auth

package
v0.1.147 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: AGPL-3.0, AGPL-3.0-or-later Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAuthRequired  = errors.New("authentication required")
	ErrAdminRequired = errors.New("admin access required")
	ErrForbidden     = errors.New("access denied")
	ErrNoWorkspace   = errors.New("workspace not specified")
)

Functions

func AuthInfoFromContext 

func AuthInfoFromContext(ctx context.Context) *types.AuthInfo

func CanWrite 

func CanWrite(ctx context.Context) bool

func ClientAuthInterceptor 

func ClientAuthInterceptor(token string) grpc.UnaryClientInterceptor

ClientAuthInterceptor adds an authorization header to outgoing unary calls

func ClientAuthStreamInterceptor 

func ClientAuthStreamInterceptor(token string) grpc.StreamClientInterceptor

ClientAuthStreamInterceptor adds an authorization header to outgoing streaming calls

func ClientRetryInterceptor 

func ClientRetryInterceptor(maxRetries int, delay time.Duration) grpc.UnaryClientInterceptor

ClientRetryInterceptor retries calls on transient errors

func EnsureTaskMountToken added in v0.1.60 

func EnsureTaskMountToken(ctx context.Context, workspaceID uint, candidate string, ensurer WorkspaceServiceTokenEnsurer) (string, error)

func HTTPMiddleware 

func HTTPMiddleware(validator TokenValidator) echo.MiddlewareFunc

HTTPMiddleware validates auth tokens and adds AuthInfo to context. Allows requests to proceed without auth; routes must explicitly require auth.

func HasWorkspaceScopedToken added in v0.1.60 

func HasWorkspaceScopedToken(ctx context.Context, rawToken string) bool

func IsAdmin 

func IsAdmin(ctx context.Context) bool

func IsAuthenticated 

func IsAuthenticated(ctx context.Context) bool

func IsClusterAdmin 

func IsClusterAdmin(ctx context.Context) bool

func MemberEmail 

func MemberEmail(ctx context.Context) string

func MemberId 

func MemberId(ctx context.Context) uint

func RequireAdmin 

func RequireAdmin(ctx context.Context) error

func RequireAuth 

func RequireAuth(ctx context.Context) error

func RequireAuthMiddleware 

func RequireAuthMiddleware() echo.MiddlewareFunc

func RequireClusterAdmin 

func RequireClusterAdmin(ctx context.Context) error

func RequireClusterAdminMiddleware 

func RequireClusterAdminMiddleware() echo.MiddlewareFunc

func RequireWorkspaceAccess 

func RequireWorkspaceAccess(ctx context.Context, workspaceExtId string) error

func ResolveWorkspaceExtId added in v0.1.28 

func ResolveWorkspaceExtId(ctx context.Context, explicit string) (string, error)

ResolveWorkspaceExtId returns the effective workspace external ID. Uses explicit if non-empty, otherwise falls back to the token's workspace.

func TokenId added in v0.1.28 

func TokenId(ctx context.Context) uint

func WithAdmin 

func WithAdmin(h echo.HandlerFunc) echo.HandlerFunc

func WithAuth 

func WithAuth(h echo.HandlerFunc) echo.HandlerFunc

func WithAuthInfo 

func WithAuthInfo(ctx context.Context, info *types.AuthInfo) context.Context

func WithClusterAdmin 

func WithClusterAdmin(h echo.HandlerFunc) echo.HandlerFunc

func WithWorkspaceAccess 

func WithWorkspaceAccess(h echo.HandlerFunc) echo.HandlerFunc

func WorkspaceExtId 

func WorkspaceExtId(ctx context.Context) string

func WorkspaceId 

func WorkspaceId(ctx context.Context) uint

func WorkspaceName 

func WorkspaceName(ctx context.Context) string

Types

type CompositeValidator 

type CompositeValidator struct {
	// contains filtered or unexported fields
}

CompositeValidator checks cluster admin token first, then database tokens. Includes an in-memory LRU cache to avoid hitting Postgres + bcrypt on every request.

func NewCompositeValidator 

func NewCompositeValidator(clusterToken string, authorizer TokenAuthorizer) *CompositeValidator

func (*CompositeValidator) ValidateClusterToken 

func (v *CompositeValidator) ValidateClusterToken(token string) bool

func (*CompositeValidator) ValidateToken 

func (v *CompositeValidator) ValidateToken(ctx context.Context, token string) (*types.AuthInfo, error)

type GRPCInterceptor 

type GRPCInterceptor struct {
	// contains filtered or unexported fields
}

GRPCInterceptor provides authentication interceptors for gRPC.

func NewGRPCInterceptor 

func NewGRPCInterceptor(validator TokenValidator) *GRPCInterceptor

func (*GRPCInterceptor) Stream 

func (i *GRPCInterceptor) Stream() grpc.StreamServerInterceptor

func (*GRPCInterceptor) Unary 

func (i *GRPCInterceptor) Unary() grpc.UnaryServerInterceptor

type StaticValidator 

type StaticValidator struct {
	// contains filtered or unexported fields
}

StaticValidator only checks cluster admin token (no database).

func NewStaticValidator 

func NewStaticValidator(clusterToken string) *StaticValidator

func (*StaticValidator) ValidateClusterToken 

func (v *StaticValidator) ValidateClusterToken(token string) bool

func (*StaticValidator) ValidateToken 

func (v *StaticValidator) ValidateToken(ctx context.Context, token string) (*types.AuthInfo, error)

type TokenAuthorizer 

type TokenAuthorizer interface {
	AuthorizeToken(ctx context.Context, rawToken string) (*types.AuthInfo, error)
}

TokenAuthorizer is implemented by repositories that can authorize tokens.

type TokenValidator 

type TokenValidator interface {
	ValidateClusterToken(token string) bool
	ValidateToken(ctx context.Context, token string) (*types.AuthInfo, error)
}

TokenValidator validates tokens and returns auth info.

type WorkspaceServiceTokenEnsurer added in v0.1.60 

type WorkspaceServiceTokenEnsurer interface {
	EnsureWorkspaceServiceToken(ctx context.Context, workspaceId uint) (*types.Token, string, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.