Documentation
¶
Overview ¶
FILE: pkg/middleware/webhook_auth.go
Index ¶
- func HMACAuth[T hmac.Signable](getRepo func(T) string, ns credentials.KeyNamespace, ...) func(http.Handler) http.Handler
- func OIDCAuth(allowedEmails, allowedAudiences, allowedAZPs []string) func(http.Handler) http.Handler
- func RepoFrom(ctx context.Context) *model.RepositoryMetadata
- func WebhookAuth(authenticator auth.Authenticator) func(http.Handler) http.Handler
- func WithLogger(base zerolog.Logger) func(http.Handler) http.Handler
- func WithRepo(ctx context.Context, repo *model.RepositoryMetadata) context.Context
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HMACAuth ¶
func HMACAuth[T hmac.Signable]( getRepo func(T) string, ns credentials.KeyNamespace, persistence ports.Persistence, masterKey string, ) func(http.Handler) http.Handler
HMACAuth returns a middleware that:
- Reads and decodes the JSON body into T.
- Resolves the repository identified by getRepo(req).
- Validates the HMAC signature (timestamp check included).
- Injects the resolved *model.RepositoryMetadata into the request context.
- Restores r.Body so the next handler can decode it again.
func OIDCAuth ¶
func OIDCAuth(allowedEmails, allowedAudiences, allowedAZPs []string) func(http.Handler) http.Handler
OIDCAuth agora é uma Factory Function que recebe a allowlist
func RepoFrom ¶
func RepoFrom(ctx context.Context) *model.RepositoryMetadata
RepoFrom returns the *model.RepositoryMetadata injected by HMACAuth. Returns nil if the middleware was not applied (e.g. in LOCAL_DEV without auth).
func WebhookAuth ¶
WebhookAuth cria middleware que valida usando o Authenticator fornecido
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.