Documentation
¶
Overview ¶
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.
Index ¶
- Variables
- func AuthMiddleware(config models.AuthConfig, logger *slog.Logger) (func(http.Handler) http.Handler, error)
- func AuthorizationMiddleware(config models.AuthConfig, logger *slog.Logger) func(http.Handler) http.Handler
- func GetAuthContext(r *http.Request) (models.AuthContext, bool)
- func GetAuthzSkip(r *http.Request) bool
- func WithAuthContext(ctx context.Context, authCtx models.AuthContext) context.Context
- type AuthResult
- type Authenticator
- type BasicAuthenticator
- type Credentials
- type JWTAuthenticator
Constants ¶
This section is empty.
Variables ¶
var ( ErrAuthenticationFailed = errors.New("authentication failed") ErrNoAuthenticators = errors.New("no authenticators registered") )
var ( ErrInvalidToken = errors.New("invalid token") ErrExpiredToken = errors.New("token has expired") ErrInvalidSignature = errors.New("invalid token signature") )
var (
ErrNoAuthenticator = errors.New("no suitable authenticator found")
)
Functions ¶
func AuthMiddleware ¶
func AuthMiddleware(config models.AuthConfig, logger *slog.Logger) (func(http.Handler) http.Handler, error)
AuthMiddleware creates a unified authentication middleware supporting both Basic and Bearer auth. Initialize authenticators once at startup (middleware creation time). Any configuration errors (e.g., JWT JWKS init failures) should fail fast here rather than per-request.
func AuthorizationMiddleware ¶
func AuthorizationMiddleware(config models.AuthConfig, logger *slog.Logger) func(http.Handler) http.Handler
AuthorizationMiddleware enforces resource->roles mapping stored in config.ResourceRoles. Route keys use the net/http ServeMux pattern format: "METHOD /path/{param}".
func GetAuthContext ¶
func GetAuthContext(r *http.Request) (models.AuthContext, bool)
GetAuthContext retrieves the AuthContext stored by AuthMiddleware.
func GetAuthzSkip ¶
GetAuthzSkip returns true when the authz middleware should skip role checks.
func WithAuthContext ¶
WithAuthContext returns a new context with the provided AuthContext stored under the same key used by AuthMiddleware. This is intended for use in tests and other contexts where the auth middleware has not run.
Types ¶
type AuthResult ¶
type AuthResult struct {
Success bool
UserID string
Roles []string
Claims map[string]interface{}
ErrorMessage string
SkipAuthorization bool // when true the authz middleware skips role checks
}
AuthResult contains the result of an authentication attempt
type Authenticator ¶
type Authenticator interface {
// Authenticate verifies the provided credentials
Authenticate(r *http.Request) (*AuthResult, error)
// Name returns the name of the authenticator
Name() string
// CanHandle checks if this authenticator can handle the given credentials
CanHandle(r *http.Request) bool
}
Authenticator defines the interface for authentication methods
type BasicAuthenticator ¶
type BasicAuthenticator struct {
// contains filtered or unexported fields
}
BasicAuthenticator implements HTTP Basic Authentication
func NewBasicAuthenticator ¶
func NewBasicAuthenticator(authConfig models.AuthConfig, logger *slog.Logger) *BasicAuthenticator
NewBasicAuthenticator creates a new BasicAuthenticator
func (*BasicAuthenticator) Authenticate ¶
func (b *BasicAuthenticator) Authenticate(r *http.Request) (*AuthResult, error)
Authenticate verifies basic authentication credentials from context
func (*BasicAuthenticator) CanHandle ¶
func (b *BasicAuthenticator) CanHandle(r *http.Request) bool
CanHandle checks if credentials in context are BasicCredentials
func (*BasicAuthenticator) Name ¶
func (b *BasicAuthenticator) Name() string
Name returns the authenticator name
type Credentials ¶
type Credentials interface{}
Credentials represents generic authentication credentials
type JWTAuthenticator ¶
type JWTAuthenticator struct {
// contains filtered or unexported fields
}
JWTAuthenticator implements JWT authentication
func NewJWTAuthenticator ¶
func NewJWTAuthenticator(config *models.AuthConfig, logger *slog.Logger) (*JWTAuthenticator, error)
NewJWTAuthenticator creates a new JWT authenticator
func (*JWTAuthenticator) Authenticate ¶
func (j *JWTAuthenticator) Authenticate(r *http.Request) (*AuthResult, error)
Authenticate verifies JWT token from context
func (*JWTAuthenticator) CanHandle ¶
func (j *JWTAuthenticator) CanHandle(r *http.Request) bool
CanHandle checks if credentials in context are JWTCredentials
func (*JWTAuthenticator) Name ¶
func (j *JWTAuthenticator) Name() string
Name returns the authenticator name