2 Releases 3 Tags

RSS Feed

• v1.0.0 3c6636f905

  Compare

  Release v1.0.0 Stable

  Rene Nochebuena released this 2026-05-07 23:09:23 -06:00 | 1 commits to main since this release

  v1.0.0

  code.nochebuena.dev/go/httpauth

  Overview

  httpauth v1.0.0 commits the provider-agnostic middleware stack as stable and adds
  ChainPermissionProvider — the last roadmap item. The module now ships three
  rbac.PermissionProvider implementations covering every common resolution pattern:
  claims-embedded, TTL-cached, and chained (fast-path + fallback in the same request).

  Dependency bumped to rbac v1.0.0.

  What Changed Since v0.1.0

  New: NewChainPermissionProvider

  func NewChainPermissionProvider(providers ...rbac.PermissionProvider) rbac.PermissionProvider
  

  Tries each provider in order and returns the first non-zero mask. Errors propagate
  immediately — subsequent providers are not consulted.

  Primary use case — JWT fast-path with DB fallback:

  chain := httpauth.NewChainPermissionProvider(
      httpauth.NewClaimsPermissionProvider("permisos"),                        // JWT claims — no DB call
      httpauth.NewCachedPermissionProvider(dbProvider, valkeyCache, 5*time.Minute), // fallback
  )
  r.With(httpauth.AuthzMiddleware(chain, "usuarios", rbac.Permission(1))).Get("/usuarios", h)
  

  When the JWT embeds permission masks (customClaims from jwtauth.IssueTokenPair),
  the chain returns immediately from the first provider. When the JWT has no embedded
  masks (e.g. a token issued before permissions were cached in claims), the chain falls
  through to the DB-backed provider transparently.

  Dependency bump

  code.nochebuena.dev/go/rbac v0.9.0 → v1.0.0

  Full API (stable)

  SetTokenData(ctx, uid, claims) context.Context — integration contract called
  by provider-specific AuthMiddleware implementations.

  EnrichmentMiddleware(enricher, opts...) func(http.Handler) http.Handler

  AuthzMiddleware(provider rbac.PermissionProvider, resource string, required rbac.Permission) func(http.Handler) http.Handler

  NewClaimsPermissionProvider(claimsKey string) rbac.PermissionProvider — reads
  bitmasks from JWT claims; handles float64 (JSON) and int64.

  NewCachedPermissionProvider(inner, cache, ttl) rbac.PermissionProvider — TTL
  cache with silent fallthrough on cache error. Cache key: rbac:{uid}:{resource}.

  NewChainPermissionProvider(providers...) rbac.PermissionProvider — first
  non-zero mask wins; errors propagate immediately. (New in v1.0.0)

  IdentityEnricher interface — Enrich(ctx, uid, claims) (rbac.Identity, error)

  Cache interface — Get(ctx, key) (int64, bool, error) and Set(ctx, key, value, ttl) error

  WithTenantHeader(header string) EnrichOpt

  Migration from v0.1.0

  No breaking changes. The only addition is NewChainPermissionProvider.

  go get code.nochebuena.dev/go/httpauth@v1.0.0
  go get code.nochebuena.dev/go/rbac@v1.0.0
  

  Downloads

  • Source Code (ZIP)
  • Source Code (TAR.GZ)