Documentation
¶
Index ¶
- func CORSMiddleware(config CORSConfig) forge.Middleware
- type AuthMiddleware
- func (m *AuthMiddleware) Authenticate(next forge.Handler) forge.Handler
- func (m *AuthMiddleware) RequireAPIKey(next forge.Handler) forge.Handler
- func (m *AuthMiddleware) RequireAdmin(next forge.Handler) forge.Handler
- func (m *AuthMiddleware) RequireAllPermissions(permissions ...string) forge.Middleware
- func (m *AuthMiddleware) RequireAllScopes(scopes ...string) forge.Middleware
- func (m *AuthMiddleware) RequireAnyPermission(permissions ...string) forge.Middleware
- func (m *AuthMiddleware) RequireAnyScope(scopes ...string) forge.Middleware
- func (m *AuthMiddleware) RequireAuth(next forge.Handler) forge.Handler
- func (m *AuthMiddleware) RequireCanAccess(action, resource string) forge.Middleware
- func (m *AuthMiddleware) RequirePublishableKey(next forge.Handler) forge.Handler
- func (m *AuthMiddleware) RequireRBACPermission(action, resource string) forge.Middleware
- func (m *AuthMiddleware) RequireScope(scope string) forge.Middleware
- func (m *AuthMiddleware) RequireSecretKey(next forge.Handler) forge.Handler
- func (m *AuthMiddleware) RequireUser(next forge.Handler) forge.Handler
- type AuthMiddlewareConfig
- type CORSConfig
- type ContextConfig
- type ContextResolution
- type ContextSource
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CORSMiddleware ¶ added in v0.0.2
func CORSMiddleware(config CORSConfig) forge.Middleware
CORSMiddleware creates a CORS middleware with the given configuration
Types ¶
type AuthMiddleware ¶
type AuthMiddleware struct {
// contains filtered or unexported fields
}
AuthMiddleware handles authentication via API keys and sessions Following production patterns like Clerk, this middleware supports: - API key authentication (pk/sk/rk keys) - Session-based authentication (cookies + bearer tokens) - Dual authentication (both API key and user session)
func NewAuthMiddleware ¶
func NewAuthMiddleware( apiKeySvc *apikey.Service, sessionSvc session.ServiceInterface, userSvc user.ServiceInterface, config AuthMiddlewareConfig, cookieConfig *session.CookieConfig, ) *AuthMiddleware
NewAuthMiddleware creates a new authentication middleware
func (*AuthMiddleware) Authenticate ¶
func (m *AuthMiddleware) Authenticate(next forge.Handler) forge.Handler
Authenticate is the main middleware function that populates auth context This middleware is optional by default - it populates context but doesn't block
func (*AuthMiddleware) RequireAPIKey ¶
func (m *AuthMiddleware) RequireAPIKey(next forge.Handler) forge.Handler
RequireAPIKey middleware that requires an API key
func (*AuthMiddleware) RequireAdmin ¶
func (m *AuthMiddleware) RequireAdmin(next forge.Handler) forge.Handler
RequireAdmin middleware that requires admin privileges
func (*AuthMiddleware) RequireAllPermissions ¶
func (m *AuthMiddleware) RequireAllPermissions(permissions ...string) forge.Middleware
RequireAllPermissions middleware that requires all of the specified permissions
func (*AuthMiddleware) RequireAllScopes ¶
func (m *AuthMiddleware) RequireAllScopes(scopes ...string) forge.Middleware
RequireAllScopes middleware that requires all of the specified scopes
func (*AuthMiddleware) RequireAnyPermission ¶
func (m *AuthMiddleware) RequireAnyPermission(permissions ...string) forge.Middleware
RequireAnyPermission middleware that requires any of the specified permissions
func (*AuthMiddleware) RequireAnyScope ¶
func (m *AuthMiddleware) RequireAnyScope(scopes ...string) forge.Middleware
RequireAnyScope middleware that requires any of the specified scopes
func (*AuthMiddleware) RequireAuth ¶
func (m *AuthMiddleware) RequireAuth(next forge.Handler) forge.Handler
RequireAuth middleware that rejects unauthenticated requests
func (*AuthMiddleware) RequireCanAccess ¶
func (m *AuthMiddleware) RequireCanAccess(action, resource string) forge.Middleware
RequireCanAccess middleware that checks if auth context can access a resource This is flexible - accepts EITHER legacy scopes OR RBAC permissions Recommended for backward compatibility
func (*AuthMiddleware) RequirePublishableKey ¶
func (m *AuthMiddleware) RequirePublishableKey(next forge.Handler) forge.Handler
RequirePublishableKey middleware that requires a publishable (pk_) API key
func (*AuthMiddleware) RequireRBACPermission ¶
func (m *AuthMiddleware) RequireRBACPermission(action, resource string) forge.Middleware
RequireRBACPermission middleware that requires a specific RBAC permission Checks only RBAC permissions (not legacy scopes)
func (*AuthMiddleware) RequireScope ¶
func (m *AuthMiddleware) RequireScope(scope string) forge.Middleware
RequireScope middleware that requires a specific API key scope
func (*AuthMiddleware) RequireSecretKey ¶
func (m *AuthMiddleware) RequireSecretKey(next forge.Handler) forge.Handler
RequireSecretKey middleware that requires a secret (sk_) API key
func (*AuthMiddleware) RequireUser ¶
func (m *AuthMiddleware) RequireUser(next forge.Handler) forge.Handler
RequireUser middleware that requires a logged-in user (session)
type AuthMiddlewareConfig ¶
type AuthMiddlewareConfig struct {
// Cookie name for session token
SessionCookieName string
// Allow unauthenticated requests to pass through
// If false, middleware will return 401 for unauthenticated requests
Optional bool
// Header names to check for API keys
APIKeyHeaders []string
// Allow API key in query params (NOT recommended for production)
AllowAPIKeyInQuery bool
// Allow query param session tokens (NOT recommended for production)
AllowSessionInQuery bool
// Context configuration for app/environment population
Context ContextConfig
}
AuthMiddlewareConfig configures the authentication middleware behavior
type CORSConfig ¶ added in v0.0.2
type CORSConfig struct {
AllowedOrigins []string
AllowCredentials bool
AllowedMethods []string
AllowedHeaders []string
ExposeHeaders []string
MaxAge int
}
CORSConfig holds CORS middleware configuration
type ContextConfig ¶ added in v0.0.2
type ContextConfig struct {
// DefaultAppID is used when no app ID is found in headers or API key
// Should be a valid xid string (e.g., "c7ndh411g9k8pdunveeg")
DefaultAppID string
// DefaultEnvironmentID is used when no environment ID is found
// Should be a valid xid string (e.g., "c7ndh411g9k8pdunveeg")
DefaultEnvironmentID string
// AppIDHeader is the header name to check for app ID (default: X-App-ID)
AppIDHeader string
// EnvironmentIDHeader is the header name to check for environment ID (default: X-Environment-ID)
EnvironmentIDHeader string
// AutoDetectFromConfig enables auto-detection of app/environment from AuthSome config
// When enabled in standalone mode, uses the default app automatically
AutoDetectFromConfig bool
// AutoDetectFromAPIKey enables inferring app/environment from verified API key
// This is the most common pattern - API key contains app and environment context
AutoDetectFromAPIKey bool
}
ContextConfig configures how app and environment context is populated
func DefaultContextConfig ¶ added in v0.0.2
func DefaultContextConfig() ContextConfig
DefaultContextConfig returns a ContextConfig with sensible defaults
type ContextResolution ¶ added in v0.0.2
type ContextResolution struct {
AppID xid.ID
AppIDSource ContextSource
EnvironmentID xid.ID
EnvironmentIDSource ContextSource
}
ContextResolution tracks how context values were resolved
type ContextSource ¶ added in v0.0.2
type ContextSource string
ContextSource indicates where the context value came from
const ( ContextSourceNone ContextSource = "none" ContextSourceExisting ContextSource = "existing" // Already in request context ContextSourceHeader ContextSource = "header" // From HTTP header ContextSourceAPIKey ContextSource = "api_key" // From verified API key ContextSourceDefault ContextSource = "default" // From default config ContextSourceAutoDetect ContextSource = "auto_detect" // From AuthSome config )
Source Files