feat: initial shared auth module
Signed user-header middleware (UserMiddleware/FromContext/User, ADR-0005) plus the deployed-secrets startup guard (MissingDeployedSecrets, ADR-0005/0006). Replaces the byte-identical auth package + secrets_guard.go copied into every backend service.
This commit is contained in:
@@ -0,0 +1,12 @@
|
||||
# auth
|
||||
|
||||
Shared authentication primitives for Shiny backend services.
|
||||
|
||||
- `UserMiddleware(signingKey)` — verifies the HMAC-signed `user` header the
|
||||
gateway propagates (ADR-0005) and injects the `*User` into the request context.
|
||||
- `FromContext(ctx)` / `User.HasRole(...)` — read the authenticated user.
|
||||
- `MissingDeployedSecrets(env, secrets)` — startup guard that fails closed when
|
||||
required secrets are empty in `staging`/`production` (ADR-0005/0006).
|
||||
|
||||
Replaces the byte-identical `auth` package and `secrets_guard.go` previously
|
||||
copied into every service.
|
||||
Reference in New Issue
Block a user