common

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2026 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAnonymousUser added in v0.2.0

func GetAnonymousUser(roleName string) *user.User

GetAnonymousUser returns a singleton anonymous user with the specified role

func GetAuthenticatedUser

func GetAuthenticatedUser(ctx context.Context) (*user.User, bool)

GetAuthenticatedUser returns the current authenticated user

func GetOperatorUser added in v0.9.0

func GetOperatorUser() *user.User

GetOperatorUser returns a singleton system user for operator token authentication. This user has admin role and is used by Job pods authenticating with the operator token.

func ParseLimit

func ParseLimit(limitStr string, defaultLimit, maxLimit int) int

ParseLimit parses and validates limit parameter

func ParseOffset

func ParseOffset(offsetStr string) int

ParseOffset parses and validates offset parameter

func PrincipalFromContext added in v0.10.0

func PrincipalFromContext(ctx context.Context) (auth.Principal, bool)

PrincipalFromContext retrieves the authenticated Principal from the request context.

func RequireEncryption added in v0.8.0

func RequireEncryption(configured bool) func(http.HandlerFunc) http.HandlerFunc

RequireEncryption middleware blocks requests when encryption is not configured

func RequirePermission

func RequirePermission(userService user.Service, resourceType, action string) func(http.HandlerFunc) http.HandlerFunc

RequirePermission middleware checks if the authenticated principal has the required permission. It supports both user principals (via UserContextKey) and non-user principals like service accounts (via PrincipalContextKey).

func RequirePluginsReady added in v0.10.0

func RequirePluginsReady(w http.ResponseWriter) bool

RequirePluginsReady writes a 503 with Retry-After and returns false if plugin loading has not yet completed. Handlers that resolve or invoke a plugin should call this before doing any work so callers get a clear signal instead of an "unknown plugin" error during startup.

func RespondError

func RespondError(w http.ResponseWriter, status int, message string)

RespondError sends a standard error response

func RespondJSON

func RespondJSON(w http.ResponseWriter, status int, data interface{})

RespondJSON sends a JSON response with standard headers

func RespondValidationError added in v0.5.0

func RespondValidationError(w http.ResponseWriter, message string, fields []ValidationError)

RespondValidationError sends a validation error response with field-level errors

func SetK8sTokenValidator added in v0.9.0

func SetK8sTokenValidator(v *K8sTokenValidator)

SetK8sTokenValidator registers the K8s token validator for use by WithAuth.

func SetOAuthAuthorizeCompleter added in v0.10.0

func SetOAuthAuthorizeCompleter(c OAuthAuthorizeCompleter)

func SetOAuthManager added in v0.10.0

func SetOAuthManager(m *auth.OAuthManager)

SetOAuthManager registers the OAuthManager for OIDC token exchange in WithAuth.

func SetServiceAccountService added in v0.10.0

func SetServiceAccountService(svc serviceaccount.Service)

SetServiceAccountService registers the SA service so WithAuth can fall through to SA key validation.

func WithAnonymousContext added in v0.2.0

func WithAnonymousContext(ctx context.Context, role string) context.Context

WithAnonymousContext adds anonymous context to the request context

func WithAuth

func WithAuth(userService user.Service, authService auth.Service, cfg *config.Config) func(http.HandlerFunc) http.HandlerFunc

WithAuth middleware handles API key, JWT, and K8s ServiceAccount token authentication.

func WithRateLimit added in v0.3.2

func WithRateLimit(cfg *config.Config, limit int, window int) func(http.HandlerFunc) http.HandlerFunc

WithRateLimit middleware enforces rate limiting per user/IP with per-endpoint limits

Types

type AnonymousContext added in v0.2.0

type AnonymousContext struct {
	RoleName string
}

AnonymousContext represents an authentication context for anonymous access

func GetAnonymousContext added in v0.2.0

func GetAnonymousContext(ctx context.Context) (AnonymousContext, bool)

GetAnonymousContext retrieves anonymous context from the request context

type ContextKey

type ContextKey string

Context keys for storing authenticated user info

const (
	UserContextKey      ContextKey = "user"
	PrincipalContextKey ContextKey = "principal"
)

type ErrorResponse

type ErrorResponse struct {
	Error string `json:"error"`

} // @name ErrorResponse

ErrorResponse represents an API error response

type Filter

type Filter struct {
	Limit  int      `json:"limit"`
	Offset int      `json:"offset"`
	Sort   []string `json:"sort,omitempty"`
}

Filter represents common query parameters for list operations

type K8sTokenValidator added in v0.9.0

type K8sTokenValidator struct {
	// contains filtered or unexported fields
}

K8sTokenValidator validates Kubernetes ServiceAccount tokens via the TokenReview API.

func NewK8sTokenValidator added in v0.9.0

func NewK8sTokenValidator() (*K8sTokenValidator, error)

NewK8sTokenValidator creates a validator using in-cluster credentials.

func (*K8sTokenValidator) Validate added in v0.9.0

func (v *K8sTokenValidator) Validate(ctx context.Context, token string) (namespace, serviceAccount string, err error)

Validate checks a token via the TokenReview API and returns the namespace and service account name.

type OAuthAuthorizeCompleter added in v0.10.0

type OAuthAuthorizeCompleter interface {
	HasPendingAuthorize(r *http.Request) bool
	CompleteAuthorize(w http.ResponseWriter, r *http.Request, userID, username string) (string, error)
}

OAuthAuthorizeCompleter completes a pending OAuth authorise flow (PKCE) from the login endpoint.

func GetOAuthAuthorizeCompleter added in v0.10.0

func GetOAuthAuthorizeCompleter() OAuthAuthorizeCompleter

type RateLimitStore added in v0.3.2

type RateLimitStore struct {
	// contains filtered or unexported fields
}

RateLimitStore manages rate limit counters in memory

func NewRateLimitStore added in v0.3.2

func NewRateLimitStore() *RateLimitStore

NewRateLimitStore creates a new in-memory rate limit store

type Route

type Route struct {
	Path       string
	Method     string
	Handler    http.HandlerFunc
	Middleware []func(http.HandlerFunc) http.HandlerFunc
}

Route represents a route for the HTTP server

type TimeRange

type TimeRange struct {
	Start time.Time `json:"start"`
	End   time.Time `json:"end"`
}

TimeRange represents a time-based filter range

type ValidationError

type ValidationError struct {
	Field   string `json:"field"`
	Message string `json:"message"`

} // @name ValidationErrorDetail

ValidationError represents a field-level validation error

type ValidationErrorResponse added in v0.5.0

type ValidationErrorResponse struct {
	Error  string            `json:"error"`
	Fields []ValidationError `json:"fields,omitempty"`
}

ValidationErrorResponse represents validation errors

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL