shiny/auth

Fork 0

T

argoyle 81ac3e6ea5

auth / test (push) Has been skipped

Details

auth / vulnerabilities (push) Has been skipped

Details

feat: initial shared auth module

Signed user-header middleware (UserMiddleware/FromContext/User, ADR-0005) plus
the deployed-secrets startup guard (MissingDeployedSecrets, ADR-0005/0006).
Replaces the byte-identical auth package + secrets_guard.go copied into every
backend service.

2026-06-15 11:43:11 +02:00

.gitea/workflows

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

.gitignore

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

go.mod

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

go.sum

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

middleware_test.go

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

middleware.go

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

README.md

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

secrets_test.go

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

secrets.go

feat: initial shared auth module

2026-06-15 11:43:11 +02:00

README.md

auth

Shared authentication primitives for Shiny backend services.

UserMiddleware(signingKey) — verifies the HMAC-signed user header the gateway propagates (ADR-0005) and injects the *User into the request context.
FromContext(ctx) / User.HasRole(...) — read the authenticated user.
MissingDeployedSecrets(env, secrets) — startup guard that fails closed when required secrets are empty in staging/production (ADR-0005/0006).

Replaces the byte-identical auth package and secrets_guard.go previously copied into every service.