Documentation
¶
Overview ¶
Package auth provides authentication context types and goAuth provider integration.
Index ¶
- Variables
- func NewGoAuthEngine(redisClient redis.UniversalClient, mode Mode, userProvider goauth.UserProvider) (*goauth.Engine, func(), error)
- func WithContext(ctx context.Context, principal AuthContext) context.Context
- type AuthContext
- type Mode
- type SQLCUserProvider
- func (p *SQLCUserProvider) ConsumeBackupCode(_ context.Context, _ string, _ [32]byte) (bool, error)
- func (p *SQLCUserProvider) CreateUser(ctx context.Context, input goauth.CreateUserInput) (goauth.UserRecord, error)
- func (p *SQLCUserProvider) DisableTOTP(_ context.Context, _ string) error
- func (p *SQLCUserProvider) EnableTOTP(_ context.Context, _ string, _ []byte) error
- func (p *SQLCUserProvider) GetBackupCodes(_ context.Context, _ string) ([]goauth.BackupCodeRecord, error)
- func (p *SQLCUserProvider) GetTOTPSecret(_ context.Context, _ string) (*goauth.TOTPRecord, error)
- func (p *SQLCUserProvider) GetUserByID(userID string) (goauth.UserRecord, error)
- func (p *SQLCUserProvider) GetUserByIdentifier(identifier string) (goauth.UserRecord, error)
- func (p *SQLCUserProvider) MarkTOTPVerified(_ context.Context, _ string) error
- func (p *SQLCUserProvider) ReplaceBackupCodes(_ context.Context, _ string, _ []goauth.BackupCodeRecord) error
- func (p *SQLCUserProvider) UpdateAccountStatus(ctx context.Context, userID string, status goauth.AccountStatus) (goauth.UserRecord, error)
- func (p *SQLCUserProvider) UpdatePasswordHash(userID string, newHash string) error
- func (p *SQLCUserProvider) UpdateTOTPLastUsedCounter(_ context.Context, _ string, _ int64) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUnauthenticated signals missing or invalid authentication context. ErrUnauthenticated = errors.New("unauthenticated") // ErrForbidden signals authenticated access without sufficient authorization. ErrForbidden = errors.New("forbidden") )
Functions ¶
func NewGoAuthEngine ¶
func NewGoAuthEngine(redisClient redis.UniversalClient, mode Mode, userProvider goauth.UserProvider) (*goauth.Engine, func(), error)
NewGoAuthEngine builds a goAuth engine backed by Redis and SQLC user provider.
Usage:
engine, shutdown, err := auth.NewGoAuthEngine(redisClient, mode, userProvider)
Notes: - redisClient must be non-nil - shutdown should be called during application shutdown - AUTH_TEST_* variables are honored for deterministic local perf scenarios
func WithContext ¶
func WithContext(ctx context.Context, principal AuthContext) context.Context
WithContext stores AuthContext on a request context.
Types ¶
type AuthContext ¶
type AuthContext struct {
// UserID is the canonical authenticated user identifier.
UserID string `json:"user_id"`
// TenantID is the tenant scope resolved by the auth provider.
TenantID string `json:"tenant_id,omitempty"`
// Role is the resolved role name for RBAC checks.
Role string `json:"role,omitempty"`
// Permissions is the resolved permission set for RBAC checks.
Permissions []string `json:"permissions,omitempty"`
}
AuthContext represents authenticated principal data attached to request context.
func FromContext ¶
func FromContext(ctx context.Context) (AuthContext, bool)
FromContext reads AuthContext from request context.
type SQLCUserProvider ¶
type SQLCUserProvider struct {
// contains filtered or unexported fields
}
SQLCUserProvider is the DB-backed UserProvider for goAuth. Generated by authgen — do not edit manually.
func NewSQLCUserProvider ¶
func NewSQLCUserProvider(queries *sqlcgen.Queries) *SQLCUserProvider
NewSQLCUserProvider creates a DB-backed user provider.
func (*SQLCUserProvider) ConsumeBackupCode ¶
ConsumeBackupCode is a stub until backup-code persistence is implemented.
func (*SQLCUserProvider) CreateUser ¶
func (p *SQLCUserProvider) CreateUser(ctx context.Context, input goauth.CreateUserInput) (goauth.UserRecord, error)
CreateUser inserts a new auth user record.
func (*SQLCUserProvider) DisableTOTP ¶
func (p *SQLCUserProvider) DisableTOTP(_ context.Context, _ string) error
DisableTOTP is a stub until MFA persistence is implemented.
func (*SQLCUserProvider) EnableTOTP ¶
EnableTOTP is a stub until MFA persistence is implemented.
func (*SQLCUserProvider) GetBackupCodes ¶
func (p *SQLCUserProvider) GetBackupCodes(_ context.Context, _ string) ([]goauth.BackupCodeRecord, error)
Backup code stubs — implement when MFA is needed.
func (*SQLCUserProvider) GetTOTPSecret ¶
func (p *SQLCUserProvider) GetTOTPSecret(_ context.Context, _ string) (*goauth.TOTPRecord, error)
TOTP stubs — implement when MFA is needed.
func (*SQLCUserProvider) GetUserByID ¶
func (p *SQLCUserProvider) GetUserByID(userID string) (goauth.UserRecord, error)
GetUserByID looks up a user by canonical user id.
func (*SQLCUserProvider) GetUserByIdentifier ¶
func (p *SQLCUserProvider) GetUserByIdentifier(identifier string) (goauth.UserRecord, error)
GetUserByIdentifier looks up a user by login identifier.
func (*SQLCUserProvider) MarkTOTPVerified ¶
func (p *SQLCUserProvider) MarkTOTPVerified(_ context.Context, _ string) error
MarkTOTPVerified is a stub until MFA persistence is implemented.
func (*SQLCUserProvider) ReplaceBackupCodes ¶
func (p *SQLCUserProvider) ReplaceBackupCodes(_ context.Context, _ string, _ []goauth.BackupCodeRecord) error
ReplaceBackupCodes is a stub until backup-code persistence is implemented.
func (*SQLCUserProvider) UpdateAccountStatus ¶
func (p *SQLCUserProvider) UpdateAccountStatus(ctx context.Context, userID string, status goauth.AccountStatus) (goauth.UserRecord, error)
UpdateAccountStatus updates account status and returns latest user record.
func (*SQLCUserProvider) UpdatePasswordHash ¶
func (p *SQLCUserProvider) UpdatePasswordHash(userID string, newHash string) error
UpdatePasswordHash persists a new password hash for the given user.
func (*SQLCUserProvider) UpdateTOTPLastUsedCounter ¶
UpdateTOTPLastUsedCounter is a stub until MFA persistence is implemented.