feat(httpauth): initial release — provider-agnostic HTTP auth middleware

Provides SetTokenData for upstream AuthMiddleware implementations, EnrichmentMiddleware and AuthzMiddleware compatible with any provider that calls SetTokenData, ClaimsPermissionProvider for JWT-embedded permissions, and CachedPermissionProvider for TTL-backed runtime resolution via any Cache implementation.
2026-05-07 21:37:25 -06:00
commit 18e5a16f7e
16 changed files with 879 additions and 0 deletions
--- a/auth.go
+++ b/auth.go
@@ -0,0 +1,25 @@
+package httpauth
+
+import "context"
+
+type ctxUIDKey struct{}
+type ctxClaimsKey struct{}
+
+// SetTokenData injects a verified uid and raw claims into the context.
+// Called by provider-specific AuthMiddleware implementations after token verification.
+// EnrichmentMiddleware reads these values automatically via unexported helpers.
+func SetTokenData(ctx context.Context, uid string, claims map[string]any) context.Context {
+	ctx = context.WithValue(ctx, ctxUIDKey{}, uid)
+	ctx = context.WithValue(ctx, ctxClaimsKey{}, claims)
+	return ctx
+}
+
+func getUID(ctx context.Context) (string, bool) {
+	uid, ok := ctx.Value(ctxUIDKey{}).(string)
+	return uid, ok && uid != ""
+}
+
+func getClaims(ctx context.Context) (map[string]any, bool) {
+	claims, ok := ctx.Value(ctxClaimsKey{}).(map[string]any)
+	return claims, ok
+}