auth

package
v0.1.23 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: AGPL-3.0, AGPL-3.0-or-later Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAuthRequired   = errors.New("authentication required")
	ErrAdminRequired  = errors.New("admin access required")
	ErrForbidden      = errors.New("access denied")
	ErrWorkerRequired = errors.New("worker token required")
)

Functions

func AuthInfoFromContext 

func AuthInfoFromContext(ctx context.Context) *types.AuthInfo

func CanWrite 

func CanWrite(ctx context.Context) bool

func ClientAuthInterceptor 

func ClientAuthInterceptor(token string) grpc.UnaryClientInterceptor

ClientAuthInterceptor adds an authorization header to outgoing unary calls

func ClientAuthStreamInterceptor 

func ClientAuthStreamInterceptor(token string) grpc.StreamClientInterceptor

ClientAuthStreamInterceptor adds an authorization header to outgoing streaming calls

func ClientRetryInterceptor 

func ClientRetryInterceptor(maxRetries int, delay time.Duration) grpc.UnaryClientInterceptor

ClientRetryInterceptor retries calls on transient errors

func HTTPMiddleware 

func HTTPMiddleware(validator TokenValidator) echo.MiddlewareFunc

HTTPMiddleware validates auth tokens and adds AuthInfo to context. Allows requests to proceed without auth; routes must explicitly require auth.

func IsAdmin 

func IsAdmin(ctx context.Context) bool

func IsAuthenticated 

func IsAuthenticated(ctx context.Context) bool

func IsClusterAdmin 

func IsClusterAdmin(ctx context.Context) bool

func IsWorker 

func IsWorker(ctx context.Context) bool

func MemberEmail 

func MemberEmail(ctx context.Context) string

func MemberId 

func MemberId(ctx context.Context) uint

func MemberRole 

func MemberRole(ctx context.Context) types.MemberRole

func PoolName 

func PoolName(ctx context.Context) string

func RequireAdmin 

func RequireAdmin(ctx context.Context) error

func RequireAuth 

func RequireAuth(ctx context.Context) error

func RequireAuthMiddleware 

func RequireAuthMiddleware() echo.MiddlewareFunc

func RequireClusterAdmin 

func RequireClusterAdmin(ctx context.Context) error

func RequireClusterAdminMiddleware 

func RequireClusterAdminMiddleware() echo.MiddlewareFunc

func RequireWorker 

func RequireWorker(ctx context.Context) error

func RequireWorkerForPool 

func RequireWorkerForPool(ctx context.Context, poolName string) error

func RequireWorkspaceAccess 

func RequireWorkspaceAccess(ctx context.Context, workspaceExtId string) error

func WithAdmin 

func WithAdmin(h echo.HandlerFunc) echo.HandlerFunc

func WithAuth 

func WithAuth(h echo.HandlerFunc) echo.HandlerFunc

func WithAuthInfo 

func WithAuthInfo(ctx context.Context, info *types.AuthInfo) context.Context

func WithClusterAdmin 

func WithClusterAdmin(h echo.HandlerFunc) echo.HandlerFunc

func WithWorkspaceAccess 

func WithWorkspaceAccess(h echo.HandlerFunc) echo.HandlerFunc

func WorkspaceExtId 

func WorkspaceExtId(ctx context.Context) string

func WorkspaceId 

func WorkspaceId(ctx context.Context) uint

func WorkspaceName 

func WorkspaceName(ctx context.Context) string

Types

type CompositeValidator 

type CompositeValidator struct {
	// contains filtered or unexported fields
}

CompositeValidator checks cluster admin token first, then database tokens.

func NewCompositeValidator 

func NewCompositeValidator(clusterToken string, authorizer TokenAuthorizer) *CompositeValidator

func (*CompositeValidator) ValidateClusterToken 

func (v *CompositeValidator) ValidateClusterToken(token string) bool

func (*CompositeValidator) ValidateToken 

func (v *CompositeValidator) ValidateToken(ctx context.Context, token string) (*types.AuthInfo, error)

type GRPCInterceptor 

type GRPCInterceptor struct {
	// contains filtered or unexported fields
}

GRPCInterceptor provides authentication interceptors for gRPC.

func NewGRPCInterceptor 

func NewGRPCInterceptor(validator TokenValidator) *GRPCInterceptor

func (*GRPCInterceptor) Stream 

func (i *GRPCInterceptor) Stream() grpc.StreamServerInterceptor

func (*GRPCInterceptor) Unary 

func (i *GRPCInterceptor) Unary() grpc.UnaryServerInterceptor

type StaticValidator 

type StaticValidator struct {
	// contains filtered or unexported fields
}

StaticValidator only checks cluster admin token (no database).

func NewStaticValidator 

func NewStaticValidator(clusterToken string) *StaticValidator

func (*StaticValidator) ValidateClusterToken 

func (v *StaticValidator) ValidateClusterToken(token string) bool

func (*StaticValidator) ValidateToken 

func (v *StaticValidator) ValidateToken(ctx context.Context, token string) (*types.AuthInfo, error)

type TokenAuthorizer 

type TokenAuthorizer interface {
	AuthorizeToken(ctx context.Context, rawToken string) (*types.AuthInfo, error)
}

TokenAuthorizer is implemented by repositories that can authorize tokens.

type TokenValidator 

type TokenValidator interface {
	ValidateClusterToken(token string) bool
	ValidateToken(ctx context.Context, token string) (*types.AuthInfo, error)
}

TokenValidator validates tokens and returns auth info.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.