middleware

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package middleware provides Chi-compatible HTTP middleware for chiauth.

Index

Constants

View Source 
const (
	// UserContextKey is the key under which the resolved *models.User is stored in context.
	UserContextKey contextKey = "chiauth_user"
	// ClaimsContextKey stores the raw JWT claims.
	ClaimsContextKey contextKey = "chiauth_claims"
)

Variables

This section is empty.

Functions

func AuthenticateFull 

func AuthenticateFull(tokenSvc *services.TokenService, getUser func(ctx context.Context, id interface{}) (*models.User, error)) func(http.Handler) http.Handler

AuthenticateFull is like Authenticate but loads the full user from the DB, including live roles and direct permissions. Use on sensitive endpoints where you need up-to-date permission state.

func ClaimsFromContext 

func ClaimsFromContext(ctx context.Context) *services.JWTClaims

ClaimsFromContext retrieves the JWT claims from the request context.

func RequireAnyRole 

func RequireAnyRole(slugs ...string) func(http.Handler) http.Handler

RequireAnyRole allows users with at least one of the given role slugs.

Usage: 

r.With(mw.Authenticate(...), RequireAnyRole("admin", "staff"))

func RequirePermission 

func RequirePermission(codename string) func(http.Handler) http.Handler

RequirePermission returns middleware that gates on a specific permission codename. Must be chained after Authenticate.

Usage: 

r.With(mw.Authenticate(...), RequirePermission("invoice:delete")).Delete(...)

func RequireRole 

func RequireRole(slug string) func(http.Handler) http.Handler

RequireRole returns middleware that allows only users with the given role slug. Must be chained after Authenticate.

Usage: 

r.With(mw.Authenticate(...), RequireRole("admin")).Get("/admin", handler)

func RequireStaff 

func RequireStaff(next http.Handler) http.Handler

RequireStaff gates access to users with IsStaff=true or IsSuperuser=true.

func RequireSuperuser 

func RequireSuperuser(next http.Handler) http.Handler

RequireSuperuser gates access to superusers only.

func UserFromContext 

func UserFromContext(ctx context.Context) *models.User

UserFromContext retrieves the authenticated user from the request context. Returns nil if the user is not present (i.e. Authenticate middleware was not applied).

Types

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware holds the dependencies needed by auth middleware functions.

func NewAuthMiddleware 

func NewAuthMiddleware(tokenSvc *services.TokenService) *AuthMiddleware

NewAuthMiddleware creates an AuthMiddleware.

func (*AuthMiddleware) Authenticate 

func (m *AuthMiddleware) Authenticate(userStore interface {
	GetByID(ctx context.Context, id interface{}) (*models.User, error)
}) func(http.Handler) http.Handler

Authenticate validates the Bearer token and injects the *models.User into context. Returns 401 if the token is missing, malformed, or expired. The user's roles and permissions are loaded from the JWT claims (no DB hit).

Usage: 

r.With(mw.Authenticate).Get("/dashboard", handler)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.