Documentation
¶
Index ¶
Constants ¶
const ContextKeyAPIKey = "api_key"
ContextKeyAPIKey is the Gin context key for the authenticated API key record.
const ContextKeyRequestID = "request_id"
ContextKeyRequestID is the Gin context key for the request ID.
const ContextKeyTenantID = "tenant_id"
ContextKeyTenantID is the Gin context key for the resolved tenant ID.
const HeaderRequestID = "X-Request-ID"
HeaderRequestID is the HTTP header name used to propagate request IDs.
Variables ¶
This section is empty.
Functions ¶
func AuthMiddleware ¶
func AuthMiddleware(s *store.Store) gin.HandlerFunc
AuthMiddleware extracts a Bearer token from the Authorization header, hashes it with SHA-256, and looks up the hash in the store. If the key is not found or has been revoked, the request is rejected with 401.
On success the middleware sets two context values:
- "api_key": the *store.APIKey record
- "tenant_id": the tenant ID derived from the key (NOT from a client header)
func GetTenantID ¶
GetTenantID is a convenience helper for handlers to retrieve the tenant ID from the Gin context. It panics if the value is missing, which indicates a programming error (middleware not configured).
func RequestLogger ¶
func RequestLogger() gin.HandlerFunc
RequestLogger returns a Gin middleware that emits a structured log line for every request. Each request receives a unique UUID stored in both the Gin context and the X-Request-ID response header.
Log fields: method, path, status, duration_ms, tenant_id, request_id.
func TenantMiddleware ¶
func TenantMiddleware() gin.HandlerFunc
TenantMiddleware reads the tenant_id set by AuthMiddleware and, if the client also sends an X-Tenant-ID header, verifies the two match. This prevents a client from asserting a different tenant than the one bound to their API key.
Downstream handlers may retrieve the canonical tenant ID with:
tenantID, _ := c.Get(middleware.ContextKeyTenantID)
Types ¶
This section is empty.
Source Files