auth

package

v0.1.2 Latest Latest Go to latest Published: May 5, 2026 License: MIT Imports: 31 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/agberohq/agbero

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func Basic(cfg *alaye.BasicAuth, logger *ll.Logger) func(http.Handler) http.Handler
func Forward(res *resource.Resource, cfg *alaye.ForwardAuth) func(http.Handler) http.Handler
func GetClaims(r *http.Request) (jwt.MapClaims, bool)
func Internal(tm *security.PPK, logger *ll.Logger, isRevoked func(jti string) bool) func(http.Handler) http.Handler
func JWT(cfg *alaye.JWTAuth) func(http.Handler) http.Handler
func JWTWithRevocation(cfg *alaye.JWTAuth, isRevoked func(jti string) bool) func(http.Handler) http.Handler
func JWTWithRevocationAndScope(cfg *alaye.JWTAuth, isRevoked func(jti string) bool) func(http.Handler) http.Handler
func OAuth(cfg *alaye.OAuth) func(http.Handler) http.Handler

Constants ¶

View Source

const ClaimsContextKey contextKey = "jwt_claims"

Variables ¶

This section is empty.

Functions ¶

func Basic ¶

func Basic(cfg *alaye.BasicAuth, logger *ll.Logger) func(http.Handler) http.Handler

Basic returns middleware that enforces HTTP Basic authentication against bcrypt-hashed credentials. Plaintext passwords are rejected with an error log; only bcrypt hashes are accepted.

func Forward ¶

func Forward(res *resource.Resource, cfg *alaye.ForwardAuth) func(http.Handler) http.Handler

Forward is the public constructor. It returns an http.Handler middleware that authenticates each request by forwarding it to an external auth service. The upstream request proceeds only when the auth service responds 2xx.

func GetClaims ¶ added in v0.1.0

func GetClaims(r *http.Request) (jwt.MapClaims, bool)

func Internal ¶

func Internal(tm *security.PPK, logger *ll.Logger, isRevoked func(jti string) bool) func(http.Handler) http.Handler

Internal authenticates requests using PPK (EdDSA) service tokens. On success it sets X-Agbero-Service and X-Agbero-JTI headers so downstream handlers can read the service identity and JTI without re-parsing the token. isRevoked is optional — pass nil to skip revocation checking.

func JWT ¶

func JWT(cfg *alaye.JWTAuth) func(http.Handler) http.Handler

func JWTWithRevocation ¶ added in v0.1.0

func JWTWithRevocation(cfg *alaye.JWTAuth, isRevoked func(jti string) bool) func(http.Handler) http.Handler

JWTWithRevocation validates a JWT token identically to JWT but additionally checks the jti claim against the provided isRevoked function, rejecting tokens that have been explicitly revoked (e.g. via logout).

func JWTWithRevocationAndScope ¶ added in v0.1.0

func JWTWithRevocationAndScope(cfg *alaye.JWTAuth, isRevoked func(jti string) bool) func(http.Handler) http.Handler

func OAuth ¶

func OAuth(cfg *alaye.OAuth) func(http.Handler) http.Handler

OAuth returns middleware that enforces OAuth authentication for a route. The session cookie is HMAC-SHA256 signed with cfg.CookieSecret and verified on every request.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL