Documentation
¶
Index ¶
- Variables
- type Claims
- type Driver
- func (d *Driver) Authenticate(r *http.Request) (*pickle.AuthInfo, error)
- func (d *Driver) RevokeAllForUser(userID string) error
- func (d *Driver) RevokeToken(jti string) error
- func (d *Driver) SignToken(claims Claims) (string, error)
- func (d *Driver) ValidateToken(tokenStr string) (*pickle.AuthInfo, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrInvalidToken = errors.New("jwt: invalid token")
ErrInvalidToken is returned for all token validation failures. The specific reason is logged server-side but never exposed to callers.
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
JTI string `json:"jti,omitempty"`
Subject string `json:"sub,omitempty"`
Issuer string `json:"iss,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
IssuedAt int64 `json:"iat,omitempty"`
Role string `json:"role,omitempty"`
Extra map[string]any `json:"-"`
}
Claims represents standard + custom JWT claims.
type Driver ¶
type Driver struct {
// contains filtered or unexported fields
}
Driver implements JWT-based authentication using HMAC signing (HS256/HS384/HS512). All crypto uses Go's stdlib — no third-party JWT library. Tokens are tracked in a jwt_tokens table for revocation support.
func NewDriver ¶
NewDriver creates a JWT auth driver. Config is read from environment:
- JWT_SECRET: HMAC signing key (required)
- JWT_ISSUER: expected issuer claim (optional)
- JWT_EXPIRY: token lifetime in seconds (default: 3600)
- JWT_ALGORITHM: HS256, HS384, or HS512 (default: HS256)
func (*Driver) Authenticate ¶
Authenticate extracts the Bearer token from the request, validates it, and returns AuthInfo on success.
func (*Driver) RevokeAllForUser ¶
RevokeAllForUser revokes all tokens for the given user ID.
func (*Driver) RevokeToken ¶
RevokeToken revokes a single token by JTI.
Source Files
Click to show internal directories.
Click to hide internal directories.