Documentation
¶
Overview ¶
Package auth is the Redis-backed token store (ADR 0005). Tokens are indexed by their secret bearer value so Validate is an O(1) GET on the auth hot path. It implements model.TokenStore.
Index ¶
- func GenerateValue() (string, error)
- type Store
- func (s *Store) Bootstrap(ctx context.Context, value string) error
- func (s *Store) Create(ctx context.Context, name string, scopes []string) (*model.Token, error)
- func (s *Store) Delete(ctx context.Context, value string) error
- func (s *Store) DeleteByName(ctx context.Context, name string) (bool, error)
- func (s *Store) List(ctx context.Context) ([]*model.Token, error)
- func (s *Store) Ping(ctx context.Context) error
- func (s *Store) Put(ctx context.Context, t *model.Token) error
- func (s *Store) Validate(ctx context.Context, value string) (*model.Token, bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateValue ¶
GenerateValue mints a random opaque bearer value (prefix "tr_"). Tokens are secrets, not JWTs — TinyRaven stores them verbatim in Redis (ADR 0005).
Types ¶
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store validates and persists bearer tokens in Redis.
func (*Store) Bootstrap ¶
Bootstrap creates/overwrites the ADMIN token for value, used at startup from config TR_ADMIN_TOKEN to guarantee a working credential exists (ADR 0005).
func (*Store) Create ¶ added in v0.3.16
Create mints a fresh opaque bearer value, persists the token, and returns it with Value populated — the one moment the secret is revealed (the /v0/tokens POST path). Value generation stays inside the auth package so the HTTP layer depends only on the model.TokenManager interface.
func (*Store) DeleteByName ¶
DeleteByName removes the token with the given name. Returns false if none matched.