Documentation
¶
Index ¶
- func CheckAPIKey(hash, key string) bool
- func CheckPassword(hash, password string) bool
- func ContextWithUser(ctx context.Context, user *User) context.Context
- func GenerateAPIKey() (fullKey, prefix string, err error)
- func HashAPIKey(key string) (string, error)
- func HashPassword(password string) (string, error)
- func Middleware(sessionManager *scs.SessionManager, userStore *UserStore, keyStore *KeyStore, ...) func(http.Handler) http.Handler
- func RegisterRoutes(api huma.API, sessionManager *scs.SessionManager, userStore *UserStore, ...)
- type APIKeyInfo
- type APIKeyRow
- type KeyStore
- func (s *KeyStore) Create(ctx context.Context, userID, name, keyPrefix, keyHash string) (*APIKeyRow, error)
- func (s *KeyStore) Delete(ctx context.Context, id, userID string) error
- func (s *KeyStore) GetByPrefix(ctx context.Context, prefix string) (*APIKeyRow, error)
- func (s *KeyStore) ListByUser(ctx context.Context, userID string) ([]APIKeyInfo, error)
- func (s *KeyStore) UpdateLastUsed(ctx context.Context, id string)
- type User
- type UserRow
- type UserStore
- func (s *UserStore) Count(ctx context.Context) (int, error)
- func (s *UserStore) Create(ctx context.Context, email, name, passwordHash string) (*UserRow, error)
- func (s *UserStore) CreateWithRole(ctx context.Context, email, name, passwordHash, role string) (*UserRow, error)
- func (s *UserStore) GetByEmail(ctx context.Context, email string) (*UserRow, error)
- func (s *UserStore) GetByID(ctx context.Context, id string) (*UserRow, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckAPIKey ¶
func CheckPassword ¶
func GenerateAPIKey ¶
func HashAPIKey ¶
func HashPassword ¶
func Middleware ¶
func Middleware(sessionManager *scs.SessionManager, userStore *UserStore, keyStore *KeyStore, legacyAPIKey string) func(http.Handler) http.Handler
Middleware returns a chi-compatible middleware that enforces authentication on all /api/ routes except explicitly exempt paths. It checks three auth methods in order:
- Session cookie (via scs session manager)
- API key (X-API-Key header with "sk-" prefix, SHA-256 hashed)
- Legacy API key (constant-time comparison against a static key)
On success, the authenticated User is attached to the request context via ContextWithUser.
func RegisterRoutes ¶
func RegisterRoutes(api huma.API, sessionManager *scs.SessionManager, userStore *UserStore, keyStore *KeyStore, disableSignup bool)
RegisterRoutes wires up all authentication-related HTTP endpoints onto the provided Huma API: signup, login, logout, me, and API key management.
Types ¶
type APIKeyInfo ¶
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
func NewKeyStore ¶
func (*KeyStore) GetByPrefix ¶
func (*KeyStore) ListByUser ¶
type User ¶
type User struct {
ID string `json:"id"`
Email string `json:"email"`
Name string `json:"name"`
Role string `json:"role"`
}
func UserFromContext ¶
type UserStore ¶
type UserStore struct {
// contains filtered or unexported fields
}
func NewUserStore ¶
func (*UserStore) CreateWithRole ¶
func (*UserStore) GetByEmail ¶
Source Files
Click to show internal directories.
Click to hide internal directories.