principal

package

v1.3.0 Latest Latest Go to latest Published: Jan 13, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/origadmin/contrib

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func Anonymous() securityifaces.Principal
func Decode(encoded string) (securityifaces.Principal, error)
func Encode(p securityifaces.Principal) (string, error)
func Extract(ctx context.Context) (string, bool)
func ExtractFromServerContext(pt PropagationType, ctx context.Context, req any) string
func FromContext(ctx context.Context) (securityifaces.Principal, bool)
func FromProto(protoP *securityv1.Principal) (securityifaces.Principal, error)
func Inject(ctx context.Context, encodedPrincipal string) context.Context
func New(id string, opts ...Option) securityifaces.Principal
func NewClaims(rawData map[string]any, encoders ...ClaimEncoder) (securityifaces.Claims, error)
func NewContext(ctx context.Context, p securityifaces.Principal) context.Context
func PropagateToClientContext(pt PropagationType, ctx context.Context, req any, encodedPrincipal string) context.Context
type ClaimEncoder
type Option
type PropagationType
- func (pt PropagationType) String() string

Constants ¶

View Source

const (
	// MetadataKey is the key used to store the Principal in gRPC metadata or HTTP headers.
	MetadataKey = "x-md-global-principal-proto"
)

Variables ¶

This section is empty.

Functions ¶

func Anonymous ¶

func Anonymous() securityifaces.Principal

func Decode ¶

func Decode(encoded string) (securityifaces.Principal, error)

Decode decodes a base64-encoded Protobuf string into a securityifaces.Principal.

func Encode ¶

func Encode(p securityifaces.Principal) (string, error)

Encode encodes a securityifaces.Principal into a base64-encoded Protobuf string.

func Extract ¶

func Extract(ctx context.Context) (string, bool)

Extract extracts an encoded principal string from an incoming request context. It prioritizes the Kratos transport abstraction but falls back to the native gRPC metadata mechanism.

func ExtractFromServerContext ¶

func ExtractFromServerContext(pt PropagationType, ctx context.Context, req any) string

ExtractFromServerContext extracts an encoded principal string from an incoming request's transport-specific metadata/headers. Parameters are ordered by priority: PropagationType, Context, optional Request.

func FromContext ¶

func FromContext(ctx context.Context) (securityifaces.Principal, bool)

FromContext extracts a Principal from the context. It returns the Principal and a boolean indicating if it was found.

func FromProto ¶

func FromProto(protoP *securityv1.Principal) (securityifaces.Principal, error)

FromProto converts a *securityv1.Principal Protobuf message to a securityifaces.Principal. If the input protoP is nil, it returns a NewPrincipalWithID, ensuring a non-nil Principal is always returned. This function directly constructs the concretePrincipal, optimizing for the structured Protobuf input.

func Inject ¶

func Inject(ctx context.Context, encodedPrincipal string) context.Context

Inject injects an encoded principal string into an outgoing request context. It prioritizes the Kratos transport abstraction but falls back to the native gRPC metadata mechanism.

func New ¶

func New(id string, opts ...Option) securityifaces.Principal

New creates a new securityifaces.Principal instance using functional options. It ensures that all fields are initialized to non-nil values.

func NewClaims ¶

func NewClaims(rawData map[string]any, encoders ...ClaimEncoder) (securityifaces.Claims, error)

NewClaims is a factory function that creates a standard Claims object from a raw map. It validates and normalizes the data, converting Go native types into structpb.Value protobuf messages. Custom encoders can be provided to handle specific types or override default conversion logic.

func NewContext ¶

func NewContext(ctx context.Context, p securityifaces.Principal) context.Context

NewContext creates a new context with the given Principal.

func PropagateToClientContext ¶

func PropagateToClientContext(pt PropagationType, ctx context.Context, req any,
	encodedPrincipal string) context.Context

PropagateToClientContext prepares the context for an outgoing client request by injecting an encoded Principal string into transport-specific metadata/headers. Parameters are ordered by priority: PropagationType, Context, Principal data, optional Request.

Types ¶

type ClaimEncoder ¶

type ClaimEncoder interface {
	// Encode attempts to convert a Go value to a *structpb.Value.
	// It returns the converted value, a boolean indicating if it handled the conversion,
	// and an error if the conversion failed.
	Encode(key string, value any) (*structpb.Value, bool, error)
}

ClaimEncoder defines an interface for custom claim encoders. Users can implement this to provide custom logic for converting Go types to structpb.Value.

type Option ¶

type Option func(*concretePrincipal)

Option is a functional option for configuring a Principal.

func WithClaims ¶

func WithClaims(claims securityifaces.Claims) Option

WithClaims sets the claims for the principal. If the provided claims are nil, this option does nothing, preserving the default empty claims set by the New constructor.

func WithDomain ¶

func WithDomain(domain string) Option

WithDomain sets the domain for the principal. If the provided domain is empty, this option does nothing, preserving the default empty string set by the New constructor.

func WithPermissions ¶

func WithPermissions(permissions []string) Option

WithPermissions sets the permissions for the principal. If the provided permissions slice is nil, this option does nothing, preserving the default empty slice set by the New constructor.

func WithRoles ¶

func WithRoles(roles []string) Option

WithRoles sets the roles for the principal. If the provided roles slice is nil, this option does nothing, preserving the default empty slice set by the New constructor.

func WithScopes ¶

func WithScopes(scopes map[string]bool) Option

WithScopes sets the scopes for the principal. If the provided scopes map is nil, this option does nothing, preserving the default empty map set by the New constructor.

type PropagationType ¶

type PropagationType int

PropagationType defines the type of transport for which the security context should be propagated. This allows middleware to adapt its behavior based on the underlying transport mechanism (e.g., Kratos HTTP, Kratos gRPC, Native gRPC, etc.).

const (
	// PropagationTypeUnknown indicates an unknown or unspecified propagation type.
	PropagationTypeUnknown PropagationType = iota
	// PropagationTypeKratos is for propagation within Kratos HTTP transport.
	PropagationTypeKratos
	// PropagationTypeGRPC is for propagation within native gRPC transport (without Kratos transport layer).
	PropagationTypeGRPC
	// PropagationTypeHTTP is for propagation within native HTTP transport (without Kratos transport layer).
	PropagationTypeHTTP
)

func (PropagationType) String ¶

func (pt PropagationType) String() string

String returns the string representation of the PropagationType.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL