feat: initial shared auth module
Signed user-header middleware (UserMiddleware/FromContext/User, ADR-0005) plus the deployed-secrets startup guard (MissingDeployedSecrets, ADR-0005/0006). Replaces the byte-identical auth package + secrets_guard.go copied into every backend service.
This commit is contained in:
+26
@@ -0,0 +1,26 @@
|
||||
package auth
|
||||
|
||||
import "sort"
|
||||
|
||||
// MissingDeployedSecrets returns the names of secrets that must be non-empty in
|
||||
// deployed environments (staging/production) but are currently unset. It returns
|
||||
// nil for non-deployed environments (development, acctest) and when every
|
||||
// required secret is present, so callers can treat a non-empty result as fatal.
|
||||
//
|
||||
// This closes the fail-open gap where an empty USER_SIGNING_KEY turns the
|
||||
// user-header signature check into a no-op (forgeable identity) and an empty
|
||||
// INTERNAL_API_KEY leaves the authz cache-hydration endpoint unauthenticated.
|
||||
// See ADR-0005 and ADR-0006.
|
||||
func MissingDeployedSecrets(environment string, secrets map[string]string) []string {
|
||||
if environment != "staging" && environment != "production" {
|
||||
return nil
|
||||
}
|
||||
var missing []string
|
||||
for name, value := range secrets {
|
||||
if value == "" {
|
||||
missing = append(missing, name)
|
||||
}
|
||||
}
|
||||
sort.Strings(missing)
|
||||
return missing
|
||||
}
|
||||
Reference in New Issue
Block a user