apikey

package

v2.1.0 Latest Latest Go to latest Published: May 2, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aatuh/api-toolkit

Links

Open Source Insights

Documentation ¶

Overview ¶

Package apikey provides stable API key authentication middleware.

The middleware extracts credentials from Authorization: ApiKey <secret> or X-API-Key, delegates verification to an application-owned Verifier, stores the authenticated principal in request context, and can enforce required scopes. Storage, hashing, rotation, and last-used tracking intentionally belong to the Verifier implementation instead of the core middleware.

Index ¶

func RequireScopeMiddleware(scope string) func(http.Handler) http.Handler
func WithPrincipal(ctx context.Context, principal Principal) context.Context
type Config
type Middleware
- func NewMiddleware(cfg Config) (*Middleware, error)
- func (m *Middleware) Handler(next http.Handler) http.Handler
- func (m *Middleware) OptionalHandler(next http.Handler) http.Handler
type PresentedKey
type Principal
- func PrincipalFromContext(ctx context.Context) (Principal, bool)
- func (p Principal) HasScope(scope string) bool
type Verifier
type VerifierFunc
- func (f VerifierFunc) VerifyAPIKey(ctx context.Context, key PresentedKey) (Principal, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RequireScopeMiddleware ¶

func RequireScopeMiddleware(scope string) func(http.Handler) http.Handler

RequireScopeMiddleware requires an authenticated API key principal with scope.

func WithPrincipal ¶

func WithPrincipal(ctx context.Context, principal Principal) context.Context

WithPrincipal stores an authenticated API key principal in context.

Types ¶

type Config ¶

type Config struct {
	Verifier    Verifier
	HeaderNames []string
}

Config controls API key authentication.

type Middleware ¶

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware authenticates requests with API keys.

func NewMiddleware ¶

func NewMiddleware(cfg Config) (*Middleware, error)

NewMiddleware constructs API key middleware.

func (*Middleware) Handler ¶

func (m *Middleware) Handler(next http.Handler) http.Handler

Handler requires a valid API key before calling next.

func (*Middleware) OptionalHandler ¶

func (m *Middleware) OptionalHandler(next http.Handler) http.Handler

OptionalHandler authenticates a valid API key when present and otherwise lets anonymous requests continue. Malformed or invalid credentials still fail.

type PresentedKey ¶

type PresentedKey struct {
	Value  string
	Source string
}

PresentedKey describes a credential extracted from a request.

type Principal ¶

type Principal struct {
	ID       string
	Name     string
	TenantID string
	Scopes   []string
	Metadata map[string]any
}

Principal describes the authenticated API key owner.

func PrincipalFromContext ¶

func PrincipalFromContext(ctx context.Context) (Principal, bool)

PrincipalFromContext returns the authenticated API key principal.

func (Principal) HasScope ¶

func (p Principal) HasScope(scope string) bool

HasScope reports whether the principal has scope.

type Verifier ¶

type Verifier interface {
	VerifyAPIKey(ctx context.Context, key PresentedKey) (Principal, error)
}

Verifier validates a presented API key and returns its principal.

type VerifierFunc ¶

type VerifierFunc func(ctx context.Context, key PresentedKey) (Principal, error)

VerifierFunc adapts a function to the Verifier interface.

func (VerifierFunc) VerifyAPIKey ¶

func (f VerifierFunc) VerifyAPIKey(ctx context.Context, key PresentedKey) (Principal, error)

VerifyAPIKey validates a presented API key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL