KeyAuth

Hertz provides the keyauth extension to help users achieve token authentication.

Hertz provides the keyauth extension to help users achieve token authentication. The implementation of the keyauth extension references the Fiber and Echo implementation.

Install

go get github.com/hertz-contrib/keyauth

Example

package main

import (
	"context"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/utils"
	"github.com/cloudwego/hertz/pkg/protocol/consts"
	"github.com/hertz-contrib/keyauth"
)

func main() {
	h := server.Default()
	h.Use(keyauth.New(
		keyauth.WithContextKey("token"),
		keyauth.WithKeyLookUp("query:token", ""),
	))
	h.GET("/ping", func(ctx context.Context, c *app.RequestContext) {
		value, _ := c.Get("token")
		c.JSON(consts.StatusOK, utils.H{"ping": value})
	})
	h.Spin()
}

Config

WithFilter

The keyauth extension provides WithFilter to help users set custom filtering logic for skipping the keyauth extension, which defaults to nil and is not skipped.

Function signatures:

type KeyAuthFilterHandler func(ctx context.Context, c *app.RequestContext) bool

Sample Code:

package main

import (
	"context"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/utils"
	"github.com/cloudwego/hertz/pkg/protocol/consts"
	"github.com/hertz-contrib/keyauth"
)

func main() {
	h := server.Default()
	h.Use(keyauth.New(
		keyauth.WithFilter(func(ctx context.Context, c *app.RequestContext) bool {
			return string(c.GetHeader("admin")) == "test"
		}),
	))
	h.GET("/ping", func(ctx context.Context, c *app.RequestContext) {
		value, _ := c.Get("token")
		c.JSON(consts.StatusOK, utils.H{"ping": value})
	})
	h.Spin()
}

WithValidator

The keyauth extension provides WithValidator to help users set custom validation logic for token validation, which returns true and nil by default.

Function signatures:

type KeyAuthValidatorHandler func(context.Context, *app.RequestContext, string) (bool, error)

Sample Code:

package main

import (
	"context"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/utils"
	"github.com/cloudwego/hertz/pkg/protocol/consts"
	"github.com/hertz-contrib/keyauth"
)

func main() {
	h := server.Default()
	h.Use(keyauth.New(
		keyauth.WithValidator(func(ctx context.Context, requestContext *app.RequestContext, s string) (bool, error) {
			if s == "test_admin" {
				return true, nil
			}
			return false, nil
		}),
	))
	h.GET("/ping", func(ctx context.Context, c *app.RequestContext) {
		value, _ := c.Get("token")
		c.JSON(consts.StatusOK, utils.H{"ping": value})
	})
	h.Spin()
}

WithSuccessHandler

The keyauth extension provides WithSuccessHandler to help users set up custom processing logic for verifying that the token has passed.

Sample Code:

package main

import (
	"context"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/utils"
	"github.com/cloudwego/hertz/pkg/protocol/consts"
	"github.com/hertz-contrib/keyauth"
)

func main() {
	h := server.Default()
	h.Use(keyauth.New(
		keyauth.WithSuccessHandler(func(ctx context.Context, c *app.RequestContext) {
			c.Next(ctx)
		}),
	))
	h.GET("/ping", func(ctx context.Context, c *app.RequestContext) {
		value, _ := c.Get("token")
		c.JSON(consts.StatusOK, utils.H{"ping": value})
	})
	h.Spin()
}

WithErrorHandler

The keyauth extension provides WithErrorHandler to help users set up custom handling logic for verifying token failures.

Function signatures:

type KeyAuthErrorHandler func(context.Context, *app.RequestContext, error)

Default logic:

func errHandler(ctx context.Context, c *app.RequestContext, err error) {
	if err == ErrMissingOrMalformedAPIKey {
		c.AbortWithMsg(err.Error(), http.StatusBadRequest)
		return
	}
	c.AbortWithMsg(err.Error(), http.StatusUnauthorized)
}

WithKeyLookUp

The keyauth extension provides WithKeyLookUp to help users set keyLookup.

keyLookup is used to extract token from source (supported sources include cookie, header, param, query, form).

The format is <source>:<token_name> and default value isheader:Authorization.

Sample Code:

package main

import (
	"context"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/utils"
	"github.com/cloudwego/hertz/pkg/protocol/consts"
	"github.com/hertz-contrib/keyauth"
)

func main() {
	h := server.Default()
	h.Use(keyauth.New(
		keyauth.WithKeyLookUp("header:token", "Bearer"),
		))
	h.GET("/ping", func(ctx context.Context, c *app.RequestContext) {
		value, _ := c.Get("token")
		c.JSON(consts.StatusOK, utils.H{"ping": value})
	})
	h.Spin()
}

WithContextKey

The keyauth extension provides WithContextKey to help users set the key corresponding to the token in the request context.

Sample Code:

package main

import (
	"context"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/utils"
	"github.com/cloudwego/hertz/pkg/protocol/consts"
	"github.com/hertz-contrib/keyauth"
)

func main() {
	h := server.Default()
	h.Use(keyauth.New(
		keyauth.WithContextKey("token"),
	))
	h.GET("/ping", func(ctx context.Context, c *app.RequestContext) {
		value, _ := c.Get("token")
		c.JSON(consts.StatusOK, utils.H{"ping": value})
	})
	h.Spin()
}

Feedback

Was this page helpful?

Please tell us how we can improve.

Last modified February 6, 2025 : refactor(Hertz): add third-party directory and update en doc (#1226) (33649b70d8)