feat(httpauth): initial release — provider-agnostic HTTP auth middleware

Provides SetTokenData for upstream AuthMiddleware implementations, EnrichmentMiddleware and AuthzMiddleware compatible with any provider that calls SetTokenData, ClaimsPermissionProvider for JWT-embedded permissions, and CachedPermissionProvider for TTL-backed runtime resolution via any Cache implementation.
2026-05-07 21:37:25 -06:00
commit 18e5a16f7e
16 changed files with 879 additions and 0 deletions
--- a/doc.go
+++ b/doc.go
@@ -0,0 +1,19 @@
+// Package httpauth provides provider-agnostic HTTP middleware for identity
+// enrichment and RBAC authorization.
+//
+// Any upstream AuthMiddleware that calls [SetTokenData] to inject uid and claims
+// into the request context is compatible with this package — Firebase, self-issued
+// JWT, API key, etc.
+//
+// Typical middleware chain:
+//
+//	r.Use(jwtauth.AuthMiddleware(signer, publicPaths, nil))
+//	r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
+//
+//	// Choose one PermissionProvider:
+//	claimsProvider := httpauth.NewClaimsPermissionProvider("permisos")   // JWT-embedded
+//	cachedProvider := httpauth.NewCachedPermissionProvider(db, cache, ttl) // runtime + cache
+//
+//	r.With(httpauth.AuthzMiddleware(provider, "orders", rbac.Permission(1))).
+//	    Post("/orders", handler)
+package httpauth