auth

package
v1.1.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package auth implements gateway key authentication and authorization middleware.

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidGatewayKey = errors.New("invalid gateway key")
View Source 
var ErrMissingGatewayKey = errors.New("missing gateway key")

Functions

func DynamicMiddleware 

func DynamicMiddleware(resolver AuthorizerResolver, options MiddlewareOptions, next http.Handler) http.Handler

func Middleware 

func Middleware(authorizer *Authorizer, options MiddlewareOptions, next http.Handler) http.Handler

func WithIdentity 

func WithIdentity(ctx context.Context, identity *Identity) context.Context

Types

type AuditEvent 

type AuditEvent struct {
	Action             string
	Outcome            string
	Reason             string
	StatusCode         int
	Path               string
	Resource           string
	ResourceAction     string
	Scope              string
	Provider           string
	RequiredPermission Permission
	KeyID              string
	OrgID              string
	WorkspaceID        string
	LimitCode          string
}

type AuditRecorder 

type AuditRecorder func(r *http.Request, event AuditEvent)

type AuthorizationRule 

type AuthorizationRule struct {
	Resource   string
	Action     string
	Scope      string
	Permission Permission
	Methods    []string
	Path       string
	Public     bool
}

func AuthorizationMatrix 

func AuthorizationMatrix() []AuthorizationRule

AuthorizationMatrix documents the enforced gateway policy in resource/action terms.

type Authorizer 

type Authorizer struct {
	// contains filtered or unexported fields
}

func NewAuthorizer 

func NewAuthorizer(options Options) (*Authorizer, error)

func (*Authorizer) Authenticate 

func (a *Authorizer) Authenticate(r *http.Request) (*Identity, error)

func (*Authorizer) Enabled 

func (a *Authorizer) Enabled() bool

func (*Authorizer) HeaderName 

func (a *Authorizer) HeaderName() string

type AuthorizerResolver 

type AuthorizerResolver func(r *http.Request) (*Authorizer, error)

type Identity 

type Identity struct {
	KeyID       string
	OrgID       string
	WorkspaceID string
	Team        string
	Role        string
	// contains filtered or unexported fields
}

func IdentityFromContext 

func IdentityFromContext(ctx context.Context) (*Identity, bool)

func (*Identity) HasPermission 

func (i *Identity) HasPermission(permission Permission) bool

type KeyConfig 

type KeyConfig struct {
	ID          string
	Token       string
	TokenHash   string
	OrgID       string
	WorkspaceID string
	Team        string
	Role        string
	Permissions []string
}

type MiddlewareOptions 

type MiddlewareOptions struct {
	APIPrefix          string
	OpenAIPrefix       string
	AnthropicPrefix    string
	ProxyLimiter       ProxyLimiter
	ProxyUsageRecorder ProxyUsageRecorder
	AuditRecorder      AuditRecorder
}

type Options 

type Options struct {
	Enabled bool
	Header  string
	Keys    []KeyConfig
}

type Permission 

type Permission string
const (
	PermissionProxyWrite    Permission = "proxy:write"
	PermissionAnalyticsRead Permission = "analytics:read"
	PermissionKeysManage    Permission = "keys:manage"
)

type ProxyLimitResult 

type ProxyLimitResult struct {
	Code              string
	Message           string
	RetryAfterSeconds int
}

type ProxyLimiter 

type ProxyLimiter func(r *http.Request, identity *Identity) (*ProxyLimitResult, error)

type ProxyUsageRecorder 

type ProxyUsageRecorder func(r *http.Request, identity *Identity)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.