README
¶
@baturalpk/api-gateway ⛩️
✈ Getting started
go get github.com/baturalpk/apigateway
See examples/ folder for sample config.yaml and main.go files.
🔥 Works well with @baturalpk/auth-service as intended to be.
⚙ How does it work?
-
Each request that matches with
/auth/:intentschema, is forwarded to the auth service endpoints depending on the intents (i.e., signin, signout, signup). -
Each request that begins with
/api/..., is evaluated to match with predefined paths (matchPaths[].valueproperty in config.yaml):-
If matching occurs, the gateway determines whether end-user is authorized by interacting with the auth service endpoint
-
If claimed authorization is valid:
- Binds the unique identifier
(i.e., ID)of verified user to the predefined header (auth.internal.idHeaderproperty in config.yaml). By that way, internal services can trust this header to recognize the authenticated end-user. - Ultimately, the request of end-user is forwarded to the target service by reverse proxy.
- Binds the unique identifier
-
😒 Some limitations
-
All auth service paths (e.g., signupPath) must allow HTTP POST method
-
After the successful validation of an end-user session, auth service must return a JSON response with the following property:
id: "System-wide strictly unique identifier" of an end-user. -
All requests, which are going towards internal services, must be fully authorized. For the time being, different paths that belong to same service cannot be excluded from authorization process conditionally. In brief, no public API endpoints yet!
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewReverseProxy ¶
func NewReverseProxy(conf Config) *reverseProxy
func PrepareConfigFile ¶
Types ¶
type AuthInternal ¶ added in v0.2.0
type AuthInternal struct {
IDHeader string
}
type Config ¶
type Config struct {
Auth Auth
Gateway Gateway
MatchPaths []MatchPaths
}
Source Files
Directories