Rene Nochebuena
d1de096c72
rbac is a Tier 0 module (no micro-lib dependencies). The dependency line incorrectly cited it as Tier 1. The module's own tier (4) is unchanged — it remains the auth layer above the transport infrastructure.
18 lines
832 B
Go
18 lines
832 B
Go
// Package httpauth provides Firebase-backed HTTP middleware for authentication,
|
|
// identity enrichment, and role-based access control.
|
|
//
|
|
// Typical middleware chain:
|
|
//
|
|
// r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))
|
|
// r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
|
|
// r.Use(httpauth.AuthzMiddleware(permProvider, "orders", rbac.Read))
|
|
//
|
|
// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into
|
|
// the request context. EnrichmentMiddleware reads those values, calls the
|
|
// app-provided IdentityEnricher, and stores the full rbac.Identity. AuthzMiddleware
|
|
// resolves the permission mask and gates the request.
|
|
//
|
|
// All three middleware functions accept interfaces, so they can be tested without
|
|
// a live Firebase connection.
|
|
package httpauth
|