go/httpauth
2
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity
Files
v0.1.0
httpauth/doc.go

20 lines
847 B
Go
Raw Permalink Normal View History

feat(httpauth): initial release — provider-agnostic HTTP auth middleware Provides SetTokenData for upstream AuthMiddleware implementations, EnrichmentMiddleware and AuthzMiddleware compatible with any provider that calls SetTokenData, ClaimsPermissionProvider for JWT-embedded permissions, and CachedPermissionProvider for TTL-backed runtime resolution via any Cache implementation.
2026-05-07 21:37:25 -06:00
// Package httpauth provides provider-agnostic HTTP middleware for identity
// enrichment and RBAC authorization.
//
// Any upstream AuthMiddleware that calls [SetTokenData] to inject uid and claims
// into the request context is compatible with this package — Firebase, self-issued
// JWT, API key, etc.
//
// Typical middleware chain:
//
// r.Use(jwtauth.AuthMiddleware(signer, publicPaths, nil))
// r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
//
// // Choose one PermissionProvider:
// claimsProvider := httpauth.NewClaimsPermissionProvider("permisos") // JWT-embedded
// cachedProvider := httpauth.NewCachedPermissionProvider(db, cache, ttl) // runtime + cache
//
// r.With(httpauth.AuthzMiddleware(provider, "orders", rbac.Permission(1))).
// Post("/orders", handler)
package httpauth
Reference in New Issue Copy Permalink