projectcontext

func ExtractProjectNameFromPath ¶

func ExtractProjectNameFromPath(path string) string

ExtractProjectNameFromPath extracts the project name from the given context

func InjectActiveProjectID ¶

func InjectActiveProjectID(projectServiceURL string, errorOnMissing bool) func(http.Handler) http.Handler

InjectActiveProjectID is a standard http.Handler middleware that resolves and injects the active project ID with security validation.

func ResolveAndValidateProjectID ¶

func ResolveAndValidateProjectID(ctx context.Context, path string, authHeader string, existingProjectID string, config ProjectResolverConfig) (string, error)

ResolveAndValidateProjectID is a framework-agnostic helper that resolves and validates project ID from request path and auth header. It performs:

1. Extract project name from path
2. Resolve project UUID via Tenant Manager REST API — ResolveProjectUUID also verifies JWT access
3. Fall back to JWT extraction for old-style paths

Returns (projectUUID, error) - error is non-nil only if ErrorOnMissingProject is true and the project cannot be resolved or the caller does not have access.

func ResolveProjectUUID ¶

func ResolveProjectUUID(ctx context.Context, projectName string, authHeader string, projectServiceURL string) (string, error)

ResolveProjectUUID resolves a project name to its UUID by calling GET /v1/projects/{name} on the Tenant Manager. The Tenant Manager enforces JWT-based RBAC internally: it checks that the caller has project-read-role or member-role within the appropriate org.

This function also validates that the caller has access to the returned project UUID by checking JWT claims. This protects against misconfigured Tenant Manager auth middleware or direct ClusterIP access.