Verify X-Auth transaction-bound bearers from any Go HTTP server with a small net/http middleware. Plays well with chi, gin, echo, and stdlib.
Add the SDK to your go.mod.
go get github.com/xentranet/x-auth-goRead the tenant id from env and construct a client at process start. Reuse it across requests — it's safe for concurrent use.
package xauth
import (
"os"
"github.com/xentranet/x-auth-go"
)
var Client = xauth.New(xauth.Config{
TenantID: os.Getenv("XAUTH_TENANT_ID"),
})The middleware reads the bearer, calls Verify(), and stuffs the bound transaction_ctx into the request context.
package middleware
import (
"context"
"net/http"
"strings"
"yourapp/internal/xauth"
)
type ctxKey struct{}
func VerifyTransaction(action string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
bearer := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
ctx, err := xauth.Client.Verify(r.Context(), bearer, xauth.Expect{
Action: action,
})
if err != nil {
http.Error(w, "invalid_transaction", http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), ctxKey{}, ctx)))
})
}
}Apply the middleware to anything sensitive. The frontend ships the bearer it got from advice().
package main
import (
"net/http"
"yourapp/internal/middleware"
)
func main() {
mux := http.NewServeMux()
transfer := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// transaction_ctx is on the request context
w.Write([]byte(`{"ok":true}`))
})
mux.Handle("/api/transfer", middleware.VerifyTransaction("transfer")(transfer))
http.ListenAndServe(":8080", mux)
}Pair this Go backend with any frontend — bearer protocol is identical across SDKs.