README
¶
Request Gateway - address restricting add-on for auth.
This package is a GCP Datastore controlled IP Address access controller. It can be plugged into AppEngine services in order to deliver service specific IP restriction. Works with or instead of the AppEngine Firewall. Originally written for use with auth.
What?
This is a fairly rudimentary backend client which persists a list of approved address names (IPs, hostnames, whatever you want to use to differentiate), and will provide a boolean check to indicate if a given address name is on the approved list.
Why?
This was written to augment a GCP Appengine service. Appengine already provides a firewall service which can be used to control incoming traffic, so this address restriction utility is useful where a appengine default service already exists serving a superset of incoming traffic. This can be plugged into middleware to permit access to a non-default service for a subset of traffic.
How?
The best place to start is probably with the examples and tests. Initialise the approval list entity in Datastore by running the tests.
Examples
See examples for a http/appengine implementations which uses requestgateway and auth. This is written for appengine standard 2nd gen, but also works as a standalone.
Dependencies and services
This utilises the following fine pieces of work:
Installation
If you want to run the example code, then install using
$ go get -u github.com/lidstromberg/examples
If you only want the requestgateway utility, then install with
$ go get -u github.com/lidstromberg/requestgateway
Environment Variables
You will also need to export (linux/macOS) or create (Windows) some environment variables.
################################
# GCP DETAILS
################################
export GTWAY_GCP_PROJECT='{{PROJECTNAME}}'
################################
# GCP CREDENTIALS
################################
export GOOGLE_APPLICATION_CREDENTIALS="/PATH/TO/GCPCREDENTIALS.JSON"
(See Google Application Credentials)
Change LB_DEBUGON to true/false if you want verbose logging on/off. The other variables don't need to be changed.
################################
# REQUEST GATEWAY
################################
export GTWAY_DEBUGON='true'
export GTWAY_NAMESP='global'
export GTWAY_KD='gateway'
export GTWAY_CLIPOOL='5'
Main Files
| File | Purpose |
|---|---|
| requestgateway.go | Logic manager |
| requestgateway_test.go | Tests |
Ancillary Files
| File | Purpose |
|---|---|
| config.go | Boot package parameters, environment var collection |
| entity.go | Package structs |
| env | Package environment variables for local/dev installation |
| gogets | Statements for go-getting required packages |
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( //EnvDebugOn controls verbose logging EnvDebugOn bool //EnvClientPool is the size of the client pool EnvClientPool int )
Functions ¶
This section is empty.
Types ¶
type Gateway ¶
type Gateway struct {
AppContext string `json:"appcontext" datastore:"appcontext"`
RemoteAddress string `json:"remoteaddress" datastore:"remoteaddress"`
}
Gateway is the list of addresses authorised to use a given service
type GtwyMgr ¶
type GtwyMgr struct {
// contains filtered or unexported fields
}
GtwyMgr handles interactions with the datastore
func (GtwyMgr) IsPermitted ¶
IsPermitted indicates if the address is approved
Source Files