authheader

package
v1.19.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MIT Imports: 2 Imported by: 0

Documentation

Overview

Package authheader provides HTTP authorization header constants and helper functions. It defines standard authorization response codes and functions for handling authentication failures in Gin-based applications.

The package is used by github.com/nabbar/golib/router/auth for authorization middleware.

Example usage: 

func authHandler(c *gin.Context) {
    token := c.GetHeader(authheader.HeaderAuthSend)
    if token == "" {
        authheader.AuthRequire(c, errors.New("missing token"))
        return
    }
    // Validate token...
}

See also: github.com/nabbar/golib/router/auth

Index

Constants

View Source 
const (
	// HeaderAuthRequire is the HTTP header name for authentication challenges.
	// Used in 401 Unauthorized responses to indicate the authentication scheme.
	HeaderAuthRequire = "WWW-Authenticate"

	// HeaderAuthSend is the HTTP header name for sending credentials.
	// Clients include this header with their authentication information.
	HeaderAuthSend = "Authorization"

	// HeaderAuthReal is the default realm value for Basic authentication.
	// This is sent in the WWW-Authenticate header for LDAP-based auth.
	HeaderAuthReal = "Basic realm=LDAP Authorization Required"
)

Variables

This section is empty.

Functions

func AuthForbidden 

func AuthForbidden(c *ginsdk.Context, err error)

AuthForbidden sends an HTTP 403 Forbidden response and aborts the handler chain. This is used when authentication succeeded but the user is not authorized to access the resource.

If an error is provided, it is added to the Gin context's error list for logging. The handler chain is aborted, preventing any subsequent handlers from executing.

Parameters:

  • c: Gin context
  • err: Optional error to attach to the context (can be nil)

Example: 

if !hasPermission(user, resource) {
    authheader.AuthForbidden(c, errors.New("insufficient permissions"))
    return
}

func AuthRequire 

func AuthRequire(c *ginsdk.Context, err error)

AuthRequire sends an HTTP 401 Unauthorized response and aborts the handler chain. It sets the WWW-Authenticate header to challenge the client for credentials.

If an error is provided, it is added to the Gin context's error list for logging. The handler chain is aborted, preventing any subsequent handlers from executing.

Parameters:

  • c: Gin context
  • err: Optional error to attach to the context (can be nil)

Example: 

if token == "" {
    authheader.AuthRequire(c, errors.New("missing authorization header"))
    return
}

Types

type AuthCode 

type AuthCode uint8

AuthCode represents the result of an authorization check. 

const (
	// AuthCodeSuccess indicates that authorization was successful.
	// The request should proceed to the protected handler.
	AuthCodeSuccess AuthCode = iota

	// AuthCodeRequire indicates that authorization failed or is missing.
	// This typically results in HTTP 401 Unauthorized response.
	AuthCodeRequire

	// AuthCodeForbidden indicates that authorization succeeded but access is denied.
	// This typically results in HTTP 403 Forbidden response.
	AuthCodeForbidden
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.