auth

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package auth provides OIDC authentication and session management.

Index

Constants

View Source 
const (
	// OIDCCallbackPath is the default callback path for OIDC.
	OIDCCallbackPath = "/api/oidc/callback"
)

Variables

This section is empty.

Functions

func GenerateRandomState 

func GenerateRandomState() (string, error)

GenerateRandomState generates a secure random state string for OIDC flows.

func GetActorIDForAudit 

func GetActorIDForAudit(ctx context.Context) uuid.UUID

GetActorIDForAudit returns the correct user ID for audit logging. If impersonation is active, it returns the admin's ID.

func GetClientIP 

func GetClientIP(r *http.Request) string

GetClientIP extracts the client IP address from the request.

func GetImpersonationContext 

func GetImpersonationContext(ctx context.Context) (uuid.UUID, string, bool)

GetImpersonationContext returns impersonation details if active.

func GetUserFromContext 

func GetUserFromContext(ctx context.Context) *types.User

GetUserFromContext retrieves the user from the request context.

func NewAuditLogWithContext 

func NewAuditLogWithContext(
	ctx context.Context,
	action string,
	resourceType string,
	resourceID string,
) *types.AuditLog

NewAuditLogWithContext creates an audit log with automatic impersonation handling.

Types

type AuditLogger 

type AuditLogger interface {
	CreateAuditLog(ctx context.Context, log *types.AuditLog) error
}

AuditLogger is the interface for audit logging.

type ContextKey 

type ContextKey string

ContextKey is a custom type for context keys to avoid collisions. 

const (
	// ContextKeyUser is the context key for the authenticated user.
	ContextKeyUser ContextKey = "user"
	// ContextKeyImpersonationState is the context key for impersonation state.
	ContextKeyImpersonationState ContextKey = "impersonation_state"
	// ContextKeyOriginalAdminID is the context key for the original admin ID.
	ContextKeyOriginalAdminID ContextKey = "original_admin_id"
)

type OIDCHandlers 

type OIDCHandlers struct {
	// contains filtered or unexported fields
}

OIDCHandlers provides HTTP handlers for OIDC authentication.

func NewOIDCHandlers 

func NewOIDCHandlers(provider *OIDCProvider, sessionStore sessions.Store, cookieName string, userStore UserStore, auditLogger AuditLogger) *OIDCHandlers

NewOIDCHandlers creates new OIDC handlers.

func (*OIDCHandlers) CallbackHandler 

func (h *OIDCHandlers) CallbackHandler(w http.ResponseWriter, r *http.Request)

CallbackHandler handles the OIDC callback.

func (*OIDCHandlers) LoginHandler 

func (h *OIDCHandlers) LoginHandler(w http.ResponseWriter, r *http.Request)

LoginHandler redirects to the OIDC provider for authentication.

func (*OIDCHandlers) LogoutHandler 

func (h *OIDCHandlers) LogoutHandler(w http.ResponseWriter, r *http.Request)

LogoutHandler handles logout.

func (*OIDCHandlers) SessionCheckHandler 

func (h *OIDCHandlers) SessionCheckHandler(w http.ResponseWriter, r *http.Request)

SessionCheckHandler checks the current session status.

type OIDCProvider 

type OIDCProvider struct {
	// contains filtered or unexported fields
}

OIDCProvider handles OIDC authentication.

func NewOIDCProvider 

func NewOIDCProvider(ctx context.Context, cfg OIDCProviderConfig) (*OIDCProvider, error)

NewOIDCProvider creates a new OIDC provider.

func (*OIDCProvider) AuthCodeURL 

func (p *OIDCProvider) AuthCodeURL(state, nonce string) string

AuthCodeURL generates the authorization URL for the OIDC flow.

func (*OIDCProvider) CallbackPath 

func (p *OIDCProvider) CallbackPath() string

CallbackPath returns the OIDC callback path.

func (*OIDCProvider) Exchange 

func (p *OIDCProvider) Exchange(ctx context.Context, code string) (*oauth2.Token, error)

Exchange exchanges an authorization code for tokens.

func (*OIDCProvider) ProcessCallback 

func (p *OIDCProvider) ProcessCallback(ctx context.Context, code, expectedNonce string, token *oauth2.Token) (*types.OIDCClaims, error)

ProcessCallback handles the OIDC callback and returns claims.

func (*OIDCProvider) UserInfo 

func (p *OIDCProvider) UserInfo(ctx context.Context, token *oauth2.Token) (*oidc.UserInfo, error)

UserInfo fetches user info from the OIDC provider.

func (*OIDCProvider) VerifyIDToken 

func (p *OIDCProvider) VerifyIDToken(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)

VerifyIDToken verifies an ID token and returns it.

type OIDCProviderConfig 

type OIDCProviderConfig struct {
	ServerURL    string
	OIDCConfig   types.OIDCConfig
	CallbackPath string
}

OIDCProviderConfig holds configuration for creating an OIDC provider.

type SessionMiddleware 

type SessionMiddleware struct {
	// contains filtered or unexported fields
}

SessionMiddleware provides session-based authentication middleware.

func NewSessionMiddleware 

func NewSessionMiddleware(
	sessionStore sessions.Store,
	cookieName string,
	userStore UserStore,
	auditLogger AuditLogger,
	adminModeTimeout time.Duration,
) *SessionMiddleware

NewSessionMiddleware creates a new session middleware.

func (*SessionMiddleware) Authenticate 

func (m *SessionMiddleware) Authenticate(r *http.Request) (*types.User, error)

Authenticate validates the session and returns the user, or an error.

func (*SessionMiddleware) RequireAdmin 

func (m *SessionMiddleware) RequireAdmin(next http.HandlerFunc) http.HandlerFunc

RequireAdmin returns middleware that requires admin privileges.

func (*SessionMiddleware) RequireAdminMode 

func (m *SessionMiddleware) RequireAdminMode(next http.HandlerFunc) http.HandlerFunc

RequireAdminMode returns middleware that requires admin mode to be enabled.

func (*SessionMiddleware) RequireAuth 

func (m *SessionMiddleware) RequireAuth(next http.HandlerFunc) http.HandlerFunc

RequireAuth returns middleware that requires authentication.

func (*SessionMiddleware) RequireAuthHandler 

func (m *SessionMiddleware) RequireAuthHandler(next http.Handler) http.Handler

RequireAuthHandler wraps an http.Handler with authentication. Redirects to /login on authentication failure.

type UserStore 

type UserStore interface {
	CreateOrUpdateUserFromClaim(claims *types.OIDCClaims) (*types.User, error)
	UpdateLastLogin(ctx context.Context, userID uuid.UUID) error
	GetUserByID(ctx context.Context, userID uuid.UUID) (*types.User, error)
}

UserStore is the interface for user database operations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.