mirror of
https://github.com/bitechdev/ResolveSpec.git
synced 2026-07-07 03:17:38 +00:00
feat(security): implement ChainAuthenticator for sequential authentication
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
package security
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// ChainAuthenticator tries each authenticator in order, returning the first success.
|
||||
// Login and Logout are delegated to the primary authenticator.
|
||||
type ChainAuthenticator struct {
|
||||
authenticators []Authenticator
|
||||
}
|
||||
|
||||
// NewChainAuthenticator creates a ChainAuthenticator from the given authenticators.
|
||||
// At least one authenticator is required; the first is treated as primary for Login/Logout.
|
||||
func NewChainAuthenticator(primary Authenticator, rest ...Authenticator) *ChainAuthenticator {
|
||||
return &ChainAuthenticator{
|
||||
authenticators: append([]Authenticator{primary}, rest...),
|
||||
}
|
||||
}
|
||||
|
||||
func (c *ChainAuthenticator) Authenticate(r *http.Request) (*UserContext, error) {
|
||||
var lastErr error
|
||||
for _, a := range c.authenticators {
|
||||
if uc, err := a.Authenticate(r); err == nil {
|
||||
return uc, nil
|
||||
} else {
|
||||
lastErr = err
|
||||
}
|
||||
}
|
||||
return nil, fmt.Errorf("all authenticators failed; last error: %w", lastErr)
|
||||
}
|
||||
|
||||
func (c *ChainAuthenticator) Login(ctx context.Context, req LoginRequest) (*LoginResponse, error) {
|
||||
return c.authenticators[0].Login(ctx, req)
|
||||
}
|
||||
|
||||
func (c *ChainAuthenticator) Logout(ctx context.Context, req LogoutRequest) error {
|
||||
return c.authenticators[0].Logout(ctx, req)
|
||||
}
|
||||
Reference in New Issue
Block a user