middleware

package

v1.0.0 Latest Latest Go to latest Published: Mar 6, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/techquestsdev/code-search

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AuthMiddleware(auth Authenticator) func(http.Handler) http.Handler
func ContextWithUser(ctx context.Context, user *User) context.Context
type Authenticator
type Authorizer
type NoOpAuthenticator
- func (n *NoOpAuthenticator) Authenticate(_ *http.Request) (*User, error)
type NoOpAuthorizer
- func (n *NoOpAuthorizer) CanAccessRepo(_ context.Context, _ *User, _ string) bool
- func (n *NoOpAuthorizer) FilterRepos(_ context.Context, _ *User, repos []string) []string
type User
- func UserFromContext(ctx context.Context) *User

Constants ¶

This section is empty.

Variables ¶

View Source

var AnonymousUser = &User{
	ID:       "anonymous",
	Name:     "Anonymous",
	Provider: "none",
}

AnonymousUser is the default user when no authentication is configured.

Functions ¶

func AuthMiddleware ¶

func AuthMiddleware(auth Authenticator) func(http.Handler) http.Handler

AuthMiddleware returns HTTP middleware that authenticates each request using the provided Authenticator and stores the user in the request context.

func ContextWithUser ¶

func ContextWithUser(ctx context.Context, user *User) context.Context

ContextWithUser returns a new context with the given user stored in it.

Types ¶

type Authenticator ¶

type Authenticator interface {
	// Authenticate inspects the request (headers, cookies, tokens) and returns
	// the authenticated user. Return a non-nil error to reject the request
	// with 401 Unauthorized.
	Authenticate(r *http.Request) (*User, error)
}

Authenticator validates incoming requests and returns user identity. The default NoOpAuthenticator always returns AnonymousUser. Enterprise implementations can provide SAML, OIDC, or other SSO providers.

type Authorizer ¶

type Authorizer interface {
	// CanAccessRepo checks if the user can view a repository.
	CanAccessRepo(ctx context.Context, user *User, repoName string) bool
	// FilterRepos filters a list of repos to only those the user can access.
	FilterRepos(ctx context.Context, user *User, repos []string) []string
}

Authorizer controls access to resources based on user identity. The default NoOpAuthorizer allows all access. Enterprise implementations can provide RBAC or other access control.

type NoOpAuthenticator ¶

type NoOpAuthenticator struct{}

NoOpAuthenticator is the default authenticator that allows all requests and assigns AnonymousUser identity. Used in the open-source core.

func (*NoOpAuthenticator) Authenticate ¶

func (n *NoOpAuthenticator) Authenticate(_ *http.Request) (*User, error)

Authenticate always returns AnonymousUser with no error.

type NoOpAuthorizer ¶

type NoOpAuthorizer struct{}

NoOpAuthorizer is the default authorizer that allows all access. Used in the open-source core.

func (*NoOpAuthorizer) CanAccessRepo ¶

func (n *NoOpAuthorizer) CanAccessRepo(_ context.Context, _ *User, _ string) bool

CanAccessRepo always returns true.

func (*NoOpAuthorizer) FilterRepos ¶

func (n *NoOpAuthorizer) FilterRepos(_ context.Context, _ *User, repos []string) []string

FilterRepos returns all repos unfiltered.

type User ¶

type User struct {
	ID       string
	Email    string
	Name     string
	Groups   []string
	Provider string // "saml", "oidc", "local", "anonymous"
}

User represents an authenticated user.

func UserFromContext ¶

func UserFromContext(ctx context.Context) *User

UserFromContext retrieves the authenticated user from the request context. Returns AnonymousUser if no user is set.

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL