Documentation
¶
Overview ¶
Package auth implements authentication primitives and middleware for the daemon's HTTP API. It defines core token validation, claims, and user role handling, with middleware supporting authentication and permission checks for protected endpoints. Concrete authentication logic and helpers are provided within this package.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var SystemGroupToRole = map[string]store.Role{ "dployr-owner": store.RoleOwner, "dployr-admin": store.RoleAdmin, "dployr-dev": store.RoleDeveloper, "dployr-viewer": store.RoleViewer, }
System group to role mapping
Functions ¶
func GetCurrentUserSystemRole ¶
GetCurrentUserSystemRole returns the current user's highest system role
Example: dployr-admin returns store.RoleAdmin
func GetUserSystemRole ¶
GetUserSystemRole returns the highest system role for a specific user
func IsPermitted ¶
IsPermitted is a public wrapper for checking role permissions.
Types ¶
type Authenticator ¶
type Claims ¶
type Claims struct {
Subject string `json:"sub,omitempty"`
InstanceID string `json:"instance_id,omitempty"`
Perm string `json:"perm,omitempty"` // one of: viewer, developer, admin, owner
Scopes []string `json:"scopes,omitempty"`
ExpiresAt int64 `json:"exp"`
IssuedAt int64 `json:"iat"`
jwt.RegisteredClaims
}
Claims represents the token structure used across the system
type Middleware ¶
type Middleware struct {
// contains filtered or unexported fields
}
func NewMiddleware ¶
func NewMiddleware(auth Authenticator) *Middleware
func (*Middleware) RequireRole ¶
Source Files
Click to show internal directories.
Click to hide internal directories.