core/go-ws
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
18 commits 1 branch 3 tags 199 KiB
Commit graph

2 commits

Author SHA1 Message Date
Claude
ce342a1866
feat(ws): add authentication on WebSocket upgrade 
Phase 2: Authenticator interface, BearerTokenAuth, QueryTokenAuth.
Reject unauthenticated connections before upgrade.

Co-Authored-By: Virgil <virgil@lethean.io>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 14:34:57 +00:00
Snider
9e48f0b60d feat(auth): Phase 2 — token-based authentication on WebSocket upgrade 
Add Authenticator interface with AuthenticatorFunc adapter and built-in
APIKeyAuthenticator for Bearer token validation. Hub.Handler() now gates
connections when an Authenticator is configured on HubConfig, responding
HTTP 401 for failed auth. Client.UserID and Client.Claims are populated
on successful upgrade. OnAuthFailure callback enables logging/metrics.

Nil authenticator preserves full backward compatibility — all existing
tests pass unchanged. 18 new tests (unit + integration) cover valid/
invalid/missing/malformed headers, func adapter, multi-client auth,
message delivery post-auth, and the OnAuthFailure callback.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-20 08:12:45 +00:00