Add idp-go-sdk

Author: OliverSchlueter

.github/dependabot.yml

@@ -45,6 +45,14 @@ updates:
       go-all:
         patterns:
           - "*"
+  - package-ecosystem: "gomod"
+    directory: "/integrations/idp-go-sdk"
+    schedule:
+      interval: "daily"
+    groups:
+      go-all:
+        patterns:
+          - "*"
   - package-ecosystem: "gomod"
     directory: "/integrations/analytics-go-sdk"
     schedule:

.github/workflows/test-integrations.yml

@@ -9,6 +9,26 @@ on:
   workflow_dispatch:
 
 jobs:
+  idp-go-sdk:
+    name: IDP Go SDK
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.26
+          check-latest: true
+          cache-dependency-path: "**/*.sum"
+
+      - name: Install dependencies for go-sdk
+        run: go work sync
+
+      - name: Test go-sdk
+        run: go test ./integrations/idp-go-sdk/... -v
+
   analytics-go-sdk:
     name: Analytics Go SDK
     runs-on: ubuntu-latest

go.work

@@ -2,6 +2,7 @@ go 1.26
 
 use (
 	integrations/analytics-go-sdk
+	integrations/idp-go-sdk
 	integrations/storage-go-sdk
 	services/core
 	services/storage

integrations/idp-go-sdk/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Oliver Schlüter
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

integrations/idp-go-sdk/go.mod

@@ -0,0 +1,20 @@
+module github.com/fancyinnovations/fancyspaces/integrations/idp-go-sdk
+
+go 1.26
+
+require (
+	github.com/OliverSchlueter/goutils v0.0.28
+	github.com/dgraph-io/ristretto/v2 v2.4.0
+	github.com/golang-jwt/jwt/v5 v5.3.1
+)
+
+require (
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/klauspost/compress v1.18.3 // indirect
+	github.com/nats-io/nats.go v1.48.0 // indirect
+	github.com/nats-io/nkeys v0.4.12 // indirect
+	github.com/nats-io/nuid v1.0.1 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+)

integrations/idp-go-sdk/go.sum

@@ -0,0 +1,32 @@
+github.com/OliverSchlueter/goutils v0.0.28 h1:Ayj+cwmryXZ8651KWGzH8HAmjlSbyoTmUSoewF3tCDk=
+github.com/OliverSchlueter/goutils v0.0.28/go.mod h1:iyXl5/swm34WrhnD2pHxA4X1PH61bN2O63qGAP9j2qA=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgraph-io/ristretto/v2 v2.4.0 h1:I/w09yLjhdcVD2QV192UJcq8dPBaAJb9pOuMyNy0XlU=
+github.com/dgraph-io/ristretto/v2 v2.4.0/go.mod h1:0KsrXtXvnv0EqnzyowllbVJB8yBonswa2lTCK2gGo9E=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da h1:aIftn67I1fkbMa512G+w+Pxci9hJPB8oMnkcP3iZF38=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
+github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
+github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/nats-io/nats.go v1.48.0 h1:pSFyXApG+yWU/TgbKCjmm5K4wrHu86231/w84qRVR+U=
+github.com/nats-io/nats.go v1.48.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/nkeys v0.4.12 h1:nssm7JKOG9/x4J8II47VWCL1Ds29avyiQDRn0ckMvDc=
+github.com/nats-io/nkeys v0.4.12/go.mod h1:MT59A1HYcjIcyQDJStTfaOY6vhy9XTUjOFo+SVsvpBg=
+github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
+github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

integrations/idp-go-sdk/idp/auth.go

@@ -0,0 +1,29 @@
+package idp
+
+import (
+	"crypto/rsa"
+
+	"github.com/OliverSchlueter/goutils/broker"
+)
+
+type Service struct {
+	broker         broker.Broker
+	excludedRoutes []string
+	publicKey      *rsa.PublicKey
+	usersCache     *usersCache
+}
+
+type Configuration struct {
+	PublicKey      *rsa.PublicKey
+	Broker         broker.Broker
+	ExcludedRoutes []string
+}
+
+func NewService(cfg Configuration) *Service {
+	return &Service{
+		broker:         cfg.Broker,
+		excludedRoutes: cfg.ExcludedRoutes,
+		publicKey:      cfg.PublicKey,
+		usersCache:     newUsersCache(),
+	}
+}

integrations/idp-go-sdk/idp/auth_token_validation.go

@@ -0,0 +1,48 @@
+package idp
+
+import (
+	"fmt"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+const ServiceName = "fancyanalytics-idp"
+
+var SigningMethod = jwt.SigningMethodRS256
+
+// validateToken validates the given JWT token string and returns the user ID if the token is valid.
+func (s *Service) validateToken(tokenString string) (string, error) {
+	parser := jwt.NewParser(
+		jwt.WithValidMethods([]string{SigningMethod.Alg()}),
+		jwt.WithIssuer(ServiceName),
+	)
+
+	token, err := parser.ParseWithClaims(
+		tokenString,
+		&jwt.RegisteredClaims{},
+		s.tokenKeyFunc,
+	)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse token: %w", err)
+	}
+
+	claims, ok := token.Claims.(*jwt.RegisteredClaims)
+	if !ok || !token.Valid {
+		return "", ErrInvalidToken
+	}
+
+	if claims.Issuer != ServiceName {
+		return "", ErrInvalidToken
+	}
+
+	return claims.Subject, nil
+}
+
+// tokenKeyFunc is a helper function that returns the public key for validating the token's signature.
+func (s *Service) tokenKeyFunc(token *jwt.Token) (interface{}, error) {
+	if token.Method.Alg() != SigningMethod.Alg() {
+		return nil, fmt.Errorf("unexpected signing method")
+	}
+
+	return s.publicKey, nil
+}

integrations/idp-go-sdk/idp/ctx.go

@@ -0,0 +1,23 @@
+package idp
+
+import (
+	"context"
+	"log/slog"
+)
+
+type userCtxKey struct{}
+
+// attachUserToCtx attaches the user to the context for later retrieval in handlers.
+func attachUserToCtx(ctx context.Context, u *User) context.Context {
+	return context.WithValue(ctx, userCtxKey{}, *u)
+}
+
+// UserFromCtx retrieves the user from the context. It returns nil if no user is found.
+func UserFromCtx(ctx context.Context) *User {
+	u, ok := ctx.Value(userCtxKey{}).(User)
+	if !ok {
+		slog.Warn("User not found in context")
+		return nil
+	}
+	return &u
+}

integrations/idp-go-sdk/idp/errors.go

@@ -0,0 +1,37 @@
+package idp
+
+import (
+	"errors"
+	"net/http"
+	"time"
+
+	"github.com/OliverSchlueter/goutils/problems"
+)
+
+var (
+	ErrMissingAuthorizationHeader  = errors.New("missing Authorization header")
+	ErrInvalidTokenFormat          = errors.New("invalid token format")
+	ErrInvalidAuthenticationMethod = errors.New("invalid authentication method, expected Bearer or Basic")
+	ErrInvalidToken                = errors.New("invalid token")
+	ErrUserNotFound                = errors.New("user not found")
+)
+
+func AccountNotVerifiedProblem() *problems.Problem {
+	return &problems.Problem{
+		Type:      "AccountNotVerified",
+		Title:     "Account Not Verified",
+		Detail:    "Your account is not verified. Please verify your account to access this feature.",
+		Status:    http.StatusForbidden,
+		Timestamp: time.Now(),
+	}
+}
+
+func AccountDisabledProblem() *problems.Problem {
+	return &problems.Problem{
+		Type:      "AccountDisabled",
+		Title:     "Account Disabled",
+		Detail:    "Your account has been disabled. Please contact support for assistance.",
+		Status:    http.StatusForbidden,
+		Timestamp: time.Now(),
+	}
+}