routeperm

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Overview

Package routeperm implements a go/analysis pass that flags HTTP write routes (POST/PUT/PATCH/DELETE) registered in the routes package without a middleware.Require* wrapper.

this is the S3 invariant enforcement — every tenant-user write MUST have a permission check. The route-permission audit in docs/audits/2026-04-route-permission-audit.md confirmed no gaps exist today; this linter keeps it that way.

Opt-out directive: //routeperm:public — use for endpoints that are intentionally public (webhook receivers, OAuth callbacks, invitation-token flows).

Index

Constants

This section is empty.

Variables

View Source 
var Analyzer = &analysis.Analyzer{
	Name:     "routepermcheck",
	Doc:      "flags POST/PUT/PATCH/DELETE route registrations without middleware.Require*",
	Requires: []*analysis.Analyzer{inspect.Analyzer},
	Run:      run,
}

Analyzer is the exported go/analysis pass.

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Command routepermcheck runs the route-permission analyzer as a single-checker binary.
 Command routepermcheck runs the route-permission analyzer as a single-checker binary.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.