auth

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package auth provides the canonical signed-message formats used by Fred's tenant authentication.

Two formats exist:

  • Tenant access tokens (most endpoints): "{tenant}:{lease_uuid}:{unix_timestamp}"
  • Payload upload tokens (POST /data only): "manifest lease data {lease_uuid} {meta_hash_hex} {unix_timestamp}"

The payload variant binds the token to a specific deployment payload via meta_hash, preventing a stolen access token from being used to upload a different payload to the same lease.

Both formats are then signed using ADR-036 (see internal/adr036) and wrapped in a base64-encoded JSON envelope; see internal/api/auth.go and internal/api/payload_auth.go for the envelope shapes.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatPayloadSignData

func FormatPayloadSignData(leaseUUID, metaHashHex string, timestamp int64) []byte

FormatPayloadSignData formats the sign data for a payload upload auth token. This includes the meta_hash to bind the signature to a specific payload. Format: "manifest lease data {lease_uuid} {meta_hash_hex} {unix_timestamp}"

func FormatSignData

func FormatSignData(tenant, leaseUUID string, timestamp int64) []byte

FormatSignData formats the sign data for an auth token. This is the canonical format that must be signed by the tenant.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL