security

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package security provides authentication and authorization for GopherQueue.

Index

Constants

This section is empty.

Variables

View Source 
var (
	PermissionJobSubmit = Permission{Resource: "jobs", Action: "submit"}
	PermissionJobRead   = Permission{Resource: "jobs", Action: "read"}
	PermissionJobCancel = Permission{Resource: "jobs", Action: "cancel"}
	PermissionJobRetry  = Permission{Resource: "jobs", Action: "retry"}
	PermissionJobDelete = Permission{Resource: "jobs", Action: "delete"}
	PermissionStatsRead = Permission{Resource: "stats", Action: "read"}
	PermissionAdminAll  = Permission{Resource: "*", Action: "*"}
)

Common permissions.

View Source 
var (
	ErrInvalidCredentials = &AuthError{Message: "invalid credentials"}
	ErrMissingCredentials = &AuthError{Message: "missing credentials"}
	ErrUnauthorized       = &AuthError{Message: "unauthorized"}
	ErrForbidden          = &AuthError{Message: "forbidden"}
)

Errors.

Functions

func WithPrincipal 

func WithPrincipal(ctx context.Context, principal *Principal) context.Context

WithPrincipal adds a principal to the context.

Types

type APIKeyAuthenticator 

type APIKeyAuthenticator struct {
	// contains filtered or unexported fields
}

APIKeyAuthenticator is a simple API key authenticator.

func NewAPIKeyAuthenticator 

func NewAPIKeyAuthenticator(keys map[string]*Principal) *APIKeyAuthenticator

NewAPIKeyAuthenticator creates a new API key authenticator.

func (*APIKeyAuthenticator) Authenticate 

func (a *APIKeyAuthenticator) Authenticate(ctx context.Context, credentials Credentials) (*Principal, error)

Authenticate verifies an API key.

func (*APIKeyAuthenticator) AuthenticateRequest 

func (a *APIKeyAuthenticator) AuthenticateRequest(r *http.Request) (*Principal, error)

AuthenticateRequest extracts and verifies credentials from an HTTP request.

type AuthError 

type AuthError struct {
	Message string
}

AuthError represents an authentication/authorization error.

func (*AuthError) Error 

func (e *AuthError) Error() string

type Authenticator 

type Authenticator interface {
	// Authenticate verifies credentials and returns a principal.
	Authenticate(ctx context.Context, credentials Credentials) (*Principal, error)

	// AuthenticateRequest extracts and verifies credentials from an HTTP request.
	AuthenticateRequest(r *http.Request) (*Principal, error)
}

Authenticator verifies identity.

type Authorizer 

type Authorizer interface {
	// Authorize checks if a principal has the required permission.
	Authorize(ctx context.Context, principal *Principal, permission Permission) (bool, error)

	// AuthorizeRequest creates middleware that checks permissions.
	AuthorizeRequest(permission Permission) func(http.Handler) http.Handler
}

Authorizer checks permissions.

type CredentialType 

type CredentialType string

CredentialType represents the type of credentials. 

const (
	CredentialTypeAPIKey CredentialType = "api_key"
	CredentialTypeToken  CredentialType = "token"
	CredentialTypeBasic  CredentialType = "basic"
)

type Credentials 

type Credentials struct {
	Type     CredentialType `json:"type"`
	APIKey   string         `json:"api_key,omitempty"`
	Token    string         `json:"token,omitempty"`
	Username string         `json:"username,omitempty"`
	Password string         `json:"password,omitempty"`
}

Credentials represents authentication credentials.

type Permission 

type Permission struct {
	Resource string `json:"resource"`
	Action   string `json:"action"`
}

Permission represents an allowed action.

type Principal 

type Principal struct {
	ID        string            `json:"id"`
	Type      PrincipalType     `json:"type"`
	Name      string            `json:"name"`
	Roles     []string          `json:"roles"`
	Metadata  map[string]string `json:"metadata,omitempty"`
	ExpiresAt time.Time         `json:"expires_at,omitempty"`
}

Principal represents an authenticated entity.

func GetPrincipal 

func GetPrincipal(ctx context.Context) *Principal

GetPrincipal retrieves the principal from the context.

type PrincipalType 

type PrincipalType string

PrincipalType represents the type of principal. 

const (
	PrincipalTypeUser    PrincipalType = "user"
	PrincipalTypeService PrincipalType = "service"
	PrincipalTypeSystem  PrincipalType = "system"
)

type Role 

type Role struct {
	Name        string       `json:"name"`
	Permissions []Permission `json:"permissions"`
}

Role defines a set of permissions.

type SimpleAuthorizer 

type SimpleAuthorizer struct {
	// contains filtered or unexported fields
}

SimpleAuthorizer is a basic role-based authorizer.

func NewSimpleAuthorizer 

func NewSimpleAuthorizer() *SimpleAuthorizer

NewSimpleAuthorizer creates a new authorizer.

func (*SimpleAuthorizer) Authorize 

func (a *SimpleAuthorizer) Authorize(ctx context.Context, principal *Principal, permission Permission) (bool, error)

Authorize checks if a principal has the required permission.

func (*SimpleAuthorizer) AuthorizeRequest 

func (a *SimpleAuthorizer) AuthorizeRequest(permission Permission) func(http.Handler) http.Handler

AuthorizeRequest creates middleware that checks permissions.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.