till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 19:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/packages/shared-go/authutil/claims.go
Till JS 4f70e1ca6c refactor(shared-go): extract shared auth package from 3 Go services 
Create packages/shared-go/authutil/ with two JWT validator implementations:
- JWKSValidator: EdDSA JWKS validation with key caching (extracted from mana-sync)
- RemoteValidator: delegates to mana-core-auth /api/v1/auth/validate (from mana-notify/gateway)

Plus shared types (Claims, User), middleware factories (JWTMiddleware, ServiceKeyMiddleware),
context helpers (GetUser, GetUserID, GetUserRole), and token extraction.

Migrated services:
- mana-sync: internal/auth/jwt.go now wraps authutil.JWKSValidator
- mana-notify: internal/auth/auth.go now wraps authutil.RemoteValidator + ServiceKeyMiddleware
- mana-api-gateway: internal/middleware/jwt.go now wraps authutil.RemoteValidator

All 3 services compile and pass tests. Service-level packages re-export types
for backward compatibility so no consumer code changes are needed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 13:27:44 +02:00

50 lines
1.4 KiB
Go
Raw Blame History

// Package authutil provides shared JWT authentication utilities for ManaCore Go services.
//
// Two validator implementations are available:
// - JWKSValidator: validates EdDSA JWTs locally using cached JWKS keys (recommended for high-throughput)
// - RemoteValidator: validates JWTs by calling mana-core-auth's /api/v1/auth/validate endpoint
//
// Both validators produce the same Claims/User types and work with the same middleware helpers.
package authutil
import (
"net/http"
"strings"
"github.com/golang-jwt/jwt/v5"
)
// Claims represents the JWT payload from mana-core-auth (EdDSA tokens).
type Claims struct {
jwt.RegisteredClaims
Email string `json:"email"`
Role string `json:"role"`
SID string `json:"sid"`
}
// User represents an authenticated user extracted from a JWT.
type User struct {
UserID string `json:"userId"`
Email string `json:"email"`
Role string `json:"role"`
SessionID string `json:"sessionId"`
}
// UserFromClaims converts JWT claims to a User struct.
func UserFromClaims(c *Claims) *User {
return &User{
UserID: c.Subject,
Email: c.Email,
Role: c.Role,
SessionID: c.SID,
}
}
// ExtractToken extracts the Bearer token from an HTTP request's Authorization header.
func ExtractToken(r *http.Request) string {
auth := r.Header.Get("Authorization")
if strings.HasPrefix(auth, "Bearer ") {
return auth[7:]
}
return ""
}
Reference in a new issue View git blame Copy permalink