pptx704
c92cc29b88
Implement email/password auth with JWT sessions and API key auth for sandbox lifecycle. Users get a default team on signup; sandboxes, snapshots, and API keys are scoped to teams. - Add user, team, users_teams, and team_api_keys tables (goose migrations) - Add JWT middleware (Bearer token) for user management endpoints - Add API key middleware (X-API-Key header, SHA-256 hashed) for sandbox ops - Add signup/login handlers with transactional user+team creation - Add API key CRUD endpoints (create/list/delete) - Replace owner_id with team_id on sandboxes and templates - Update all handlers to use team-scoped queries - Add godotenv for .env file loading - Update OpenAPI spec and test UI with auth flows
36 lines
1000 B
Go
36 lines
1000 B
Go
package auth
|
|
|
|
import "context"
|
|
|
|
type contextKey int
|
|
|
|
const authCtxKey contextKey = 0
|
|
|
|
// AuthContext is stamped into request context by auth middleware.
|
|
type AuthContext struct {
|
|
TeamID string
|
|
UserID string // empty when authenticated via API key
|
|
Email string // empty when authenticated via API key
|
|
}
|
|
|
|
// WithAuthContext returns a new context with the given AuthContext.
|
|
func WithAuthContext(ctx context.Context, a AuthContext) context.Context {
|
|
return context.WithValue(ctx, authCtxKey, a)
|
|
}
|
|
|
|
// FromContext retrieves the AuthContext. Returns zero value and false if absent.
|
|
func FromContext(ctx context.Context) (AuthContext, bool) {
|
|
a, ok := ctx.Value(authCtxKey).(AuthContext)
|
|
return a, ok
|
|
}
|
|
|
|
// MustFromContext retrieves the AuthContext. Panics if absent — only call
|
|
// inside handlers behind auth middleware.
|
|
func MustFromContext(ctx context.Context) AuthContext {
|
|
a, ok := FromContext(ctx)
|
|
if !ok {
|
|
panic("auth: MustFromContext called on unauthenticated request")
|
|
}
|
|
return a
|
|
}
|