docs: clarify SecretEncrypter internals; add Claims struct and AdminC…#169
Merged
veverkap merged 1 commit intoMay 2, 2026
Merged
Conversation
…hecker interface
- docs/auth/crypto.md, README.md: Clarify that SecretEncrypter stores only
the cipher.AEAD (GCM) as its single field. The previous text said 'the AES
block cipher and the cipher.AEAD are both created once', which implied two
separate stored objects. The block cipher is embedded within GCM; only the
AEAD is retained. Matches auth/crypto.go: SecretEncrypter{gcm: gcm}.
- docs/auth/jwt.md: Add the Claims struct definition so developers can see
all available fields (UserID/sub + jwt.RegisteredClaims incl. ID/jti,
ExpiresAt, IssuedAt, Issuer, Audience) without reading the source.
- docs/auth/middleware.md: Add explicit AdminChecker interface definition
and note that auth.UserStore satisfies it directly, with a pointer to
auth.NewAdminCheckerFromRoleChecker for RBAC-based setups.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Updates authentication documentation to more accurately reflect implementation details in the auth package and to make key types/interfaces visible without requiring readers to jump into source.
Changes:
- Clarifies
SecretEncrypterinternals to note it stores only acipher.AEAD(GCM), not separate cached cipher objects. - Documents the
Claimsstruct layout (including embeddedjwt.RegisteredClaims) in the JWT docs. - Documents the
AdminCheckerinterface explicitly and points toauth.NewAdminCheckerFromRoleCheckerfor RBAC setups.
Show a summary per file
| File | Description |
|---|---|
| docs/auth/middleware.md | Adds AdminChecker interface definition and usage guidance (incl. RBAC adapter). |
| docs/auth/jwt.md | Adds Claims struct definition and clarifies sub/jti mapping in examples. |
| docs/auth/crypto.md | Clarifies SecretEncrypter retains only the cipher.AEAD instance. |
| README.md | Mirrors the SecretEncrypter clarification in top-level docs. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/4 changed files
- Comments generated: 0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…hecker interface
docs/auth/crypto.md, README.md: Clarify that SecretEncrypter stores only the cipher.AEAD (GCM) as its single field. The previous text said 'the AES block cipher and the cipher.AEAD are both created once', which implied two separate stored objects. The block cipher is embedded within GCM; only the AEAD is retained. Matches auth/crypto.go: SecretEncrypter{gcm: gcm}.
docs/auth/jwt.md: Add the Claims struct definition so developers can see all available fields (UserID/sub + jwt.RegisteredClaims incl. ID/jti, ExpiresAt, IssuedAt, Issuer, Audience) without reading the source.
docs/auth/middleware.md: Add explicit AdminChecker interface definition and note that auth.UserStore satisfies it directly, with a pointer to auth.NewAdminCheckerFromRoleChecker for RBAC-based setups.
Greptile Summary
This is a documentation-only PR that corrects and expands three areas: (1) clarifies that
SecretEncrypterstores only thecipher.AEADas its single field (not both the block cipher and the AEAD), (2) adds theClaimsstruct definition tojwt.md, and (3) exposes theAdminCheckerinterface definition inmiddleware.md. All added snippets were verified against the source and are accurate.Confidence Score: 4/5
Safe to merge; documentation-only changes with no runtime impact and one minor in-source doc inconsistency.
All changes are prose/doc clarifications with no logic modifications. The only finding is a P2 inconsistency between the updated external docs and the still-old Go doc comment in crypto.go.
auth/crypto.go — in-source doc comment was not updated to match the external docs change.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[AdminMiddleware] --> B{AdminChecker} B -->|UserStore directly| C[UserStore.IsAdmin] B -->|RBAC adapter| D[NewAdminCheckerFromRoleChecker] D --> E[RoleChecker.HasRole with RoleAdmin] C --> F[cachingAdminChecker\n4096-entry FIFO, 5s TTL] D --> FComments Outside Diff (1)
auth/crypto.go, line 57-58 (link)The external docs (
README.md,docs/auth/crypto.md) were updated to say only thecipher.AEADis stored, but the Go doc comment onSecretEncrypterstill reads "The AES block cipher and thecipher.AEADreturned bycipher.NewGCMare created once at construction time" — the same wording the PR is explicitly correcting. Keeping the old phrasing in-source creates an inconsistency for anyone reading the godoc output.Prompt To Fix With AI
Prompt To Fix All With AI
Reviews (1): Last reviewed commit: "docs: clarify SecretEncrypter internals;..." | Re-trigger Greptile