middleware

package

v0.1.23 Latest Latest Go to latest Published: May 26, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/authara-org/authara

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func HTMXMiddleware(next http.Handler) http.Handler
func OptionalAccessIdentity(sessionSvc *session.Service, audience token.Audience, now func() time.Time) func(http.Handler) http.Handler
func RedirectIfAuthenticated(sessionService *session.Service, now func() time.Time) func(http.Handler) http.Handler
func RequestLogger(logger *slog.Logger) func(http.Handler) http.Handler
func RequireAPIAccessAuth(sessionSvc *session.Service, audience token.Audience, now func() time.Time) func(http.Handler) http.Handler
func RequireAPICSRF(next http.Handler) http.Handler
func RequireAccessAuthWithRefresh(sessionSvc *session.Service, audience token.Audience, accessTTL time.Duration, ...) func(http.Handler) http.Handler
func RequireAdmin(next http.Handler) http.Handler
func RequireAllowlistEnabled(enabled bool) func(http.Handler) http.Handler
func RequireCSRF(next http.Handler) http.Handler
func RequireChallengeEnabled(enabled bool) func(http.Handler) http.Handler
func ReturnTo(next http.Handler) http.Handler
func SecurityHeaders(cfg SecurityHeadersConfig) func(http.Handler) http.Handler
type SecurityHeadersConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrCSRFCookieMissing = errors.New("csrf cookie token missing")
	ErrCSRFTokenMissing  = errors.New("csrf token missing in request")
	ErrCSRFTokenInvalid  = errors.New("csrf token invalid")
)

Functions ¶

func HTMXMiddleware ¶ added in v0.1.12

func HTMXMiddleware(next http.Handler) http.Handler

func OptionalAccessIdentity ¶ added in v0.1.16

func OptionalAccessIdentity(
	sessionSvc *session.Service,
	audience token.Audience,
	now func() time.Time,
) func(http.Handler) http.Handler

func RedirectIfAuthenticated ¶

func RedirectIfAuthenticated(sessionService *session.Service, now func() time.Time) func(http.Handler) http.Handler

func RequestLogger ¶

func RequestLogger(logger *slog.Logger) func(http.Handler) http.Handler

func RequireAPIAccessAuth ¶

func RequireAPIAccessAuth(sessionSvc *session.Service, audience token.Audience, now func() time.Time) func(http.Handler) http.Handler

func RequireAPICSRF ¶

func RequireAPICSRF(next http.Handler) http.Handler

func RequireAccessAuthWithRefresh ¶

func RequireAccessAuthWithRefresh(
	sessionSvc *session.Service,
	audience token.Audience,
	accessTTL time.Duration,
	refreshTTL time.Duration,
	now func() time.Time,
) func(http.Handler) http.Handler

RequirePageAccessAuthWithRefresh protects Authara-rendered pages + HTMX actions. It validates the access token, and if it's missing/expired it will try to refresh using the refresh token cookie. If refresh fails, it redirects to login.

func RequireAdmin ¶

func RequireAdmin(next http.Handler) http.Handler

func RequireAllowlistEnabled ¶ added in v0.1.23

func RequireAllowlistEnabled(enabled bool) func(http.Handler) http.Handler

func RequireCSRF ¶

func RequireCSRF(next http.Handler) http.Handler

func RequireChallengeEnabled ¶ added in v0.1.14

func RequireChallengeEnabled(enabled bool) func(http.Handler) http.Handler

func ReturnTo ¶

func ReturnTo(next http.Handler) http.Handler

func SecurityHeaders ¶ added in v0.1.23

func SecurityHeaders(cfg SecurityHeadersConfig) func(http.Handler) http.Handler

Types ¶

type SecurityHeadersConfig ¶ added in v0.1.23

type SecurityHeadersConfig struct {
	AllowGoogleOAuth bool
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL