README
¶
Request Gateway Postgres - address restricting add-on for auth.
A Go IP address restriction backend utility which uses Postgres/GCP CloudSQL. Intended to be used in conjunction with auth.
What?
This is a fairly rudimentary backend client which persists a list of approved address names (IPs, hostnames, whatever you want to use to differentiate), and will provide a boolean check to indicate if a given address name is on the approved list.
Why?
This was written to augment a GCP Appengine service. Appengine already provides a firewall service which can be used to control incoming traffic, so this address restriction utility is useful where a appengine default service already exists serving a superset of incoming traffic. This can be plugged into middleware to permit access to a non-default service for a subset of traffic.
How?
The best place to start is probably with the examples and tests. Initialise the approval list table with the schema SQL scripts.
Examples
See examples for a http/appengine implementations which uses requestgateway and auth. This is written for appengine standard 2nd gen, but also works as a standalone.
Dependencies and services
This utilises the following fine pieces of work:
- GCP's CloudSQL and Storage Go client
Installation
If you want to run the example code, then install using
$ go get -u github.com/lidstromberg/examples
If you only want the requestgateway utility, then install with
$ go get -u github.com/lidstromberg/requestgatewaypg
Environment Variables
You will also need to export (linux/macOS) or create (Windows) some environment variables.
################################
# GCP DETAILS
################################
export GTWAY_GCP_PROJECT='{{PROJECTNAME}}'
################################
# GCP CREDENTIALS
################################
export GOOGLE_APPLICATION_CREDENTIALS="/PATH/TO/GCPCREDENTIALS.JSON"
(See Google Application Credentials)
If you are using CloudSQL you will also need to give IAM permissions to the account to which GCPCREDENTIALS.JSON belongs (Role: Cloud SQL Client)
Change GTWAYPG_DEBUGON to true/false if you want verbose logging on/off. The other variables don't need to be changed.
################################
# REQUEST GATEWAY
################################
export GTWAYPG_DEBUGON='true'
export GTWAYPG_SQLDST='cloudsqlpostgres'
export GTWAYPG_SQLCNX='host={{instancename}} dbname=gateway user=gatewayuser password={{password}} sslmode=disable'
Main Files
| File | Purpose |
|---|---|
| requestgateway.go | Logic manager |
| requestgateway_test.go | Tests |
Postgres Schema Files
| File | Purpose |
|---|---|
| 001_dbcreate.sql | Database/User create |
| 002_schema.sql | Database schema |
| 003_funcs.sql | Database functions |
Ancillary Files
| File | Purpose |
|---|---|
| config.go | Boot package parameters, environment var collection |
| entity.go | Package structs |
| env | Package environment variables for local/dev installation |
| gogets | Statements for go-getting required packages |
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( //EnvDebugOn controls verbose logging EnvDebugOn bool )
Functions ¶
This section is empty.
Types ¶
type Gateway ¶
type Gateway struct {
RemoteAddress string `json:"remoteaddress" datastore:"remoteaddress"`
}
Gateway is the list of addresses authorised to use a given service
type GtwyMgr ¶
type GtwyMgr struct {
// contains filtered or unexported fields
}
GtwyMgr handles interactions with the datastore
func (GtwyMgr) IsPermitted ¶
IsPermitted indicates if the address is approved
Source Files