go/httpauth-firebase
2
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

2 Releases 3 Tags

RSS Feed
  • v1.0.0 34c5fa7ded
    Compare

    Release v1.0.0 Stable

    Rene Nochebuena released this 2026-05-07 23:50:39 -06:00 | 1 commits to main since this release

    v1.0.0

    code.nochebuena.dev/go/httpauth-firebase

    Overview

    httpauth-firebase v1.0.0 finalizes the module's scope: Firebase JWT verification
    only    . Identity enrichment, RBAC authorization, and permission providers have moved
    to code.nochebuena.dev/go/httpauth — the provider-agnostic middleware layer shared
    across httpauth-firebase, httpauth-jwt, and any future auth provider.

    AuthMiddleware now calls httpauth.SetTokenData to inject uid and claims into
    context, fulfilling the integration contract that all provider-specific auth modules
    share. The rest of the stack (EnrichmentMiddleware, AuthzMiddleware, etc.) is
    consumed directly from httpauth.

    Breaking Changes

    The following identifiers are no longer exported from this package. Import
    code.nochebuena.dev/go/httpauth instead.

    Removed from httpauth-firebase Now in httpauth
    IdentityEnricher httpauth.IdentityEnricher
    PermissionProvider rbac.PermissionProvider
    EnrichmentMiddleware httpauth.EnrichmentMiddleware
    AuthzMiddleware httpauth.AuthzMiddleware
    WithTenantHeader httpauth.WithTenantHeader
    EnrichOpt httpauth.EnrichOpt

    TokenVerifier and AuthMiddleware remain unchanged.

    Migration Guide

    Before (v0.9.0):

    import httpauth "code.nochebuena.dev/go/httpauth-firebase"

r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))
r.Use(httpauth.EnrichmentMiddleware(myEnricher))
r.With(httpauth.AuthzMiddleware(permProvider, "orders", rbac.Write)).Post("/orders", h)

    After (v1.0.0):

    import (
    httpauthfirebase "code.nochebuena.dev/go/httpauth-firebase"
    httpauthmw       "code.nochebuena.dev/go/httpauth"
)

r.Use(httpauthfirebase.AuthMiddleware(firebaseClient, publicPaths))
r.Use(httpauthmw.EnrichmentMiddleware(myEnricher))
r.With(httpauthmw.AuthzMiddleware(permProvider, "orders", rbac.Write)).Post("/orders", h)

    The package identifier changes from httpauth to httpauthfirebase — update the
    import alias (or remove it if you now import using the natural package name).
    No behavior changes.

    What's Included

    AuthMiddleware(verifier TokenVerifier, publicPaths []string) func(http.Handler) http.Handler

    Verifies the Authorization: Bearer <token> header via Firebase JWT verification
    and injects uid + raw claims into the request context via httpauth.SetTokenData.
    Requests matching any pattern in publicPaths are passed through without token
    verification. Returns 401 on missing or invalid tokens.

    TokenVerifier interface

    Abstracts *auth.Client for unit-test mockability. Production code passes the
    Firebase auth client directly.

    Installation

    go get code.nochebuena.dev/go/httpauth-firebase@v1.0.0
go get code.nochebuena.dev/go/httpauth@v1.0.0

    Design Highlights

    Single responsibility. This module verifies Firebase tokens. Everything else
    lives in httpauth. The boundary is enforced by the module graph: httpauth-firebase
    imports httpauth, never the reverse.

    httpauth.SetTokenData as the integration contract. All provider-specific auth
    modules (httpauth-firebase, httpauth-jwt, etc.) call httpauth.SetTokenData after
    verifying their token. Generic middleware (EnrichmentMiddleware, AuthzMiddleware)
    reads from those same context keys — no provider knowledge required.

    No behavior changes. The token verification logic, public path bypass, and 401
    response behavior are identical to v0.9.0.

    Downloads