go/httpauth-firebase
2
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity
Files
v1.0.0
httpauth-firebase/auth.go
Rene Nochebuena 34c5fa7ded fix(httpauth-firebase)!: rename package httpauthfirebase, bump httpauth and rbac to v1.0.0 
Rename package from httpauth to httpauthfirebase to follow ecosystem convention
(repo name = package name, hyphens removed). Bump httpauth dependency from
v0.1.0 to v1.0.0 and rbac indirect dependency from v0.9.0 to v1.0.0.

BREAKING CHANGE: import path unchanged (code.nochebuena.dev/go/httpauth-firebase)
but package identifier changes from httpauth to httpauthfirebase — remove any
import alias previously used to disambiguate from code.nochebuena.dev/go/httpauth.
2026-05-07 23:46:59 -06:00

53 lines
1.6 KiB
Go
Raw Permalink Blame History

package httpauthfirebase
import (
"context"
"net/http"
"path"
"strings"
"firebase.google.com/go/v4/auth"
httpauthmw "code.nochebuena.dev/go/httpauth"
)
// TokenVerifier abstracts Firebase JWT verification.
// *auth.Client satisfies this interface directly — no adapter needed in production.
// Retained solely for unit-test mockability.
type TokenVerifier interface {
VerifyIDTokenAndCheckRevoked(ctx context.Context, idToken string) (*auth.Token, error)
}
// AuthMiddleware verifies the Bearer token and injects uid + claims into the
// request context via httpauth.SetTokenData. Requests to publicPaths are skipped
// without token verification (wildcards supported via path.Match).
// Returns 401 on missing or invalid tokens.
func AuthMiddleware(verifier TokenVerifier, publicPaths []string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
for _, pattern := range publicPaths {
if matched, _ := path.Match(pattern, r.URL.Path); matched {
next.ServeHTTP(w, r)
return
}
}
authHeader := r.Header.Get("Authorization")
if !strings.HasPrefix(authHeader, "Bearer ") {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
token := strings.TrimPrefix(authHeader, "Bearer ")
decoded, err := verifier.VerifyIDTokenAndCheckRevoked(r.Context(), token)
if err != nil {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
ctx := httpauthmw.SetTokenData(r.Context(), decoded.UID, decoded.Claims)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
Reference in New Issue View Git Blame Copy Permalink