Find file History
Latest commit b76c477 Sep 7, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information. Update README Sep 7, 2017
authority.go Customize AccessDeniedHandler for Authority Sep 7, 2017
authority_rule.go Fix claims equals nil Aug 25, 2017
middleware.go Update providers's Auth API Sep 7, 2017


Authority is an authorization package for Golang.

When building web applications, we usually have requirements like verify current user has access to something or not, Authority could help you by providing HTTP middleware and helper method.

It is based on Roles, means to define an ability, you need to register a role with Roles, refer Roles for how to do that.


Initialize Authority

Authority could use with Auth to get current user, handle sessions, you could use it, or implement your own AuthInterface

import (

func main() {
  Auth := auth.New(&auth.Config{})

  Authority := authority.New(&authority.Config{
    Auth: Auth,
    Role: roles.Global, // default configuration
    AccessDeniedHandler: func(w http.ResponseWriter, req *http.Request) { // redirect to home page by default
      http.Redirect(w, req, "/", http.StatusSeeOther)

Defining Abilities

Refer Roles for how to use roles to register roles, here is a sample:

roles.Register("admin", func(req *http.Request, currentUser interface{}) bool {
  return req.RemoteAddr == "" || (currentUser.(*User) != nil && currentUser.(*User).Role == "admin")

You might have some requirements like time based authorization, for example:

  • I get distracted, come back to the site in 2 hours, then no access to my account details page, but still be able to visit shopping cart
  • When place an order, I have to been authorized less than 60 minutes

Authority provides some Rules to make you define them easily, used like:

Authority.Register("access_account_pages", authority.Rule{
  TimeoutSinceLastActive: 2 * time.Hour,

Authority.Register("place_an_order", authority.Rule{
  TimeoutSinceLastAuth: time.Hour,

Authorization Middleware

func main() {
  mux := http.NewServeMux()

  // Require current user has `access_account_pages` ability to acccess `AccountProfileHandler`
  mux.Handle("/account/profile", Authority.Authorize("access_account_pages")(AccountProfileHandler))

  // Any logged user could acccess `AccountProfileHandler` if no roles specfied
  mux.Handle("/account/profile", Authority.Authorize()(AccountProfileHandler))

  http.ListenAndServe(":9000", mux)

func AccountProfileHandler(w http.ResponseWriter, req *http.Request) {
  // ...

Authorization Helper Method

func updateCreditCard(w http.ResponseWriter, req *http.Request) {
  if Authority.Allow("place_an_order", req) {
    // do something
  } else {
    // do something