// Package httpauth provides provider-agnostic HTTP middleware for identity
// enrichment and RBAC authorization.
//
// Any upstream AuthMiddleware that calls [SetTokenData] to inject uid and claims
// into the request context is compatible with this package — Firebase, self-issued
// JWT, API key, etc.
//
// Typical middleware chain:
//
//	r.Use(jwtauth.AuthMiddleware(signer, publicPaths, nil))
//	r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
//
//	// Choose one PermissionProvider:
//	claimsProvider := httpauth.NewClaimsPermissionProvider("permisos")   // JWT-embedded
//	cachedProvider := httpauth.NewCachedPermissionProvider(db, cache, ttl) // runtime + cache
//
//	r.With(httpauth.AuthzMiddleware(provider, "orders", rbac.Permission(1))).
//	    Post("/orders", handler)
package httpauth