doc.go

// Package httpauth provides Firebase-backed HTTP authentication middleware.
//
// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into
// the request context via httpauth.SetTokenData (code.nochebuena.dev/go/httpauth).
// Downstream middleware (EnrichmentMiddleware, AuthzMiddleware) comes from that
// package and is provider-agnostic.
//
// Typical middleware chain:
//
//	import httpauthmw "code.nochebuena.dev/go/httpauth"
//
//	r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))
//	r.Use(httpauthmw.EnrichmentMiddleware(userEnricher, httpauthmw.WithTenantHeader("X-Tenant-ID")))
//	r.With(httpauthmw.AuthzMiddleware(permProvider, "orders", rbac.Read)).Post("/orders", handler)
//
// AuthMiddleware accepts a TokenVerifier interface, so it can be tested without
// a live Firebase connection.
package httpauth
refactor(httpauth-firebase)!: delegate enrichment and authz to httpauth v0.1.0 EnrichmentMiddleware, AuthzMiddleware, IdentityEnricher, PermissionProvider, and related types are removed from this module. They now live in code.nochebuena.dev/go/httpauth, the provider-agnostic middleware layer. AuthMiddleware is updated to call httpauth.SetTokenData, fulfilling the integration contract between provider-specific auth and generic middleware. This module now has a single responsibility: Firebase JWT verification. BREAKING CHANGE: IdentityEnricher, PermissionProvider, EnrichmentMiddleware, AuthzMiddleware, and WithTenantHeader are no longer exported from this package. Import code.nochebuena.dev/go/httpauth for those identifiers. 2026-05-07 21:57:01 -06:00			`// Package httpauth provides Firebase-backed HTTP authentication middleware.`
			`//`
			`// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into`
			`// the request context via httpauth.SetTokenData (code.nochebuena.dev/go/httpauth).`
			`// Downstream middleware (EnrichmentMiddleware, AuthzMiddleware) comes from that`
			`// package and is provider-agnostic.`
docs(httpauth-firebase): fix rbac tier reference from 1 to 0 rbac is a Tier 0 module (no micro-lib dependencies). The dependency line incorrectly cited it as Tier 1. The module's own tier (4) is unchanged — it remains the auth layer above the transport infrastructure. 2026-03-19 13:44:45 +00:00			`//`
			`// Typical middleware chain:`
			`//`
refactor(httpauth-firebase)!: delegate enrichment and authz to httpauth v0.1.0 EnrichmentMiddleware, AuthzMiddleware, IdentityEnricher, PermissionProvider, and related types are removed from this module. They now live in code.nochebuena.dev/go/httpauth, the provider-agnostic middleware layer. AuthMiddleware is updated to call httpauth.SetTokenData, fulfilling the integration contract between provider-specific auth and generic middleware. This module now has a single responsibility: Firebase JWT verification. BREAKING CHANGE: IdentityEnricher, PermissionProvider, EnrichmentMiddleware, AuthzMiddleware, and WithTenantHeader are no longer exported from this package. Import code.nochebuena.dev/go/httpauth for those identifiers. 2026-05-07 21:57:01 -06:00			`// import httpauthmw "code.nochebuena.dev/go/httpauth"`
docs(httpauth-firebase): fix rbac tier reference from 1 to 0 rbac is a Tier 0 module (no micro-lib dependencies). The dependency line incorrectly cited it as Tier 1. The module's own tier (4) is unchanged — it remains the auth layer above the transport infrastructure. 2026-03-19 13:44:45 +00:00			`//`
refactor(httpauth-firebase)!: delegate enrichment and authz to httpauth v0.1.0 EnrichmentMiddleware, AuthzMiddleware, IdentityEnricher, PermissionProvider, and related types are removed from this module. They now live in code.nochebuena.dev/go/httpauth, the provider-agnostic middleware layer. AuthMiddleware is updated to call httpauth.SetTokenData, fulfilling the integration contract between provider-specific auth and generic middleware. This module now has a single responsibility: Firebase JWT verification. BREAKING CHANGE: IdentityEnricher, PermissionProvider, EnrichmentMiddleware, AuthzMiddleware, and WithTenantHeader are no longer exported from this package. Import code.nochebuena.dev/go/httpauth for those identifiers. 2026-05-07 21:57:01 -06:00			`// r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))`
			`// r.Use(httpauthmw.EnrichmentMiddleware(userEnricher, httpauthmw.WithTenantHeader("X-Tenant-ID")))`
			`// r.With(httpauthmw.AuthzMiddleware(permProvider, "orders", rbac.Read)).Post("/orders", handler)`
docs(httpauth-firebase): fix rbac tier reference from 1 to 0 rbac is a Tier 0 module (no micro-lib dependencies). The dependency line incorrectly cited it as Tier 1. The module's own tier (4) is unchanged — it remains the auth layer above the transport infrastructure. 2026-03-19 13:44:45 +00:00			`//`
refactor(httpauth-firebase)!: delegate enrichment and authz to httpauth v0.1.0 EnrichmentMiddleware, AuthzMiddleware, IdentityEnricher, PermissionProvider, and related types are removed from this module. They now live in code.nochebuena.dev/go/httpauth, the provider-agnostic middleware layer. AuthMiddleware is updated to call httpauth.SetTokenData, fulfilling the integration contract between provider-specific auth and generic middleware. This module now has a single responsibility: Firebase JWT verification. BREAKING CHANGE: IdentityEnricher, PermissionProvider, EnrichmentMiddleware, AuthzMiddleware, and WithTenantHeader are no longer exported from this package. Import code.nochebuena.dev/go/httpauth for those identifiers. 2026-05-07 21:57:01 -06:00			`// AuthMiddleware accepts a TokenVerifier interface, so it can be tested without`
docs(httpauth-firebase): fix rbac tier reference from 1 to 0 rbac is a Tier 0 module (no micro-lib dependencies). The dependency line incorrectly cited it as Tier 1. The module's own tier (4) is unchanged — it remains the auth layer above the transport infrastructure. 2026-03-19 13:44:45 +00:00			`// a live Firebase connection.`
			`package httpauth`