Documentation
¶
Index ¶
- Constants
- func CORS(next http.Handler) http.Handler
- func ClearSessionCookie(w http.ResponseWriter)
- func GetAllowedOrigins() []string
- func HasScope(scopes []string, required string) bool
- func IsOriginAllowed(origin string) bool
- func MaxBodySize(maxBytes int64) func(http.Handler) http.Handler
- func OrgIDFromContext(ctx context.Context) string
- func RequireScope(scope string) func(http.Handler) http.Handler
- func ScopesFromContext(ctx context.Context) []string
- func SetSessionCookie(w http.ResponseWriter, token string)
- func UserIDFromContext(ctx context.Context) string
- func UserRoleFromContext(ctx context.Context) string
- type APIKeyMiddleware
- type SessionAuth
- func (s *SessionAuth) ClearPasskeySetup(token string)
- func (s *SessionAuth) CreateSessionForUser(userID, role string, needsPasskey bool, orgID string) (string, error)
- func (s *SessionAuth) DestroySession(token string)
- func (s *SessionAuth) IsPasskeySetup(token string) bool
- func (s *SessionAuth) RequireSession(next http.Handler) http.Handler
- func (s *SessionAuth) ValidateSession(token string) bool
Constants ¶
const ( ContextKeyUserID contextKey = "user_id" ContextKeyUserRole contextKey = "user_role" ContextKeyOrgID contextKey = "org_id" ContextKeyAPIKey contextKey = "api_key" ContextKeyScopes contextKey = "api_key_scopes" )
const (
SessionCookieName = "overwatch_session"
)
Variables ¶
This section is empty.
Functions ¶
func ClearSessionCookie ¶ added in v0.0.5
func ClearSessionCookie(w http.ResponseWriter)
ClearSessionCookie clears the session cookie
func GetAllowedOrigins ¶ added in v0.0.5
func GetAllowedOrigins() []string
GetAllowedOrigins returns the list of allowed origins from environment
func HasScope ¶ added in v0.0.18
HasScope checks whether the given scope (or "admin") is present in the list.
func IsOriginAllowed ¶ added in v0.0.5
IsOriginAllowed checks if an origin is in the allowed list. Returns false when ALLOWED_ORIGINS is not configured (deny by default).
func MaxBodySize ¶ added in v0.0.18
MaxBodySize limits the request body to the given number of bytes.
func OrgIDFromContext ¶ added in v0.0.18
OrgIDFromContext extracts the organization ID from the request context.
func RequireScope ¶ added in v0.0.18
RequireScope returns middleware that ensures the authenticated API key possesses the given scope (or the "admin" scope, which implies all scopes).
func ScopesFromContext ¶ added in v0.0.18
ScopesFromContext extracts the API key scopes from the request context.
func SetSessionCookie ¶ added in v0.0.5
func SetSessionCookie(w http.ResponseWriter, token string)
SetSessionCookie sets the session cookie on the response
func UserIDFromContext ¶ added in v0.0.18
UserIDFromContext extracts the authenticated user ID from the request context.
func UserRoleFromContext ¶ added in v0.0.18
UserRoleFromContext extracts the authenticated user role from the request context.
Types ¶
type APIKeyMiddleware ¶ added in v0.0.18
type APIKeyMiddleware struct {
// contains filtered or unexported fields
}
APIKeyMiddleware handles API key authentication and scope enforcement.
func NewAPIKeyMiddleware ¶ added in v0.0.18
func NewAPIKeyMiddleware(db *sql.DB) *APIKeyMiddleware
NewAPIKeyMiddleware creates a new APIKeyMiddleware with the given database connection.
func (*APIKeyMiddleware) Authenticate ¶ added in v0.0.18
func (m *APIKeyMiddleware) Authenticate(next http.Handler) http.Handler
Authenticate is HTTP middleware that validates API keys from the X-API-Key header or from Bearer tokens. Keys must carry the c4_live_ or c4_test_ prefix.
type SessionAuth ¶ added in v0.0.5
type SessionAuth struct {
// contains filtered or unexported fields
}
SessionAuth handles session-based authentication for the web UI. Sessions are persisted in SQLite so they survive server restarts.
func NewSessionAuth ¶ added in v0.0.5
func NewSessionAuth(db *sql.DB) *SessionAuth
NewSessionAuth creates a new session auth handler backed by the given database.
func (*SessionAuth) ClearPasskeySetup ¶ added in v0.0.18
func (s *SessionAuth) ClearPasskeySetup(token string)
ClearPasskeySetup removes the needsPasskeySetup flag from an existing session.
func (*SessionAuth) CreateSessionForUser ¶ added in v0.0.18
func (s *SessionAuth) CreateSessionForUser(userID, role string, needsPasskey bool, orgID string) (string, error)
CreateSessionForUser creates a new session with user identity and returns the session token. Set needsPasskey to true for users that still need to register a passkey (bootstrap admin, invite flow). orgID is stored in the session for use by admin handlers to scope operations.
func (*SessionAuth) DestroySession ¶ added in v0.0.5
func (s *SessionAuth) DestroySession(token string)
DestroySession removes a session.
func (*SessionAuth) IsPasskeySetup ¶ added in v0.0.18
func (s *SessionAuth) IsPasskeySetup(token string) bool
IsPasskeySetup returns true if the session has the needsPasskeySetup flag set.
func (*SessionAuth) RequireSession ¶ added in v0.0.5
func (s *SessionAuth) RequireSession(next http.Handler) http.Handler
RequireSession is middleware that checks for a valid session cookie and injects user identity into the request context. If the session has needsPasskeySetup=true, non-passkey paths redirect to /setup-passkey.
func (*SessionAuth) ValidateSession ¶ added in v0.0.5
func (s *SessionAuth) ValidateSession(token string) bool
ValidateSession checks if the session token is valid and not expired.
Source Files