middleware

package module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package middleware contains middleware functions for authentication and authorization.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RequireGoogleServiceAccount 

func RequireGoogleServiceAccount(expectedEmail string, audienceOption AudienceOption) func(http.Handler) http.Handler

RequireGoogleServiceAccount is a middleware that verifies incoming HTTP requests are authenticated by a specific Google Service Account.

It extracts the OIDC token from the "Authorization: Bearer" header and validates it using Google's public certificates. The validation ensures that: 1. The token is properly signed and not expired. 2. The token's audience matches the specified AudienceOption (based on the request URL/host). 3. The token contains a verified email claim. 4. The verified email exactly matches the expectedEmail parameter.

If validation fails at any step, the middleware intercepts the request and returns an HTTP 401 Unauthorized response. Otherwise, it delegates to the next handler in the chain.

Types

type AudienceOption 

type AudienceOption int

AudienceOption is the type for the audience options 

const (
	// AudienceHostOnly will validate only the host name e.g., "example.com"
	AudienceHostOnly AudienceOption = iota

	// AudienceHostURL will validate the host url e.g., "https://example.com"
	AudienceHostURL

	// AudienceFullURL will validate the full url e.g., "https://example.com/path"
	AudienceFullURL
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.