refactor: PR 1.3 Refactor validator to use pure options pattern #357
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This implements the Core-Adapter Architecture for v3, separating framework-agnostic validation logic from transport-specific adapters. Key Features: - Core struct with CheckToken method for pure validation logic - Options pattern with error-returning option functions - Type-safe context helpers using generics (GetClaims[T]) - Unexported contextKey int to prevent collisions (Go best practice) - Structured error types with error codes - Logger interface for observability - 100% test coverage Changes: - Add core/core.go: Framework-agnostic validation engine - Add core/option.go: Options pattern with validation - Add core/errors.go: Structured errors and error codes - Add core/context.go: Type-safe context helpers - Add core/core_test.go: Comprehensive tests This enables future support for multiple frameworks (HTTP, gRPC, Gin, Echo, etc.) by wrapping the Core with transport-specific adapters. Part of PR 1.2 in v3 Phase 1 implementation.
Refactors validator.New() from positional parameters to pure options pattern, improving API consistency and extensibility.
Breaking Changes:
- validator.New() now takes only options (no positional parameters)
- All parameters must now use option functions
Before:
validator.New(keyFunc, algorithm, issuer, audience, opts...)
After:
validator.New(
validator.WithKeyFunc(keyFunc),
validator.WithAlgorithm(validator.RS256),
validator.WithIssuer("https://issuer.example.com/"),
validator.WithAudience("my-api"),
)
New Options:
- WithKeyFunc: Required key function
- WithAlgorithm: Required signature algorithm
- WithIssuer: Required issuer URL (with validation)
- WithAudience/WithAudiences: Required audience(s)
Coverage:
- validator package: 100.0%
- All tests passing
- All examples updated
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## v3-dev #357 +/- ##
=========================================
Coverage ? 97.95%
=========================================
Files ? 13
Lines ? 441
Branches ? 0
=========================================
Hits ? 432
Misses ? 6
Partials ? 3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Introduces generics to WithCustomClaims for improved type safety, cleaner API ergonomics and better developer experience.
Summary of Improvements
What Changed
Before (non-generic):
validator.WithCustomClaims(func() validator.CustomClaims {
return &MyClaims{}
})
After (with generics):
validator.WithCustomClaims(func() *MyClaims {
return &MyClaims{}
})
Benefits
1. Type Safety. Compiler ensures T implements CustomClaims at compile time.
2. Cleaner API. Users no longer need to return interface types explicitly.
3. Better IDE Support. Autocomplete works with concrete types.
4. Flexible. Allows nil returns for conditional custom claims with identical runtime behavior.
5. Full Coverage. All tests pass.
Implementation Details
- Introduces WithCustomClaims[T CustomClaims](f func() T)
- Wraps user function internally to return the interface
- No breaking changes. All existing usage continues to work
- Type parameter is inferred from function return type
- Nil functions require explicit type: WithCustomClaims[*MyClaims](nil)
Test Results
- validator package: 100.0 percent coverage
- All tests passing
Updates all example projects to use the new generic WithCustomClaims API and to reference the v3 module path. All example builds succeed with the updated validator version. Changes included: 1. Updated every example to use the new generic WithCustomClaims syntax across gin, echo, http and iris. 2. Updated each example go.mod file to reference v3 rather than v2 and added the appropriate replace directives. 3. Verified that all examples build correctly with the revised API.
developerkunal
changed the base branch from
v3-phase1-pr1-project-setup
to
v3-phase1-pr2-core-package
developerkunal
changed the title
developerkunal
changed the title
2 tasks
duedares-rvj
approved these changes
Dec 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📝 Checklist
🔧 Changes
Refactors
validator.New()from positional parameters to a pure options pattern. Introduces generic type-safe custom claims handling.Breaking Changes:
New Options:
Required:
WithKeyFunc(func)- Key function for token verificationWithAlgorithm(SignatureAlgorithm)- Signature algorithmWithIssuer(string)- Expected issuer claimWithAudience(string)/WithAudiences([]string)- Expected audience(s)Optional:
WithCustomClaims[T CustomClaims](func() T)- Type-safe custom claims (now generic)WithAllowedClockSkew(duration)- Clock skew toleranceType-Safe Custom Claims:
Files Modified:
validator/option.go- Required options + generic WithCustomClaimsvalidator/validator.go- Refactored constructorvalidator/validator_test.go- Updated testsvalidator/security_test.go- Updated CVE testmiddleware_test.go- Updated tests📚 References
🔬 Testing
All examples verified to build successfully.