platformauth

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authenticate 

func Authenticate(authenticator auth.Authenticator) func(http.Handler) http.Handler

Authenticate returns middleware that extracts a principal from the request using the provided authenticator and stores it in the request context via WithPrincipal. It is extraction-only: it never writes an error response, never logs, and never blocks a request — enforcement is the responsibility of RequireAuthenticated and RequireRole.

Special cases:

  • authenticator is nil: passes through unchanged.
  • principal already present in context: does not overwrite; passes through.
  • authenticator returns (nil, nil): passes through without storing.
  • authenticator returns an error: passes through without storing.

func MustPrincipalFromContext 

func MustPrincipalFromContext(ctx context.Context) *identity.Principal

MustPrincipalFromContext is like PrincipalFromContext but panics when no principal is present. Use only inside middleware chains that guarantee a principal has already been stored (e.g. after RequireAuthenticated).

func PrincipalFromContext 

func PrincipalFromContext(ctx context.Context) (*identity.Principal, bool)

PrincipalFromContext retrieves the *identity.Principal stored by WithPrincipal. The second return value is false when no principal is present or the stored value is nil.

func RequireAuthenticated 

func RequireAuthenticated(next http.Handler) http.Handler

RequireAuthenticated is middleware that returns HTTP 401 when no principal is present in the request context. It must be composed after Authenticate.

func RequireRole 

func RequireRole(roles ...string) func(http.Handler) http.Handler

RequireRole returns middleware that enforces role-based access control. It must be composed after Authenticate (and optionally RequireAuthenticated).

Panics at construction time (not request time) when called with zero roles — this is a programmer error and should be caught during startup.

At request time:

  • no principal in context → 401
  • principal present but lacks all required roles → 403
  • principal has at least one required role → calls next

func WithPrincipal 

func WithPrincipal(ctx context.Context, p *identity.Principal) context.Context

WithPrincipal returns a copy of ctx with p stored under the package-local key.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.