actor

package
v0.9.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package actor carries the identity of the caller making a request.

An Actor is set by the auth middleware after a session lookup (or admin token bypass) and read by handlers via From(ctx). Today the only relevant fields are UserID + Username; ActiveOrgID/Roles are reserved for the multi-tenant + RBAC work that will land after the catalog cutover.

Handlers should never read cookies or tokens directly — they go through the Actor in context. This keeps call sites stable across changes to the identity backend (YAML today, Postgres/Kratos/SuperTokens later).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WithActor

func WithActor(ctx context.Context, a *Actor) context.Context

WithActor returns a context carrying a.

Types

type Actor

type Actor struct {
	// UserID is the durable reference (UUIDv7). Empty means "no user" —
	// usually the admin-token bypass path or anonymous inference traffic.
	UserID string

	// Username is the display name. Subject to change; never use it as
	// a join key.
	Username string

	// SessionID is the opaque session token (when this actor came from a
	// session lookup). Carried for audit + revocation. Empty for the
	// admin-token bypass.
	SessionID string

	// AdminToken is true when this actor came from the RELAY_ADMIN_TOKEN
	// bypass instead of a user session. Authz can grant blanket
	// permissions to break-glass callers.
	AdminToken bool

	// Roles are carried verbatim from the user record at session build;
	// app/authz interprets them. Empty for the admin-token bypass (which
	// AdminToken already marks as all-powerful).
	Roles []string
}

Actor is the authenticated caller for the current request.

func From

func From(ctx context.Context) *Actor

From returns the actor in ctx, or nil if no actor is set.

func (*Actor) HasRole added in v0.7.0

func (a *Actor) HasRole(role string) bool

HasRole reports whether the actor carries role.

func (*Actor) IsAuthenticated

func (a *Actor) IsAuthenticated() bool

IsAuthenticated reports whether the actor represents any kind of valid caller (real user session or admin-token bypass).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL