refactor(httpauth-firebase)!: delegate enrichment and authz to httpauth v0.1.0
EnrichmentMiddleware, AuthzMiddleware, IdentityEnricher, PermissionProvider, and related types are removed from this module. They now live in code.nochebuena.dev/go/httpauth, the provider-agnostic middleware layer. AuthMiddleware is updated to call httpauth.SetTokenData, fulfilling the integration contract between provider-specific auth and generic middleware. This module now has a single responsibility: Firebase JWT verification. BREAKING CHANGE: IdentityEnricher, PermissionProvider, EnrichmentMiddleware, AuthzMiddleware, and WithTenantHeader are no longer exported from this package. Import code.nochebuena.dev/go/httpauth for those identifiers.
This commit is contained in:
21
doc.go
21
doc.go
@@ -1,17 +1,18 @@
|
||||
// Package httpauth provides Firebase-backed HTTP middleware for authentication,
|
||||
// identity enrichment, and role-based access control.
|
||||
// Package httpauth provides Firebase-backed HTTP authentication middleware.
|
||||
//
|
||||
// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into
|
||||
// the request context via httpauth.SetTokenData (code.nochebuena.dev/go/httpauth).
|
||||
// Downstream middleware (EnrichmentMiddleware, AuthzMiddleware) comes from that
|
||||
// package and is provider-agnostic.
|
||||
//
|
||||
// Typical middleware chain:
|
||||
//
|
||||
// import httpauthmw "code.nochebuena.dev/go/httpauth"
|
||||
//
|
||||
// r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))
|
||||
// r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
|
||||
// r.Use(httpauth.AuthzMiddleware(permProvider, "orders", rbac.Read))
|
||||
// r.Use(httpauthmw.EnrichmentMiddleware(userEnricher, httpauthmw.WithTenantHeader("X-Tenant-ID")))
|
||||
// r.With(httpauthmw.AuthzMiddleware(permProvider, "orders", rbac.Read)).Post("/orders", handler)
|
||||
//
|
||||
// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into
|
||||
// the request context. EnrichmentMiddleware reads those values, calls the
|
||||
// app-provided IdentityEnricher, and stores the full rbac.Identity. AuthzMiddleware
|
||||
// resolves the permission mask and gates the request.
|
||||
//
|
||||
// All three middleware functions accept interfaces, so they can be tested without
|
||||
// AuthMiddleware accepts a TokenVerifier interface, so it can be tested without
|
||||
// a live Firebase connection.
|
||||
package httpauth
|
||||
|
||||
Reference in New Issue
Block a user