apikey

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HasherArgon2id   = "argon2id"
	HasherHMACSHA256 = "hmac-sha256"
)
View Source 
const PrincipalTypeAPIKey = "apikey"

Variables

View Source 
var (
	ErrLookupNotConfigured  = errors.New("apikey: key lookup is not configured")
	ErrRevokerNotConfigured = errors.New("apikey: revoker is not configured")
	ErrRotatorNotConfigured = errors.New("apikey: rotator is not configured")
	ErrInvalidAPIKey        = errors.New("apikey: invalid api key")
	ErrRevokedAPIKey        = errors.New("apikey: api key revoked")
	ErrExpiredAPIKey        = errors.New("apikey: api key expired")
)
View Source 
var (
	ErrInvalidHashFormat = errors.New("apikey: invalid hash format")
)
View Source 
var (
	ErrInvalidRawKeyFormat = errors.New("apikey: invalid raw key format")
)

Functions

func Module 

func Module(opts ...di.Node) di.Node

func SetPrincipalLocals 

func SetPrincipalLocals(c fiber.Ctx, principal *Principal)

func UseCachedLookup 

func UseCachedLookup(opts ...CacheOption) di.Node

func UseCachedRevoker 

func UseCachedRevoker() di.Node

func UseCachedRotator 

func UseCachedRotator() di.Node

func UseHasher 

func UseHasher(hasher Hasher) di.Node

func UseLookup 

func UseLookup(lookup KeyLookup) di.Node

func UseRevoker 

func UseRevoker(revoker Revoker) di.Node

func UseRotator 

func UseRotator(rotator Rotator) di.Node

func UseUsageRecorder 

func UseUsageRecorder(recorder KeyUsageRecorder) di.Node

func WithPrincipal 

func WithPrincipal(ctx context.Context, principal *Principal) context.Context

Types

type Argon2idHasher 

type Argon2idHasher struct {
	// contains filtered or unexported fields
}

Hash format: a1$memory$time$threads$base64(salt)$base64(hash)

func NewArgon2idHasher 

func NewArgon2idHasher() *Argon2idHasher

func (*Argon2idHasher) Hash 

func (h *Argon2idHasher) Hash(secret string) (string, error)

func (*Argon2idHasher) Verify 

func (h *Argon2idHasher) Verify(hash string, secret string) (bool, error)

type CacheOption 

type CacheOption func(*CachedLookupConfig)

func WithCacheL1TTL 

func WithCacheL1TTL(ttlSec int) CacheOption

func WithCacheL2TTL 

func WithCacheL2TTL(ttlSec int) CacheOption

func WithCacheNamespace 

func WithCacheNamespace(namespace string) CacheOption

func WithCacheNegativeTTL 

func WithCacheNegativeTTL(ttlSec int) CacheOption

func WithCacheRedisKeyPrefix 

func WithCacheRedisKeyPrefix(prefix string) CacheOption

type CachedLookup 

type CachedLookup struct {
	// contains filtered or unexported fields
}

func NewCachedLookup 

func NewCachedLookup(base KeyLookup, redisClient rd.RedisClient, cfg CachedLookupConfig) *CachedLookup

func (*CachedLookup) FindByKeyID 

func (c *CachedLookup) FindByKeyID(ctx context.Context, keyID string) (*StoredKey, error)

func (*CachedLookup) InvalidateKey 

func (c *CachedLookup) InvalidateKey(ctx context.Context, keyID string) error

type CachedLookupConfig 

type CachedLookupConfig struct {
	L1TTL          time.Duration
	L2TTL          time.Duration
	NegativeTTL    time.Duration
	L1MaxEntries   int
	RedisKeyPrefix string
	Namespace      string
}

type CachedRevoker 

type CachedRevoker struct {
	// contains filtered or unexported fields
}

func NewCachedRevoker 

func NewCachedRevoker(base Revoker, invalidator LookupInvalidator) *CachedRevoker

func (*CachedRevoker) RevokeKey 

func (r *CachedRevoker) RevokeKey(ctx context.Context, keyID string, reason string) error

type CachedRotator 

type CachedRotator struct {
	// contains filtered or unexported fields
}

func NewCachedRotator 

func NewCachedRotator(base Rotator, invalidator LookupInvalidator) *CachedRotator

func (*CachedRotator) RotateKey 

func (r *CachedRotator) RotateKey(ctx context.Context, keyID string, prefix string) (*IssuedKey, error)

type Config 

type Config struct {
	HeaderName       string        `mapstructure:"header_name"`
	HeaderScheme     string        `mapstructure:"header_scheme"`
	HasherMode       string        `mapstructure:"hasher_mode"`
	HMACSecret       string        `mapstructure:"hmac_secret"`
	KeyPrefix        string        `mapstructure:"key_prefix"`
	KeyIDLength      int           `mapstructure:"key_id_length"`
	SecretLength     int           `mapstructure:"secret_length"`
	SkewAllowance    time.Duration `mapstructure:"skew_allowance"`
	SetPrincipalCtx  bool          `mapstructure:"set_principal_ctx"`
	SetPrincipalBody bool          `mapstructure:"set_principal_body"`
	DetailedErrors   bool          `mapstructure:"detailed_errors"`
}

type Generator 

type Generator interface {
	GenerateRawKey(prefix string) (rawKey string, keyID string, secret string, err error)
	ParseRawKey(rawKey string) (keyID string, secret string, err error)
}

type HMACSHA256Hasher 

type HMACSHA256Hasher struct {
	// contains filtered or unexported fields
}

func NewHMACSHA256Hasher 

func NewHMACSHA256Hasher(secret string) (*HMACSHA256Hasher, error)

func (*HMACSHA256Hasher) Hash 

func (h *HMACSHA256Hasher) Hash(secret string) (string, error)

func (*HMACSHA256Hasher) Verify 

func (h *HMACSHA256Hasher) Verify(hash string, secret string) (bool, error)

type Hasher 

type Hasher interface {
	Hash(secret string) (string, error)
	Verify(hash string, secret string) (bool, error)
}

func NewHasherFromConfig 

func NewHasherFromConfig(cfg Config) (Hasher, error)

type IssuedKey 

type IssuedKey struct {
	KeyID      string            `json:"key_id"`
	AppID      string            `json:"app_id"`
	RawKey     string            `json:"raw_key"`
	Prefix     string            `json:"prefix"`
	SecretHash string            `json:"-"`
	Scopes     []string          `json:"scopes"`
	Metadata   map[string]string `json:"metadata,omitempty"`
	ExpiresAt  *time.Time        `json:"expires_at,omitempty"`
}

type KeyGenerator 

type KeyGenerator struct {
	// contains filtered or unexported fields
}

func NewKeyGenerator 

func NewKeyGenerator(cfg Config) *KeyGenerator

func (*KeyGenerator) GenerateRawKey 

func (g *KeyGenerator) GenerateRawKey(prefix string) (rawKey string, keyID string, secret string, err error)

func (*KeyGenerator) ParseRawKey 

func (g *KeyGenerator) ParseRawKey(rawKey string) (keyID string, secret string, err error)

type KeyLookup 

type KeyLookup interface {
	FindByKeyID(ctx context.Context, keyID string) (*StoredKey, error)
}

type KeyUsageRecorder 

type KeyUsageRecorder interface {
	MarkUsed(ctx context.Context, keyID string, usedAt time.Time) error
}

type LookupInvalidator 

type LookupInvalidator interface {
	InvalidateKey(ctx context.Context, keyID string) error
}

type Manager 

type Manager interface {
	IssueKey(appID string, prefix string, scopes []string, metadata map[string]string, expiresAt *time.Time) (*IssuedKey, error)
	ValidateRawKey(ctx context.Context, rawKey string) (*Principal, error)
	Middleware() fiber.Handler
	RevokeKey(ctx context.Context, keyID string, reason string) error
	RotateKey(ctx context.Context, keyID string, prefix string) (*IssuedKey, error)
}

type NewServiceParams 

type NewServiceParams struct {
	Config    Config
	Generator Generator
	Hasher    Hasher
	Lookup    KeyLookup
	Recorder  KeyUsageRecorder
	Revoker   Revoker
	Rotator   Rotator
}

type Principal 

type Principal struct {
	Type     string            `json:"type"`
	AppID    string            `json:"app_id"`
	KeyID    string            `json:"key_id"`
	Scopes   []string          `json:"scopes"`
	Metadata map[string]string `json:"metadata,omitempty"`
}

func PrincipalFromContext 

func PrincipalFromContext(ctx context.Context) (*Principal, bool)

func PrincipalFromLocals 

func PrincipalFromLocals(c fiber.Ctx) (*Principal, bool)

type Revoker 

type Revoker interface {
	RevokeKey(ctx context.Context, keyID string, reason string) error
}

type Rotator 

type Rotator interface {
	RotateKey(ctx context.Context, keyID string, prefix string) (*IssuedKey, error)
}

type SaltedSHA256Hasher 

type SaltedSHA256Hasher struct{}

Hash format: v1$base64(salt)$base64(sha256(salt || secret))

func NewSaltedSHA256Hasher 

func NewSaltedSHA256Hasher() *SaltedSHA256Hasher

func (*SaltedSHA256Hasher) Hash 

func (h *SaltedSHA256Hasher) Hash(secret string) (string, error)

func (*SaltedSHA256Hasher) Verify 

func (h *SaltedSHA256Hasher) Verify(hash string, secret string) (bool, error)

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(p NewServiceParams) *Service

func (*Service) IssueKey 

func (s *Service) IssueKey(appID string, prefix string, scopes []string, metadata map[string]string, expiresAt *time.Time) (*IssuedKey, error)

func (*Service) Middleware 

func (s *Service) Middleware() fiber.Handler

func (*Service) RevokeKey 

func (s *Service) RevokeKey(ctx context.Context, keyID string, reason string) error

func (*Service) RotateKey 

func (s *Service) RotateKey(ctx context.Context, keyID string, prefix string) (*IssuedKey, error)

func (*Service) ValidateRawKey 

func (s *Service) ValidateRawKey(ctx context.Context, rawKey string) (*Principal, error)

type StoredKey 

type StoredKey struct {
	KeyID      string
	AppID      string
	SecretHash string
	Scopes     []string
	Metadata   map[string]string
	ExpiresAt  *time.Time
	RevokedAt  *time.Time
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.