LayerType, layerSetup LayerSetu
 	}
 }

-func (r *Registry) GetLayerOptionsSchema(layerType store.LayerType) (*schema.Schema, error) {
+func (r *Registry) GetLayerOptionsRawSchema(layerType store.LayerType) ([]byte, error) {
 	layerEntry, exists := r.layers[layerType]
 	if !exists {
 		return nil, errors.WithStack(ErrNotFound)
 	}

-	schema, err := schema.Parse(layerEntry.rawOptionsSchema)
+	return layerEntry.rawOptionsSchema, nil
+}
+
+func (r *Registry) GetLayerOptionsSchema(layerType store.LayerType) (*schema.Schema, error) {
+	rawSchema, err := r.GetLayerOptionsRawSchema(layerType)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	schema, err := schema.Parse(rawSchema)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
--- a/internal/store/layer.go
+++ b/internal/store/layer.go
@ -1,6 +1,9 @@
 package store

-import "time"
+import (
+	"encoding/json"
+	"time"
+)

 type (
 	LayerName Name
@ -23,3 +26,8 @@ type Layer struct {
 	UpdatedAt time.Time    `json:"updatedAt"`
 	Options   LayerOptions `json:"options"`
 }
+
+type LayerDefinition struct {
+	Type    LayerType       `json:"type"`
+	Options json.RawMessage `json:"options"`
+}
--- a/layers/authn/templates/forbidden.gohtml
+++ b/layers/authn/templates/forbidden.gohtml
@ -0,0 +1,102 @@
+{{ define "default" }}
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width,initial-scale=1" />
+    <title>Accès interdit - {{ .Layer.Name }}</title>
+    <style>
+      html {
+        box-sizing: border-box;
+        font-size: 16px;
+      }
+
+      *,
+      *:before,
+      *:after {
+        box-sizing: inherit;
+      }
+
+      body,
+      h1,
+      h2,
+      h3,
+      h4,
+      h5,
+      h6,
+      p,
+      ol,
+      ul {
+        margin: 0;
+        padding: 0;
+        font-weight: normal;
+      }
+
+      html,
+      body {
+        width: 100%;
+        height: 100%;
+        font-family: Arial, Helvetica, sans-serif;
+        background-color: #f7f7f7;
+      }
+
+      #container {
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        height: 100%;
+        flex-direction: column;
+      }
+
+      #card {
+        padding: 1.5em 1em;
+        border: 1px solid #e0e0e0;
+        background-color: white;
+        border-radius: 5px;
+        box-shadow: 2px 2px #cccccc1c;
+        color: #333333 !important;
+      }
+
+      .title {
+        margin-bottom: 1.2em;
+      }
+
+      p {
+        margin-bottom: 0.5em;
+      }
+
+      .footer {
+        font-size: 0.7em;
+        margin-top: 2em;
+        text-align: right;
+      }
+    </style>
+  </head>
+  <body>
+    <div id="container">
+      <div id="card">
+        <h2 class="title">Accès interdit</h2>
+        <p>
+          La page à laquelle vous souhaitez accéder vous est actuellement
+          interdite.
+        </p>
+        {{ if .User }}
+        <p>
+          <small
+            ><i
+              >Vous êtes actuellement connu comme "<code
+                >{{ .User.Subject }}</code
+              >".</i
+            ></small
+          >
+        </p>
+        {{ end }}
+        <p class="footer">
+          Propulsé par
+          <a href="https://forge.cadoles.com/Cadoles/bouncer">Bouncer</a>.
+        </p>
+      </div>
+    </div>
+  </body>
+</html>
+{{ end }}
--- a/layers/circuitbreaker/templates/default.gohtml
+++ b/layers/circuitbreaker/templates/default.gohtml
@ -1,73 +0,0 @@
-{{ define "default" }}
-<!DOCTYPE html>
-<html>
-    <head>
-        <meta charset="UTF-8">
-        <meta name="viewport" content="width=device-width,initial-scale=1">
-        <title>Accès bloqué - {{ .Layer.Name }}</title>
-        <style>
-            html {
-              box-sizing: border-box;
-              font-size: 16px;
-            }
-
-            *, *:before, *:after {
-              box-sizing: inherit;
-            }
-
-            body, h1, h2, h3, h4, h5, h6, p, ol, ul {
-              margin: 0;
-              padding: 0;
-              font-weight: normal;
-            }
-
-            html, body {
-              width: 100%;
-              height: 100%;
-              font-family: Arial, Helvetica, sans-serif;
-              background-color: #f7f7f7;
-            }
-
-            #container {
-              display: flex;
-              align-items: center;
-              justify-content: center;
-              height: 100%;
-              flex-direction: column;
-            }
-
-            #card {
-              padding: 1.5em 1em;
-              border: 1px solid #e0e0e0;
-              background-color: white;
-              border-radius: 5px;
-              box-shadow: 2px 2px #cccccc1c;
-              color: #333333 !important;
-            }
-
-            .title {
-              margin-bottom: 1.2em;
-            }
-
-            p {
-              margin-bottom: 0.5em;
-            }
-
-            .footer {
-              font-size: 0.7em;
-              margin-top: 2em;
-              text-align: right;
-            }
-        </style>
-    </head>
-    <body>
-        <div id="container">
-            <div id="card">
-                <h2 class="title">Page indisponible</h2>
-                <p>La page à laquelle vous souhaitez accéder est actuellement indisponible.</p>
-                <p class="footer">Propulsé par <a href="https://forge.cadoles.com/Cadoles/bouncer">Bouncer</a>.</p>
-            </div>
-        </div>
-    </body>
-</html>
-{{ end }}
--- a/misc/bootstrap.d/dummy.yml
+++ b/misc/bootstrap.d/dummy.yml
@ -0,0 +1,27 @@
+from: ["*"]
+to: http://localhost:8082
+enabled: true
+weight: 0
+recreate: true
+layers:
+  my-queue:
+    type: queue
+    enabled: true
+    weight: 100
+    options:
+      capacity: 100
+  # oidc:
+  #   type: authn-oidc
+  #   enabled: true
+  #   weight: 0
+  #   options:
+  #     oidc:
+  #       clientId: my-client-id
+  #       clientSecret: my-client-id
+  #       issuerURL: https://forge.cadoles.com/
+  #       postLogoutRedirectURL: http://localhost:8080
+  #       scopes: ["profile", "openid", "email"]
+  #       authParams:
+  #         acr_values: "eidas2"
+  #     cookie:
+  #       maxAge: 60m
--- a/misc/packaging/common/config.yml
+++ b/misc/packaging/common/config.yml
@ -172,10 +172,10 @@ layers:
    # Temps de vie par défaut d'une session
    defaultKeepAlive: 1m

-  # Configuration du layer "circuitbreaker"
-  circuitbreaker:
+  # Configuration du layer "authn"
+  authn:
    # Répertoire contenant les templates
-    templateDir: "/etc/bouncer/layers/circuitbreaker/templates"
+    templateDir: "/etc/bouncer/layers/authn/templates"

 # Configuration d'une série de proxy/layers
 # à créer par défaut par le serveur d'administration
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
wpetit	6d0a3826ce	doc: add missing info about recreate:true Cadoles/bouncer/pipeline/head This commit looks good Details	2024-05-17 17:43:04 +02:00
wpetit	28ef57b305	chore: tidy deps Cadoles/bouncer/pipeline/head This commit looks good Details	2024-05-17 17:34:55 +02:00
wpetit	8b1c649af0	Merge pull request 'Transformation du layer `circuitbreaker` en `authn-network`' (#22 ) from authn-network into develop Cadoles/bouncer/pipeline/head This commit looks good Details Reviewed-on: #22	2024-05-17 17:30:19 +02:00
wpetit	5a34d5917f	feat: transform circuitbreaker layer in authn-network layer Cadoles/bouncer/pipeline/head Build started... Details Cadoles/bouncer/pipeline/pr-develop Build started... Details	2024-05-17 17:29:26 +02:00
wpetit	5ed194618a	Merge pull request 'API d'introspection des définitions de layers avec leurs options' (#21 ) from layer-api into develop Cadoles/bouncer/pipeline/head This commit looks good Details Reviewed-on: #21	2024-05-17 15:46:57 +02:00
wpetit	449fb69c02	feat: add layer definition api Cadoles/bouncer/pipeline/pr-develop Build started... Details Cadoles/bouncer/pipeline/head This commit looks good Details	2024-05-17 15:44:28 +02:00
wpetit	7456dba96f	doc: fix typo Cadoles/bouncer/pipeline/head This commit looks good Details	2024-05-17 12:35:34 +02:00
wpetit	af34ee2473	Merge pull request 'Création d'un layer d'authentification OpenID Connect' (#20 ) from authn-oidc into develop Cadoles/bouncer/pipeline/head This commit looks good Details Reviewed-on: #20	2024-05-17 11:53:50 +02:00
wpetit	de70fa89f7	feat: new openid connect authentication layer Cadoles/bouncer/pipeline/pr-develop Build started... Details	2024-05-17 11:53:19 +02:00
wpetit	bb5796ab8c	doc: add layer endpoints Cadoles/bouncer/pipeline/head This commit looks good Details	2024-04-19 09:28:46 +02:00
wpetit	83fcb9a39d	feat: add limited retry mechanism to prevent startup error if redis is not ready Cadoles/bouncer/pipeline/head This commit looks good Details	2024-04-05 10:30:34 +02:00