auth

package
v1.4.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package auth provides JWT and Apple Sign In authentication, along with GraphQL middleware.

Package auth contains configuration and authentication logic for Apple Sign In and JWT.

Index

Constants

View Source 
const (
	AdminClaimKey    = "admin"
	AdminIssuer      = "TeaElephantEditor"
	AdminAudience    = "tea-elephant-api"
	ClockSkewSeconds = 300
)

Admin auth constants

View Source 
const (

	// JwtDurationHour is the number of hours for which the issued JWT will be valid.
	JwtDurationHour = 24
)

Variables

View Source 
var (
	ErrAppleAuth                  = errors.New("apple authentication failed")
	ErrEmptyBlockDecode           = errors.New("empty block after decoding")
	ErrAdminKeyNotECDSA           = errors.New("admin public key is not ECDSA")
	ErrAdminVerificationKeyAbsent = errors.New("admin verification key not loaded")
)

ErrAppleAuth indicates that Apple Sign In authentication failed.

Functions

func GetUser 

func GetUser(ctx context.Context) (*common.User, error)

GetUser extracts the authenticated user from the context.

func RequireAdmin added in v1.4.10 

func RequireAdmin(ctx context.Context) error

RequireAdmin ensures an admin principal is present in context.

Types

type AdminPrincipal added in v1.4.10 

type AdminPrincipal struct {
	JTI       string
	IssuedAt  time.Time
	ExpiresAt time.Time
}

AdminPrincipal represents an authenticated admin session

func AdminPrincipalFrom added in v1.4.10 

func AdminPrincipalFrom(ctx context.Context) (*AdminPrincipal, bool)

AdminPrincipalFrom extracts the admin principal from context.

type Auth 

type Auth interface {
	Auth(ctx context.Context, token string) (*common.Session, error)
	Validate(ctx context.Context, jwt string) (*common.User, error)
	Middleware() graphql.HandlerExtension
	WsInitFunc(ctx context.Context, payload transport.InitPayload) (context.Context, *transport.InitPayload, error)
	Start() error
}

Auth defines the authentication operations for issuing and validating JWTs and providing GraphQL middleware support.

func NewAuth 

func NewAuth(cfg *Configuration, storage storage, logger *logrus.Entry) Auth

NewAuth constructs the Auth service with provided configuration, storage, and logger.

type Configuration 

type Configuration struct {
	SecretPath string
	Secret     string
	TeamID     string
	ClientID   string
	KeyID      string

	// Path to admin public key (mounted as a file)
	AdminPublicKeyPath string
}

Configuration holds Apple authentication configuration and secret key path.

func Config 

func Config() *Configuration

Config loads configuration from environment and reads the private key from SecretPath.

type Middleware 

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware implements a GraphQL extension to authenticate requests.

func (Middleware) Auth 

func (a Middleware) Auth(ctx context.Context, token string) (*common.Session, error)

func (*Middleware) ExtensionName 

func (a *Middleware) ExtensionName() string

ExtensionName returns the name of the GraphQL extension.

func (*Middleware) InterceptResponse 

func (a *Middleware) InterceptResponse(ctx context.Context, next graphql.ResponseHandler) *graphql.Response

InterceptResponse intercepts GraphQL responses to ensure the user is authenticated.

func (Middleware) Middleware 

func (a Middleware) Middleware() graphql.HandlerExtension

Middleware returns the GraphQL handler extension that enforces authentication.

func (Middleware) Start 

func (a Middleware) Start() (err error)

func (*Middleware) Validate 

func (a *Middleware) Validate(graphql.ExecutableSchema) error

Validate implements the GraphQL extension validator (no-op).

func (Middleware) ValidateAdmin added in v1.4.10 

func (a Middleware) ValidateAdmin(_ context.Context, jwtToken string) (*AdminPrincipal, error)

ValidateAdmin parses and validates an admin JWT and returns a principal.

func (Middleware) WsInitFunc 

func (a Middleware) WsInitFunc(ctx context.Context, payload transport.InitPayload) (context.Context, *transport.InitPayload, error)

WsInitFunc initializes the WebSocket connection by validating Authorization header if provided.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.