authsome

package module

v0.0.1 Latest Latest Go to latest Published: Nov 20, 2025 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/xraph/authsome

Links

Open Source Insights

README ¶

AuthSome

Authsome™ is an authentication and authorization backend maintained by XRAPH™.

Authors: Rex Raphael Last Updated: 2025-11-01

A comprehensive, pluggable authentication framework for Go, inspired by better-auth. Enterprise-grade authentication with multi-tenancy support, designed to integrate seamlessly with the Forge framework.

🚀 Features

Core Authentication

Email/Password Authentication - Secure user registration and login
Session Management - Cookie-based sessions with Redis caching support
Multi-Factor Authentication - TOTP, SMS, and email-based 2FA
Social Authentication - OAuth integration with major providers
Passwordless Authentication - Magic links and WebAuthn/Passkeys

Enterprise Features

Multi-Tenancy - Organization-scoped authentication and configuration
Role-Based Access Control (RBAC) - Fine-grained permissions and policies
Audit Logging - Comprehensive security event tracking
Rate Limiting - Configurable request throttling and abuse prevention
Device Management - Track and manage user devices and sessions
Security Monitoring - IP filtering, geolocation, and anomaly detection

Developer Experience

Plugin Architecture - Extensible authentication methods
Clean Architecture - Service-oriented design with repository pattern
Type Safety - Full Go type safety with comprehensive error handling
Database Agnostic - PostgreSQL, MySQL, and SQLite support
Configuration Management - Flexible YAML/JSON configuration with environment overrides
Comprehensive Testing - Unit and integration test coverage

Deployment Modes

Standalone Mode - Single-tenant applications
SaaS Mode - Multi-tenant platforms with organization isolation

📦 Installation

Prerequisites

Go 1.25 or later
Supported database (PostgreSQL, MySQL, or SQLite)
Redis (optional, for distributed session storage)

Install AuthSome

go get github.com/xraph/authsome

Install Dependencies

# Core dependencies
go get github.com/xraph/forge
go get github.com/uptrace/bun

# Database drivers (choose one)
go get github.com/lib/pq                    # PostgreSQL
go get github.com/go-sql-driver/mysql       # MySQL
go get github.com/mattn/go-sqlite3          # SQLite

# Optional: Redis for session storage
go get github.com/redis/go-redis/v9

🏃‍♂️ Quick Start

Basic Setup

package main

import (
    "context"
    "log"
    "os"

    "github.com/xraph/authsome"
    "github.com/xraph/forge"
    "github.com/uptrace/bun"
    "github.com/uptrace/bun/dialect/pgdialect"
    "github.com/uptrace/bun/driver/pgdriver"
)

func main() {
    // Create Forge app
    app := forge.New()

    // Setup database
    db := bun.NewDB(pgdriver.NewConnector(
        pgdriver.WithDSN(os.Getenv("DATABASE_URL")),
    ), pgdialect.New())

    // Initialize AuthSome
    auth := authsome.New(
        authsome.WithDatabase(db),
        authsome.WithForgeConfig(app.Config()),
        authsome.WithMode(authsome.ModeStandalone),
    )

    // Initialize services
    if err := auth.Initialize(context.Background()); err != nil {
        log.Fatal("Failed to initialize AuthSome:", err)
    }

    // Mount AuthSome routes
    if err := auth.Mount(app, "/auth"); err != nil {
        log.Fatal("Failed to mount AuthSome:", err)
    }

    // Start server
    log.Println("Server starting on :8080")
    log.Fatal(app.Listen(":8080"))
}

Environment Configuration

Create a .env file:

# Database
DATABASE_URL=postgres://user:password@localhost/myapp?sslmode=disable

# Session
SESSION_SECRET=your-super-secret-session-key

# Email (optional)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password

# Redis (optional)
REDIS_URL=redis://localhost:6379

🔧 Usage

User Registration

curl -X POST http://localhost:8080/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securepassword123"
  }'

curl -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securepassword123"
  }'

Protected Routes

// Middleware for protected routes
func requireAuth(auth *authsome.Auth) forge.MiddlewareFunc {
    return func(c *forge.Context) error {
        session := auth.GetSession(c)
        if session == nil {
            return c.JSON(401, map[string]string{
                "error": "Authentication required",
            })
        }
        return c.Next()
    }
}

// Protected route example
app.GET("/api/profile", requireAuth(auth), func(c *forge.Context) error {
    user := auth.GetUser(c)
    return c.JSON(200, user)
})

Plugin Usage

import (
    "github.com/xraph/authsome/plugins/twofa"
    "github.com/xraph/authsome/plugins/username"
    "github.com/xraph/authsome/plugins/magiclink"
)

// Initialize with plugins
auth := authsome.New(
    authsome.WithDatabase(db),
    authsome.WithForgeConfig(app.Config()),
    authsome.WithPlugins(
        twofa.NewPlugin(),
        username.NewPlugin(),
        magiclink.NewPlugin(),
    ),
)

⚙️ Configuration

YAML Configuration

# config.yaml
auth:
  mode: "standalone"  # or "saas"
  basePath: "/auth"
  secret: "your-session-secret"
  rbacEnforce: false

  # Session configuration
  session:
    maxAge: 86400      # 24 hours
    secure: true
    httpOnly: true
    sameSite: "strict"

  # Rate limiting
  rateLimit:
    enabled: true
    requests: 100
    window: "1m"
    storage: "memory"  # or "redis"

  # Email configuration
  email:
    provider: "smtp"
    smtp:
      host: "smtp.gmail.com"
      port: 587
      username: "your-email@gmail.com"
      password: "your-app-password"

  # Security settings
  security:
    enabled: true
    ipWhitelist: []
    ipBlacklist: []
    allowedCountries: ["US", "CA", "GB"]
    blockedCountries: ["CN", "RU"]

  # Plugin configurations
  plugins:
    twofa:
      enabled: true
      issuer: "MyApp"
      digits: 6
      period: 30

    username:
      enabled: true
      minLength: 3
      maxLength: 30
      allowSpecialChars: false

    magiclink:
      enabled: true
      tokenExpiry: "15m"
      maxAttempts: 3

Environment Variables

# Core settings
AUTHSOME_MODE=standalone
AUTHSOME_SECRET=your-session-secret
AUTHSOME_BASE_PATH=/auth

# Database
DATABASE_URL=postgres://user:pass@localhost/db

# Session
SESSION_MAX_AGE=86400
SESSION_SECURE=true

# Rate limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=1m

# Email
EMAIL_PROVIDER=smtp
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password

# Redis (optional)
REDIS_URL=redis://localhost:6379

# Security
SECURITY_ENABLED=true
ALLOWED_COUNTRIES=US,CA,GB
BLOCKED_COUNTRIES=CN,RU

📚 API Reference

Authentication Endpoints

Method	Endpoint	Description
`POST`	`/auth/register`	Register a new user
`POST`	`/auth/login`	Authenticate user
`POST`	`/auth/logout`	End user session
`POST`	`/auth/refresh`	Refresh session
`GET`	`/auth/me`	Get current user
`PUT`	`/auth/me`	Update user profile
`POST`	`/auth/change-password`	Change user password
`POST`	`/auth/forgot-password`	Request password reset
`POST`	`/auth/reset-password`	Reset password with token

Two-Factor Authentication

Method	Endpoint	Description
`POST`	`/auth/2fa/setup`	Setup 2FA for user
`POST`	`/auth/2fa/verify`	Verify 2FA token
`POST`	`/auth/2fa/disable`	Disable 2FA
`GET`	`/auth/2fa/backup-codes`	Get backup codes

Organization Management (SaaS Mode)

Method	Endpoint	Description
`GET`	`/api/orgs`	List user organizations
`POST`	`/api/orgs`	Create organization
`GET`	`/api/orgs/{id}`	Get organization details
`PUT`	`/api/orgs/{id}`	Update organization
`DELETE`	`/api/orgs/{id}`	Delete organization
`GET`	`/api/orgs/{id}/members`	List organization members
`POST`	`/api/orgs/{id}/invite`	Invite user to organization
`DELETE`	`/api/orgs/{id}/members/{userId}`	Remove member

Session Management

Method	Endpoint	Description
`GET`	`/auth/sessions`	List user sessions
`DELETE`	`/auth/sessions/{id}`	Revoke specific session
`DELETE`	`/auth/sessions/all`	Revoke all sessions

Audit & Security

Method	Endpoint	Description
`GET`	`/auth/audit`	Get audit logs
`GET`	`/auth/devices`	List user devices
`DELETE`	`/auth/devices/{id}`	Remove device

Webhooks

Method	Endpoint	Description
`GET`	`/auth/webhooks`	List webhooks
`POST`	`/auth/webhooks`	Create webhook
`PUT`	`/auth/webhooks/{id}`	Update webhook
`DELETE`	`/auth/webhooks/{id}`	Delete webhook

API Keys

Method	Endpoint	Description
`GET`	`/auth/api-keys`	List API keys
`POST`	`/auth/api-keys`	Create API key
`DELETE`	`/auth/api-keys/{id}`	Revoke API key

🤝 Contributing

We welcome contributions to AuthSome! Please follow these guidelines:

Development Setup

Fork and clone the repository

git clone https://github.com/your-username/authsome.git
cd authsome

Install dependencies
```
go mod download
```

Set up development database

# Using Docker
docker run --name authsome-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:15

# Create test database
createdb -h localhost -U postgres authsome_test

Run tests
```
go test ./...
```
Run integration tests
```
make test-integration
```

Code Style

Follow standard Go conventions and use gofmt
Write comprehensive tests for new features
Add function-level comments for exported functions
Use meaningful variable and function names
Follow the existing architecture patterns

Submitting Changes

Create a feature branch

git checkout -b feature/your-feature-name

Make your changes
- Write tests for new functionality
- Update documentation as needed
- Ensure all tests pass

Commit your changes

git commit -m "feat: add your feature description"

Push and create a pull request

git push origin feature/your-feature-name

Pull Request Guidelines

Provide a clear description of the changes
Include tests for new functionality
Update documentation if needed
Ensure CI passes
Link to any relevant issues

Reporting Issues

When reporting issues, please include:

Go version
AuthSome version
Database type and version
Minimal reproduction case
Error messages and stack traces

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License

Copyright (c) 2024 AuthSome Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

🆘 Support

Documentation

Official Documentation: https://authsome.dev
API Reference: https://authsome.dev/api
Examples: https://github.com/xraph/authsome/tree/main/examples

Community

GitHub Discussions: https://github.com/xraph/authsome/discussions
Discord Server: https://discord.gg/authsome
Stack Overflow: Tag your questions with authsome-go

Commercial Support

For enterprise support, consulting, and custom development:

Email: support@authsome.dev
Enterprise: enterprise@authsome.dev
Website: https://authsome.dev/enterprise

Security Issues

For security-related issues, please email: security@authsome.dev

Do not report security issues through public GitHub issues.

Website • Documentation • Examples • Contributing

Made with ❤️ by the AuthSome team

Documentation ¶

Index ¶

Constants
Variables
func ResolveAPIKeyService(container forge.Container) (*apikey.Service, error)
func ResolveAppService(container forge.Container) (*app.ServiceImpl, error)
func ResolveAuditService(container forge.Container) (*audit.Service, error)
func ResolveAuthService(container forge.Container) (auth.ServiceInterface, error)
func ResolveDatabase(container forge.Container) (*bun.DB, error)
func ResolveDatabaseManager(container forge.Container) (*forgedb.DatabaseManager, error)
func ResolveDeviceService(container forge.Container) (*device.Service, error)
func ResolveHookRegistry(container forge.Container) (*hooks.HookRegistry, error)
func ResolveJWTService(container forge.Container) (*jwt.Service, error)
func ResolveNotificationService(container forge.Container) (*notification.Service, error)
func ResolvePluginRegistry(container forge.Container) (*plugins.Registry, error)
func ResolveRBACService(container forge.Container) (*rbac.Service, error)
func ResolveRateLimitService(container forge.Container) (*ratelimit.Service, error)
func ResolveSecurityService(container forge.Container) (*security.Service, error)
func ResolveSessionService(container forge.Container) (session.ServiceInterface, error)
func ResolveUserService(container forge.Container) (user.ServiceInterface, error)
func ResolveWebhookService(container forge.Container) (*webhook.Service, error)
type APIKey
type APIKeyConfig
type APIKeyService
type AfterMemberAddHook
type AfterOrganizationCreateHook
type AfterSessionCreateHook
type AfterSignInHook
type AfterSignOutHook
type AfterSignUpHook
type App
type AppConfig
type AppRepository
type AppService
type AuditService
type Auth
- func New(opts ...Option) *Auth
- func (a *Auth) AuthMiddleware() func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) GetBasePath() string
- func (a *Auth) GetConfig() Config
- func (a *Auth) GetDB() *bun.DB
- func (a *Auth) GetForgeApp() forge.App
- func (a *Auth) GetHookRegistry() *hooks.HookRegistry
- func (a *Auth) GetPluginRegistry() plugins.PluginRegistry
- func (a *Auth) GetServiceRegistry() *registry.ServiceRegistry
- func (a *Auth) Initialize(ctx context.Context) error
- func (a *Auth) IsPluginEnabled(pluginID string) bool
- func (a *Auth) Logger() forge.Logger
- func (a *Auth) Mount(router forge.Router, basePath string) error
- func (a *Auth) RegisterPlugin(plugin plugins.Plugin) error
- func (a *Auth) Repository() repo.Repository
- func (a *Auth) RequireAPIKey() func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireAdmin() func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireAllScopes(scopes ...string) func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireAnyScope(scopes ...string) func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireAuth() func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequirePublishableKey() func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireScope(scope string) func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireSecretKey() func(func(forge.Context) error) func(forge.Context) error
- func (a *Auth) RequireUser() func(func(forge.Context) error) func(forge.Context) error
type AuthConfig
type AuthResponse
type AuthService
type Config
type CreateAPIKeyRequest
type CreateAppRequest
type CreateJWTKeyRequest
type CreateSessionRequest
type CreateTeamRequest
type CreateUserRequest
type CreateWebhookRequest
type Device
type DeviceService
type GenerateTokenRequest
type GeoIPProvider
type HookRegistry
type Invitation
type InvitationRepository
type InvitationStatus
type InviteMemberRequest
type JWTConfig
type JWTKey
type JWTService
type Member
type MemberRepository
type MemberRole
type MemberStatus
type Notification
type NotificationConfig
type NotificationService
type NotificationTemplate
type Option
- func WithBasePath(path string) Option
- func WithDatabase(db interface{}) Option
- func WithDatabaseFromForge() Option
- func WithDatabaseManager(manager *forgedb.DatabaseManager, dbName ...string) Option
- func WithDatabaseSchema(schema string) Option
- func WithForgeApp(app forge.App) Option
- func WithGeoIPProvider(provider sec.GeoIPProvider) Option
- func WithRBACEnforcement(enabled bool) Option
- func WithRateLimitConfig(cfg rl.Config) Option
- func WithRateLimitStorage(storage rl.Storage) Option
- func WithSecret(secret string) Option
- func WithSecurityConfig(cfg sec.Config) Option
- func WithTrustedOrigins(origins []string) Option
type Organization
type OrganizationConfig
type OrganizationService
type Permission
type Plugin
type PluginDependencies
- func ResolvePluginDependencies(container forge.Container) (*PluginDependencies, error)
type PluginRegistry
type Policy
type RBACService
type RateLimitConfig
type RateLimitService
type RateLimitStorage
type Role
type RoleRegistry
type SchemaAPIKey
type SchemaApp
type SchemaDevice
type SchemaInvitation
type SchemaJWTKey
type SchemaMember
type SchemaNotification
type SchemaRole
type SchemaSession
type SchemaTeam
type SchemaTeamMember
type SchemaUser
type SchemaUserRole
type SchemaWebhook
type SecurityConfig
type SecurityService
type ServiceRegistry
type Session
type SessionConfig
type SessionService
type SignInRequest
type SignUpRequest
type Team
type TeamMember
type TeamRepository
type UpdateAppRequest
type UpdateMemberRequest
type UpdateTeamRequest
type UpdateUserRequest
type User
type UserConfig
type UserService
type Webhook
type WebhookConfig
type WebhookDelivery
type WebhookEvent
type WebhookService

Constants ¶

View Source

const (
	ServiceDatabase       = "authsome.database"
	ServiceUser           = "authsome.user"
	ServiceSession        = "authsome.session"
	ServiceAuth           = "authsome.auth"
	ServiceApp            = "authsome.app"
	ServiceOrganization   = "authsome.organization"
	ServiceRateLimit      = "authsome.ratelimit"
	ServiceDevice         = "authsome.device"
	ServiceSecurity       = "authsome.security"
	ServiceAudit          = "authsome.audit"
	ServiceRBAC           = "authsome.rbac"
	ServiceWebhook        = "authsome.webhook"
	ServiceNotification   = "authsome.notification"
	ServiceJWT            = "authsome.jwt"
	ServiceAPIKey         = "authsome.apikey"
	ServiceHookRegistry   = "authsome.hooks"
	ServicePluginRegistry = "authsome.plugins"
)

ServiceImpl name constants for DI container

View Source

const (
	// Member Roles
	MemberRoleOwner  = app.MemberRoleOwner
	MemberRoleAdmin  = app.MemberRoleAdmin
	MemberRoleMember = app.MemberRoleMember

	// Member Statuses
	MemberStatusActive    = app.MemberStatusActive
	MemberStatusSuspended = app.MemberStatusSuspended
	MemberStatusPending   = app.MemberStatusPending

	// Invitation Statuses
	InvitationStatusPending   = app.InvitationStatusPending
	InvitationStatusAccepted  = app.InvitationStatusAccepted
	InvitationStatusExpired   = app.InvitationStatusExpired
	InvitationStatusCancelled = app.InvitationStatusCancelled
	InvitationStatusDeclined  = app.InvitationStatusDeclined

	// Backward compatibility aliases
	RoleOwner       = app.MemberRoleOwner
	RoleAdmin       = app.MemberRoleAdmin
	RoleMember      = app.MemberRoleMember
	StatusActive    = app.MemberStatusActive
	StatusSuspended = app.MemberStatusSuspended
	StatusPending   = app.MemberStatusPending
)

Enum constants exported for convenience

Variables ¶

View Source

var (
	// RegisterDefaultPlatformRoles registers default platform roles
	RegisterDefaultPlatformRoles = rbac.RegisterDefaultPlatformRoles
)

RBAC Functions

Functions ¶

func ResolveAPIKeyService ¶

func ResolveAPIKeyService(container forge.Container) (*apikey.Service, error)

ResolveAPIKeyService resolves the API key service from the container

func ResolveAppService ¶

func ResolveAppService(container forge.Container) (*app.ServiceImpl, error)

ResolveAppService resolves the app service from the container

func ResolveAuditService ¶

func ResolveAuditService(container forge.Container) (*audit.Service, error)

ResolveAuditService resolves the audit service from the container

func ResolveAuthService ¶

func ResolveAuthService(container forge.Container) (auth.ServiceInterface, error)

ResolveAuthService resolves the auth service from the container

func ResolveDatabase ¶

func ResolveDatabase(container forge.Container) (*bun.DB, error)

ResolveDatabase resolves the database from the container First tries AuthSome's registered database, then falls back to Forge's database extension

func ResolveDatabaseManager ¶

func ResolveDatabaseManager(container forge.Container) (*forgedb.DatabaseManager, error)

ResolveDatabaseManager resolves Forge's DatabaseManager from the container This is useful for plugins that need access to multiple databases

func ResolveDeviceService ¶

func ResolveDeviceService(container forge.Container) (*device.Service, error)

ResolveDeviceService resolves the device service from the container

func ResolveHookRegistry ¶

func ResolveHookRegistry(container forge.Container) (*hooks.HookRegistry, error)

ResolveHookRegistry resolves the hook registry from the container

func ResolveJWTService ¶

func ResolveJWTService(container forge.Container) (*jwt.Service, error)

ResolveJWTService resolves the JWT service from the container

func ResolveNotificationService ¶

func ResolveNotificationService(container forge.Container) (*notification.Service, error)

ResolveNotificationService resolves the notification service from the container

func ResolvePluginRegistry ¶

func ResolvePluginRegistry(container forge.Container) (*plugins.Registry, error)

ResolvePluginRegistry resolves the plugin registry from the container

func ResolveRBACService ¶

func ResolveRBACService(container forge.Container) (*rbac.Service, error)

ResolveRBACService resolves the RBAC service from the container

func ResolveRateLimitService ¶

func ResolveRateLimitService(container forge.Container) (*ratelimit.Service, error)

ResolveRateLimitService resolves the rate limit service from the container

func ResolveSecurityService ¶

func ResolveSecurityService(container forge.Container) (*security.Service, error)

ResolveSecurityService resolves the security service from the container

func ResolveSessionService ¶

func ResolveSessionService(container forge.Container) (session.ServiceInterface, error)

ResolveSessionService resolves the session service from the container

func ResolveUserService ¶

func ResolveUserService(container forge.Container) (user.ServiceInterface, error)

ResolveUserService resolves the user service from the container

func ResolveWebhookService ¶

func ResolveWebhookService(container forge.Container) (*webhook.Service, error)

ResolveWebhookService resolves the webhook service from the container

Types ¶

type APIKeyConfig ¶

type APIKeyConfig = apikey.Config

APIKeyConfig holds API key service configuration

type AfterMemberAddHook ¶

type AfterMemberAddHook = hooks.AfterMemberAddHook

AfterMemberAddHook registers an organization lifecycle hook

type AfterOrganizationCreateHook ¶

type AfterOrganizationCreateHook = hooks.AfterOrganizationCreateHook

AfterOrganizationCreateHook registers a user lifecycle hook

type AfterSessionCreateHook ¶

type AfterSessionCreateHook = hooks.AfterSessionCreateHook

AfterSessionCreateHook registers a session lifecycle hook

type AfterSignInHook ¶

type AfterSignInHook = hooks.AfterSignInHook

AfterSignInHook registers an authentication lifecycle hook

type AfterSignOutHook ¶

type AfterSignOutHook = hooks.AfterSignOutHook

AfterSignOutHook registers an authentication lifecycle hook

type AfterSignUpHook ¶

type AfterSignUpHook = hooks.AfterSignUpHook

AfterSignUpHook registers an authentication lifecycle hook

type App ¶

type App = app.App

App represents an application entity

type AppConfig ¶

type AppConfig = app.Config

AppConfig holds app service configuration

type AppRepository ¶

type AppRepository = app.AppRepository

AppRepository defines the app repository interface

type AppService ¶

type AppService = app.AppService

AppService is the service interface for app operations

func New ¶

func New(opts ...Option) *Auth

New creates a new Auth instance with the given options

func (*Auth) AuthMiddleware ¶

func (a *Auth) AuthMiddleware() func(func(forge.Context) error) func(forge.Context) error

AuthMiddleware returns the optional authentication middleware This middleware populates the auth context with API key and/or session data but does not block unauthenticated requests

func (*Auth) GetBasePath ¶

func (a *Auth) GetBasePath() string

GetBasePath returns the base path for AuthSome routes

func (*Auth) GetConfig ¶

func (a *Auth) GetConfig() Config

GetConfig returns the auth config

func (*Auth) GetDB ¶

func (a *Auth) GetDB() *bun.DB

GetDB returns the database instance

func (*Auth) GetForgeApp ¶

func (a *Auth) GetForgeApp() forge.App

GetForgeApp returns the forge application instance

func (*Auth) GetHookRegistry ¶

func (a *Auth) GetHookRegistry() *hooks.HookRegistry

GetHookRegistry returns the hook registry for plugins

func (*Auth) GetPluginRegistry ¶

func (a *Auth) GetPluginRegistry() plugins.PluginRegistry

GetPluginRegistry returns the plugin registry

func (*Auth) GetServiceRegistry ¶

func (a *Auth) GetServiceRegistry() *registry.ServiceRegistry

GetServiceRegistry returns the service registry for plugins

func (*Auth) Initialize ¶

func (a *Auth) Initialize(ctx context.Context) error

Initialize initializes all core services

func (*Auth) IsPluginEnabled ¶

func (a *Auth) IsPluginEnabled(pluginID string) bool

IsPluginEnabled checks if a plugin is registered and enabled

func (*Auth) Logger ¶

func (a *Auth) Logger() forge.Logger

Logger returns the logger for AuthSome

func (*Auth) Mount ¶

func (a *Auth) Mount(router forge.Router, basePath string) error

Mount mounts the auth routes to the Forge router

func (*Auth) Repository ¶

func (a *Auth) Repository() repo.Repository

Repository implements core.Authsome.

func (*Auth) RequireAPIKey ¶

func (a *Auth) RequireAPIKey() func(func(forge.Context) error) func(forge.Context) error

RequireAPIKey returns middleware that requires API key authentication Blocks requests that don't have a valid API key

func (*Auth) RequireAdmin ¶

func (a *Auth) RequireAdmin() func(func(forge.Context) error) func(forge.Context) error

RequireAdmin returns middleware that requires admin privileges Blocks requests that don't have admin:full scope via secret API key

func (*Auth) RequireAllScopes ¶

func (a *Auth) RequireAllScopes(scopes ...string) func(func(forge.Context) error) func(forge.Context) error

RequireAllScopes returns middleware that requires all of the specified scopes

func (*Auth) RequireAnyScope ¶

func (a *Auth) RequireAnyScope(scopes ...string) func(func(forge.Context) error) func(forge.Context) error

RequireAnyScope returns middleware that requires any of the specified scopes

func (*Auth) RequireAuth ¶

func (a *Auth) RequireAuth() func(func(forge.Context) error) func(forge.Context) error

RequireAuth returns middleware that requires authentication Blocks requests that are not authenticated via API key or session

func (*Auth) RequirePublishableKey ¶

func (a *Auth) RequirePublishableKey() func(func(forge.Context) error) func(forge.Context) error

RequirePublishableKey returns middleware that requires a publishable (pk_) API key

func (*Auth) RequireScope ¶

func (a *Auth) RequireScope(scope string) func(func(forge.Context) error) func(forge.Context) error

RequireScope returns middleware that requires a specific API key scope Blocks requests where the API key lacks the specified scope

func (*Auth) RequireSecretKey ¶

func (a *Auth) RequireSecretKey() func(func(forge.Context) error) func(forge.Context) error

RequireSecretKey returns middleware that requires a secret (sk_) API key

func (*Auth) RequireUser ¶

func (a *Auth) RequireUser() func(func(forge.Context) error) func(forge.Context) error

RequireUser returns middleware that requires user authentication (session) Blocks requests that don't have a valid user session

type AuthConfig ¶

type AuthConfig = auth.Config

AuthConfig holds auth service configuration

type AuthResponse ¶

type AuthResponse = responses.AuthResponse

AuthResponse is the response from authentication operations

type AuthService ¶

type AuthService = auth.ServiceInterface

AuthService is the authentication service interface

type CreateAPIKeyRequest ¶

type CreateAPIKeyRequest = apikey.CreateAPIKeyRequest

CreateAPIKeyRequest is the request for creating an API key

type CreateAppRequest ¶

type CreateAppRequest = app.CreateAppRequest

CreateAppRequest is the request for creating an app

type CreateJWTKeyRequest ¶

type CreateJWTKeyRequest = jwt.CreateJWTKeyRequest

CreateJWTKeyRequest is the request for creating a JWT key

type CreateSessionRequest ¶

type CreateSessionRequest = session.CreateSessionRequest

CreateSessionRequest is the request for creating a session

type CreateTeamRequest ¶

type CreateTeamRequest = app.CreateTeamRequest

CreateTeamRequest is the request for creating a team

type CreateUserRequest ¶

type CreateUserRequest = user.CreateUserRequest

CreateUserRequest is the request for creating a user

type CreateWebhookRequest ¶

type CreateWebhookRequest = webhook.CreateWebhookRequest

CreateWebhookRequest is the request for creating a webhook

type GenerateTokenRequest ¶

type GenerateTokenRequest = jwt.GenerateTokenRequest

GenerateTokenRequest is the request for generating a JWT token

type GeoIPProvider ¶

type GeoIPProvider = sec.GeoIPProvider

GeoIPProvider is the interface for GeoIP providers

type HookRegistry ¶

type HookRegistry = hooks.HookRegistry

HookRegistry is the registry for registering hooks

type InvitationRepository ¶

type InvitationRepository = app.InvitationRepository

InvitationRepository defines the invitation repository interface

type InviteMemberRequest ¶

type InviteMemberRequest = app.InviteMemberRequest

InviteMemberRequest is the request for inviting a member

type JWTConfig ¶

type JWTConfig = jwt.Config

JWTConfig holds JWT service configuration

type MemberRepository ¶

type MemberRepository = app.MemberRepository

MemberRepository defines the member repository interface

type MemberStatus ¶

type MemberStatus = app.MemberStatus

Schema Enums - Type aliases for cleaner API (re-exported from core/app)

type Notification ¶

type Notification = notification.Notification

Notification represents a notification entity

type NotificationConfig ¶

type NotificationConfig = notification.Config

NotificationConfig holds notification service configuration

type NotificationService ¶

type NotificationService = notification.Service

NotificationService is the notification service

type NotificationTemplate ¶

type NotificationTemplate = notification.Template

NotificationTemplate represents a notification template

type Option ¶

type Option func(*Auth)

Option is a function that configures Auth

func WithBasePath ¶

func WithBasePath(path string) Option

WithBasePath sets the base path for routes

func WithDatabase ¶

func WithDatabase(db interface{}) Option

WithDatabase sets the database connection directly (backwards compatible) For new applications, consider using WithDatabaseManager with Forge's database extension

func WithDatabaseFromForge ¶

func WithDatabaseFromForge() Option

WithDatabaseFromForge resolves the database from Forge's DI container This automatically uses the database extension if registered

func WithDatabaseManager ¶

func WithDatabaseManager(manager *forgedb.DatabaseManager, dbName ...string) Option

WithDatabaseManager uses Forge's database extension DatabaseManager This is the recommended approach when using Forge's database extension The database will be resolved from the manager using the default or specified name

func WithDatabaseSchema ¶

func WithDatabaseSchema(schema string) Option

WithDatabaseSchema sets the PostgreSQL schema for AuthSome tables This allows organizational separation of auth tables from application tables Example: WithDatabaseSchema("auth") creates tables in the "auth" schema Default: "" (uses database default, typically "public") Note: Schema must be valid SQL identifier; will be created if it doesn't exist

func WithForgeApp ¶

func WithForgeApp(app forge.App) Option

WithForgeApp sets the Forge application instance

func WithGeoIPProvider ¶

func WithGeoIPProvider(provider sec.GeoIPProvider) Option

WithGeoIPProvider sets a GeoIP provider for country-based restrictions

func WithRBACEnforcement ¶

func WithRBACEnforcement(enabled bool) Option

WithRBACEnforcement enables/disables handler-level RBAC enforcement

func WithRateLimitConfig ¶

func WithRateLimitConfig(cfg rl.Config) Option

WithRateLimitConfig sets rate limit configuration (enabled, default rule, per-path rules)

func WithRateLimitStorage ¶

func WithRateLimitStorage(storage rl.Storage) Option

WithRateLimitStorage sets the rate limit storage backend (memory or redis)

func WithSecret ¶

func WithSecret(secret string) Option

WithSecret sets the secret for token signing

func WithSecurityConfig ¶

func WithSecurityConfig(cfg sec.Config) Option

WithSecurityConfig sets security service configuration (IP rules, country rules) Pass lists like IPWhitelist/IPBlacklist; Enabled true to enforce checks

func WithTrustedOrigins ¶

func WithTrustedOrigins(origins []string) Option

WithTrustedOrigins sets trusted origins for CORS

type Organization ¶

type Organization = organization.Organization

Organization represents an organization entity

type OrganizationConfig ¶

type OrganizationConfig = organization.Config

OrganizationConfig holds organization service configuration

type OrganizationService ¶

type OrganizationService = organization.OrganizationService

OrganizationService is the organization service interface

type Permission ¶

type Permission = rbac.Permission

Permission represents a permission

type Plugin ¶

type Plugin = plugins.Plugin

Plugin is the interface that all plugins must implement

type PluginDependencies ¶

type PluginDependencies struct {
	Container      forge.Container
	Database       *bun.DB
	UserService    user.ServiceInterface
	SessionService session.ServiceInterface
	AuthService    auth.ServiceInterface
	AuditService   *audit.Service
	RBACService    *rbac.Service
	HookRegistry   *hooks.HookRegistry
}

PluginDependencies is a convenience struct for plugins to get all common dependencies

func ResolvePluginDependencies ¶

func ResolvePluginDependencies(container forge.Container) (*PluginDependencies, error)

ResolvePluginDependencies resolves all common plugin dependencies from the container

type PluginRegistry ¶

type PluginRegistry = plugins.PluginRegistry

PluginRegistry is the registry for managing plugins

type Policy ¶

type Policy = rbac.Policy

Policy represents a policy

type RBACService ¶

type RBACService = rbac.Service

RBACService is the RBAC service

type RateLimitConfig ¶

type RateLimitConfig = rl.Config

RateLimitConfig holds rate limit service configuration

type RateLimitService ¶

type RateLimitService = rl.Service

RateLimitService is the rate limit service

type RateLimitStorage ¶

type RateLimitStorage = rl.Storage

RateLimitStorage is the interface for rate limit storage

type Role ¶

type Role = rbac.Role

Role represents a role entity

type RoleRegistry ¶

type RoleRegistry = rbac.RoleRegistry

RoleRegistry is the role registry for registering roles

type SchemaAPIKey ¶

type SchemaAPIKey = schema.APIKey

SchemaAPIKey is the database model for API keys

type SchemaApp ¶

type SchemaApp = schema.App

SchemaApp is the database model for apps

type SchemaDevice ¶

type SchemaDevice = schema.Device

SchemaDevice is the database model for devices

type SchemaInvitation ¶

type SchemaInvitation = schema.Invitation

SchemaInvitation is the database model for invitations

type SchemaJWTKey ¶

type SchemaJWTKey = schema.JWTKey

SchemaJWTKey is the database model for JWT keys

type SchemaMember ¶

type SchemaMember = schema.Member

SchemaMember is the database model for members

type SchemaNotification ¶

type SchemaNotification = schema.Notification

SchemaNotification is the database model for notifications

type SchemaRole ¶

type SchemaRole = schema.Role

SchemaRole is the database model for roles

type SchemaSession ¶

type SchemaSession = schema.Session

SchemaSession is the database model for sessions

type SchemaTeam ¶

type SchemaTeam = schema.Team

SchemaTeam is the database model for teams

type SchemaTeamMember ¶

type SchemaTeamMember = schema.TeamMember

SchemaTeamMember is the database model for team members

type SchemaUser ¶

type SchemaUser = schema.User

SchemaUser is the database model for users

type SchemaUserRole ¶

type SchemaUserRole = schema.UserRole

SchemaUserRole is the database model for user roles

type SchemaWebhook ¶

type SchemaWebhook = schema.Webhook

SchemaWebhook is the database model for webhooks

type SecurityConfig ¶

type SecurityConfig = sec.Config

SecurityConfig holds security service configuration

type SecurityService ¶

type SecurityService = sec.Service

SecurityService is the security service

type ServiceRegistry ¶

type ServiceRegistry = registry.ServiceRegistry

ServiceRegistry manages all core services and allows plugins to replace them

type Session ¶

type Session = session.Session

Session represents a session entity

type SessionConfig ¶

type SessionConfig = session.Config

SessionConfig holds session service configuration

type SessionService ¶

type SessionService = session.ServiceInterface

SessionService is the session service interface

type SignInRequest ¶

type SignInRequest = auth.SignInRequest

SignInRequest is the request for signing in

type SignUpRequest ¶

type SignUpRequest = auth.SignUpRequest

SignUpRequest is the request for signing up

type Team ¶

type Team = app.Team

Team represents a team within an app

type TeamMember ¶

type TeamMember = app.TeamMember

TeamMember represents a team member

type TeamRepository ¶

type TeamRepository = app.TeamRepository

TeamRepository defines the team repository interface

type UpdateAppRequest ¶

type UpdateAppRequest = app.UpdateAppRequest

UpdateAppRequest is the request for updating an app

type UpdateMemberRequest ¶

type UpdateMemberRequest = app.UpdateMemberRequest

UpdateMemberRequest is the request for updating a member

type UpdateTeamRequest ¶

type UpdateTeamRequest = app.UpdateTeamRequest

UpdateTeamRequest is the request for updating a team

type UpdateUserRequest ¶

type UpdateUserRequest = user.UpdateUserRequest

UpdateUserRequest is the request for updating a user

type User ¶

type User = user.User

User represents a user entity

type UserConfig ¶

type UserConfig = user.Config

UserConfig holds user service configuration

type UserService ¶

type UserService = user.ServiceInterface

UserService is the user service interface

type Webhook ¶

type Webhook = webhook.Webhook

Webhook represents a webhook entity

type WebhookConfig ¶

type WebhookConfig = webhook.Config

WebhookConfig holds webhook service configuration

type WebhookDelivery ¶

type WebhookDelivery = webhook.Delivery

WebhookDelivery represents a webhook delivery

type WebhookEvent ¶

type WebhookEvent = webhook.Event

WebhookEvent represents a webhook event

type WebhookService ¶

type WebhookService = webhook.Service

WebhookService is the webhook service

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clients
go module
cmd
authsome-cli command
migrate-member-roles command
core
apikey
app
audit
auth
base
contexts
device
environment
forms
hooks
impersonation
jwt
middleware
notification
organization
pagination Package pagination provides comprehensive pagination support for the AuthSome framework.	Package pagination provides comprehensive pagination support for the AuthSome framework.
ratelimit
rbac
registry
responses
security
session
ui
user
webhook
examples
apikey-demo command
apikey-rbac command
auth-context command
comprehensive command
consent-demo command
dashboard command Package main demonstrates how to integrate the dashboard plugin with AuthSome	Package main demonstrates how to integrate the dashboard plugin with AuthSome
forge-database-integration command
forge-extension command
geofence-demo command
jwt-plugin command
notification-complete command
servemux-test command
test-integration command
test-multitenancy command
test-multitenancy-integration command
test-providers command
test-webhooks command
extension
flows
handlers
internal
clients/generator
clients/introspector
clients/manifest
crypto
dbschema
errs
interfaces
utils
validator
migrations
bun
pkg
schema
schema/definition
schema/extractor
schema/generator
schema/generator/bun
schema/generator/diesel
schema/generator/gorm
schema/generator/prisma
schema/generator/sql
plugins
admin Package admin provides cross-cutting administrative operations for the AuthSome platform.	Package admin provides cross-cutting administrative operations for the AuthSome platform.
anonymous
apikey
bearer
dashboard
dashboard/components
dashboard/components/pages
emailotp
enterprise/backupauth
enterprise/compliance
enterprise/consent
enterprise/geofence
enterprise/idverification
enterprise/mtls
enterprise/scim
enterprise/stepup Package stepup provides context-aware step-up authentication for AuthSome.	Package stepup provides context-aware step-up authentication for AuthSome.
impersonation
jwt
magiclink
mcp
mfa
multiapp
multiapp/config
multiapp/decorators
multiapp/handlers
multiapp/middleware
multisession
notification
notification/crypto
notification/providers
oidcprovider
oidcprovider/components
organization
passkey Package passkey provides WebAuthn/FIDO2 passkey authentication.	Package passkey provides WebAuthn/FIDO2 passkey authentication.
permissions
permissions/core
permissions/engine
permissions/engine/providers
permissions/handlers
permissions/language
permissions/schema
permissions/storage
phone
social
social/providers
sso
sso/oidc
sso/saml
twofa
username
providers
email
sms
repository
organization
routes
schema
storage
test-assign
testing Package testing provides comprehensive mocking utilities for testing applications that integrate with the AuthSome authentication framework.	Package testing provides comprehensive mocking utilities for testing applications that integrate with the AuthSome authentication framework.
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

AuthSome

🚀 Features

Core Authentication

Enterprise Features

Developer Experience

Deployment Modes

📦 Installation

Prerequisites

Install AuthSome

Install Dependencies

🏃‍♂️ Quick Start

Basic Setup

Environment Configuration

🔧 Usage

User Registration

User Login

Protected Routes

Plugin Usage

⚙️ Configuration

YAML Configuration

Environment Variables

📚 API Reference

Authentication Endpoints

Two-Factor Authentication

Organization Management (SaaS Mode)

Session Management

Audit & Security

Webhooks

API Keys

🤝 Contributing

Development Setup

Code Style

Submitting Changes

Pull Request Guidelines

Reporting Issues

📄 License

🆘 Support

Documentation

Community

Commercial Support

Security Issues

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

func ResolveAPIKeyService ¶

func ResolveAppService ¶

func ResolveAuditService ¶

func ResolveAuthService ¶

func ResolveDatabase ¶

func ResolveDatabaseManager ¶

func ResolveDeviceService ¶

func ResolveHookRegistry ¶

func ResolveJWTService ¶

func ResolveNotificationService ¶

func ResolvePluginRegistry ¶

func ResolveRBACService ¶

func ResolveRateLimitService ¶

func ResolveSecurityService ¶

func ResolveSessionService ¶

func ResolveUserService ¶

func ResolveWebhookService ¶

Types ¶

type APIKey ¶

type APIKeyConfig ¶

type APIKeyService ¶

type AfterMemberAddHook ¶

type AfterOrganizationCreateHook ¶

type AfterSessionCreateHook ¶

type AfterSignInHook ¶

type AfterSignOutHook ¶

type AfterSignUpHook ¶

type App ¶

type AppConfig ¶

type AppRepository ¶

type AppService ¶

type AuditService ¶

type Auth ¶