token

package

v0.2.6 Latest Latest Go to latest Published: Jan 19, 2026 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Sokol111/ecommerce-commons

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ContextWithClaims(ctx context.Context, claims *Claims) context.Context
func ContextWithToken(ctx context.Context, token string) context.Context
func NewTokenValidatorModule() fx.Option
func TokenFromContext(ctx context.Context) string
type Claims
- func ClaimsFromContext(ctx context.Context) *Claims
- func HandleBearerAuth(validator TokenValidator, ctx context.Context, tokenString string, ...) (context.Context, *Claims, error)
type Config
type TokenValidator

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrInvalidToken is returned when the token cannot be parsed or verified.
	ErrInvalidToken = errors.New("invalid token")
	// ErrExpiredToken is returned when the token has expired.
	ErrExpiredToken = errors.New("token expired")
	// ErrInvalidPublicKey is returned when the public key is invalid.
	ErrInvalidPublicKey = errors.New("invalid public key")
)

View Source

var ErrInsufficientPermissions = errors.New("insufficient permissions")

ErrInsufficientPermissions is returned when user lacks required permissions.

Functions ¶

func ContextWithClaims ¶

func ContextWithClaims(ctx context.Context, claims *Claims) context.Context

ContextWithClaims returns a new context with the claims stored.

func ContextWithToken ¶ added in v0.2.6

func ContextWithToken(ctx context.Context, token string) context.Context

ContextWithToken returns a new context with the raw token string stored. This is useful for token propagation in service-to-service calls.

func NewTokenValidatorModule ¶

func NewTokenValidatorModule() fx.Option

NewTokenValidatorModule provides a TokenValidator for dependency injection.

func TokenFromContext ¶ added in v0.2.6

func TokenFromContext(ctx context.Context) string

TokenFromContext retrieves the raw token string from the context. Returns empty string if no token is present.

Types ¶

type Claims ¶

type Claims struct {
	// UserID is the unique identifier of the user (subject).
	UserID string
	// Role is the user's role (e.g., "super_admin", "catalog_manager", "viewer").
	Role string
	// Permissions is the list of permissions granted to the user.
	Permissions []string
	// Type is the token type (e.g., "access", "refresh").
	Type string
	// IssuedAt is the time when the token was issued.
	IssuedAt time.Time
	// ExpiresAt is the time when the token expires.
	ExpiresAt time.Time
	// NotBefore is the time before which the token is not valid.
	NotBefore time.Time
	// contains filtered or unexported fields
}

Claims represents the token claims. This is used across all services for authentication.

func ClaimsFromContext ¶

func ClaimsFromContext(ctx context.Context) *Claims

ClaimsFromContext retrieves claims from the context. Returns nil if no claims are present.

func HandleBearerAuth ¶

func HandleBearerAuth(
	validator TokenValidator,
	ctx context.Context,
	tokenString string,
	requiredPermissions []string,
) (context.Context, *Claims, error)

HandleBearerAuth validates a token and checks permissions. It returns the context with claims and token stored, the claims, and any error.

Usage in your service:

func (s *securityHandler) HandleBearerAuth(ctx context.Context, operationName httpapi.OperationName, t httpapi.BearerAuth) (context.Context, error) {
    ctx, _, err := token.HandleBearerAuth(s.validator, ctx, t.Token, t.Roles)
    return ctx, err
}

func (*Claims) Get ¶

func (c *Claims) Get(key string, v any) error

Get unmarshals a custom claim from the token into the provided value.

func (*Claims) GetString ¶

func (c *Claims) GetString(key string) (string, error)

GetString returns a custom string claim from the token.

func (*Claims) HasAnyPermission ¶

func (c *Claims) HasAnyPermission(permissions []string) bool

HasAnyPermission checks if the user has at least one of the required permissions.

func (*Claims) HasPermission ¶

func (c *Claims) HasPermission(permission string) bool

HasPermission checks if the user has a specific permission.

func (*Claims) IsAccess ¶

func (c *Claims) IsAccess() bool

IsAccess returns true if the token is an access token.

func (*Claims) IsExpired ¶

func (c *Claims) IsExpired() bool

IsExpired checks if the token has expired.

func (*Claims) IsRefresh ¶

func (c *Claims) IsRefresh() bool

IsRefresh returns true if the token is a refresh token.

type Config ¶

type Config struct {
	// PublicKey is the hex-encoded Ed25519 public key for verifying tokens.
	// Required for all services that need to validate incoming tokens.
	PublicKey string `mapstructure:"public-key"`

	// ServiceToken is a pre-generated PASETO token for service-to-service communication.
	// Optional: only needed for services that make outgoing authenticated requests.
	// This token should be generated by auth-service with appropriate permissions.
	ServiceToken string `mapstructure:"service-token"`
}

Config holds the configuration for PASETO token handling.

type TokenValidator ¶

type TokenValidator interface {
	// ValidateToken validates a token and returns the claims.
	ValidateToken(token string) (*Claims, error)
}

TokenValidator validates tokens and returns claims.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL