authkeys

package
v0.0.0-...-5fe9b4e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// TokenPrefix is the managed API key prefix returned to clients.
	TokenPrefix = "sk_gom_"
)

Variables

View Source 
var (
	// ErrNotFound indicates a requested auth key record does not exist.
	ErrNotFound = errors.New("auth key not found")
	// ErrInvalidToken indicates the presented token does not match a known key.
	ErrInvalidToken = errors.New("invalid API key")
	// ErrInactive indicates the presented token belongs to an inactive key.
	ErrInactive = errors.New("API key is inactive")
	// ErrExpired indicates the presented token belongs to an expired key.
	ErrExpired = errors.New("API key expired")
)

Functions

func IsValidationError 

func IsValidationError(err error) bool

IsValidationError reports whether err is a validation error.

Types

type AuthKey 

type AuthKey struct {
	ID            string     `json:"id" bson:"_id"`
	Name          string     `json:"name" bson:"name"`
	Description   string     `json:"description,omitempty" bson:"description,omitempty"`
	UserPath      string     `json:"user_path,omitempty" bson:"user_path,omitempty"`
	RedactedValue string     `json:"redacted_value" bson:"redacted_value"`
	SecretHash    string     `json:"-" bson:"secret_hash"`
	Enabled       bool       `json:"enabled" bson:"enabled"`
	ExpiresAt     *time.Time `json:"expires_at,omitempty" bson:"expires_at,omitempty"`
	DeactivatedAt *time.Time `json:"deactivated_at,omitempty" bson:"deactivated_at,omitempty"`
	CreatedAt     time.Time  `json:"created_at" bson:"created_at"`
	UpdatedAt     time.Time  `json:"updated_at" bson:"updated_at"`
}

AuthKey is the persisted auth key record.

func (AuthKey) Active 

func (k AuthKey) Active(now time.Time) bool

Active reports whether the key can currently authenticate requests.

type AuthenticationResult 

type AuthenticationResult struct {
	ID       string
	UserPath string
}

AuthenticationResult describes one successful managed auth key lookup.

type CreateInput 

type CreateInput struct {
	Name        string
	Description string
	UserPath    string
	ExpiresAt   *time.Time
}

CreateInput captures the admin request for issuing a new auth key.

type IssuedKey 

type IssuedKey struct {
	View
	Value string `json:"value"`
}

IssuedKey is returned once on create and includes the plaintext token value.

type MongoDBStore 

type MongoDBStore struct {
	// contains filtered or unexported fields
}

MongoDBStore stores auth keys in MongoDB.

func NewMongoDBStore 

func NewMongoDBStore(database *mongo.Database) (*MongoDBStore, error)

NewMongoDBStore creates collection indexes if needed.

func (*MongoDBStore) Close 

func (s *MongoDBStore) Close() error

func (*MongoDBStore) Create 

func (s *MongoDBStore) Create(ctx context.Context, key AuthKey) error

func (*MongoDBStore) Deactivate 

func (s *MongoDBStore) Deactivate(ctx context.Context, id string, now time.Time) error

func (*MongoDBStore) List 

func (s *MongoDBStore) List(ctx context.Context) ([]AuthKey, error)

type PostgreSQLStore 

type PostgreSQLStore struct {
	// contains filtered or unexported fields
}

PostgreSQLStore stores auth keys in PostgreSQL.

func NewPostgreSQLStore 

func NewPostgreSQLStore(ctx context.Context, pool *pgxpool.Pool) (*PostgreSQLStore, error)

NewPostgreSQLStore creates the auth_keys table and indexes if needed.

func (*PostgreSQLStore) Close 

func (s *PostgreSQLStore) Close() error

func (*PostgreSQLStore) Create 

func (s *PostgreSQLStore) Create(ctx context.Context, key AuthKey) error

func (*PostgreSQLStore) Deactivate 

func (s *PostgreSQLStore) Deactivate(ctx context.Context, id string, now time.Time) error

func (*PostgreSQLStore) List 

func (s *PostgreSQLStore) List(ctx context.Context) ([]AuthKey, error)

type Result 

type Result struct {
	Service *Service
	Store   Store
	Storage storage.Storage
	// contains filtered or unexported fields
}

Result holds the initialized auth key service and any owned resources.

func New 

func New(ctx context.Context, cfg *config.Config) (*Result, error)

New creates an auth key subsystem with its own storage connection.

func NewWithSharedStorage 

func NewWithSharedStorage(ctx context.Context, shared storage.Storage) (*Result, error)

NewWithSharedStorage creates an auth key subsystem using an existing storage connection.

func (*Result) Close 

func (r *Result) Close() error

Close releases resources held by the auth key subsystem.

type SQLiteStore 

type SQLiteStore struct {
	// contains filtered or unexported fields
}

SQLiteStore stores auth keys in SQLite.

func NewSQLiteStore 

func NewSQLiteStore(db *sql.DB) (*SQLiteStore, error)

NewSQLiteStore creates the auth_keys table and indexes if needed.

func (*SQLiteStore) Close 

func (s *SQLiteStore) Close() error

func (*SQLiteStore) Create 

func (s *SQLiteStore) Create(ctx context.Context, key AuthKey) error

func (*SQLiteStore) Deactivate 

func (s *SQLiteStore) Deactivate(ctx context.Context, id string, now time.Time) error

func (*SQLiteStore) List 

func (s *SQLiteStore) List(ctx context.Context) ([]AuthKey, error)

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service keeps managed auth keys cached in memory for request authentication.

func NewService 

func NewService(store Store) (*Service, error)

NewService creates a managed auth key service backed by storage.

func (*Service) ActiveCount 

func (s *Service) ActiveCount() int

ActiveCount returns the number of currently active auth keys.

func (*Service) Authenticate 

func (s *Service) Authenticate(_ context.Context, token string) (AuthenticationResult, error)

Authenticate validates a presented bearer token against the in-memory snapshot and returns the matched auth key metadata on success.

func (*Service) Create 

func (s *Service) Create(ctx context.Context, input CreateInput) (*IssuedKey, error)

Create issues a new managed auth key, persists it, updates the in-memory snapshot immediately, and then best-effort reconciles from storage.

func (*Service) Deactivate 

func (s *Service) Deactivate(ctx context.Context, id string) error

Deactivate marks a managed auth key inactive while preserving its record and best-effort reconciles the snapshot from storage afterward.

func (*Service) Enabled 

func (s *Service) Enabled() bool

Enabled reports whether managed auth keys should be enforced.

func (*Service) ListViews 

func (s *Service) ListViews() []View

ListViews returns all cached keys in admin-facing form.

func (*Service) Refresh 

func (s *Service) Refresh(ctx context.Context) error

Refresh reloads keys from storage and atomically swaps the in-memory snapshot.

func (*Service) StartBackgroundRefresh 

func (s *Service) StartBackgroundRefresh(interval time.Duration) func()

StartBackgroundRefresh periodically reloads auth keys from storage until stopped.

func (*Service) Total 

func (s *Service) Total() int

Total returns the number of persisted managed auth keys in the current snapshot.

type Store 

type Store interface {
	List(ctx context.Context) ([]AuthKey, error)
	Create(ctx context.Context, key AuthKey) error
	Deactivate(ctx context.Context, id string, now time.Time) error
	Close() error
}

Store defines persistence operations for managed auth keys.

type ValidationError 

type ValidationError struct {
	Message string
	Err     error
}

ValidationError indicates invalid auth key input or state.

func (*ValidationError) Error 

func (e *ValidationError) Error() string

func (*ValidationError) Unwrap 

func (e *ValidationError) Unwrap() error

type View 

type View struct {
	AuthKey
	Active bool `json:"active"`
}

View is the admin-facing representation of a managed auth key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.