auth

package

v0.6.0-rc3 Latest Latest Go to latest Published: Feb 16, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nebari-dev/nebi

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func HashPassword(password string) (string, error)
func LocalUsername() string
func VerifyPassword(hash, password string) bool
type Authenticator
type BasicAuthenticator
- func NewBasicAuthenticator(db *gorm.DB, jwtSecret string) *BasicAuthenticator
type Claims
type LocalAuthenticator
- func NewLocalAuthenticator(db *gorm.DB) (*LocalAuthenticator, error)
type LoginRequest
type LoginResponse
type OIDCAuthenticator
- func NewOIDCAuthenticator(ctx context.Context, cfg OIDCConfig, db *gorm.DB, jwtSecret string) (*OIDCAuthenticator, error)
- func (a *OIDCAuthenticator) GetAuthURL(state string) string
- func (a *OIDCAuthenticator) HandleCallback(ctx context.Context, code string) (*LoginResponse, error)
type OIDCConfig

Constants ¶

View Source

const (
	// UserContextKey is the key used to store user in Gin context
	UserContextKey = "user"
	// TokenDuration is the validity period for JWT tokens
	TokenDuration = 24 * time.Hour
)

Variables ¶

View Source

var (
	ErrInvalidCredentials = errors.New("invalid credentials")
	ErrUnauthorized       = errors.New("unauthorized")
)

Functions ¶

func HashPassword ¶

func HashPassword(password string) (string, error)

HashPassword hashes a password using bcrypt

func LocalUsername ¶

func LocalUsername() string

LocalUsername is the well-known username used in local mode.

func VerifyPassword ¶

func VerifyPassword(hash, password string) bool

VerifyPassword checks if a password matches the hash

Types ¶

type Authenticator ¶

type Authenticator interface {
	// Login authenticates a user and returns a JWT token
	Login(username, password string) (*LoginResponse, error)

	// Middleware returns a Gin middleware for authentication
	Middleware() gin.HandlerFunc

	// GetUserFromContext extracts the authenticated user from the Gin context
	GetUserFromContext(c *gin.Context) (*models.User, error)
}

Authenticator is an interface for authentication providers

type BasicAuthenticator ¶

type BasicAuthenticator struct {
	// contains filtered or unexported fields
}

BasicAuthenticator implements basic username/password authentication

func NewBasicAuthenticator ¶

func NewBasicAuthenticator(db *gorm.DB, jwtSecret string) *BasicAuthenticator

NewBasicAuthenticator creates a new basic authenticator

func (*BasicAuthenticator) GetUserFromContext ¶

func (a *BasicAuthenticator) GetUserFromContext(c *gin.Context) (*models.User, error)

GetUserFromContext extracts the authenticated user from the Gin context

func (a *BasicAuthenticator) Login(username, password string) (*LoginResponse, error)

Login authenticates a user and returns a JWT token

func (*BasicAuthenticator) Middleware ¶

func (a *BasicAuthenticator) Middleware() gin.HandlerFunc

Middleware returns a Gin middleware for authentication

type LocalAuthenticator ¶

type LocalAuthenticator struct {
	// contains filtered or unexported fields
}

LocalAuthenticator provides a no-op authenticator for local/desktop mode. It ensures a well-known "local-user" exists in the database and injects that user into every request context without checking credentials.

func NewLocalAuthenticator ¶

func NewLocalAuthenticator(db *gorm.DB) (*LocalAuthenticator, error)

NewLocalAuthenticator finds or creates the well-known local-user and returns an authenticator that always uses that user.

func (*LocalAuthenticator) GetUserFromContext ¶

func (a *LocalAuthenticator) GetUserFromContext(c *gin.Context) (*models.User, error)

GetUserFromContext extracts the authenticated user from the Gin context.

func (a *LocalAuthenticator) Login(_, _ string) (*LoginResponse, error)

Login returns the local-user with a dummy token (no password check).

func (*LocalAuthenticator) Middleware ¶

func (a *LocalAuthenticator) Middleware() gin.HandlerFunc

Middleware injects the local-user into the context without checking credentials.

func (*LocalAuthenticator) User ¶

func (a *LocalAuthenticator) User() *models.User

User returns the local-user for use outside the HTTP request path (e.g. granting RBAC roles at startup).

type LoginRequest ¶

type LoginRequest struct {
	Username string `json:"username" binding:"required"`
	Password string `json:"password" binding:"required"`
}

LoginRequest represents a login request

type LoginResponse ¶

type LoginResponse struct {
	Token string       `json:"token"`
	User  *models.User `json:"user"`
}

LoginResponse represents a login response

type OIDCAuthenticator ¶

type OIDCAuthenticator struct {
	// contains filtered or unexported fields
}

OIDCAuthenticator provides generic OIDC authentication

func NewOIDCAuthenticator ¶

func NewOIDCAuthenticator(ctx context.Context, cfg OIDCConfig, db *gorm.DB, jwtSecret string) (*OIDCAuthenticator, error)

NewOIDCAuthenticator creates a new OIDC authenticator

func (*OIDCAuthenticator) GetAuthURL ¶

func (a *OIDCAuthenticator) GetAuthURL(state string) string

GetAuthURL returns the URL to redirect users to for authentication

func (*OIDCAuthenticator) HandleCallback ¶

func (a *OIDCAuthenticator) HandleCallback(ctx context.Context, code string) (*LoginResponse, error)

HandleCallback handles the OAuth2 callback

type OIDCConfig ¶

type OIDCConfig struct {
	IssuerURL    string
	ClientID     string
	ClientSecret string
	RedirectURL  string
	Scopes       []string
}

OIDCConfig holds OIDC configuration

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL