middleware

package
v0.0.0-...-4f574f2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const ContextKeyAllowedJobAliases = "auth.allowed_job_aliases"

ContextKeyAllowedJobAliases stores the scoped job aliases available to list endpoints.

View Source 
const ContextKeyAuth = "auth"

ContextKeyAuth is the key used to store the authenticated API key in the Echo context.

View Source 
const ContextKeyCSRFToken = "auth.csrf_token"

ContextKeyCSRFToken stores the resolved session's CSRF token for handlers.

View Source 
const ContextKeyPrincipal = "auth.principal"

ContextKeyPrincipal stores the unified authenticated identity for the request.

Variables

This section is empty.

Functions

func Auth 

func Auth(d AuthDeps) echo.MiddlewareFunc

Auth returns Echo middleware that enforces API-key or session-cookie authentication and RBAC.

func EnforceSessionCSRF 

func EnforceSessionCSRF(c *echo.Context, expected string) error

EnforceSessionCSRF validates the synchronizer CSRF token for cookie-authenticated unsafe requests. Bearer/API-key requests are exempt at the auth middleware call site because they are not ambient browser credentials.

func GetAllowedJobAliases 

func GetAllowedJobAliases(c *echo.Context) []string

GetAllowedJobAliases returns the scoped aliases injected by the auth middleware.

func GetAuthKey 

func GetAuthKey(c *echo.Context) *models.APIKey

GetAuthKey extracts the authenticated API key from the Echo context. Returns nil if no key is present (e.g. unauthenticated endpoints).

func GetCSRFToken 

func GetCSRFToken(c *echo.Context) string

GetCSRFToken returns the session CSRF token stashed by auth middleware, or "".

func GetPrincipal 

func GetPrincipal(c *echo.Context) *auth.Principal

GetPrincipal returns the unified authenticated identity, or nil if unauthenticated.

func ParseTrustedProxyRanges 

func ParseTrustedProxyRanges(raw string) []*net.IPNet

ParseTrustedProxyRanges parses a comma-separated proxy allowlist into IP ranges. Entries may be CIDR ranges or individual IP addresses.

func ParseTrustedProxyRangesStrict 

func ParseTrustedProxyRangesStrict(raw string) ([]*net.IPNet, error)

ParseTrustedProxyRangesStrict parses a proxy allowlist and rejects invalid entries. Use it when a proxy list is part of startup security validation.

func RequestIsSecure 

func RequestIsSecure(r *http.Request, trustedProxies []*net.IPNet) bool

RequestIsSecure reports whether the original request is HTTPS. Forwarded protocol headers are trusted only when the immediate peer is allowlisted.

Types

type AuthDeps 

type AuthDeps struct {
	Service    *auth.Service
	Auditor    *auth.AuditLogger
	Limiter    *auth.RateLimiter
	Sessions   *auth.SessionStore
	CookieName string
}

AuthDeps bundles the dependencies the auth middleware needs.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.