auth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const PermissionClaim = "permissions"

PermissionClaim is the JWT claim used for permissions.

Variables

View Source 
var (
	// ErrInvalidToken indicates a malformed or invalid token.
	ErrInvalidToken = errors.New("invalid token")
	// ErrUnsupportedAlg indicates an unsupported signing algorithm.
	ErrUnsupportedAlg = errors.New("unsupported jwt alg")
	// ErrExpiredToken indicates an expired token.
	ErrExpiredToken = errors.New("token expired")
	// ErrNotBefore indicates a token that is not valid yet.
	ErrNotBefore = errors.New("token not valid yet")
	// ErrInvalidIssuer indicates an issuer mismatch.
	ErrInvalidIssuer = errors.New("token issuer invalid")
	// ErrInvalidAudience indicates an audience mismatch.
	ErrInvalidAudience = errors.New("token audience invalid")
)
View Source 
var (
	// ErrMissingRole indicates a missing required role.
	ErrMissingRole = errors.New("missing required role")
	// ErrMissingPermission indicates a missing required permission.
	ErrMissingPermission = errors.New("missing required permission")
)
View Source 
var ErrInvalidKey = errors.New("invalid signing key")

ErrInvalidKey indicates a missing signing key.

Functions

func HasAllPermissions 

func HasAllPermissions(principal *bebo.Principal, permissions ...string) bool

HasAllPermissions reports whether a principal has all of the provided permissions.

func HasAllRoles 

func HasAllRoles(principal *bebo.Principal, roles ...string) bool

HasAllRoles reports whether a principal has all of the provided roles.

func HasAnyPermission 

func HasAnyPermission(principal *bebo.Principal, permissions ...string) bool

HasAnyPermission reports whether a principal has any of the provided permissions.

func HasAnyRole 

func HasAnyRole(principal *bebo.Principal, roles ...string) bool

HasAnyRole reports whether a principal has any of the provided roles.

func HasPermission 

func HasPermission(principal *bebo.Principal, permission string) bool

HasPermission reports whether a principal has the given permission.

func HasRole 

func HasRole(principal *bebo.Principal, role string) bool

HasRole reports whether a principal has the given role.

func SignHS256 

func SignHS256(key JWTKey, claims map[string]any) (string, error)

SignHS256 creates an HS256-signed JWT for the provided claims.

Types

type JWTAuthenticator 

type JWTAuthenticator struct {
	Key       []byte
	Keys      [][]byte
	KeySet    *JWTKeySet
	Issuer    string
	Audience  string
	Header    string
	Scheme    string
	ClockSkew time.Duration
	Now       func() time.Time
}

JWTAuthenticator validates HS256 JWT tokens.

func (JWTAuthenticator) Authenticate 

func (a JWTAuthenticator) Authenticate(ctx *bebo.Context) (*bebo.Principal, error)

Authenticate validates a JWT bearer token from the request.

type JWTKey 

type JWTKey struct {
	ID     string
	Secret []byte
}

JWTKey represents a signing key with an optional key ID.

type JWTKeySet 

type JWTKeySet struct {
	Primary  JWTKey
	Fallback []JWTKey
}

JWTKeySet supports signing and verifying with rotating keys.

func (JWTKeySet) Keys 

func (s JWTKeySet) Keys() []JWTKey

Keys returns the full ordered key set.

func (JWTKeySet) Lookup 

func (s JWTKeySet) Lookup(id string) (JWTKey, bool)

Lookup finds a key by ID.

func (JWTKeySet) Sign 

func (s JWTKeySet) Sign(claims map[string]any) (string, error)

Sign creates an HS256-signed token using the primary key.

type PermissionAuthorizer 

type PermissionAuthorizer struct {
	Any []string
	All []string
}

PermissionAuthorizer requires permissions for authorization.

func RequireAnyPermission 

func RequireAnyPermission(permissions ...string) PermissionAuthorizer

RequireAnyPermission enforces at least one permission.

func RequirePermissions 

func RequirePermissions(permissions ...string) PermissionAuthorizer

RequirePermissions enforces all permissions.

func (PermissionAuthorizer) Authorize 

func (p PermissionAuthorizer) Authorize(_ *bebo.Context, principal *bebo.Principal) error

Authorize validates required permissions.

type RoleAuthorizer 

type RoleAuthorizer struct {
	Any []string
	All []string
}

RoleAuthorizer requires roles for authorization.

func RequireAnyRole 

func RequireAnyRole(roles ...string) RoleAuthorizer

RequireAnyRole enforces at least one role.

func RequireRoles 

func RequireRoles(roles ...string) RoleAuthorizer

RequireRoles enforces all roles.

func (RoleAuthorizer) Authorize 

func (r RoleAuthorizer) Authorize(_ *bebo.Context, principal *bebo.Principal) error

Authorize validates required roles.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.