auth

package

v0.1.0 Latest Latest Go to latest Published: Mar 11, 2026 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ethpandaops/panda

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides simplified GitHub-based OAuth for local product edges.

This implements a minimal OAuth 2.1 authorization server that: - Delegates identity verification to GitHub - Issues signed bearer tokens with proper resource (audience) binding per RFC 8707 - Validates bearer tokens on protected endpoints

The flow is: 1. Client calls /auth/authorize with resource + PKCE 2. Server redirects to GitHub for authentication 3. GitHub redirects back to /auth/callback 4. Server verifies org membership, issues authorization code 5. Client exchanges code for bearer tokens at /auth/token 6. Client uses bearer tokens to access product endpoints

Index ¶

type AuthUser
- func GetAuthUser(ctx context.Context) *AuthUser
type Config
type GitHubConfig
type SimpleService
- func NewSimpleService(log logrus.FieldLogger, cfg Config, baseURL string) (SimpleService, error)
type TokensConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthUser ¶

type AuthUser struct {
	GitHubLogin string
	GitHubID    int64
	Orgs        []string
}

AuthUser is the authenticated user info attached to request context.

func GetAuthUser ¶

func GetAuthUser(ctx context.Context) *AuthUser

GetAuthUser returns the authenticated user from context.

type Config ¶

type Config struct {
	Enabled     bool          `yaml:"enabled"`
	GitHub      *GitHubConfig `yaml:"github,omitempty"`
	AllowedOrgs []string      `yaml:"allowed_orgs,omitempty"`
	Tokens      TokensConfig  `yaml:"tokens"`
}

Config holds OAuth server configuration for a local product edge.

type GitHubConfig ¶

type GitHubConfig struct {
	ClientID     string `yaml:"client_id"`
	ClientSecret string `yaml:"client_secret"`
}

GitHubConfig holds GitHub OAuth configuration.

type SimpleService ¶

type SimpleService interface {
	Start(ctx context.Context) error
	Stop() error
	Enabled() bool
	Middleware() func(http.Handler) http.Handler
	MountRoutes(r chi.Router)
}

SimpleService is the simplified auth service interface.

func NewSimpleService ¶

func NewSimpleService(log logrus.FieldLogger, cfg Config, baseURL string) (SimpleService, error)

NewSimpleService creates a new simplified auth service.

type TokensConfig ¶

type TokensConfig struct {
	SecretKey string `yaml:"secret_key"`
}

TokensConfig holds signed access token configuration.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
client Package client provides an OAuth PKCE client for local authentication.	Package client provides an OAuth PKCE client for local authentication.
github Package github provides GitHub OAuth integration.	Package github provides GitHub OAuth integration.
store Package store provides local credential storage for OAuth tokens.	Package store provides local credential storage for OAuth tokens.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL