auth

package
v0.0.0-...-8b60304 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package auth handles request authentication for Bulwarkai.

It supports two methods:

  1. JWT Bearer Token: the Authorization header carries an OIDC identity token. The email is extracted from the JWT payload and checked against the configured domain allowlist. The X-Forwarded-Access-Token header carries the OAuth access token used for Vertex AI calls.

  2. API Key: the X-Api-Key header is validated against a configured list. Identity is synthetic: apikey@<first-allowed-domain>.

Authenticate returns an Identity with the caller's email and access token, or writes an error response and returns nil.

CheckUserAgent enforces an optional regex on the User-Agent header.

LOCAL_MODE skips all authentication and returns a fixed "local@localhost" identity.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckUserAgent 

func CheckUserAgent(cfg *config.Config, w http.ResponseWriter, r *http.Request) bool

func ExtractEmailFromJWT 

func ExtractEmailFromJWT(token string) string

Types

type Identity 

type Identity struct {
	Email       string
	AccessToken string
}

func Authenticate 

func Authenticate(cfg *config.Config, httpClient *http.Client, w http.ResponseWriter, r *http.Request) (*Identity, bool)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.