authsome

package module

v0.0.16 Latest Latest Go to latest Published: Feb 11, 2026 License: Apache-2.0 Imports: 40 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/xraph/authsome

Links

Open Source Insights

README ¶

AuthSome

Authsome™ is an authentication and authorization backend maintained by XRAPH™.

Authors: Rex Raphael Last Updated: 2025-11-01

A comprehensive, pluggable authentication framework for Go, inspired by better-auth. Enterprise-grade authentication with multi-tenancy support, designed to integrate seamlessly with the Forge framework.

🚀 Features

Core Authentication

Email/Password Authentication - Secure user registration and login
Session Management - Cookie-based sessions with Redis caching support
Multi-Factor Authentication - TOTP, SMS, and email-based 2FA
Social Authentication - OAuth integration with major providers
Passwordless Authentication - Magic links and WebAuthn/Passkeys

Enterprise Features

Multi-Tenancy - Organization-scoped authentication and configuration
Role-Based Access Control (RBAC) - Fine-grained permissions and policies
Audit Logging - Comprehensive security event tracking
Rate Limiting - Configurable request throttling and abuse prevention
Device Management - Track and manage user devices and sessions
Security Monitoring - IP filtering, geolocation, and anomaly detection

Developer Experience

Plugin Architecture - Extensible authentication methods
Clean Architecture - Service-oriented design with repository pattern
Type Safety - Full Go type safety with comprehensive error handling
Database Agnostic - PostgreSQL, MySQL, and SQLite support
Configuration Management - Flexible YAML/JSON configuration with environment overrides
Comprehensive Testing - Unit and integration test coverage

Deployment Modes

Standalone Mode - Single-tenant applications
SaaS Mode - Multi-tenant platforms with organization isolation

📦 Installation

Prerequisites

Go 1.25 or later
Supported database (PostgreSQL, MySQL, or SQLite)
Redis (optional, for distributed session storage)

Install AuthSome

go get github.com/xraph/authsome

Install Dependencies

# Core dependencies
go get github.com/xraph/forge
go get github.com/uptrace/bun

# Database drivers (choose one)
go get github.com/lib/pq                    # PostgreSQL
go get github.com/go-sql-driver/mysql       # MySQL
go get github.com/mattn/go-sqlite3          # SQLite

# Optional: Redis for session storage
go get github.com/redis/go-redis/v9

🏃‍♂️ Quick Start

Basic Setup

package main

import (
    "context"
    "log"
    "os"

    "github.com/xraph/authsome"
    "github.com/xraph/forge"
    "github.com/uptrace/bun"
    "github.com/uptrace/bun/dialect/pgdialect"
    "github.com/uptrace/bun/driver/pgdriver"
)

func main() {
    // Create Forge app
    app := forge.New()

    // Setup database
    db := bun.NewDB(pgdriver.NewConnector(
        pgdriver.WithDSN(os.Getenv("DATABASE_URL")),
    ), pgdialect.New())

    // Initialize AuthSome
    auth := authsome.New(
        authsome.WithDatabase(db),
        authsome.WithForgeConfig(app.Config()),
        authsome.WithMode(authsome.ModeStandalone),
    )

    // Initialize services
    if err := auth.Initialize(context.Background()); err != nil {
        log.Fatal("Failed to initialize AuthSome:", err)
    }

    // Mount AuthSome routes
    if err := auth.Mount(app, "/auth"); err != nil {
        log.Fatal("Failed to mount AuthSome:", err)
    }

    // Start server
    log.Println("Server starting on :8080")
    log.Fatal(app.Listen(":8080"))
}

Environment Configuration

Create a .env file:

# Database
DATABASE_URL=postgres://user:password@localhost/myapp?sslmode=disable

# Session
SESSION_SECRET=your-super-secret-session-key

# Email (optional)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password

# Redis (optional)
REDIS_URL=redis://localhost:6379

🔧 Usage

User Registration

curl -X POST http://localhost:8080/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securepassword123"
  }'

curl -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securepassword123"
  }'

Protected Routes

// Middleware for protected routes
func requireAuth(auth *authsome.Auth) forge.MiddlewareFunc {
    return func(c *forge.Context) error {
        session := auth.GetSession(c)
        if session == nil {
            return c.JSON(401, map[string]string{
                "error": "Authentication required",
            })
        }
        return c.Next()
    }
}

// Protected route example
app.GET("/api/profile", requireAuth(auth), func(c *forge.Context) error {
    user := auth.GetUser(c)
    return c.JSON(200, user)
})

Plugin Usage

import (
    "github.com/xraph/authsome/plugins/twofa"
    "github.com/xraph/authsome/plugins/username"
    "github.com/xraph/authsome/plugins/magiclink"
)

// Initialize with plugins
auth := authsome.New(
    authsome.WithDatabase(db),
    authsome.WithForgeConfig(app.Config()),
    authsome.WithPlugins(
        twofa.NewPlugin(),
        username.NewPlugin(),
        magiclink.NewPlugin(),
    ),
)

⚙️ Configuration

YAML Configuration

# config.yaml
auth:
  mode: "standalone"  # or "saas"
  basePath: "/auth"
  secret: "your-session-secret"
  rbacEnforce: false

  # Session configuration
  session:
    maxAge: 86400      # 24 hours
    secure: true
    httpOnly: true
    sameSite: "strict"

  # Rate limiting
  rateLimit:
    enabled: true
    requests: 100
    window: "1m"
    storage: "memory"  # or "redis"

  # Email configuration
  email:
    provider: "smtp"
    smtp:
      host: "smtp.gmail.com"
      port: 587
      username: "your-email@gmail.com"
      password: "your-app-password"

  # Security settings
  security:
    enabled: true
    ipWhitelist: []
    ipBlacklist: []
    allowedCountries: ["US", "CA", "GB"]
    blockedCountries: ["CN", "RU"]

  # Plugin configurations
  plugins:
    twofa:
      enabled: true
      issuer: "MyApp"
      digits: 6
      period: 30

    username:
      enabled: true
      minLength: 3
      maxLength: 30
      allowSpecialChars: false

    magiclink:
      enabled: true
      tokenExpiry: "15m"
      maxAttempts: 3

Environment Variables

# Core settings
AUTHSOME_MODE=standalone
AUTHSOME_SECRET=your-session-secret
AUTHSOME_BASE_PATH=/auth

# Database
DATABASE_URL=postgres://user:pass@localhost/db

# Session
SESSION_MAX_AGE=86400
SESSION_SECURE=true

# Rate limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=1m

# Email
EMAIL_PROVIDER=smtp
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password

# Redis (optional)
REDIS_URL=redis://localhost:6379

# Security
SECURITY_ENABLED=true
ALLOWED_COUNTRIES=US,CA,GB
BLOCKED_COUNTRIES=CN,RU

📚 API Reference

Authentication Endpoints

Method	Endpoint	Description
`POST`	`/auth/register`	Register a new user
`POST`	`/auth/login`	Authenticate user
`POST`	`/auth/logout`	End user session
`POST`	`/auth/refresh`	Refresh session
`GET`	`/auth/me`	Get current user
`PUT`	`/auth/me`	Update user profile
`POST`	`/auth/change-password`	Change user password
`POST`	`/auth/forgot-password`	Request password reset
`POST`	`/auth/reset-password`	Reset password with token

Two-Factor Authentication

Method	Endpoint	Description
`POST`	`/auth/2fa/setup`	Setup 2FA for user
`POST`	`/auth/2fa/verify`	Verify 2FA token
`POST`	`/auth/2fa/disable`	Disable 2FA
`GET`	`/auth/2fa/backup-codes`	Get backup codes

Organization Management (SaaS Mode)

Method	Endpoint	Description
`GET`	`/api/orgs`	List user organizations
`POST`	`/api/orgs`	Create organization
`GET`	`/api/orgs/{id}`	Get organization details
`PUT`	`/api/orgs/{id}`	Update organization
`DELETE`	`/api/orgs/{id}`	Delete organization
`GET`	`/api/orgs/{id}/members`	List organization members
`POST`	`/api/orgs/{id}/invite`	Invite user to organization
`DELETE`	`/api/orgs/{id}/members/{userId}`	Remove member

Session Management

Method	Endpoint	Description
`GET`	`/auth/sessions`	List user sessions
`DELETE`	`/auth/sessions/{id}`	Revoke specific session
`DELETE`	`/auth/sessions/all`	Revoke all sessions

Audit & Security

Method	Endpoint	Description
`GET`	`/auth/audit`	Get audit logs
`GET`	`/auth/devices`	List user devices
`DELETE`	`/auth/devices/{id}`	Remove device

Webhooks

Method	Endpoint	Description
`GET`	`/auth/webhooks`	List webhooks
`POST`	`/auth/webhooks`	Create webhook
`PUT`	`/auth/webhooks/{id}`	Update webhook
`DELETE`	`/auth/webhooks/{id}`	Delete webhook

API Keys

Method	Endpoint	Description
`GET`	`/auth/api-keys`	List API keys
`POST`	`/auth/api-keys`	Create API key
`DELETE`	`/auth/api-keys/{id}`	Revoke API key

🤝 Contributing

We welcome contributions to AuthSome! Please follow these guidelines:

Development Setup

Fork and clone the repository

git clone https://github.com/your-username/authsome.git
cd authsome

Install dependencies
```
go mod download
```

Set up development database

# Using Docker
docker run --name authsome-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:15

# Create test database
createdb -h localhost -U postgres authsome_test

Run tests
```
go test ./...
```
Run integration tests
```
make test-integration
```

Code Style

Follow standard Go conventions and use gofmt
Write comprehensive tests for new features
Add function-level comments for exported functions
Use meaningful variable and function names
Follow the existing architecture patterns

Submitting Changes

Create a feature branch

git checkout -b feature/your-feature-name

Make your changes
- Write tests for new functionality
- Update documentation as needed
- Ensure all tests pass

Commit your changes

git commit -m "feat: add your feature description"

Push and create a pull request

git push origin feature/your-feature-name

Pull Request Guidelines

Provide a clear description of the changes
Include tests for new functionality
Update documentation if needed
Ensure CI passes
Link to any relevant issues

Reporting Issues

When reporting issues, please include:

Go version
AuthSome version
Database type and version
Minimal reproduction case
Error messages and stack traces

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License

Copyright (c) 2024 AuthSome Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

🆘 Support

Documentation

Official Documentation: https://authsome.dev
API Reference: https://authsome.dev/api
Examples: https://github.com/xraph/authsome/tree/main/examples

Community

GitHub Discussions: https://github.com/xraph/authsome/discussions
Discord Server: https://discord.gg/authsome
Stack Overflow: Tag your questions with authsome-go

Commercial Support

For enterprise support, consulting, and custom development:

Email: support@authsome.dev
Enterprise: enterprise@authsome.dev
Website: https://authsome.dev/enterprise

Security Issues

For security-related issues, please email: security@authsome.dev

Do not report security issues through public GitHub issues.

Website • Documentation • Examples • Contributing

Made with ❤️ by the AuthSome team

Documentation ¶

Index ¶

Constants
Variables
func InjectAPIKeyService(container forge.Container) (*apikey.Service, error)
func InjectAppService(container forge.Container) (*app.ServiceImpl, error)
func InjectAuditService(container forge.Container) (*audit.Service, error)
func InjectAuthService(container forge.Container) (auth.ServiceInterface, error)
func InjectDatabase(container forge.Container) (*bun.DB, error)
func InjectDeviceService(container forge.Container) (*device.Service, error)
func InjectHookRegistry(container forge.Container) (*hooks.HookRegistry, error)
func InjectJWTService(container forge.Container) (*jwt.Service, error)
func InjectNotificationService(container forge.Container) (*notification.Service, error)
func InjectPluginRegistry(container forge.Container) (plugins.PluginRegistry, error)
func InjectRBACService(container forge.Container) (*rbac.Service, error)
func InjectRateLimitService(container forge.Container) (*ratelimit.Service, error)
func InjectSecurityService(container forge.Container) (*security.Service, error)
func InjectSessionService(container forge.Container) (session.ServiceInterface, error)
func InjectUserService(container forge.Container) (user.ServiceInterface, error)
func InjectWebhookService(container forge.Container) (*webhook.Service, error)
func ResolveAPIKeyService(container forge.Container) (*apikey.Service, error)
func ResolveAppService(container forge.Container) (*app.ServiceImpl, error)
func ResolveAuditService(container forge.Container) (*audit.Service, error)
func ResolveAuthService(container forge.Container) (auth.ServiceInterface, error)
func ResolveDatabase(container forge.Container) (*bun.DB, error)
func ResolveDatabaseManager(container forge.Container) (*forgedb.DatabaseManager, error)
func ResolveDeviceService(container forge.Container) (*device.Service, error)
func ResolveHookRegistry(container forge.Container) (*hooks.HookRegistry, error)
func ResolveJWTService(container forge.Container) (*jwt.Service, error)
func ResolveNotificationService(container forge.Container) (*notification.Service, error)
func ResolvePluginRegistry(container forge.Container) (*plugins.Registry, error)
func ResolveRBACService(container forge.Container) (*rbac.Service, error)
func ResolveRateLimitService(container forge.Container) (*ratelimit.Service, error)
func ResolveSecurityService(container forge.Container) (*security.Service, error)
func ResolveSessionService(container forge.Container) (session.ServiceInterface, error)
func ResolveUserService(container forge.Container) (user.ServiceInterface, error)
func ResolveWebhookService(container forge.Container) (*webhook.Service, error)
type APIKey
type APIKeyConfig
type APIKeyService
type AfterMemberAddHook
type AfterOrganizationCreateHook
type AfterSessionCreateHook
type AfterSignInHook
type AfterSignOutHook
type AfterSignUpHook
type App
type AppConfig
type AppRepository
type AppService
type AuditService
type Auth
- func New(opts ...Option) *Auth
- func (a *Auth) AuthMiddleware() forge.Middleware
- func (a *Auth) Authenticate() forge.Middleware
- func (a *Auth) AuthenticateOptional() forge.Middleware
- func (a *Auth) GetBasePath() string
- func (a *Auth) GetConfig() Config
- func (a *Auth) GetDB() *bun.DB
- func (a *Auth) GetDefaultApp(ctx context.Context) (*app.App, error)
- func (a *Auth) GetDefaultEnvironment(ctx context.Context, appID xid.ID) (*env.Environment, error)
- func (a *Auth) GetForgeApp() forge.App
- func (a *Auth) GetGlobalGroupRoutesOptions() []forge.GroupOption
- func (a *Auth) GetGlobalRoutesOptions() []forge.RouteOption
- func (a *Auth) GetHookRegistry() *hooks.HookRegistry
- func (a *Auth) GetPluginRegistry() plugins.PluginRegistry
- func (a *Auth) GetServiceRegistry() *registry.ServiceRegistry
- func (a *Auth) Hooks() *hooks.HookRegistry
- func (a *Auth) Initialize(ctx context.Context) error
- func (a *Auth) IsPluginEnabled(pluginID string) bool
- func (a *Auth) Logger() forge.Logger
- func (a *Auth) Mount(router forge.Router, basePath string) error
- func (a *Auth) RegisterAuthStrategy(strategy middleware.AuthStrategy) error
- func (a *Auth) RegisterPlugin(plugin plugins.Plugin) error
- func (a *Auth) Repository() repo.Repository
- func (a *Auth) RequireAPIKey() forge.Middleware
- func (a *Auth) RequireAdmin() forge.Middleware
- func (a *Auth) RequireAllPermissions(permissions ...string) forge.Middleware
- func (a *Auth) RequireAllScopes(scopes ...string) forge.Middleware
- func (a *Auth) RequireAnyPermission(permissions ...string) forge.Middleware
- func (a *Auth) RequireAnyScope(scopes ...string) forge.Middleware
- func (a *Auth) RequireAuth() forge.Middleware
- func (a *Auth) RequireCanAccess(action, resource string) forge.Middleware
- func (a *Auth) RequirePublishableKey() forge.Middleware
- func (a *Auth) RequireRBACPermission(action, resource string) forge.Middleware
- func (a *Auth) RequireScope(scope string) forge.Middleware
- func (a *Auth) RequireSecretKey() forge.Middleware
- func (a *Auth) RequireUser() forge.Middleware
- func (a *Auth) ServiceRegistry() *registry.ServiceRegistry
type AuthConfig
type AuthContext
type AuthMethod
type AuthMiddleware
type AuthMiddlewareConfig
type AuthResponse
type AuthService
type Config
type ContextConfig
type ContextResolution
type ContextSource
type CreateAPIKeyRequest
type CreateAppRequest
type CreateJWTKeyRequest
type CreateSessionRequest
type CreateTeamRequest
type CreateUserRequest
type CreateWebhookRequest
type Device
type DeviceService
type Environment
type EnvironmentRepository
type GenerateTokenRequest
type GeoIPProvider
type HookRegistry
type Invitation
type InvitationRepository
type InvitationStatus
type InviteMemberRequest
type JWTConfig
type JWTKey
type JWTService
type Member
type MemberRepository
type MemberRole
type MemberStatus
type Notification
type NotificationConfig
type NotificationService
type NotificationTemplate
type Option
- func WithAuthMiddlewareConfig(config middleware.AuthMiddlewareConfig) Option
- func WithBasePath(path string) Option
- func WithCORSEnabled(enabled bool) Option
- func WithDatabase(db any) Option
- func WithDatabaseFromForge() Option
- func WithDatabaseManager(manager *forgedb.DatabaseManager, dbName ...string) Option
- func WithDatabaseSchema(schema string) Option
- func WithForgeApp(app forge.App) Option
- func WithGeoIPProvider(provider sec.GeoIPProvider) Option
- func WithGlobalCookieConfig(config session.CookieConfig) Option
- func WithGlobalGroupRoutesOptions(opts ...forge.GroupOption) Option
- func WithGlobalRoutesOptions(opts ...forge.RouteOption) Option
- func WithMinPasswordLength(length int) Option
- func WithPasswordPolicy(policy string) Option
- func WithPasswordRequirements(reqs validator.PasswordRequirements) Option
- func WithRBACEnforcement(enabled bool) Option
- func WithRateLimitConfig(cfg rl.Config) Option
- func WithRateLimitStorage(storage rl.Storage) Option
- func WithRefreshTokens(enabled bool, accessTTL, refreshTTL time.Duration) Option
- func WithRequireEmailVerification(require bool) Option
- func WithSecret(secret string) Option
- func WithSecurityConfig(cfg sec.Config) Option
- func WithSessionConfig(config session.Config) Option
- func WithSessionCookieEnabled(enabled bool) Option
- func WithSessionCookieMaxAge(seconds int) Option
- func WithSessionCookieName(name string) Option
- func WithSessionTTL(defaultTTL, rememberTTL time.Duration) Option
- func WithSlidingWindowSessions(enabled bool, renewalThreshold ...time.Duration) Option
- func WithTrustedOrigins(origins []string) Option
- func WithUserConfig(config user.Config) Option
type Organization
type OrganizationConfig
type OrganizationService
type Permission
type Plugin
type PluginDependencies
- func ResolvePluginDependencies(container forge.Container) (*PluginDependencies, error)
type PluginRegistry
type Policy
type RBACService
type RateLimitConfig
type RateLimitService
type RateLimitStorage
type Role
type RoleRegistry
type SchemaAPIKey
type SchemaApp
type SchemaDevice
type SchemaInvitation
type SchemaJWTKey
type SchemaMember
type SchemaNotification
type SchemaRole
type SchemaSession
type SchemaTeam
type SchemaTeamMember
type SchemaUser
type SchemaUserRole
type SchemaWebhook
type SecurityConfig
type SecurityService
type ServiceRegistry
type Session
type SessionConfig
type SessionService
type SignInRequest
type SignUpRequest
type Team
type TeamMember
type TeamRepository
type UpdateAppRequest
type UpdateMemberRequest
type UpdateTeamRequest
type UpdateUserRequest
type User
type UserConfig
type UserService
type Webhook
type WebhookConfig
type WebhookDelivery
type WebhookEvent
type WebhookService

Constants ¶

View Source

const (
	ServiceDatabase       = "authsome.database"
	ServiceUser           = "authsome.user"
	ServiceSession        = "authsome.session"
	ServiceAuth           = "authsome.auth"
	ServiceApp            = "authsome.app"
	ServiceOrganization   = "authsome.organization"
	ServiceRateLimit      = "authsome.ratelimit"
	ServiceDevice         = "authsome.device"
	ServiceSecurity       = "authsome.security"
	ServiceAudit          = "authsome.audit"
	ServiceRBAC           = "authsome.rbac"
	ServiceWebhook        = "authsome.webhook"
	ServiceNotification   = "authsome.notification"
	ServiceJWT            = "authsome.jwt"
	ServiceAPIKey         = "authsome.apikey"
	ServiceHookRegistry   = "authsome.hooks"
	ServicePluginRegistry = "authsome.plugins"
)

ServiceImpl name constants for DI container.

View Source

const (
	// AuthMethodNone indicates no authentication.
	AuthMethodNone = contexts.AuthMethodNone

	// AuthMethodSession indicates session-based authentication.
	AuthMethodSession = contexts.AuthMethodSession

	// AuthMethodAPIKey indicates API key authentication.
	AuthMethodAPIKey = contexts.AuthMethodAPIKey

	// AuthMethodBoth indicates both session and API key authentication.
	AuthMethodBoth = contexts.AuthMethodBoth
)

AuthMethod constants.

View Source

const (
	// MemberRoleOwner is the owner member role.
	MemberRoleOwner  = app.MemberRoleOwner
	MemberRoleAdmin  = app.MemberRoleAdmin
	MemberRoleMember = app.MemberRoleMember

	// MemberStatusActive is the active member status.
	MemberStatusActive    = app.MemberStatusActive
	MemberStatusSuspended = app.MemberStatusSuspended
	MemberStatusPending   = app.MemberStatusPending

	// InvitationStatusPending is the pending invitation status.
	InvitationStatusPending   = app.InvitationStatusPending
	InvitationStatusAccepted  = app.InvitationStatusAccepted
	InvitationStatusExpired   = app.InvitationStatusExpired
	InvitationStatusCancelled = app.InvitationStatusCancelled
	InvitationStatusDeclined  = app.InvitationStatusDeclined

	// RoleOwner is a backward compatibility alias for MemberRoleOwner.
	RoleOwner       = app.MemberRoleOwner
	RoleAdmin       = app.MemberRoleAdmin
	RoleMember      = app.MemberRoleMember
	StatusActive    = app.MemberStatusActive
	StatusSuspended = app.MemberStatusSuspended
	StatusPending   = app.MemberStatusPending
)

Enum constants exported for convenience.

View Source

const (
	// ContextSourceNone indicates no context source.
	ContextSourceNone = middleware.ContextSourceNone

	// ContextSourceExisting indicates context already exists in request.
	ContextSourceExisting = middleware.ContextSourceExisting

	// ContextSourceHeader indicates context from HTTP header.
	ContextSourceHeader = middleware.ContextSourceHeader

	// ContextSourceAPIKey indicates context from verified API key.
	ContextSourceAPIKey = middleware.ContextSourceAPIKey

	// ContextSourceDefault indicates context from default config.
	ContextSourceDefault = middleware.ContextSourceDefault

	// ContextSourceAutoDetect indicates context from AuthSome config.
	ContextSourceAutoDetect = middleware.ContextSourceAutoDetect
)

Context Source Constants.

Variables ¶

View Source

var (
	// GetAppID gets the app ID from context.
	GetAppID     = contexts.GetAppID
	SetAppID     = contexts.SetAppID
	RequireAppID = contexts.RequireAppID

	// GetEnvironmentID gets the environment ID from context.
	GetEnvironmentID     = contexts.GetEnvironmentID
	SetEnvironmentID     = contexts.SetEnvironmentID
	RequireEnvironmentID = contexts.RequireEnvironmentID

	// GetOrganizationID gets the organization ID from context.
	GetOrganizationID     = contexts.GetOrganizationID
	SetOrganizationID     = contexts.SetOrganizationID
	RequireOrganizationID = contexts.RequireOrganizationID

	// GetUserID gets the user ID from context.
	GetUserID     = contexts.GetUserID
	SetUserID     = contexts.SetUserID
	RequireUserID = contexts.RequireUserID

	// WithAppAndOrganization creates a context with app and organization IDs.
	WithAppAndOrganization            = contexts.WithAppAndOrganization
	WithAppAndUser                    = contexts.WithAppAndUser
	WithAppEnvironmentAndOrganization = contexts.WithAppEnvironmentAndOrganization
	WithAll                           = contexts.WithAll

	// SetAuthContext sets the auth context.
	SetAuthContext     = contexts.SetAuthContext
	GetAuthContext     = contexts.GetAuthContext
	RequireAuthContext = contexts.RequireAuthContext
	RequireUser        = contexts.RequireUser
	RequireAPIKey      = contexts.RequireAPIKey
	GetUser            = contexts.GetUser
	GetAPIKey          = contexts.GetAPIKey
	GetSession         = contexts.GetSession
)

Contexts Functions.

View Source

var (
	// ErrAppContextRequired is returned when app context is required but not found.
	ErrAppContextRequired = contexts.ErrAppContextRequired

	// ErrEnvironmentContextRequired is returned when environment context is required but not found.
	ErrEnvironmentContextRequired = contexts.ErrEnvironmentContextRequired

	// ErrOrganizationContextRequired is returned when organization context is required but not found.
	ErrOrganizationContextRequired = contexts.ErrOrganizationContextRequired

	// ErrUserContextRequired is returned when user context is required but not found.
	ErrUserContextRequired = contexts.ErrUserContextRequired

	// ErrAuthContextRequired is returned when auth context is required but not found.
	ErrAuthContextRequired = contexts.ErrAuthContextRequired

	// ErrUserAuthRequired is returned when user authentication is required.
	ErrUserAuthRequired = contexts.ErrUserAuthRequired

	// ErrAPIKeyRequired is returned when API key authentication is required.
	ErrAPIKeyRequired = contexts.ErrAPIKeyRequired

	// ErrInsufficientScope is returned when API key lacks required scope.
	ErrInsufficientScope = contexts.ErrInsufficientScope

	// ErrInsufficientPermission is returned when lacking required RBAC permission.
	ErrInsufficientPermission = contexts.ErrInsufficientPermission
)

Context Errors.

View Source

var (
	// NewAuthMiddleware creates a new authentication middleware.
	NewAuthMiddleware = middleware.NewAuthMiddleware

	// DefaultContextConfig returns a ContextConfig with sensible defaults.
	DefaultContextConfig = middleware.DefaultContextConfig
)

Middleware Config Functions.

View Source

var (
	// RegisterDefaultPlatformRoles registers default platform roles.
	RegisterDefaultPlatformRoles = rbac.RegisterDefaultPlatformRoles
)

RBAC Functions.

Functions ¶

func InjectAPIKeyService ¶ added in v0.0.15

func InjectAPIKeyService(container forge.Container) (*apikey.Service, error)

InjectAPIKeyService resolves the API key service using type-based injection.

func InjectAppService ¶ added in v0.0.15

func InjectAppService(container forge.Container) (*app.ServiceImpl, error)

InjectAppService resolves the app service using type-based injection.

func InjectAuditService ¶ added in v0.0.15

func InjectAuditService(container forge.Container) (*audit.Service, error)

InjectAuditService resolves the audit service using type-based injection.

func InjectAuthService ¶ added in v0.0.15

func InjectAuthService(container forge.Container) (auth.ServiceInterface, error)

InjectAuthService resolves the auth service using type-based injection.

func InjectDatabase ¶ added in v0.0.15

func InjectDatabase(container forge.Container) (*bun.DB, error)

InjectDatabase resolves the database using type-based injection.

func InjectDeviceService ¶ added in v0.0.15

func InjectDeviceService(container forge.Container) (*device.Service, error)

InjectDeviceService resolves the device service using type-based injection.

func InjectHookRegistry ¶ added in v0.0.15

func InjectHookRegistry(container forge.Container) (*hooks.HookRegistry, error)

InjectHookRegistry resolves the hook registry using type-based injection.

func InjectJWTService ¶ added in v0.0.15

func InjectJWTService(container forge.Container) (*jwt.Service, error)

InjectJWTService resolves the JWT service using type-based injection.

func InjectNotificationService ¶ added in v0.0.15

func InjectNotificationService(container forge.Container) (*notification.Service, error)

InjectNotificationService resolves the notification service using type-based injection.

func InjectPluginRegistry ¶ added in v0.0.15

func InjectPluginRegistry(container forge.Container) (plugins.PluginRegistry, error)

InjectPluginRegistry resolves the plugin registry using type-based injection.

func InjectRBACService ¶ added in v0.0.15

func InjectRBACService(container forge.Container) (*rbac.Service, error)

InjectRBACService resolves the RBAC service using type-based injection.

func InjectRateLimitService ¶ added in v0.0.15

func InjectRateLimitService(container forge.Container) (*ratelimit.Service, error)

InjectRateLimitService resolves the rate limit service using type-based injection.

func InjectSecurityService ¶ added in v0.0.15

func InjectSecurityService(container forge.Container) (*security.Service, error)

InjectSecurityService resolves the security service using type-based injection.

func InjectSessionService ¶ added in v0.0.15

func InjectSessionService(container forge.Container) (session.ServiceInterface, error)

InjectSessionService resolves the session service using type-based injection.

func InjectUserService ¶ added in v0.0.15

func InjectUserService(container forge.Container) (user.ServiceInterface, error)

InjectUserService resolves the user service using type-based injection.

func InjectWebhookService ¶ added in v0.0.15

func InjectWebhookService(container forge.Container) (*webhook.Service, error)

InjectWebhookService resolves the webhook service using type-based injection.

func ResolveAPIKeyService ¶

func ResolveAPIKeyService(container forge.Container) (*apikey.Service, error)

ResolveAPIKeyService resolves the API key service from the container.

func ResolveAppService ¶

func ResolveAppService(container forge.Container) (*app.ServiceImpl, error)

ResolveAppService resolves the app service from the container.

func ResolveAuditService ¶

func ResolveAuditService(container forge.Container) (*audit.Service, error)

ResolveAuditService resolves the audit service from the container.

func ResolveAuthService ¶

func ResolveAuthService(container forge.Container) (auth.ServiceInterface, error)

ResolveAuthService resolves the auth service from the container.

func ResolveDatabase ¶

func ResolveDatabase(container forge.Container) (*bun.DB, error)

ResolveDatabase resolves the database from the container First tries AuthSome's registered database, then falls back to Forge's database extension.

func ResolveDatabaseManager ¶

func ResolveDatabaseManager(container forge.Container) (*forgedb.DatabaseManager, error)

ResolveDatabaseManager resolves Forge's DatabaseManager from the container This is useful for plugins that need access to multiple databases.

func ResolveDeviceService ¶

func ResolveDeviceService(container forge.Container) (*device.Service, error)

ResolveDeviceService resolves the device service from the container.

func ResolveHookRegistry ¶

func ResolveHookRegistry(container forge.Container) (*hooks.HookRegistry, error)

ResolveHookRegistry resolves the hook registry from the container.

func ResolveJWTService ¶

func ResolveJWTService(container forge.Container) (*jwt.Service, error)

ResolveJWTService resolves the JWT service from the container.

func ResolveNotificationService ¶

func ResolveNotificationService(container forge.Container) (*notification.Service, error)

ResolveNotificationService resolves the notification service from the container.

func ResolvePluginRegistry ¶

func ResolvePluginRegistry(container forge.Container) (*plugins.Registry, error)

ResolvePluginRegistry resolves the plugin registry from the container.

func ResolveRBACService ¶

func ResolveRBACService(container forge.Container) (*rbac.Service, error)

ResolveRBACService resolves the RBAC service from the container.

func ResolveRateLimitService ¶

func ResolveRateLimitService(container forge.Container) (*ratelimit.Service, error)

ResolveRateLimitService resolves the rate limit service from the container.

func ResolveSecurityService ¶

func ResolveSecurityService(container forge.Container) (*security.Service, error)

ResolveSecurityService resolves the security service from the container.

func ResolveSessionService ¶

func ResolveSessionService(container forge.Container) (session.ServiceInterface, error)

ResolveSessionService resolves the session service from the container.

func ResolveUserService ¶

func ResolveUserService(container forge.Container) (user.ServiceInterface, error)

ResolveUserService resolves the user service from the container.

func ResolveWebhookService ¶

func ResolveWebhookService(container forge.Container) (*webhook.Service, error)

ResolveWebhookService resolves the webhook service from the container.

Types ¶

type APIKeyConfig ¶

type APIKeyConfig = apikey.Config

APIKeyConfig holds API key service configuration.

type AfterMemberAddHook ¶

type AfterMemberAddHook = hooks.AfterMemberAddHook

AfterMemberAddHook registers an organization lifecycle hook.

type AfterOrganizationCreateHook ¶

type AfterOrganizationCreateHook = hooks.AfterOrganizationCreateHook

AfterOrganizationCreateHook registers a user lifecycle hook.

type AfterSessionCreateHook ¶

type AfterSessionCreateHook = hooks.AfterSessionCreateHook

AfterSessionCreateHook registers a session lifecycle hook.

type AfterSignInHook ¶

type AfterSignInHook = hooks.AfterSignInHook

AfterSignInHook registers an authentication lifecycle hook.

type AfterSignOutHook ¶

type AfterSignOutHook = hooks.AfterSignOutHook

AfterSignOutHook registers an authentication lifecycle hook.

type AfterSignUpHook ¶

type AfterSignUpHook = hooks.AfterSignUpHook

AfterSignUpHook registers an authentication lifecycle hook.

type App ¶

type App = app.App

App represents an application entity.

type AppConfig ¶

type AppConfig = app.Config

AppConfig holds app service configuration.

type AppRepository ¶

type AppRepository = app.AppRepository

AppRepository defines the app repository interface.

type AppService ¶

type AppService = app.AppService

AppService is the service interface for app operations.

type Auth ¶

type Auth struct {
	// contains filtered or unexported fields
}

Auth is the main authentication instance.

func New ¶

func New(opts ...Option) *Auth

New creates a new Auth instance with the given options.

func (*Auth) AuthMiddleware ¶

func (a *Auth) AuthMiddleware() forge.Middleware

AuthMiddleware returns the optional authentication middleware This middleware populates the auth context with API key and/or session data.

func (*Auth) Authenticate ¶ added in v0.0.2

func (a *Auth) Authenticate() forge.Middleware

Authenticate returns the authentication middleware.

func (*Auth) AuthenticateOptional ¶ added in v0.0.15

func (a *Auth) AuthenticateOptional() forge.Middleware

AuthenticateOptional returns the authentication middleware.

func (*Auth) GetBasePath ¶

func (a *Auth) GetBasePath() string

GetBasePath returns the base path for AuthSome routes.

func (*Auth) GetConfig ¶

func (a *Auth) GetConfig() Config

GetConfig returns the auth config.

func (*Auth) GetDB ¶

func (a *Auth) GetDB() *bun.DB

GetDB returns the database instance.

func (*Auth) GetDefaultApp ¶ added in v0.0.2

func (a *Auth) GetDefaultApp(ctx context.Context) (*app.App, error)

GetDefaultApp returns the default app when in standalone mode This is useful for middleware context auto-detection Returns nil if not in standalone mode or app not found.

func (*Auth) GetDefaultEnvironment ¶ added in v0.0.2

func (a *Auth) GetDefaultEnvironment(ctx context.Context, appID xid.ID) (*env.Environment, error)

GetDefaultEnvironment returns the default environment for an app This is useful for middleware context auto-detection Returns nil if environment not found.

func (*Auth) GetForgeApp ¶

func (a *Auth) GetForgeApp() forge.App

GetForgeApp returns the forge application instance.

func (*Auth) GetGlobalGroupRoutesOptions ¶ added in v0.0.2

func (a *Auth) GetGlobalGroupRoutesOptions() []forge.GroupOption

GetGlobalGroupRoutesOptions returns the global group routes options.

func (*Auth) GetGlobalRoutesOptions ¶ added in v0.0.2

func (a *Auth) GetGlobalRoutesOptions() []forge.RouteOption

GetGlobalRoutesOptions returns the global routes options.

func (*Auth) GetHookRegistry ¶

func (a *Auth) GetHookRegistry() *hooks.HookRegistry

GetHookRegistry returns the hook registry for plugins.

func (*Auth) GetPluginRegistry ¶

func (a *Auth) GetPluginRegistry() plugins.PluginRegistry

GetPluginRegistry returns the plugin registry.

func (*Auth) GetServiceRegistry ¶

func (a *Auth) GetServiceRegistry() *registry.ServiceRegistry

GetServiceRegistry returns the service registry for plugins.

func (*Auth) Hooks ¶ added in v0.0.3

func (a *Auth) Hooks() *hooks.HookRegistry

Hooks returns the hook registry for plugins.

func (*Auth) Initialize ¶

func (a *Auth) Initialize(ctx context.Context) error

Initialize initializes all core services.

func (*Auth) IsPluginEnabled ¶

func (a *Auth) IsPluginEnabled(pluginID string) bool

IsPluginEnabled checks if a plugin is registered and enabled.

func (*Auth) Logger ¶

func (a *Auth) Logger() forge.Logger

Logger returns the logger for AuthSome.

func (*Auth) Mount ¶

func (a *Auth) Mount(router forge.Router, basePath string) error

Mount mounts the auth routes to the Forge router.

func (*Auth) RegisterAuthStrategy ¶ added in v0.0.5

func (a *Auth) RegisterAuthStrategy(strategy middleware.AuthStrategy) error

RegisterAuthStrategy registers an authentication strategy This allows plugins to add custom authentication methods Strategies are tried in priority order during authentication.

func (*Auth) Repository ¶

func (a *Auth) Repository() repo.Repository

Repository implements core.Authsome.

func (*Auth) RequireAPIKey ¶

func (a *Auth) RequireAPIKey() forge.Middleware

RequireAPIKey returns middleware that requires API key authentication Blocks requests that don't have a valid API key.

func (*Auth) RequireAdmin ¶

func (a *Auth) RequireAdmin() forge.Middleware

RequireAdmin returns middleware that requires admin privileges Blocks requests that don't have admin:full scope via secret API key.

func (*Auth) RequireAllPermissions ¶ added in v0.0.2

func (a *Auth) RequireAllPermissions(permissions ...string) forge.Middleware

RequireAllPermissions returns middleware that requires all of the specified permissions.

func (*Auth) RequireAllScopes ¶

func (a *Auth) RequireAllScopes(scopes ...string) forge.Middleware

RequireAllScopes returns middleware that requires all of the specified scopes.

func (*Auth) RequireAnyPermission ¶ added in v0.0.2

func (a *Auth) RequireAnyPermission(permissions ...string) forge.Middleware

RequireAnyPermission returns middleware that requires any of the specified permissions.

func (*Auth) RequireAnyScope ¶

func (a *Auth) RequireAnyScope(scopes ...string) forge.Middleware

RequireAnyScope returns middleware that requires any of the specified scopes.

func (*Auth) RequireAuth ¶

func (a *Auth) RequireAuth() forge.Middleware

RequireAuth returns middleware that requires authentication Blocks requests that are not authenticated via API key or session.

func (*Auth) RequireCanAccess ¶ added in v0.0.2

func (a *Auth) RequireCanAccess(action, resource string) forge.Middleware

RequireCanAccess returns middleware that checks if auth context can access a resource This is flexible - accepts EITHER legacy scopes OR RBAC permissions Recommended for backward compatibility.

func (*Auth) RequirePublishableKey ¶

func (a *Auth) RequirePublishableKey() forge.Middleware

RequirePublishableKey returns middleware that requires a publishable (pk_) API key.

func (*Auth) RequireRBACPermission ¶ added in v0.0.2

func (a *Auth) RequireRBACPermission(action, resource string) forge.Middleware

RequireRBACPermission returns middleware that requires a specific RBAC permission Checks only RBAC permissions (not legacy scopes).

func (*Auth) RequireScope ¶

func (a *Auth) RequireScope(scope string) forge.Middleware

RequireScope returns middleware that requires a specific API key scope Blocks requests where the API key lacks the specified scope.

func (*Auth) RequireSecretKey ¶

func (a *Auth) RequireSecretKey() forge.Middleware

RequireSecretKey returns middleware that requires a secret (sk_) API key.

func (*Auth) RequireUser ¶

func (a *Auth) RequireUser() forge.Middleware

RequireUser returns middleware that requires user authentication (session) Blocks requests that don't have a valid user session.

func (*Auth) ServiceRegistry ¶ added in v0.0.3

func (a *Auth) ServiceRegistry() *registry.ServiceRegistry

ServiceRegistry returns the service registry for plugins.

type AuthConfig ¶

type AuthConfig = auth.Config

AuthConfig holds auth service configuration.

type AuthContext ¶ added in v0.0.2

type AuthContext = contexts.AuthContext

AuthContext holds complete authentication state for a request.

type AuthMethod ¶ added in v0.0.2

type AuthMethod = contexts.AuthMethod

AuthMethod indicates how the request was authenticated.

type AuthMiddleware ¶ added in v0.0.2

type AuthMiddleware = middleware.AuthMiddleware

AuthMiddleware is the authentication middleware.

type AuthMiddlewareConfig ¶ added in v0.0.2

type AuthMiddlewareConfig = middleware.AuthMiddlewareConfig

AuthMiddlewareConfig configures the authentication middleware behavior.

type AuthResponse ¶

type AuthResponse = responses.AuthResponse

AuthResponse is the response from authentication operations.

type AuthService ¶

type AuthService = auth.ServiceInterface

AuthService is the authentication service interface.

type Config ¶

type Config = core.Config

Config represents the root configuration.

type ContextConfig ¶ added in v0.0.2

type ContextConfig = middleware.ContextConfig

ContextConfig configures how app and environment context is populated.

type ContextResolution ¶ added in v0.0.2

type ContextResolution = middleware.ContextResolution

ContextResolution tracks how context values were resolved.

type ContextSource ¶ added in v0.0.2

type ContextSource = middleware.ContextSource

ContextSource indicates where the context value came from.

type CreateAPIKeyRequest ¶

type CreateAPIKeyRequest = apikey.CreateAPIKeyRequest

CreateAPIKeyRequest is the request for creating an API key.

type CreateAppRequest ¶

type CreateAppRequest = app.CreateAppRequest

CreateAppRequest is the request for creating an app.

type CreateJWTKeyRequest ¶

type CreateJWTKeyRequest = jwt.CreateJWTKeyRequest

CreateJWTKeyRequest is the request for creating a JWT key.

type CreateSessionRequest ¶

type CreateSessionRequest = session.CreateSessionRequest

CreateSessionRequest is the request for creating a session.

type CreateTeamRequest ¶

type CreateTeamRequest = app.CreateTeamRequest

CreateTeamRequest is the request for creating a team.

type CreateUserRequest ¶

type CreateUserRequest = user.CreateUserRequest

CreateUserRequest is the request for creating a user.

type CreateWebhookRequest ¶

type CreateWebhookRequest = webhook.CreateWebhookRequest

CreateWebhookRequest is the request for creating a webhook.

type Environment ¶ added in v0.0.3

type Environment = environment.Environment

Environment represents an environment.

type EnvironmentRepository ¶ added in v0.0.3

type EnvironmentRepository = environment.Repository

EnvironmentRepository defines the environment repository interface.

type GenerateTokenRequest ¶

type GenerateTokenRequest = jwt.GenerateTokenRequest

GenerateTokenRequest is the request for generating a JWT token.

type GeoIPProvider ¶

type GeoIPProvider = sec.GeoIPProvider

GeoIPProvider is the interface for GeoIP providers.

type HookRegistry ¶

type HookRegistry = hooks.HookRegistry

HookRegistry is the registry for registering hooks.

type InvitationRepository ¶

type InvitationRepository = app.InvitationRepository

InvitationRepository defines the invitation repository interface.

type InvitationStatus ¶

type InvitationStatus = app.InvitationStatus

InvitationStatus is an invitation status type.

type InviteMemberRequest ¶

type InviteMemberRequest = app.InviteMemberRequest

InviteMemberRequest is the request for inviting a member.

type JWTConfig ¶

type JWTConfig = jwt.Config

JWTConfig holds JWT service configuration.

type MemberRepository ¶

type MemberRepository = app.MemberRepository

MemberRepository defines the member repository interface.

type MemberStatus ¶

type MemberStatus = app.MemberStatus

Schema Enums - Type aliases for cleaner API (re-exported from core/app).

type Notification ¶

type Notification = notification.Notification

Notification represents a notification entity.

type NotificationConfig ¶

type NotificationConfig = notification.Config

NotificationConfig holds notification service configuration.

type NotificationService ¶

type NotificationService = notification.Service

NotificationService is the notification service.

type NotificationTemplate ¶

type NotificationTemplate = notification.Template

NotificationTemplate represents a notification template.

type Option ¶

type Option func(*Auth)

Option is a function that configures Auth.

func WithAuthMiddlewareConfig ¶ added in v0.0.2

func WithAuthMiddlewareConfig(config middleware.AuthMiddlewareConfig) Option

WithAuthMiddlewareConfig sets the authentication middleware configuration This controls how the global authentication middleware behaves, including: - Session cookie name - Optional authentication (allow unauthenticated requests) - API key authentication settings - Context resolution (app/environment from headers or API key)

Example:

WithAuthMiddlewareConfig(middleware.AuthMiddlewareConfig{
    SessionCookieName:   "my_session",
    Optional:            true,
    AllowAPIKeyInQuery:  false, // Security best practice
    AllowSessionInQuery: false, // Security best practice
    Context: middleware.ContextConfig{
        AutoDetectFromAPIKey: true,
        AutoDetectFromConfig: true,
    },
})

func WithBasePath ¶

func WithBasePath(path string) Option

WithBasePath sets the base path for routes.

func WithCORSEnabled ¶ added in v0.0.2

func WithCORSEnabled(enabled bool) Option

WithCORSEnabled enables or disables CORS middleware When enabled, uses TrustedOrigins for allowed origins Default: false (disabled - let Forge or your app handle CORS).

func WithDatabase ¶

func WithDatabase(db any) Option

WithDatabase sets the database connection directly (backwards compatible) For new applications, consider using WithDatabaseManager with Forge's database extension.

func WithDatabaseFromForge ¶

func WithDatabaseFromForge() Option

WithDatabaseFromForge resolves the database from Forge's DI container This automatically uses the database extension if registered.

func WithDatabaseManager ¶

func WithDatabaseManager(manager *forgedb.DatabaseManager, dbName ...string) Option

WithDatabaseManager uses Forge's database extension DatabaseManager This is the recommended approach when using Forge's database extension The database will be resolved from the manager using the default or specified name.

func WithDatabaseSchema ¶

func WithDatabaseSchema(schema string) Option

WithDatabaseSchema sets the PostgreSQL schema for AuthSome tables This allows organizational separation of auth tables from application tables Example: WithDatabaseSchema("auth") creates tables in the "auth" schema Default: "" (uses database default, typically "public") Note: Schema must be valid SQL identifier; will be created if it doesn't exist.

func WithForgeApp ¶

func WithForgeApp(app forge.App) Option

WithForgeApp sets the Forge application instance.

func WithGeoIPProvider ¶

func WithGeoIPProvider(provider sec.GeoIPProvider) Option

WithGeoIPProvider sets a GeoIP provider for country-based restrictions.

func WithGlobalCookieConfig ¶ added in v0.0.2

func WithGlobalCookieConfig(config session.CookieConfig) Option

WithGlobalCookieConfig sets the global cookie configuration for session management This configuration applies to all apps unless overridden at the app level Example:

WithGlobalCookieConfig(session.CookieConfig{
    Enabled:  true,
    Name:     "my_session",
    HttpOnly: true,
    SameSite: "Lax",
})

func WithGlobalGroupRoutesOptions ¶ added in v0.0.2

func WithGlobalGroupRoutesOptions(opts ...forge.GroupOption) Option

WithGlobalGroupRoutesOptions sets the global group routes options.

func WithGlobalRoutesOptions ¶ added in v0.0.2

func WithGlobalRoutesOptions(opts ...forge.RouteOption) Option

WithGlobalRoutesOptions sets global route options for all routes.

func WithMinPasswordLength ¶ added in v0.0.3

func WithMinPasswordLength(length int) Option

WithMinPasswordLength sets the minimum password length

Example:

WithMinPasswordLength(12)

func WithPasswordPolicy ¶ added in v0.0.3

func WithPasswordPolicy(policy string) Option

WithPasswordPolicy is a convenience function to set common password policies Predefined policies: "weak", "medium", "strong", "enterprise"

Example:

WithPasswordPolicy("strong")

func WithPasswordRequirements ¶ added in v0.0.3

func WithPasswordRequirements(reqs validator.PasswordRequirements) Option

WithPasswordRequirements sets the password requirements This controls password validation for user registration and password changes

Example:

WithPasswordRequirements(validator.PasswordRequirements{
    MinLength:      12,
    RequireUpper:   true,
    RequireLower:   true,
    RequireNumber:  true,
    RequireSpecial: true,
})

func WithRBACEnforcement ¶

func WithRBACEnforcement(enabled bool) Option

WithRBACEnforcement enables/disables handler-level RBAC enforcement.

func WithRateLimitConfig ¶

func WithRateLimitConfig(cfg rl.Config) Option

WithRateLimitConfig sets rate limit configuration (enabled, default rule, per-path rules).

func WithRateLimitStorage ¶

func WithRateLimitStorage(storage rl.Storage) Option

WithRateLimitStorage sets the rate limit storage backend (memory or redis).

func WithRefreshTokens ¶ added in v0.0.3

func WithRefreshTokens(enabled bool, accessTTL, refreshTTL time.Duration) Option

WithRefreshTokens enables the refresh token pattern Short-lived access tokens are issued with long-lived refresh tokens Clients must explicitly refresh when access token expires

Example:

WithRefreshTokens(true, 15*time.Minute, 30*24*time.Hour)
// 15 min access tokens, 30 day refresh tokens

func WithRequireEmailVerification ¶ added in v0.0.7

func WithRequireEmailVerification(require bool) Option

func WithSecret ¶

func WithSecret(secret string) Option

WithSecret sets the secret for token signing.

func WithSecurityConfig ¶

func WithSecurityConfig(cfg sec.Config) Option

WithSecurityConfig sets security service configuration (IP rules, country rules) Pass lists like IPWhitelist/IPBlacklist; Enabled true to enforce checks.

func WithSessionConfig ¶ added in v0.0.3

func WithSessionConfig(config session.Config) Option

WithSessionConfig sets the full session configuration This controls session behavior including TTL, sliding window, and refresh tokens

Example:

WithSessionConfig(session.Config{
    DefaultTTL:           24 * time.Hour,
    RememberTTL:          7 * 24 * time.Hour,
    EnableSlidingWindow:  true,
    SlidingRenewalAfter:  5 * time.Minute,
    EnableRefreshTokens:  true,
    RefreshTokenTTL:      30 * 24 * time.Hour,
    AccessTokenTTL:       15 * time.Minute,
})

func WithSessionCookieEnabled ¶ added in v0.0.2

func WithSessionCookieEnabled(enabled bool) Option

WithSessionCookieEnabled enables or disables cookie-based session management globally When enabled, authentication responses will automatically set secure HTTP cookies.

func WithSessionCookieMaxAge ¶ added in v0.0.3

func WithSessionCookieMaxAge(seconds int) Option

WithSessionCookieMaxAge sets the cookie MaxAge in seconds This controls how long the browser keeps the cookie If not set, defaults to session TTL (24 hours)

Example:

authsome.WithSessionCookieMaxAge(3600)  // 1 hour
authsome.WithSessionCookieMaxAge(86400) // 24 hours

func WithSessionCookieName ¶ added in v0.0.2

func WithSessionCookieName(name string) Option

WithSessionCookieName sets the session cookie name Default: "authsome_session".

func WithSessionTTL ¶ added in v0.0.3

func WithSessionTTL(defaultTTL, rememberTTL time.Duration) Option

WithSessionTTL sets the default and "remember me" session TTL

Example:

WithSessionTTL(24*time.Hour, 7*24*time.Hour)

func WithSlidingWindowSessions ¶ added in v0.0.3

func WithSlidingWindowSessions(enabled bool, renewalThreshold ...time.Duration) Option

WithSlidingWindowSessions enables automatic session renewal on each request When enabled, sessions are extended whenever the user makes a request The renewalThreshold determines how often to actually update the database (default: 5 minutes) This prevents logging out active users while minimizing database writes

Example:

WithSlidingWindowSessions(true, 5*time.Minute)

func WithTrustedOrigins ¶

func WithTrustedOrigins(origins []string) Option

WithTrustedOrigins sets trusted origins for CORS Setting origins does NOT automatically enable CORS - use WithCORSEnabled(true).

func WithUserConfig ¶ added in v0.0.3

func WithUserConfig(config user.Config) Option

WithUserConfig sets the full user configuration This controls user service behavior including password requirements

Example:

WithUserConfig(user.Config{
    PasswordRequirements: validator.PasswordRequirements{
        MinLength:      12,
        RequireUpper:   true,
        RequireLower:   true,
        RequireNumber:  true,
        RequireSpecial: true,
    },
})

type Organization ¶

type Organization = organization.Organization

Organization represents an organization entity.

type OrganizationConfig ¶

type OrganizationConfig = organization.Config

OrganizationConfig holds organization service configuration.

type OrganizationService ¶

type OrganizationService = organization.OrganizationService

OrganizationService is the organization service interface.

type Permission ¶

type Permission = rbac.Permission

Permission represents a permission.

type Plugin ¶

type Plugin = plugins.Plugin

Plugin is the interface that all plugins must implement.

type PluginDependencies ¶

type PluginDependencies struct {
	Container      forge.Container
	Database       *bun.DB
	UserService    user.ServiceInterface
	SessionService session.ServiceInterface
	AuthService    auth.ServiceInterface
	AuditService   *audit.Service
	RBACService    *rbac.Service
	HookRegistry   *hooks.HookRegistry
}

PluginDependencies is a convenience struct for plugins to get all common dependencies.

func ResolvePluginDependencies ¶

func ResolvePluginDependencies(container forge.Container) (*PluginDependencies, error)

ResolvePluginDependencies resolves all common plugin dependencies from the container.

type PluginRegistry ¶

type PluginRegistry = plugins.PluginRegistry

PluginRegistry is the registry for managing plugins.

type Policy ¶

type Policy = rbac.Policy

Policy represents a policy.

type RBACService ¶

type RBACService = rbac.Service

RBACService is the RBAC service.

type RateLimitConfig ¶

type RateLimitConfig = rl.Config

RateLimitConfig holds rate limit service configuration.

type RateLimitService ¶

type RateLimitService = rl.Service

RateLimitService is the rate limit service.

type RateLimitStorage ¶

type RateLimitStorage = rl.Storage

RateLimitStorage is the interface for rate limit storage.

type Role ¶

type Role = rbac.Role

Role represents a role entity.

type RoleRegistry ¶

type RoleRegistry = rbac.RoleRegistry

RoleRegistry is the role registry for registering roles.

type SchemaAPIKey ¶

type SchemaAPIKey = schema.APIKey

SchemaAPIKey is the database model for API keys.

type SchemaApp ¶

type SchemaApp = schema.App

SchemaApp is the database model for apps.

type SchemaDevice ¶

type SchemaDevice = schema.Device

SchemaDevice is the database model for devices.

type SchemaInvitation ¶

type SchemaInvitation = schema.Invitation

SchemaInvitation is the database model for invitations.

type SchemaJWTKey ¶

type SchemaJWTKey = schema.JWTKey

SchemaJWTKey is the database model for JWT keys.

type SchemaMember ¶

type SchemaMember = schema.Member

SchemaMember is the database model for members.

type SchemaNotification ¶

type SchemaNotification = schema.Notification

SchemaNotification is the database model for notifications.

type SchemaRole ¶

type SchemaRole = schema.Role

SchemaRole is the database model for roles.

type SchemaSession ¶

type SchemaSession = schema.Session

SchemaSession is the database model for sessions.

type SchemaTeam ¶

type SchemaTeam = schema.Team

SchemaTeam is the database model for teams.

type SchemaTeamMember ¶

type SchemaTeamMember = schema.TeamMember

SchemaTeamMember is the database model for team members.

type SchemaUser ¶

type SchemaUser = schema.User

SchemaUser is the database model for users.

type SchemaUserRole ¶

type SchemaUserRole = schema.UserRole

SchemaUserRole is the database model for user roles.

type SchemaWebhook ¶

type SchemaWebhook = schema.Webhook

SchemaWebhook is the database model for webhooks.

type SecurityConfig ¶

type SecurityConfig = sec.Config

SecurityConfig holds security service configuration.

type SecurityService ¶

type SecurityService = sec.Service

SecurityService is the security service.

type ServiceRegistry ¶

type ServiceRegistry = registry.ServiceRegistry

ServiceRegistry manages all core services and allows plugins to replace them.

type Session ¶

type Session = session.Session

Session represents a session entity.

type SessionConfig ¶

type SessionConfig = session.Config

SessionConfig holds session service configuration.

type SessionService ¶

type SessionService = session.ServiceInterface

SessionService is the session service interface.

type SignInRequest ¶

type SignInRequest = auth.SignInRequest

SignInRequest is the request for signing in.

type SignUpRequest ¶

type SignUpRequest = auth.SignUpRequest

SignUpRequest is the request for signing up.

type Team ¶

type Team = app.Team

Team represents a team within an app.

type TeamMember ¶

type TeamMember = app.TeamMember

TeamMember represents a team member.

type TeamRepository ¶

type TeamRepository = app.TeamRepository

TeamRepository defines the team repository interface.

type UpdateAppRequest ¶

type UpdateAppRequest = app.UpdateAppRequest

UpdateAppRequest is the request for updating an app.

type UpdateMemberRequest ¶

type UpdateMemberRequest = app.UpdateMemberRequest

UpdateMemberRequest is the request for updating a member.

type UpdateTeamRequest ¶

type UpdateTeamRequest = app.UpdateTeamRequest

UpdateTeamRequest is the request for updating a team.

type UpdateUserRequest ¶

type UpdateUserRequest = user.UpdateUserRequest

UpdateUserRequest is the request for updating a user.

type User ¶

type User = user.User

User represents a user entity.

type UserConfig ¶

type UserConfig = user.Config

UserConfig holds user service configuration.

type UserService ¶

type UserService = user.ServiceInterface

UserService is the user service interface.

type Webhook ¶

type Webhook = webhook.Webhook

Webhook represents a webhook entity.

type WebhookConfig ¶

type WebhookConfig = webhook.Config

WebhookConfig holds webhook service configuration.

type WebhookDelivery ¶

type WebhookDelivery = webhook.Delivery

WebhookDelivery represents a webhook delivery.

type WebhookEvent ¶

type WebhookEvent = webhook.Event

WebhookEvent represents a webhook event.

type WebhookService ¶

type WebhookService = webhook.Service

WebhookService is the webhook service.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clients
go module
cmd
authsome-cli command
core
apikey
app
audit
audit/adapters
audit/exporters
auth
authflow
base
contexts
device
environment
forms
hooks
impersonation
jwt
middleware
notification
organization
pagination Package pagination provides comprehensive pagination support for the AuthSome framework.	Package pagination provides comprehensive pagination support for the AuthSome framework.
ratelimit
rbac
registry
responses
security
session
ui
ui/schema Package schema provides a dynamic UI schema system for building settings forms with validation, forgeui component rendering, and plugin extensibility.	Package schema provides a dynamic UI schema system for building settings forms with validation, forgeui component rendering, and plugin extensibility.
user
webhook
docs
examples
examples
apikey-demo command
apikey-rbac command
auth-context command
bearer-plugin command
comprehensive command
consent-demo command
cookie-sessions command
dashboard command Package main demonstrates how to integrate the dashboard plugin with AuthSome	Package main demonstrates how to integrate the dashboard plugin with AuthSome
deviceflow-cli command
extension-middleware-config command
forge-database-integration command
forge-extension command
geofence-demo command
jwt-plugin command
middleware-config command
notification-complete command
quick-start-fixed command
servemux-test command
test-integration command
test-multitenancy command
test-multitenancy-integration command
test-providers command
test-webhooks command
extension
flows
handlers
helpers
internal
clients/generator
clients/introspector
clients/manifest
crypto
dbschema
errs
interfaces
utils
validator
migrations
pkg
schema
schema/definition
schema/extractor
schema/generator
schema/generator/bun
schema/generator/diesel
schema/generator/gorm
schema/generator/prisma
schema/generator/sql
plugins
admin Package admin provides cross-cutting administrative operations for the AuthSome platform.	Package admin provides cross-cutting administrative operations for the AuthSome platform.
anonymous
apikey
bearer
cms Package cms provides a content management system plugin for AuthSome.	Package cms provides a content management system plugin for AuthSome.
cms/core Package core provides core types and utilities for the CMS plugin.	Package core provides core types and utilities for the CMS plugin.
cms/handlers Package handlers provides HTTP handlers for the CMS plugin.	Package handlers provides HTTP handlers for the CMS plugin.
cms/pages Package pages provides gomponent-based page templates for the CMS dashboard.	Package pages provides gomponent-based page templates for the CMS dashboard.
cms/query Package query provides a query language parser and builder for the CMS plugin.	Package query provides a query language parser and builder for the CMS plugin.
cms/repository Package repository implements the data access layer for the CMS plugin.	Package repository implements the data access layer for the CMS plugin.
cms/schema Package schema defines the database schema for the CMS plugin.	Package schema defines the database schema for the CMS plugin.
cms/service Package service implements the business logic layer for the CMS plugin.	Package service implements the business logic layer for the CMS plugin.
dashboard
dashboard/bridge
dashboard/components
dashboard/components/pages
dashboard/layouts
dashboard/pages
dashboard/services
emailotp
emailverification
enterprise/backupauth
enterprise/compliance
enterprise/consent
enterprise/geofence
enterprise/idverification
enterprise/mtls
enterprise/scim
enterprise/scim/pages
enterprise/scim/schema
enterprise/stepup Package stepup provides context-aware step-up authentication for AuthSome.	Package stepup provides context-aware step-up authentication for AuthSome.
impersonation
jwt
magiclink
mcp
mfa
multiapp
multiapp/config
multiapp/decorators
multiapp/handlers
multiapp/middleware
multisession
multisession/pages Package pages provides ForgeUI-based page templates for the multisession plugin dashboard.	Package pages provides ForgeUI-based page templates for the multisession plugin dashboard.
notification
notification/builder
notification/crypto
notification/pages
notification/providers
oidcprovider
oidcprovider/bridge
oidcprovider/consent
oidcprovider/deviceflow
oidcprovider/pages
organization
organization/pages Package pages provides ForgeUI-based page templates for the organization plugin dashboard.	Package pages provides ForgeUI-based page templates for the organization plugin dashboard.
passkey Package passkey provides WebAuthn/FIDO2 passkey authentication.	Package passkey provides WebAuthn/FIDO2 passkey authentication.
permissions
permissions/core
permissions/engine
permissions/engine/providers
permissions/handlers
permissions/language
permissions/migration
permissions/schema
permissions/storage
phone
secrets Package secrets provides the secrets management plugin for AuthSome.	Package secrets provides the secrets management plugin for AuthSome.
secrets/core Package core provides core types and utilities for the secrets plugin.	Package core provides core types and utilities for the secrets plugin.
secrets/pages
secrets/schema Package schema defines the database schema for the secrets plugin.	Package schema defines the database schema for the secrets plugin.
social
social/providers
sso
sso/oidc
sso/saml
subscription Package subscription provides a comprehensive SaaS subscription and billing plugin for AuthSome.	Package subscription provides a comprehensive SaaS subscription and billing plugin for AuthSome.
subscription/core Package core defines the core domain types for the subscription plugin.	Package core defines the core domain types for the subscription plugin.
subscription/errors Package errors defines domain errors for the subscription plugin.	Package errors defines domain errors for the subscription plugin.
subscription/handlers Package handlers provides HTTP handlers for the subscription plugin.	Package handlers provides HTTP handlers for the subscription plugin.
subscription/internal/hooks Package hooks provides subscription-specific hook types and registry.	Package hooks provides subscription-specific hook types and registry.
subscription/migrations Package migrations provides migration utilities for the subscription plugin.	Package migrations provides migration utilities for the subscription plugin.
subscription/providers Package providers defines the payment provider abstraction for the subscription plugin.	Package providers defines the payment provider abstraction for the subscription plugin.
subscription/providers/mock Package mock provides a mock payment provider for testing.	Package mock provides a mock payment provider for testing.
subscription/providers/paddle Package paddle provides a stub implementation of the PaymentProvider interface for Paddle.	Package paddle provides a stub implementation of the PaymentProvider interface for Paddle.
subscription/providers/paypal Package paypal provides a stub implementation of the PaymentProvider interface for PayPal.	Package paypal provides a stub implementation of the PaymentProvider interface for PayPal.
subscription/providers/stripe Package stripe provides Stripe payment provider implementation.	Package stripe provides Stripe payment provider implementation.
subscription/providers/types Package types defines shared types for payment providers.	Package types defines shared types for payment providers.
subscription/repository Package repository provides data access interfaces and implementations for the subscription plugin.	Package repository provides data access interfaces and implementations for the subscription plugin.
subscription/schema Package schema defines the database models for the subscription plugin.	Package schema defines the database models for the subscription plugin.
subscription/service Package service provides business logic services for the subscription plugin.	Package service provides business logic services for the subscription plugin.
subscription/ui Package ui provides Pine UI components for the subscription plugin dashboard	Package ui provides Pine UI components for the subscription plugin dashboard
twofa
username
providers
email
sms
repository
organization
routes
schema
storage
test-assign
testing Package testing provides comprehensive mocking utilities for testing applications that integrate with the AuthSome authentication framework.	Package testing provides comprehensive mocking utilities for testing applications that integrate with the AuthSome authentication framework.
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

AuthSome

🚀 Features

Core Authentication

Enterprise Features

Developer Experience

Deployment Modes

📦 Installation

Prerequisites

Install AuthSome

Install Dependencies

🏃‍♂️ Quick Start

Basic Setup

Environment Configuration

🔧 Usage

User Registration

User Login

Protected Routes

Plugin Usage

⚙️ Configuration

YAML Configuration

Environment Variables

📚 API Reference

Authentication Endpoints

Two-Factor Authentication

Organization Management (SaaS Mode)

Session Management

Audit & Security

Webhooks

API Keys

🤝 Contributing

Development Setup

Code Style

Submitting Changes

Pull Request Guidelines

Reporting Issues

📄 License

🆘 Support

Documentation

Community

Commercial Support

Security Issues

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

func InjectAPIKeyService ¶ added in v0.0.15

func InjectAppService ¶ added in v0.0.15

func InjectAuditService ¶ added in v0.0.15

func InjectAuthService ¶ added in v0.0.15

func InjectDatabase ¶ added in v0.0.15

func InjectDeviceService ¶ added in v0.0.15

func InjectHookRegistry ¶ added in v0.0.15

func InjectJWTService ¶ added in v0.0.15

func InjectNotificationService ¶ added in v0.0.15

func InjectPluginRegistry ¶ added in v0.0.15

func InjectRBACService ¶ added in v0.0.15

func InjectRateLimitService ¶ added in v0.0.15

func InjectSecurityService ¶ added in v0.0.15

func InjectSessionService ¶ added in v0.0.15

func InjectUserService ¶ added in v0.0.15

func InjectWebhookService ¶ added in v0.0.15

func ResolveAPIKeyService ¶

func ResolveAppService ¶

func ResolveAuditService ¶

func ResolveAuthService ¶

func ResolveDatabase ¶

func ResolveDatabaseManager ¶

func ResolveDeviceService ¶

func ResolveHookRegistry ¶

func ResolveJWTService ¶

func ResolveNotificationService ¶

func ResolvePluginRegistry ¶

func ResolveRBACService ¶

func ResolveRateLimitService ¶

func ResolveSecurityService ¶

func ResolveSessionService ¶

func ResolveUserService ¶

func ResolveWebhookService ¶