authsome

package module

v0.0.14 Latest Latest Go to latest Published: Jan 4, 2026 License: Apache-2.0 Imports: 38 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/xraph/authsome

Links

Open Source Insights

README ¶

AuthSome

Authsome™ is an authentication and authorization backend maintained by XRAPH™.

Authors: Rex Raphael Last Updated: 2025-11-01

A comprehensive, pluggable authentication framework for Go, inspired by better-auth. Enterprise-grade authentication with multi-tenancy support, designed to integrate seamlessly with the Forge framework.

🚀 Features

Core Authentication

Email/Password Authentication - Secure user registration and login
Session Management - Cookie-based sessions with Redis caching support
Multi-Factor Authentication - TOTP, SMS, and email-based 2FA
Social Authentication - OAuth integration with major providers
Passwordless Authentication - Magic links and WebAuthn/Passkeys

Enterprise Features

Multi-Tenancy - Organization-scoped authentication and configuration
Role-Based Access Control (RBAC) - Fine-grained permissions and policies
Audit Logging - Comprehensive security event tracking
Rate Limiting - Configurable request throttling and abuse prevention
Device Management - Track and manage user devices and sessions
Security Monitoring - IP filtering, geolocation, and anomaly detection

Developer Experience

Plugin Architecture - Extensible authentication methods
Clean Architecture - Service-oriented design with repository pattern
Type Safety - Full Go type safety with comprehensive error handling
Database Agnostic - PostgreSQL, MySQL, and SQLite support
Configuration Management - Flexible YAML/JSON configuration with environment overrides
Comprehensive Testing - Unit and integration test coverage

Deployment Modes

Standalone Mode - Single-tenant applications
SaaS Mode - Multi-tenant platforms with organization isolation

📦 Installation

Prerequisites

Go 1.25 or later
Supported database (PostgreSQL, MySQL, or SQLite)
Redis (optional, for distributed session storage)

Install AuthSome

go get github.com/xraph/authsome

Install Dependencies

# Core dependencies
go get github.com/xraph/forge
go get github.com/uptrace/bun

# Database drivers (choose one)
go get github.com/lib/pq                    # PostgreSQL
go get github.com/go-sql-driver/mysql       # MySQL
go get github.com/mattn/go-sqlite3          # SQLite

# Optional: Redis for session storage
go get github.com/redis/go-redis/v9

🏃‍♂️ Quick Start

Basic Setup

package main

import (
    "context"
    "log"
    "os"

    "github.com/xraph/authsome"
    "github.com/xraph/forge"
    "github.com/uptrace/bun"
    "github.com/uptrace/bun/dialect/pgdialect"
    "github.com/uptrace/bun/driver/pgdriver"
)

func main() {
    // Create Forge app
    app := forge.New()

    // Setup database
    db := bun.NewDB(pgdriver.NewConnector(
        pgdriver.WithDSN(os.Getenv("DATABASE_URL")),
    ), pgdialect.New())

    // Initialize AuthSome
    auth := authsome.New(
        authsome.WithDatabase(db),
        authsome.WithForgeConfig(app.Config()),
        authsome.WithMode(authsome.ModeStandalone),
    )

    // Initialize services
    if err := auth.Initialize(context.Background()); err != nil {
        log.Fatal("Failed to initialize AuthSome:", err)
    }

    // Mount AuthSome routes
    if err := auth.Mount(app, "/auth"); err != nil {
        log.Fatal("Failed to mount AuthSome:", err)
    }

    // Start server
    log.Println("Server starting on :8080")
    log.Fatal(app.Listen(":8080"))
}

Environment Configuration

Create a .env file:

# Database
DATABASE_URL=postgres://user:password@localhost/myapp?sslmode=disable

# Session
SESSION_SECRET=your-super-secret-session-key

# Email (optional)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
[email protected]
SMTP_PASSWORD=your-app-password

# Redis (optional)
REDIS_URL=redis://localhost:6379

🔧 Usage

User Registration

curl -X POST http://localhost:8080/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123"
  }'

curl -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123"
  }'

Protected Routes

// Middleware for protected routes
func requireAuth(auth *authsome.Auth) forge.MiddlewareFunc {
    return func(c *forge.Context) error {
        session := auth.GetSession(c)
        if session == nil {
            return c.JSON(401, map[string]string{
                "error": "Authentication required",
            })
        }
        return c.Next()
    }
}

// Protected route example
app.GET("/api/profile", requireAuth(auth), func(c *forge.Context) error {
    user := auth.GetUser(c)
    return c.JSON(200, user)
})

Plugin Usage

import (
    "github.com/xraph/authsome/plugins/twofa"
    "github.com/xraph/authsome/plugins/username"
    "github.com/xraph/authsome/plugins/magiclink"
)

// Initialize with plugins
auth := authsome.New(
    authsome.WithDatabase(db),
    authsome.WithForgeConfig(app.Config()),
    authsome.WithPlugins(
        twofa.NewPlugin(),
        username.NewPlugin(),
        magiclink.NewPlugin(),
    ),
)

⚙️ Configuration

YAML Configuration

# config.yaml
auth:
  mode: "standalone"  # or "saas"
  basePath: "/auth"
  secret: "your-session-secret"
  rbacEnforce: false

  # Session configuration
  session:
    maxAge: 86400      # 24 hours
    secure: true
    httpOnly: true
    sameSite: "strict"

  # Rate limiting
  rateLimit:
    enabled: true
    requests: 100
    window: "1m"
    storage: "memory"  # or "redis"

  # Email configuration
  email:
    provider: "smtp"
    smtp:
      host: "smtp.gmail.com"
      port: 587
      username: "[email protected]"
      password: "your-app-password"

  # Security settings
  security:
    enabled: true
    ipWhitelist: []
    ipBlacklist: []
    allowedCountries: ["US", "CA", "GB"]
    blockedCountries: ["CN", "RU"]

  # Plugin configurations
  plugins:
    twofa:
      enabled: true
      issuer: "MyApp"
      digits: 6
      period: 30

    username:
      enabled: true
      minLength: 3
      maxLength: 30
      allowSpecialChars: false

    magiclink:
      enabled: true
      tokenExpiry: "15m"
      maxAttempts: 3

Environment Variables

# Core settings
AUTHSOME_MODE=standalone
AUTHSOME_SECRET=your-session-secret
AUTHSOME_BASE_PATH=/auth

# Database
DATABASE_URL=postgres://user:pass@localhost/db

# Session
SESSION_MAX_AGE=86400
SESSION_SECURE=true

# Rate limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=1m

# Email
EMAIL_PROVIDER=smtp
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
[email protected]
SMTP_PASSWORD=your-app-password

# Redis (optional)
REDIS_URL=redis://localhost:6379

# Security
SECURITY_ENABLED=true
ALLOWED_COUNTRIES=US,CA,GB
BLOCKED_COUNTRIES=CN,RU

📚 API Reference

Authentication Endpoints

Method	Endpoint	Description
`POST`	`/auth/register`	Register a new user
`POST`	`/auth/login`	Authenticate user
`POST`	`/auth/logout`	End user session
`POST`	`/auth/refresh`	Refresh session
`GET`	`/auth/me`	Get current user
`PUT`	`/auth/me`	Update user profile
`POST`	`/auth/change-password`	Change user password
`POST`	`/auth/forgot-password`	Request password reset
`POST`	`/auth/reset-password`	Reset password with token

Two-Factor Authentication

Method	Endpoint	Description
`POST`	`/auth/2fa/setup`	Setup 2FA for user
`POST`	`/auth/2fa/verify`	Verify 2FA token
`POST`	`/auth/2fa/disable`	Disable 2FA
`GET`	`/auth/2fa/backup-codes`	Get backup codes

Organization Management (SaaS Mode)

Method	Endpoint	Description
`GET`	`/api/orgs`	List user organizations
`POST`	`/api/orgs`	Create organization
`GET`	`/api/orgs/{id}`	Get organization details
`PUT`	`/api/orgs/{id}`	Update organization
`DELETE`	`/api/orgs/{id}`	Delete organization
`GET`	`/api/orgs/{id}/members`	List organization members
`POST`	`/api/orgs/{id}/invite`	Invite user to organization
`DELETE`	`/api/orgs/{id}/members/{userId}`	Remove member

Session Management

Method	Endpoint	Description
`GET`	`/auth/sessions`	List user sessions
`DELETE`	`/auth/sessions/{id}`	Revoke specific session
`DELETE`	`/auth/sessions/all`	Revoke all sessions

Audit & Security

Method	Endpoint	Description
`GET`	`/auth/audit`	Get audit logs
`GET`	`/auth/devices`	List user devices
`DELETE`	`/auth/devices/{id}`	Remove device

Webhooks

Method	Endpoint	Description
`GET`	`/auth/webhooks`	List webhooks
`POST`	`/auth/webhooks`	Create webhook
`PUT`	`/auth/webhooks/{id}`	Update webhook
`DELETE`	`/auth/webhooks/{id}`	Delete webhook

API Keys

Method	Endpoint	Description
`GET`	`/auth/api-keys`	List API keys
`POST`	`/auth/api-keys`	Create API key
`DELETE`	`/auth/api-keys/{id}`	Revoke API key

🤝 Contributing

We welcome contributions to AuthSome! Please follow these guidelines:

Development Setup

Fork and clone the repository

git clone https://github.com/your-username/authsome.git
cd authsome

Install dependencies
```
go mod download
```

Set up development database

# Using Docker
docker run --name authsome-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:15

# Create test database
createdb -h localhost -U postgres authsome_test

Run tests
```
go test ./...
```
Run integration tests
```
make test-integration
```

Code Style

Follow standard Go conventions and use gofmt
Write comprehensive tests for new features
Add function-level comments for exported functions
Use meaningful variable and function names
Follow the existing architecture patterns

Submitting Changes

Create a feature branch

git checkout -b feature/your-feature-name

Make your changes
- Write tests for new functionality
- Update documentation as needed
- Ensure all tests pass

Commit your changes

git commit -m "feat: add your feature description"

Push and create a pull request

git push origin feature/your-feature-name

Pull Request Guidelines

Provide a clear description of the changes
Include tests for new functionality
Update documentation if needed
Ensure CI passes
Link to any relevant issues

Reporting Issues

When reporting issues, please include:

Go version
AuthSome version
Database type and version
Minimal reproduction case
Error messages and stack traces

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License

Copyright (c) 2024 AuthSome Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

🆘 Support

Documentation

Official Documentation: https://authsome.dev
API Reference: https://authsome.dev/api
Examples: https://github.com/xraph/authsome/tree/main/examples

Community

GitHub Discussions: https://github.com/xraph/authsome/discussions
Discord Server: https://discord.gg/authsome
Stack Overflow: Tag your questions with authsome-go

Commercial Support

For enterprise support, consulting, and custom development:

Email: [email protected]
Enterprise: [email protected]
Website: https://authsome.dev/enterprise

Security Issues

For security-related issues, please email: [email protected]

Do not report security issues through public GitHub issues.

Website • Documentation • Examples • Contributing

Made with ❤️ by the AuthSome team

Documentation ¶

Index ¶

Constants
Variables
func ResolveAPIKeyService(container forge.Container) (*apikey.Service, error)
func ResolveAppService(container forge.Container) (*app.ServiceImpl, error)
func ResolveAuditService(container forge.Container) (*audit.Service, error)
func ResolveAuthService(container forge.Container) (auth.ServiceInterface, error)
func ResolveDatabase(container forge.Container) (*bun.DB, error)
func ResolveDatabaseManager(container forge.Container) (*forgedb.DatabaseManager, error)
func ResolveDeviceService(container forge.Container) (*device.Service, error)
func ResolveHookRegistry(container forge.Container) (*hooks.HookRegistry, error)
func ResolveJWTService(container forge.Container) (*jwt.Service, error)
func ResolveNotificationService(container forge.Container) (*notification.Service, error)
func ResolvePluginRegistry(container forge.Container) (*plugins.Registry, error)
func ResolveRBACService(container forge.Container) (*rbac.Service, error)
func ResolveRateLimitService(container forge.Container) (*ratelimit.Service, error)
func ResolveSecurityService(container forge.Container) (*security.Service, error)
func ResolveSessionService(container forge.Container) (session.ServiceInterface, error)
func ResolveUserService(container forge.Container) (user.ServiceInterface, error)
func ResolveWebhookService(container forge.Container) (*webhook.Service, error)
type APIKey
type APIKeyConfig
type APIKeyService
type AfterMemberAddHook
type AfterOrganizationCreateHook
type AfterSessionCreateHook
type AfterSignInHook
type AfterSignOutHook
type AfterSignUpHook
type App
type AppConfig
type AppRepository
type AppService
type AuditService
type Auth
- func New(opts ...Option) *Auth
- func (a *Auth) AuthMiddleware() forge.Middleware
- func (a *Auth) Authenticate() forge.Middleware
- func (a *Auth) GetBasePath() string
- func (a *Auth) GetConfig() Config
- func (a *Auth) GetDB() *bun.DB
- func (a *Auth) GetDefaultApp(ctx context.Context) (*app.App, error)
- func (a *Auth) GetDefaultEnvironment(ctx context.Context, appID xid.ID) (*env.Environment, error)
- func (a *Auth) GetForgeApp() forge.App
- func (a *Auth) GetGlobalGroupRoutesOptions() []forge.GroupOption
- func (a *Auth) GetGlobalRoutesOptions() []forge.RouteOption
- func (a *Auth) GetHookRegistry() *hooks.HookRegistry
- func (a *Auth) GetPluginRegistry() plugins.PluginRegistry
- func (a *Auth) GetServiceRegistry() *registry.ServiceRegistry
- func (a *Auth) Hooks() *hooks.HookRegistry
- func (a *Auth) Initialize(ctx context.Context) error
- func (a *Auth) IsPluginEnabled(pluginID string) bool
- func (a *Auth) Logger() forge.Logger
- func (a *Auth) Mount(router forge.Router, basePath string) error
- func (a *Auth) RegisterAuthStrategy(strategy middleware.AuthStrategy) error
- func (a *Auth) RegisterPlugin(plugin plugins.Plugin) error
- func (a *Auth) Repository() repo.Repository
- func (a *Auth) RequireAPIKey() forge.Middleware
- func (a *Auth) RequireAdmin() forge.Middleware
- func (a *Auth) RequireAllPermissions(permissions ...string) forge.Middleware
- func (a *Auth) RequireAllScopes(scopes ...string) forge.Middleware
- func (a *Auth) RequireAnyPermission(permissions ...string) forge.Middleware
- func (a *Auth) RequireAnyScope(scopes ...string) forge.Middleware
- func (a *Auth) RequireAuth() forge.Middleware
- func (a *Auth) RequireCanAccess(action, resource string) forge.Middleware
- func (a *Auth) RequirePublishableKey() forge.Middleware
- func (a *Auth) RequireRBACPermission(action, resource string) forge.Middleware
- func (a *Auth) RequireScope(scope string) forge.Middleware
- func (a *Auth) RequireSecretKey() forge.Middleware
- func (a *Auth) RequireUser() forge.Middleware
- func (a *Auth) ServiceRegistry() *registry.ServiceRegistry
type AuthConfig
type AuthContext
type AuthMethod
type AuthMiddleware
type AuthMiddlewareConfig
type AuthResponse
type AuthService
type Config
type ContextConfig
type ContextResolution
type ContextSource
type CreateAPIKeyRequest
type CreateAppRequest
type CreateJWTKeyRequest
type CreateSessionRequest
type CreateTeamRequest
type CreateUserRequest
type CreateWebhookRequest
type Device
type DeviceService
type Environment
type EnvironmentRepository
type GenerateTokenRequest
type GeoIPProvider
type HookRegistry
type Invitation
type InvitationRepository
type InvitationStatus
type InviteMemberRequest
type JWTConfig
type JWTKey
type JWTService
type Member
type MemberRepository
type MemberRole
type MemberStatus
type Notification
type NotificationConfig
type NotificationService
type NotificationTemplate
type Option
- func WithAuthMiddlewareConfig(config middleware.AuthMiddlewareConfig) Option
- func WithBasePath(path string) Option
- func WithCORSEnabled(enabled bool) Option
- func WithDatabase(db interface{}) Option
- func WithDatabaseFromForge() Option
- func WithDatabaseManager(manager *forgedb.DatabaseManager, dbName ...string) Option
- func WithDatabaseSchema(schema string) Option
- func WithForgeApp(app forge.App) Option
- func WithGeoIPProvider(provider sec.GeoIPProvider) Option
- func WithGlobalCookieConfig(config session.CookieConfig) Option
- func WithGlobalGroupRoutesOptions(opts ...forge.GroupOption) Option
- func WithGlobalRoutesOptions(opts ...forge.RouteOption) Option
- func WithMinPasswordLength(length int) Option
- func WithPasswordPolicy(policy string) Option
- func WithPasswordRequirements(reqs validator.PasswordRequirements) Option
- func WithRBACEnforcement(enabled bool) Option
- func WithRateLimitConfig(cfg rl.Config) Option
- func WithRateLimitStorage(storage rl.Storage) Option
- func WithRefreshTokens(enabled bool, accessTTL, refreshTTL time.Duration) Option
- func WithRequireEmailVerification(require bool) Option
- func WithSecret(secret string) Option
- func WithSecurityConfig(cfg sec.Config) Option
- func WithSessionConfig(config session.Config) Option
- func WithSessionCookieEnabled(enabled bool) Option
- func WithSessionCookieMaxAge(seconds int) Option
- func WithSessionCookieName(name string) Option
- func WithSessionTTL(defaultTTL, rememberTTL time.Duration) Option
- func WithSlidingWindowSessions(enabled bool, renewalThreshold ...time.Duration) Option
- func WithTrustedOrigins(origins []string) Option
- func WithUserConfig(config user.Config) Option
type Organization
type OrganizationConfig
type OrganizationService
type Permission
type Plugin
type PluginDependencies
- func ResolvePluginDependencies(container forge.Container) (*PluginDependencies, error)
type PluginRegistry
type Policy
type RBACService
type RateLimitConfig
type RateLimitService
type RateLimitStorage
type Role
type RoleRegistry
type SchemaAPIKey
type SchemaApp
type SchemaDevice
type SchemaInvitation
type SchemaJWTKey
type SchemaMember
type SchemaNotification
type SchemaRole
type SchemaSession
type SchemaTeam
type SchemaTeamMember
type SchemaUser
type SchemaUserRole
type SchemaWebhook
type SecurityConfig
type SecurityService
type ServiceRegistry
type Session
type SessionConfig
type SessionService
type SignInRequest
type SignUpRequest
type Team
type TeamMember
type TeamRepository
type UpdateAppRequest
type UpdateMemberRequest
type UpdateTeamRequest
type UpdateUserRequest
type User
type UserConfig
type UserService
type Webhook
type WebhookConfig
type WebhookDelivery
type WebhookEvent
type WebhookService

Constants ¶

View Source

const (
	ServiceDatabase       = "authsome.database"
	ServiceUser           = "authsome.user"
	ServiceSession        = "authsome.session"
	ServiceAuth           = "authsome.auth"
	ServiceApp            = "authsome.app"
	ServiceOrganization   = "authsome.organization"
	ServiceRateLimit      = "authsome.ratelimit"
	ServiceDevice         = "authsome.device"
	ServiceSecurity       = "authsome.security"
	ServiceAudit          = "authsome.audit"
	ServiceRBAC           = "authsome.rbac"
	ServiceWebhook        = "authsome.webhook"
	ServiceNotification   = "authsome.notification"
	ServiceJWT            = "authsome.jwt"
	ServiceAPIKey         = "authsome.apikey"
	ServiceHookRegistry   = "authsome.hooks"
	ServicePluginRegistry = "authsome.plugins"
)

ServiceImpl name constants for DI container

View Source

const (
	// AuthMethodNone indicates no authentication
	AuthMethodNone = contexts.AuthMethodNone

	// AuthMethodSession indicates session-based authentication
	AuthMethodSession = contexts.AuthMethodSession

	// AuthMethodAPIKey indicates API key authentication
	AuthMethodAPIKey = contexts.AuthMethodAPIKey

	// AuthMethodBoth indicates both session and API key authentication
	AuthMethodBoth = contexts.AuthMethodBoth
)

AuthMethod constants

View Source

const (
	// Member Roles
	MemberRoleOwner  = app.MemberRoleOwner
	MemberRoleAdmin  = app.MemberRoleAdmin
	MemberRoleMember = app.MemberRoleMember

	// Member Statuses
	MemberStatusActive    = app.MemberStatusActive
	MemberStatusSuspended = app.MemberStatusSuspended
	MemberStatusPending   = app.MemberStatusPending

	// Invitation Statuses
	InvitationStatusPending   = app.InvitationStatusPending
	InvitationStatusAccepted  = app.InvitationStatusAccepted
	InvitationStatusExpired   = app.InvitationStatusExpired
	InvitationStatusCancelled = app.InvitationStatusCancelled
	InvitationStatusDeclined  = app.InvitationStatusDeclined

	// Backward compatibility aliases
	RoleOwner       = app.MemberRoleOwner
	RoleAdmin       = app.MemberRoleAdmin
	RoleMember      = app.MemberRoleMember
	StatusActive    = app.MemberStatusActive
	StatusSuspended = app.MemberStatusSuspended
	StatusPending   = app.MemberStatusPending
)

Enum constants exported for convenience

View Source

const (
	// ContextSourceNone indicates no context source
	ContextSourceNone = middleware.ContextSourceNone

	// ContextSourceExisting indicates context already exists in request
	ContextSourceExisting = middleware.ContextSourceExisting

	// ContextSourceHeader indicates context from HTTP header
	ContextSourceHeader = middleware.ContextSourceHeader

	// ContextSourceAPIKey indicates context from verified API key
	ContextSourceAPIKey = middleware.ContextSourceAPIKey

	// ContextSourceDefault indicates context from default config
	ContextSourceDefault = middleware.ContextSourceDefault

	// ContextSourceAutoDetect indicates context from AuthSome config
	ContextSourceAutoDetect = middleware.ContextSourceAutoDetect
)

Context Source Constants

Variables ¶

View Source

var (
	// App Context Functions
	GetAppID     = contexts.GetAppID
	SetAppID     = contexts.SetAppID
	RequireAppID = contexts.RequireAppID

	// Environment Context Functions
	GetEnvironmentID     = contexts.GetEnvironmentID
	SetEnvironmentID     = contexts.SetEnvironmentID
	RequireEnvironmentID = contexts.RequireEnvironmentID

	// Organization Context Functions
	GetOrganizationID     = contexts.GetOrganizationID
	SetOrganizationID     = contexts.SetOrganizationID
	RequireOrganizationID = contexts.RequireOrganizationID

	// User Context Functions
	GetUserID     = contexts.GetUserID
	SetUserID     = contexts.SetUserID
	RequireUserID = contexts.RequireUserID

	// Composite Context Helpers
	WithAppAndOrganization            = contexts.WithAppAndOrganization
	WithAppAndUser                    = contexts.WithAppAndUser
	WithAppEnvironmentAndOrganization = contexts.WithAppEnvironmentAndOrganization
	WithAll                           = contexts.WithAll

	// Auth Context Functions
	SetAuthContext     = contexts.SetAuthContext
	GetAuthContext     = contexts.GetAuthContext
	RequireAuthContext = contexts.RequireAuthContext
	RequireUser        = contexts.RequireUser
	RequireAPIKey      = contexts.RequireAPIKey
	GetUser            = contexts.GetUser
	GetAPIKey          = contexts.GetAPIKey
	GetSession         = contexts.GetSession
)

Contexts Functions

View Source

var (
	// ErrAppContextRequired is returned when app context is required but not found
	ErrAppContextRequired = contexts.ErrAppContextRequired

	// ErrEnvironmentContextRequired is returned when environment context is required but not found
	ErrEnvironmentContextRequired = contexts.ErrEnvironmentContextRequired

	// ErrOrganizationContextRequired is returned when organization context is required but not found
	ErrOrganizationContextRequired = contexts.ErrOrganizationContextRequired

	// ErrUserContextRequired is returned when user context is required but not found
	ErrUserContextRequired = contexts.ErrUserContextRequired

	// ErrAuthContextRequired is returned when auth context is required but not found
	ErrAuthContextRequired = contexts.ErrAuthContextRequired

	// ErrUserAuthRequired is returned when user authentication is required
	ErrUserAuthRequired = contexts.ErrUserAuthRequired

	// ErrAPIKeyRequired is returned when API key authentication is required
	ErrAPIKeyRequired = contexts.ErrAPIKeyRequired

	// ErrInsufficientScope is returned when API key lacks required scope
	ErrInsufficientScope = contexts.ErrInsufficientScope

	// ErrInsufficientPermission is returned when lacking required RBAC permission
	ErrInsufficientPermission = contexts.ErrInsufficientPermission
)

Context Errors

View Source

var (
	// NewAuthMiddleware creates a new authentication middleware
	NewAuthMiddleware = middleware.NewAuthMiddleware

	// DefaultContextConfig returns a ContextConfig with sensible defaults
	DefaultContextConfig = middleware.DefaultContextConfig
)

Middleware Config Functions

View Source

var (
	// RegisterDefaultPlatformRoles registers default platform roles
	RegisterDefaultPlatformRoles = rbac.RegisterDefaultPlatformRoles
)

RBAC Functions

Functions ¶

func ResolveAPIKeyService ¶

func ResolveAPIKeyService(container forge.Container) (*apikey.Service, error)

ResolveAPIKeyService resolves the API key service from the container

func ResolveAppService ¶

func ResolveAppService(container forge.Container) (*app.ServiceImpl, error)

ResolveAppService resolves the app service from the container

func ResolveAuditService ¶

func ResolveAuditService(container forge.Container) (*audit.Service, error)

ResolveAuditService resolves the audit service from the container

func ResolveAuthService ¶

func ResolveAuthService(container forge.Container) (auth.ServiceInterface, error)

ResolveAuthService resolves the auth service from the container

func ResolveDatabase ¶

func ResolveDatabase(container forge.Container) (*bun.DB, error)

ResolveDatabase resolves the database from the container First tries AuthSome's registered database, then falls back to Forge's database extension

func ResolveDatabaseManager ¶

func ResolveDatabaseManager(container forge.Container) (*forgedb.DatabaseManager, error)

ResolveDatabaseManager resolves Forge's DatabaseManager from the container This is useful for plugins that need access to multiple databases

func ResolveDeviceService ¶

func ResolveDeviceService(container forge.Container) (*device.Service, error)

ResolveDeviceService resolves the device service from the container

func ResolveHookRegistry ¶

func ResolveHookRegistry(container forge.Container) (*hooks.HookRegistry, error)

ResolveHookRegistry resolves the hook registry from the container

func ResolveJWTService ¶

func ResolveJWTService(container forge.Container) (*jwt.Service, error)

ResolveJWTService resolves the JWT service from the container

func ResolveNotificationService ¶

func ResolveNotificationService(container forge.Container) (*notification.Service, error)

ResolveNotificationService resolves the notification service from the container

func ResolvePluginRegistry ¶

func ResolvePluginRegistry(container forge.Container) (*plugins.Registry, error)

ResolvePluginRegistry resolves the plugin registry from the container

func ResolveRBACService ¶

func ResolveRBACService(container forge.Container) (*rbac.Service, error)

ResolveRBACService resolves the RBAC service from the container

func ResolveRateLimitService ¶

func ResolveRateLimitService(container forge.Container) (*ratelimit.Service, error)

ResolveRateLimitService resolves the rate limit service from the container

func ResolveSecurityService ¶

func ResolveSecurityService(container forge.Container) (*security.Service, error)

ResolveSecurityService resolves the security service from the container

func ResolveSessionService ¶

func ResolveSessionService(container forge.Container) (session.ServiceInterface, error)

ResolveSessionService resolves the session service from the container

func ResolveUserService ¶

func ResolveUserService(container forge.Container) (user.ServiceInterface, error)

ResolveUserService resolves the user service from the container

func ResolveWebhookService ¶

func ResolveWebhookService(container forge.Container) (*webhook.Service, error)

ResolveWebhookService resolves the webhook service from the container

Types ¶

type APIKeyConfig ¶

type APIKeyConfig = apikey.Config

APIKeyConfig holds API key service configuration

type AfterMemberAddHook ¶

type AfterMemberAddHook = hooks.AfterMemberAddHook

AfterMemberAddHook registers an organization lifecycle hook

type AfterOrganizationCreateHook ¶

type AfterOrganizationCreateHook = hooks.AfterOrganizationCreateHook

AfterOrganizationCreateHook registers a user lifecycle hook

type AfterSessionCreateHook ¶

type AfterSessionCreateHook = hooks.AfterSessionCreateHook

AfterSessionCreateHook registers a session lifecycle hook

type AfterSignInHook ¶

type AfterSignInHook = hooks.AfterSignInHook

AfterSignInHook registers an authentication lifecycle hook

type AfterSignOutHook ¶

type AfterSignOutHook = hooks.AfterSignOutHook

AfterSignOutHook registers an authentication lifecycle hook

type AfterSignUpHook ¶

type AfterSignUpHook = hooks.AfterSignUpHook

AfterSignUpHook registers an authentication lifecycle hook

type App ¶

type App = app.App

App represents an application entity

type AppConfig ¶

type AppConfig = app.Config

AppConfig holds app service configuration

type AppRepository ¶

type AppRepository = app.AppRepository

AppRepository defines the app repository interface

type AppService ¶

type AppService = app.AppService

AppService is the service interface for app operations

func New ¶

func New(opts ...Option) *Auth

New creates a new Auth instance with the given options

func (*Auth) AuthMiddleware ¶

func (a *Auth) AuthMiddleware() forge.Middleware

AuthMiddleware returns the optional authentication middleware This middleware populates the auth context with API key and/or session data but does not block unauthenticated requests

func (*Auth) Authenticate ¶ added in v0.0.2

func (a *Auth) Authenticate() forge.Middleware

Authenticate returns the authentication middleware

func (*Auth) GetBasePath ¶

func (a *Auth) GetBasePath() string

GetBasePath returns the base path for AuthSome routes

func (*Auth) GetConfig ¶

func (a *Auth) GetConfig() Config

GetConfig returns the auth config

func (*Auth) GetDB ¶

func (a *Auth) GetDB() *bun.DB

GetDB returns the database instance

func (*Auth) GetDefaultApp ¶ added in v0.0.2

func (a *Auth) GetDefaultApp(ctx context.Context) (*app.App, error)

GetDefaultApp returns the default app when in standalone mode This is useful for middleware context auto-detection Returns nil if not in standalone mode or app not found

func (*Auth) GetDefaultEnvironment ¶ added in v0.0.2

func (a *Auth) GetDefaultEnvironment(ctx context.Context, appID xid.ID) (*env.Environment, error)

GetDefaultEnvironment returns the default environment for an app This is useful for middleware context auto-detection Returns nil if environment not found

func (*Auth) GetForgeApp ¶

func (a *Auth) GetForgeApp() forge.App

GetForgeApp returns the forge application instance

func (*Auth) GetGlobalGroupRoutesOptions ¶ added in v0.0.2

func (a *Auth) GetGlobalGroupRoutesOptions() []forge.GroupOption

GetGlobalGroupRoutesOptions returns the global group routes options

func (*Auth) GetGlobalRoutesOptions ¶ added in v0.0.2

func (a *Auth) GetGlobalRoutesOptions() []forge.RouteOption

GetGlobalRoutesOptions returns the global routes options

func (*Auth) GetHookRegistry ¶

func (a *Auth) GetHookRegistry() *hooks.HookRegistry

GetHookRegistry returns the hook registry for plugins

func (*Auth) GetPluginRegistry ¶

func (a *Auth) GetPluginRegistry() plugins.PluginRegistry

GetPluginRegistry returns the plugin registry

func (*Auth) GetServiceRegistry ¶

func (a *Auth) GetServiceRegistry() *registry.ServiceRegistry

GetServiceRegistry returns the service registry for plugins

func (*Auth) Hooks ¶ added in v0.0.3

func (a *Auth) Hooks() *hooks.HookRegistry

Hooks returns the hook registry for plugins

func (*Auth) Initialize ¶

func (a *Auth) Initialize(ctx context.Context) error

Initialize initializes all core services

func (*Auth) IsPluginEnabled ¶

func (a *Auth) IsPluginEnabled(pluginID string) bool

IsPluginEnabled checks if a plugin is registered and enabled

func (*Auth) Logger ¶

func (a *Auth) Logger() forge.Logger

Logger returns the logger for AuthSome

func (*Auth) Mount ¶

func (a *Auth) Mount(router forge.Router, basePath string) error

Mount mounts the auth routes to the Forge router

func (*Auth) RegisterAuthStrategy ¶ added in v0.0.5

func (a *Auth) RegisterAuthStrategy(strategy middleware.AuthStrategy) error

RegisterAuthStrategy registers an authentication strategy This allows plugins to add custom authentication methods Strategies are tried in priority order during authentication

func (*Auth) Repository ¶

func (a *Auth) Repository() repo.Repository

Repository implements core.Authsome.

func (*Auth) RequireAPIKey ¶

func (a *Auth) RequireAPIKey() forge.Middleware

RequireAPIKey returns middleware that requires API key authentication Blocks requests that don't have a valid API key

func (*Auth) RequireAdmin ¶

func (a *Auth) RequireAdmin() forge.Middleware

RequireAdmin returns middleware that requires admin privileges Blocks requests that don't have admin:full scope via secret API key

func (*Auth) RequireAllPermissions ¶ added in v0.0.2

func (a *Auth) RequireAllPermissions(permissions ...string) forge.Middleware

RequireAllPermissions returns middleware that requires all of the specified permissions

func (*Auth) RequireAllScopes ¶

func (a *Auth) RequireAllScopes(scopes ...string) forge.Middleware

RequireAllScopes returns middleware that requires all of the specified scopes

func (*Auth) RequireAnyPermission ¶ added in v0.0.2

func (a *Auth) RequireAnyPermission(permissions ...string) forge.Middleware

RequireAnyPermission returns middleware that requires any of the specified permissions

func (*Auth) RequireAnyScope ¶

func (a *Auth) RequireAnyScope(scopes ...string) forge.Middleware

RequireAnyScope returns middleware that requires any of the specified scopes

func (*Auth) RequireAuth ¶

func (a *Auth) RequireAuth() forge.Middleware

RequireAuth returns middleware that requires authentication Blocks requests that are not authenticated via API key or session

func (*Auth) RequireCanAccess ¶ added in v0.0.2

func (a *Auth) RequireCanAccess(action, resource string) forge.Middleware

RequireCanAccess returns middleware that checks if auth context can access a resource This is flexible - accepts EITHER legacy scopes OR RBAC permissions Recommended for backward compatibility

func (*Auth) RequirePublishableKey ¶

func (a *Auth) RequirePublishableKey() forge.Middleware

RequirePublishableKey returns middleware that requires a publishable (pk_) API key

func (*Auth) RequireRBACPermission ¶ added in v0.0.2

func (a *Auth) RequireRBACPermission(action, resource string) forge.Middleware

RequireRBACPermission returns middleware that requires a specific RBAC permission Checks only RBAC permissions (not legacy scopes)

func (*Auth) RequireScope ¶

func (a *Auth) RequireScope(scope string) forge.Middleware

RequireScope returns middleware that requires a specific API key scope Blocks requests where the API key lacks the specified scope

func (*Auth) RequireSecretKey ¶

func (a *Auth) RequireSecretKey() forge.Middleware

RequireSecretKey returns middleware that requires a secret (sk_) API key

func (*Auth) RequireUser ¶

func (a *Auth) RequireUser() forge.Middleware

RequireUser returns middleware that requires user authentication (session) Blocks requests that don't have a valid user session

func (*Auth) ServiceRegistry ¶ added in v0.0.3

func (a *Auth) ServiceRegistry() *registry.ServiceRegistry

ServiceRegistry returns the service registry for plugins

type AuthConfig ¶

type AuthConfig = auth.Config

AuthConfig holds auth service configuration

type AuthContext ¶ added in v0.0.2

type AuthContext = contexts.AuthContext

AuthContext holds complete authentication state for a request

type AuthMethod ¶ added in v0.0.2

type AuthMethod = contexts.AuthMethod

AuthMethod indicates how the request was authenticated

type AuthMiddleware ¶ added in v0.0.2

type AuthMiddleware = middleware.AuthMiddleware

AuthMiddleware is the authentication middleware

type AuthMiddlewareConfig ¶ added in v0.0.2

type AuthMiddlewareConfig = middleware.AuthMiddlewareConfig

AuthMiddlewareConfig configures the authentication middleware behavior

type AuthResponse ¶

type AuthResponse = responses.AuthResponse

AuthResponse is the response from authentication operations

type AuthService ¶

type AuthService = auth.ServiceInterface

AuthService is the authentication service interface

type ContextConfig ¶ added in v0.0.2

type ContextConfig = middleware.ContextConfig

ContextConfig configures how app and environment context is populated

type ContextResolution ¶ added in v0.0.2

type ContextResolution = middleware.ContextResolution

ContextResolution tracks how context values were resolved

type ContextSource ¶ added in v0.0.2

type ContextSource = middleware.ContextSource

ContextSource indicates where the context value came from

type CreateAPIKeyRequest ¶

type CreateAPIKeyRequest = apikey.CreateAPIKeyRequest

CreateAPIKeyRequest is the request for creating an API key

type CreateAppRequest ¶

type CreateAppRequest = app.CreateAppRequest

CreateAppRequest is the request for creating an app

type CreateJWTKeyRequest ¶

type CreateJWTKeyRequest = jwt.CreateJWTKeyRequest

CreateJWTKeyRequest is the request for creating a JWT key

type CreateSessionRequest ¶

type CreateSessionRequest = session.CreateSessionRequest

CreateSessionRequest is the request for creating a session

type CreateTeamRequest ¶

type CreateTeamRequest = app.CreateTeamRequest

CreateTeamRequest is the request for creating a team

type CreateUserRequest ¶

type CreateUserRequest = user.CreateUserRequest

CreateUserRequest is the request for creating a user

type CreateWebhookRequest ¶

type CreateWebhookRequest = webhook.CreateWebhookRequest

CreateWebhookRequest is the request for creating a webhook

type Environment ¶ added in v0.0.3

type Environment = environment.Environment

Environment represents an environment

type EnvironmentRepository ¶ added in v0.0.3

type EnvironmentRepository = environment.Repository

EnvironmentRepository defines the environment repository interface

type GenerateTokenRequest ¶

type GenerateTokenRequest = jwt.GenerateTokenRequest

GenerateTokenRequest is the request for generating a JWT token

type GeoIPProvider ¶

type GeoIPProvider = sec.GeoIPProvider

GeoIPProvider is the interface for GeoIP providers

type HookRegistry ¶

type HookRegistry = hooks.HookRegistry

HookRegistry is the registry for registering hooks

type InvitationRepository ¶

type InvitationRepository = app.InvitationRepository

InvitationRepository defines the invitation repository interface

type InviteMemberRequest ¶

type InviteMemberRequest = app.InviteMemberRequest

InviteMemberRequest is the request for inviting a member

type JWTConfig ¶

type JWTConfig = jwt.Config

JWTConfig holds JWT service configuration

type MemberRepository ¶

type MemberRepository = app.MemberRepository

MemberRepository defines the member repository interface

type MemberStatus ¶

type MemberStatus = app.MemberStatus

Schema Enums - Type aliases for cleaner API (re-exported from core/app)

type Notification ¶

type Notification = notification.Notification

Notification represents a notification entity

type NotificationConfig ¶

type NotificationConfig = notification.Config

NotificationConfig holds notification service configuration

type NotificationService ¶

type NotificationService = notification.Service

NotificationService is the notification service

type NotificationTemplate ¶

type NotificationTemplate = notification.Template

NotificationTemplate represents a notification template

type Option ¶

type Option func(*Auth)

Option is a function that configures Auth

func WithAuthMiddlewareConfig ¶ added in v0.0.2

func WithAuthMiddlewareConfig(config middleware.AuthMiddlewareConfig) Option

WithAuthMiddlewareConfig sets the authentication middleware configuration This controls how the global authentication middleware behaves, including: - Session cookie name - Optional authentication (allow unauthenticated requests) - API key authentication settings - Context resolution (app/environment from headers or API key)

Example:

WithAuthMiddlewareConfig(middleware.AuthMiddlewareConfig{
    SessionCookieName:   "my_session",
    Optional:            true,
    AllowAPIKeyInQuery:  false, // Security best practice
    AllowSessionInQuery: false, // Security best practice
    Context: middleware.ContextConfig{
        AutoDetectFromAPIKey: true,
        AutoDetectFromConfig: true,
    },
})

func WithBasePath ¶

func WithBasePath(path string) Option

WithBasePath sets the base path for routes

func WithCORSEnabled ¶ added in v0.0.2

func WithCORSEnabled(enabled bool) Option

WithCORSEnabled enables or disables CORS middleware When enabled, uses TrustedOrigins for allowed origins Default: false (disabled - let Forge or your app handle CORS)

func WithDatabase ¶

func WithDatabase(db interface{}) Option

WithDatabase sets the database connection directly (backwards compatible) For new applications, consider using WithDatabaseManager with Forge's database extension

func WithDatabaseFromForge ¶

func WithDatabaseFromForge() Option

WithDatabaseFromForge resolves the database from Forge's DI container This automatically uses the database extension if registered

func WithDatabaseManager ¶

func WithDatabaseManager(manager *forgedb.DatabaseManager, dbName ...string) Option

WithDatabaseManager uses Forge's database extension DatabaseManager This is the recommended approach when using Forge's database extension The database will be resolved from the manager using the default or specified name

func WithDatabaseSchema ¶

func WithDatabaseSchema(schema string) Option

WithDatabaseSchema sets the PostgreSQL schema for AuthSome tables This allows organizational separation of auth tables from application tables Example: WithDatabaseSchema("auth") creates tables in the "auth" schema Default: "" (uses database default, typically "public") Note: Schema must be valid SQL identifier; will be created if it doesn't exist

func WithForgeApp ¶

func WithForgeApp(app forge.App) Option

WithForgeApp sets the Forge application instance

func WithGeoIPProvider ¶

func WithGeoIPProvider(provider sec.GeoIPProvider) Option

WithGeoIPProvider sets a GeoIP provider for country-based restrictions

func WithGlobalCookieConfig ¶ added in v0.0.2

func WithGlobalCookieConfig(config session.CookieConfig) Option

WithGlobalCookieConfig sets the global cookie configuration for session management This configuration applies to all apps unless overridden at the app level Example:

WithGlobalCookieConfig(session.CookieConfig{
    Enabled:  true,
    Name:     "my_session",
    HttpOnly: true,
    SameSite: "Lax",
})

func WithGlobalGroupRoutesOptions ¶ added in v0.0.2

func WithGlobalGroupRoutesOptions(opts ...forge.GroupOption) Option

WithGlobalGroupRoutesOptions sets the global group routes options

func WithGlobalRoutesOptions ¶ added in v0.0.2

func WithGlobalRoutesOptions(opts ...forge.RouteOption) Option

WithExcludeFromSchemas sets whether to exclude the extension from schemas

func WithMinPasswordLength ¶ added in v0.0.3

func WithMinPasswordLength(length int) Option

WithMinPasswordLength sets the minimum password length

Example:

WithMinPasswordLength(12)

func WithPasswordPolicy ¶ added in v0.0.3

func WithPasswordPolicy(policy string) Option

WithPasswordPolicy is a convenience function to set common password policies Predefined policies: "weak", "medium", "strong", "enterprise"

Example:

WithPasswordPolicy("strong")

func WithPasswordRequirements ¶ added in v0.0.3

func WithPasswordRequirements(reqs validator.PasswordRequirements) Option

WithPasswordRequirements sets the password requirements This controls password validation for user registration and password changes

Example:

WithPasswordRequirements(validator.PasswordRequirements{
    MinLength:      12,
    RequireUpper:   true,
    RequireLower:   true,
    RequireNumber:  true,
    RequireSpecial: true,
})

func WithRBACEnforcement ¶

func WithRBACEnforcement(enabled bool) Option

WithRBACEnforcement enables/disables handler-level RBAC enforcement

func WithRateLimitConfig ¶

func WithRateLimitConfig(cfg rl.Config) Option

WithRateLimitConfig sets rate limit configuration (enabled, default rule, per-path rules)

func WithRateLimitStorage ¶

func WithRateLimitStorage(storage rl.Storage) Option

WithRateLimitStorage sets the rate limit storage backend (memory or redis)

func WithRefreshTokens ¶ added in v0.0.3

func WithRefreshTokens(enabled bool, accessTTL, refreshTTL time.Duration) Option

WithRefreshTokens enables the refresh token pattern Short-lived access tokens are issued with long-lived refresh tokens Clients must explicitly refresh when access token expires

Example:

WithRefreshTokens(true, 15*time.Minute, 30*24*time.Hour)
// 15 min access tokens, 30 day refresh tokens

func WithRequireEmailVerification ¶ added in v0.0.7

func WithRequireEmailVerification(require bool) Option

func WithSecret ¶

func WithSecret(secret string) Option

WithSecret sets the secret for token signing

func WithSecurityConfig ¶

func WithSecurityConfig(cfg sec.Config) Option

WithSecurityConfig sets security service configuration (IP rules, country rules) Pass lists like IPWhitelist/IPBlacklist; Enabled true to enforce checks

func WithSessionConfig ¶ added in v0.0.3

func WithSessionConfig(config session.Config) Option

WithSessionConfig sets the full session configuration This controls session behavior including TTL, sliding window, and refresh tokens

Example:

WithSessionConfig(session.Config{
    DefaultTTL:           24 * time.Hour,
    RememberTTL:          7 * 24 * time.Hour,
    EnableSlidingWindow:  true,
    SlidingRenewalAfter:  5 * time.Minute,
    EnableRefreshTokens:  true,
    RefreshTokenTTL:      30 * 24 * time.Hour,
    AccessTokenTTL:       15 * time.Minute,
})

func WithSessionCookieEnabled ¶ added in v0.0.2

func WithSessionCookieEnabled(enabled bool) Option

WithSessionCookieEnabled enables or disables cookie-based session management globally When enabled, authentication responses will automatically set secure HTTP cookies

func WithSessionCookieMaxAge ¶ added in v0.0.3

func WithSessionCookieMaxAge(seconds int) Option

WithSessionCookieMaxAge sets the cookie MaxAge in seconds This controls how long the browser keeps the cookie If not set, defaults to session TTL (24 hours)

Example:

authsome.WithSessionCookieMaxAge(3600)  // 1 hour
authsome.WithSessionCookieMaxAge(86400) // 24 hours

func WithSessionCookieName ¶ added in v0.0.2

func WithSessionCookieName(name string) Option

WithSessionCookieName sets the session cookie name Default: "authsome_session"

func WithSessionTTL ¶ added in v0.0.3

func WithSessionTTL(defaultTTL, rememberTTL time.Duration) Option

WithSessionTTL sets the default and "remember me" session TTL

Example:

WithSessionTTL(24*time.Hour, 7*24*time.Hour)

func WithSlidingWindowSessions ¶ added in v0.0.3

func WithSlidingWindowSessions(enabled bool, renewalThreshold ...time.Duration) Option

WithSlidingWindowSessions enables automatic session renewal on each request When enabled, sessions are extended whenever the user makes a request The renewalThreshold determines how often to actually update the database (default: 5 minutes) This prevents logging out active users while minimizing database writes

Example:

WithSlidingWindowSessions(true, 5*time.Minute)

func WithTrustedOrigins ¶

func WithTrustedOrigins(origins []string) Option

WithTrustedOrigins sets trusted origins for CORS Setting origins does NOT automatically enable CORS - use WithCORSEnabled(true)

func WithUserConfig ¶ added in v0.0.3

func WithUserConfig(config user.Config) Option

WithUserConfig sets the full user configuration This controls user service behavior including password requirements

Example:

WithUserConfig(user.Config{
    PasswordRequirements: validator.PasswordRequirements{
        MinLength:      12,
        RequireUpper:   true,
        RequireLower:   true,
        RequireNumber:  true,
        RequireSpecial: true,
    },
})

type Organization ¶

type Organization = organization.Organization

Organization represents an organization entity

type OrganizationConfig ¶

type OrganizationConfig = organization.Config

OrganizationConfig holds organization service configuration

type OrganizationService ¶

type OrganizationService = organization.OrganizationService

OrganizationService is the organization service interface

type Permission ¶

type Permission = rbac.Permission

Permission represents a permission

type Plugin ¶

type Plugin = plugins.Plugin

Plugin is the interface that all plugins must implement

type PluginDependencies ¶

type PluginDependencies struct {
	Container      forge.Container
	Database       *bun.DB
	UserService    user.ServiceInterface
	SessionService session.ServiceInterface
	AuthService    auth.ServiceInterface
	AuditService   *audit.Service
	RBACService    *rbac.Service
	HookRegistry   *hooks.HookRegistry
}

PluginDependencies is a convenience struct for plugins to get all common dependencies

func ResolvePluginDependencies ¶

func ResolvePluginDependencies(container forge.Container) (*PluginDependencies, error)

ResolvePluginDependencies resolves all common plugin dependencies from the container

type PluginRegistry ¶

type PluginRegistry = plugins.PluginRegistry

PluginRegistry is the registry for managing plugins

type Policy ¶

type Policy = rbac.Policy

Policy represents a policy

type RBACService ¶

type RBACService = rbac.Service

RBACService is the RBAC service

type RateLimitConfig ¶

type RateLimitConfig = rl.Config

RateLimitConfig holds rate limit service configuration

type RateLimitService ¶

type RateLimitService = rl.Service

RateLimitService is the rate limit service

type RateLimitStorage ¶

type RateLimitStorage = rl.Storage

RateLimitStorage is the interface for rate limit storage

type Role ¶

type Role = rbac.Role

Role represents a role entity

type RoleRegistry ¶

type RoleRegistry = rbac.RoleRegistry

RoleRegistry is the role registry for registering roles

type SchemaAPIKey ¶

type SchemaAPIKey = schema.APIKey

SchemaAPIKey is the database model for API keys

type SchemaApp ¶

type SchemaApp = schema.App

SchemaApp is the database model for apps

type SchemaDevice ¶

type SchemaDevice = schema.Device

SchemaDevice is the database model for devices

type SchemaInvitation ¶

type SchemaInvitation = schema.Invitation

SchemaInvitation is the database model for invitations

type SchemaJWTKey ¶

type SchemaJWTKey = schema.JWTKey

SchemaJWTKey is the database model for JWT keys

type SchemaMember ¶

type SchemaMember = schema.Member

SchemaMember is the database model for members

type SchemaNotification ¶

type SchemaNotification = schema.Notification

SchemaNotification is the database model for notifications

type SchemaRole ¶

type SchemaRole = schema.Role

SchemaRole is the database model for roles

type SchemaSession ¶

type SchemaSession = schema.Session

SchemaSession is the database model for sessions

type SchemaTeam ¶

type SchemaTeam = schema.Team

SchemaTeam is the database model for teams

type SchemaTeamMember ¶

type SchemaTeamMember = schema.TeamMember

SchemaTeamMember is the database model for team members

type SchemaUser ¶

type SchemaUser = schema.User

SchemaUser is the database model for users

type SchemaUserRole ¶

type SchemaUserRole = schema.UserRole

SchemaUserRole is the database model for user roles

type SchemaWebhook ¶

type SchemaWebhook = schema.Webhook

SchemaWebhook is the database model for webhooks

type SecurityConfig ¶

type SecurityConfig = sec.Config

SecurityConfig holds security service configuration

type SecurityService ¶

type SecurityService = sec.Service

SecurityService is the security service

type ServiceRegistry ¶

type ServiceRegistry = registry.ServiceRegistry

ServiceRegistry manages all core services and allows plugins to replace them

type Session ¶

type Session = session.Session

Session represents a session entity

type SessionConfig ¶

type SessionConfig = session.Config

SessionConfig holds session service configuration

type SessionService ¶

type SessionService = session.ServiceInterface

SessionService is the session service interface

type SignInRequest ¶

type SignInRequest = auth.SignInRequest

SignInRequest is the request for signing in

type SignUpRequest ¶

type SignUpRequest = auth.SignUpRequest

SignUpRequest is the request for signing up

type Team ¶

type Team = app.Team

Team represents a team within an app

type TeamMember ¶

type TeamMember = app.TeamMember

TeamMember represents a team member

type TeamRepository ¶

type TeamRepository = app.TeamRepository

TeamRepository defines the team repository interface

type UpdateAppRequest ¶

type UpdateAppRequest = app.UpdateAppRequest

UpdateAppRequest is the request for updating an app

type UpdateMemberRequest ¶

type UpdateMemberRequest = app.UpdateMemberRequest

UpdateMemberRequest is the request for updating a member

type UpdateTeamRequest ¶

type UpdateTeamRequest = app.UpdateTeamRequest

UpdateTeamRequest is the request for updating a team

type UpdateUserRequest ¶

type UpdateUserRequest = user.UpdateUserRequest

UpdateUserRequest is the request for updating a user

type User ¶

type User = user.User

User represents a user entity

type UserConfig ¶

type UserConfig = user.Config

UserConfig holds user service configuration

type UserService ¶

type UserService = user.ServiceInterface

UserService is the user service interface

type Webhook ¶

type Webhook = webhook.Webhook

Webhook represents a webhook entity

type WebhookConfig ¶

type WebhookConfig = webhook.Config

WebhookConfig holds webhook service configuration

type WebhookDelivery ¶

type WebhookDelivery = webhook.Delivery

WebhookDelivery represents a webhook delivery

type WebhookEvent ¶

type WebhookEvent = webhook.Event

WebhookEvent represents a webhook event

type WebhookService ¶

type WebhookService = webhook.Service

WebhookService is the webhook service

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clients
go module
cmd
authsome-cli command
core
apikey
app
audit
audit/adapters
audit/exporters
auth
authflow
base
contexts
device
environment
forms
hooks
impersonation
jwt
middleware
notification
organization
pagination Package pagination provides comprehensive pagination support for the AuthSome framework.	Package pagination provides comprehensive pagination support for the AuthSome framework.
ratelimit
rbac
registry
responses
security
session
ui
user
webhook
docs
examples
examples
apikey-demo command
apikey-rbac command
auth-context command
bearer-plugin command
comprehensive command
consent-demo command
cookie-sessions command
dashboard command Package main demonstrates how to integrate the dashboard plugin with AuthSome	Package main demonstrates how to integrate the dashboard plugin with AuthSome
extension-middleware-config command
forge-database-integration command
forge-extension command
geofence-demo command
jwt-plugin command
middleware-config command
notification-complete command
quick-start-fixed command
servemux-test command
test-integration command
test-multitenancy command
test-multitenancy-integration command
test-providers command
test-webhooks command
extension
flows
handlers
helpers
internal
clients/generator
clients/introspector
clients/manifest
crypto
dbschema
errs
interfaces
utils
validator
migrations
pkg
schema
schema/definition
schema/extractor
schema/generator
schema/generator/bun
schema/generator/diesel
schema/generator/gorm
schema/generator/prisma
schema/generator/sql
plugins
admin Package admin provides cross-cutting administrative operations for the AuthSome platform.	Package admin provides cross-cutting administrative operations for the AuthSome platform.
anonymous
apikey
bearer
cms Package cms provides a content management system plugin for AuthSome.	Package cms provides a content management system plugin for AuthSome.
cms/core Package core provides core types and utilities for the CMS plugin.	Package core provides core types and utilities for the CMS plugin.
cms/handlers Package handlers provides HTTP handlers for the CMS plugin.	Package handlers provides HTTP handlers for the CMS plugin.
cms/pages Package pages provides gomponent-based page templates for the CMS dashboard.	Package pages provides gomponent-based page templates for the CMS dashboard.
cms/query Package query provides a query language parser and builder for the CMS plugin.	Package query provides a query language parser and builder for the CMS plugin.
cms/repository Package repository implements the data access layer for the CMS plugin.	Package repository implements the data access layer for the CMS plugin.
cms/schema Package schema defines the database schema for the CMS plugin.	Package schema defines the database schema for the CMS plugin.
cms/service Package service implements the business logic layer for the CMS plugin.	Package service implements the business logic layer for the CMS plugin.
dashboard
dashboard/components
dashboard/components/pages
emailotp
emailverification
enterprise/backupauth
enterprise/compliance
enterprise/consent
enterprise/geofence
enterprise/idverification
enterprise/mtls
enterprise/scim
enterprise/scim/schema
enterprise/stepup Package stepup provides context-aware step-up authentication for AuthSome.	Package stepup provides context-aware step-up authentication for AuthSome.
impersonation
jwt
magiclink
mcp
mfa
multiapp
multiapp/config
multiapp/decorators
multiapp/handlers
multiapp/middleware
multisession
notification
notification/builder
notification/crypto
notification/providers
oidcprovider
oidcprovider/components
organization
passkey Package passkey provides WebAuthn/FIDO2 passkey authentication.	Package passkey provides WebAuthn/FIDO2 passkey authentication.
permissions
permissions/core
permissions/engine
permissions/engine/providers
permissions/handlers
permissions/language
permissions/migration
permissions/schema
permissions/storage
phone
secrets Package secrets provides the secrets management plugin for AuthSome.	Package secrets provides the secrets management plugin for AuthSome.
secrets/core Package core provides core types and utilities for the secrets plugin.	Package core provides core types and utilities for the secrets plugin.
secrets/pages
secrets/schema Package schema defines the database schema for the secrets plugin.	Package schema defines the database schema for the secrets plugin.
social
social/providers
sso
sso/oidc
sso/saml
subscription Package subscription provides a comprehensive SaaS subscription and billing plugin for AuthSome.	Package subscription provides a comprehensive SaaS subscription and billing plugin for AuthSome.
subscription/core Package core defines the core domain types for the subscription plugin.	Package core defines the core domain types for the subscription plugin.
subscription/errors Package errors defines domain errors for the subscription plugin.	Package errors defines domain errors for the subscription plugin.
subscription/handlers Package handlers provides HTTP handlers for the subscription plugin.	Package handlers provides HTTP handlers for the subscription plugin.
subscription/internal/hooks Package hooks provides subscription-specific hook types and registry.	Package hooks provides subscription-specific hook types and registry.
subscription/migrations Package migrations provides migration utilities for the subscription plugin.	Package migrations provides migration utilities for the subscription plugin.
subscription/providers Package providers defines the payment provider abstraction for the subscription plugin.	Package providers defines the payment provider abstraction for the subscription plugin.
subscription/providers/mock Package mock provides a mock payment provider for testing.	Package mock provides a mock payment provider for testing.
subscription/providers/paddle Package paddle provides a stub implementation of the PaymentProvider interface for Paddle.	Package paddle provides a stub implementation of the PaymentProvider interface for Paddle.
subscription/providers/paypal Package paypal provides a stub implementation of the PaymentProvider interface for PayPal.	Package paypal provides a stub implementation of the PaymentProvider interface for PayPal.
subscription/providers/stripe Package stripe provides Stripe payment provider implementation.	Package stripe provides Stripe payment provider implementation.
subscription/providers/types Package types defines shared types for payment providers.	Package types defines shared types for payment providers.
subscription/repository Package repository provides data access interfaces and implementations for the subscription plugin.	Package repository provides data access interfaces and implementations for the subscription plugin.
subscription/schema Package schema defines the database models for the subscription plugin.	Package schema defines the database models for the subscription plugin.
subscription/service Package service provides business logic services for the subscription plugin.	Package service provides business logic services for the subscription plugin.
subscription/ui Package ui provides Pine UI components for the subscription plugin dashboard	Package ui provides Pine UI components for the subscription plugin dashboard
twofa
username
providers
email
sms
repository
organization
routes
schema
storage
test-assign
testing Package testing provides comprehensive mocking utilities for testing applications that integrate with the AuthSome authentication framework.	Package testing provides comprehensive mocking utilities for testing applications that integrate with the AuthSome authentication framework.
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

AuthSome

🚀 Features

Core Authentication

Enterprise Features

Developer Experience

Deployment Modes

📦 Installation

Prerequisites

Install AuthSome

Install Dependencies

🏃‍♂️ Quick Start

Basic Setup

Environment Configuration

🔧 Usage

User Registration

User Login

Protected Routes

Plugin Usage

⚙️ Configuration

YAML Configuration

Environment Variables

📚 API Reference

Authentication Endpoints

Two-Factor Authentication

Organization Management (SaaS Mode)

Session Management

Audit & Security

Webhooks

API Keys

🤝 Contributing

Development Setup

Code Style

Submitting Changes

Pull Request Guidelines

Reporting Issues

📄 License

🆘 Support

Documentation

Community

Commercial Support

Security Issues

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

func ResolveAPIKeyService ¶

func ResolveAppService ¶

func ResolveAuditService ¶

func ResolveAuthService ¶

func ResolveDatabase ¶

func ResolveDatabaseManager ¶

func ResolveDeviceService ¶

func ResolveHookRegistry ¶

func ResolveJWTService ¶

func ResolveNotificationService ¶

func ResolvePluginRegistry ¶

func ResolveRBACService ¶

func ResolveRateLimitService ¶

func ResolveSecurityService ¶

func ResolveSessionService ¶

func ResolveUserService ¶

func ResolveWebhookService ¶

Types ¶

type APIKey ¶

type APIKeyConfig ¶

type APIKeyService ¶

type AfterMemberAddHook ¶

type AfterOrganizationCreateHook ¶

type AfterSessionCreateHook ¶

type AfterSignInHook ¶

type AfterSignOutHook ¶

type AfterSignUpHook ¶

type App ¶

type AppConfig ¶

type AppRepository ¶

type AppService ¶

type AuditService ¶

type Auth ¶