goma-gateway/README.md

# Goma Gateway - simple lightweight API Gateway and Reverse Proxy.

```
   _____                       
  / ____|                      
 | |  __  ___  _ __ ___   __ _ 
 | | |_ |/ _ \| '_ ` _ \ / _` |
 | |__| | (_) | | | | | | (_| |
  \_____|\___/|_| |_| |_|\__,_|
                               
```
Goma Gateway is a lightweight API Gateway and Reverse Proxy.

Simple, easy to use, and configure.

[![Build](https://github.com/jkaninda/goma-gateway/actions/workflows/release.yml/badge.svg)](https://github.com/jkaninda/goma-gateway/actions/workflows/release.yml)
[![Go Report Card](https://goreportcard.com/badge/github.com/jkaninda/goma-gateway)](https://goreportcard.com/report/github.com/jkaninda/goma-gateway)
[![Go Reference](https://pkg.go.dev/badge/github.com/jkaninda/goma-gateway.svg)](https://pkg.go.dev/github.com/jkaninda/goma-gateway)
![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/jkaninda/goma-gateway?style=flat-square)

## Links:

- [Docker Hub](https://hub.docker.com/r/jkaninda/goma-gateway)
- [Github](https://github.com/jkaninda/goma-gateway)

### Feature

- [x] Reverse proxy
- [x] API Gateway
- [x] Domain/host based request routing
- [x] Multi domain request routing
- [x] Cors
- [ ] Support TLS
- [x] Backend errors interceptor
- [x] Authentication middleware
  - [x] JWT `HTTP Bearer Token`
  - [x] Basic-Auth
  - [ ] OAuth
- [x] Implement rate limiting
  - [x] In-Memory Token Bucket based
  - [x] In-Memory client IP based
  - [ ] Distributed Rate Limiting for Token based across multiple instances using Redis
  - [ ] Distributed Rate Limiting for In-Memory client IP based across multiple instances using Redis

## Usage

### 1. Initialize configuration

```shell
docker run --rm  --name goma-gateway \
 -v "${PWD}/config:/config" \
 jkaninda/goma-gateway config init --output /config/goma.yml
```
### 2. Run server

```shell
docker run --rm --name goma-gateway \
 -v "${PWD}/config:/config" \
 -p 80:80 \
 jkaninda/goma-gateway server
```

### 3. Start server with a custom config
```shell
docker run --rm --name goma-gateway \
 -v "${PWD}/config:/config" \
 -p 80:80 \
 jkaninda/goma-gateway server --config /config/config.yml
```
### 4. Healthcheck

- Goma Gateway readiness: `/readyz`
- Routes health check: `/healthz`

[http://localhost/healthz](http://localhost/healthz)

[http://localhost/readyz](http://localhost/readyz)

> Healthcheck response body

```json
{
	"status": "healthy",
	"routes": [
		{
			"name": "Store",
			"status": "healthy",
			"error": ""
		},
		{
			"name": "Authentication service",
			"status": "unhealthy",
          "error": "error performing HealthCheck request: Get \"http://authentication-service:8080/internal/health/ready\": dial tcp: lookup authentication-service on 127.0.0.11:53: no such host "
          
		},
		{
			"name": "Notification",
			"status": "undefined",
			"error": ""
		}
	]
}
```


Create a config file in this format
## Customize configuration file

Example of configuration file
```yaml
## Goma - simple lightweight API Gateway and Reverse Proxy.
# Goma Gateway configurations
gateway:
  ########## Global settings
  listenAddr: 0.0.0.0:80
  # Proxy write timeout
  writeTimeout: 15
  # Proxy read timeout
  readTimeout: 15
  # Proxy idle timeout
  idleTimeout: 60
  # Proxy rate limit, it's In-Memory Token Bucket
  # Distributed Rate Limiting for Token based across multiple instances is not yet integrated
  rateLimiter: 0
  accessLog:    "/dev/Stdout"
  errorLog:     "/dev/stderr"
  ## Returns backend route healthcheck errors
  disableRouteHealthCheckError: false
  # Disable display routes on start
  disableDisplayRouteOnStart: false
  # interceptErrors intercepts backend errors based on defined the status codes
  interceptErrors:
    - 405
    - 500
  # - 400
  # Proxy Global HTTP Cors
  cors:
    # Global routes cors for all routes
    origins:
      - http://localhost:8080
      - https://example.com
    # Global routes cors headers for all routes
    headers:
      Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
      Access-Control-Allow-Credentials: 'true'
      Access-Control-Max-Age: 1728000
  ##### Define routes
  routes:
    # Example of a route | 1
    - name: Public
      # host Domain/host based request routing
      host: ""
      path: /public
      ## Rewrite a request path
      # e.g rewrite: /store to /
      rewrite: /healthz
      destination:  https://example.com
      #DisableHeaderXForward Disable X-forwarded header.
      # [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
      # It will not match the backend route, by default, it's disabled
      disableHeaderXForward: false
      # Internal health check
      healthCheck: '' #/internal/health/ready
      # Route Cors, global cors will be overridden by route
      cors:
        # Route Origins Cors, global cors will be overridden by route
        origins:
          - https://dev.example.com
          - http://localhost:3000
          - https://example.com
        # Route Cors headers, route will override global cors
        headers:
          Access-Control-Allow-Methods: 'GET'
          Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
          Access-Control-Allow-Credentials: 'true'
          Access-Control-Max-Age: 1728000
      #### Define route blocklist paths
      blocklist:
        - /swagger-ui/*
        - /v2/swagger-ui/*
        - /api-docs/*
        - /internal/*
        - /actuator/*
      ##### Define route middlewares from middlewares names
      ## The name must be unique
      ## List of middleware name
      middlewares:
        # path to protect
        - path: /user
          # Rules defines which specific middleware applies to a route path
          rules:
            - basic-auth
        # path to protect
        - path: /path-example
          # Rules defines which specific middleware applies to a route path
          rules:
            - jwtAuth
        # path to protect
        - path: /admin
          # Rules defines which specific middleware applies to a route path
          rules:
            - basic-auth
        # path to protect
        - path: /path-example
          # Rules defines which specific middleware applies to a route path
          rules:
            - jwtAuth
        - path: /history
          http:
            url: http://security-service:8080/security/authUser
            headers:
              #Key from backend authentication header, and inject to the request with custom key name
              userId: X-Auth-UserId
              userCountryId: X-Auth-UserCountryId
            params:
              userCountryId: X-countryId
    # Example of a route | 2
    - name: Authentication service
      path: /auth
      rewrite: /
      destination: 'http://security-service:8080'
      healthCheck: /internal/health/ready
      cors: {}
      blocklist: []
      middlewares: []
    # Example of a route | 3
    - name: Basic auth
      path: /protected
      rewrite: /
      destination: 'http://notification-service:8080'
      healthCheck:
      cors: {}
      blocklist: []
      middlewares: []

#Defines proxy middlewares
middlewares:
  # Enable Basic auth authorization based
  - name: local-auth-basic
    # Authentication types | jwtAuth, basicAuth, auth0
    type: basic
    rule:
      username: admin
      password: admin
  #Enables JWT authorization based on the result of a request and continues the request.
  - name: google-auth
    # Authentication types | jwtAuth, basicAuth, OAuth
    # jwt authorization based on the result of backend's response and continue the request when the client is authorized
    type: jwt
    rule:
      # This is an example URL
      url: https://www.googleapis.com/auth/userinfo.email
      # Required headers, if not present in the request, the proxy will return 403
      requiredHeaders:
        - Authorization
      #Sets the request variable to the given value after the authorization request completes.
      #
      # Add header to the next request from AuthRequest header, depending on your requirements
      # Key is AuthRequest's response header Key, and value is Request's header Key
      # In case you want to get headers from the Authentication service and inject them into the next request's headers
      #Sets the request variable to the given value after the authorization request completes.
      #
      # Add header to the next request from AuthRequest header, depending on your requirements
      # Key is AuthRequest's response header Key, and value is Request's header Key
      # In case you want to get headers from the Authentication service and inject them into the next request's headers
      headers:
        userId: X-Auth-UserId
        userCountryId: X-Auth-UserCountryId
      # In case you want to get headers from the Authentication service and inject them to the next request's params
      params:
        userCountryId: countryId
```

## Requirement

- Docker
Initial commit 2024-10-27 06:10:27 +01:00			`# Goma Gateway - simple lightweight API Gateway and Reverse Proxy.`

			```
			`_____`
			`/ ____\|`
			`\| \| __ ___ _ __ ___ __ _`
			\| \| \|_ \|/ _ \\| '_ ` _ \ / _` \|
			`\| \|__\| \| (_) \| \| \| \| \| \| (_\| \|`
			`\_____\|\___/\|_\| \|_\| \|_\|\__,_\|`

			```
			`Goma Gateway is a lightweight API Gateway and Reverse Proxy.`

feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`Simple, easy to use, and configure.`

chore: add route gateway verification 2024-10-27 07:24:50 +01:00			`[![Build](https://github.com/jkaninda/goma-gateway/actions/workflows/release.yml/badge.svg)](https://github.com/jkaninda/goma-gateway/actions/workflows/release.yml)`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`[![Go Report Card](https://goreportcard.com/badge/github.com/jkaninda/goma-gateway)](https://goreportcard.com/report/github.com/jkaninda/goma-gateway)`
Initial commit 2024-10-27 06:10:27 +01:00			`[![Go Reference](https://pkg.go.dev/badge/github.com/jkaninda/goma-gateway.svg)](https://pkg.go.dev/github.com/jkaninda/goma-gateway)`
			`![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/jkaninda/goma-gateway?style=flat-square)`

			`## Links:`

			`- [Docker Hub](https://hub.docker.com/r/jkaninda/goma-gateway)`
			`- [Github](https://github.com/jkaninda/goma-gateway)`

			`### Feature`

			`- [x] Reverse proxy`
			`- [x] API Gateway`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`- [x] Domain/host based request routing`
			`- [x] Multi domain request routing`
Initial commit 2024-10-27 06:10:27 +01:00			`- [x] Cors`
			`- [ ] Support TLS`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`- [x] Backend errors interceptor`
Initial commit 2024-10-27 06:10:27 +01:00			`- [x] Authentication middleware`
			- [x] JWT `HTTP Bearer Token`
			`- [x] Basic-Auth`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`- [ ] OAuth`
Initial commit 2024-10-27 06:10:27 +01:00			`- [x] Implement rate limiting`
			`- [x] In-Memory Token Bucket based`
			`- [x] In-Memory client IP based`
			`- [ ] Distributed Rate Limiting for Token based across multiple instances using Redis`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`- [ ] Distributed Rate Limiting for In-Memory client IP based across multiple instances using Redis`
Initial commit 2024-10-27 06:10:27 +01:00
			`## Usage`

			`### 1. Initialize configuration`

			```shell
			`docker run --rm --name goma-gateway \`
			`-v "${PWD}/config:/config" \`
			`jkaninda/goma-gateway config init --output /config/goma.yml`
			```
			`### 2. Run server`

			```shell
			`docker run --rm --name goma-gateway \`
			`-v "${PWD}/config:/config" \`
			`-p 80:80 \`
			`jkaninda/goma-gateway server`
			```

			`### 3. Start server with a custom config`
			```shell
			`docker run --rm --name goma-gateway \`
			`-v "${PWD}/config:/config" \`
			`-p 80:80 \`
			`jkaninda/goma-gateway server --config /config/config.yml`
			```
			`### 4. Healthcheck`

chore: add route gateway verification 2024-10-27 07:24:50 +01:00			- Goma Gateway readiness: `/readyz`
			- Routes health check: `/healthz`

Initial commit 2024-10-27 06:10:27 +01:00			`[http://localhost/healthz](http://localhost/healthz)`

chore: add route gateway verification 2024-10-27 07:24:50 +01:00			`[http://localhost/readyz](http://localhost/readyz)`

Initial commit 2024-10-27 06:10:27 +01:00			`> Healthcheck response body`

			```json
			`{`
			`"status": "healthy",`
			`"routes": [`
			`{`
			`"name": "Store",`
			`"status": "healthy",`
			`"error": ""`
			`},`
			`{`
			`"name": "Authentication service",`
			`"status": "unhealthy",`
			`"error": "error performing HealthCheck request: Get \"http://authentication-service:8080/internal/health/ready\": dial tcp: lookup authentication-service on 127.0.0.11:53: no such host "`

			`},`
			`{`
			`"name": "Notification",`
			`"status": "undefined",`
			`"error": ""`
			`}`
			`]`
			`}`
			```


			`Create a config file in this format`
			`## Customize configuration file`

			`Example of configuration file`
			```yaml
			`## Goma - simple lightweight API Gateway and Reverse Proxy.`
			`# Goma Gateway configurations`
			`gateway:`
			`########## Global settings`
			`listenAddr: 0.0.0.0:80`
			`# Proxy write timeout`
			`writeTimeout: 15`
			`# Proxy read timeout`
			`readTimeout: 15`
			`# Proxy idle timeout`
			`idleTimeout: 60`
			`# Proxy rate limit, it's In-Memory Token Bucket`
			`# Distributed Rate Limiting for Token based across multiple instances is not yet integrated`
			`rateLimiter: 0`
			`accessLog: "/dev/Stdout"`
			`errorLog: "/dev/stderr"`
			`## Returns backend route healthcheck errors`
			`disableRouteHealthCheckError: false`
			`# Disable display routes on start`
			`disableDisplayRouteOnStart: false`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`# interceptErrors intercepts backend errors based on defined the status codes`
			`interceptErrors:`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- 405`
			`- 500`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`# - 400`
Initial commit 2024-10-27 06:10:27 +01:00			`# Proxy Global HTTP Cors`
			`cors:`
chore: update configuration example 2024-10-28 10:16:44 +01:00			`# Global routes cors for all routes`
Initial commit 2024-10-27 06:10:27 +01:00			`origins:`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- http://localhost:8080`
Initial commit 2024-10-27 06:10:27 +01:00			`- https://example.com`
chore: update configuration example 2024-10-28 10:16:44 +01:00			`# Global routes cors headers for all routes`
Initial commit 2024-10-27 06:10:27 +01:00			`headers:`
			`Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'`
			`Access-Control-Allow-Credentials: 'true'`
			`Access-Control-Max-Age: 1728000`
			`##### Define routes`
			`routes:`
			`# Example of a route \| 1`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- name: Public`
feat: add Domain/host based request routing 2024-10-28 04:10:24 +01:00			`# host Domain/host based request routing`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`host: ""`
			`path: /public`
Initial commit 2024-10-27 06:10:27 +01:00			`## Rewrite a request path`
			`# e.g rewrite: /store to /`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`rewrite: /healthz`
			`destination: https://example.com`
Initial commit 2024-10-27 06:10:27 +01:00			`#DisableHeaderXForward Disable X-forwarded header.`
			`# [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]`
			`# It will not match the backend route, by default, it's disabled`
			`disableHeaderXForward: false`
			`# Internal health check`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`healthCheck: '' #/internal/health/ready`
chore: update configuration example 2024-10-28 10:16:44 +01:00			`# Route Cors, global cors will be overridden by route`
Initial commit 2024-10-27 06:10:27 +01:00			`cors:`
chore: update configuration example 2024-10-28 10:16:44 +01:00			`# Route Origins Cors, global cors will be overridden by route`
			`origins:`
			`- https://dev.example.com`
			`- http://localhost:3000`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- https://example.com`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`# Route Cors headers, route will override global cors`
Initial commit 2024-10-27 06:10:27 +01:00			`headers:`
			`Access-Control-Allow-Methods: 'GET'`
			`Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'`
			`Access-Control-Allow-Credentials: 'true'`
			`Access-Control-Max-Age: 1728000`
			`#### Define route blocklist paths`
			`blocklist:`
			`- /swagger-ui/*`
			`- /v2/swagger-ui/*`
			`- /api-docs/*`
			`- /internal/*`
			`- /actuator/*`
			`##### Define route middlewares from middlewares names`
			`## The name must be unique`
			`## List of middleware name`
			`middlewares:`
			`# path to protect`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- path: /user`
			`# Rules defines which specific middleware applies to a route path`
			`rules:`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`- basic-auth`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`# path to protect`
			`- path: /path-example`
			`# Rules defines which specific middleware applies to a route path`
			`rules:`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`- jwtAuth`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`# path to protect`
			`- path: /admin`
Initial commit 2024-10-27 06:10:27 +01:00			`# Rules defines which specific middleware applies to a route path`
			`rules:`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`- basic-auth`
Initial commit 2024-10-27 06:10:27 +01:00			`# path to protect`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- path: /path-example`
Initial commit 2024-10-27 06:10:27 +01:00			`# Rules defines which specific middleware applies to a route path`
			`rules:`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`- jwtAuth`
Initial commit 2024-10-27 06:10:27 +01:00			`- path: /history`
			`http:`
			`url: http://security-service:8080/security/authUser`
			`headers:`
			`#Key from backend authentication header, and inject to the request with custom key name`
			`userId: X-Auth-UserId`
			`userCountryId: X-Auth-UserCountryId`
			`params:`
			`userCountryId: X-countryId`
			`# Example of a route \| 2`
			`- name: Authentication service`
			`path: /auth`
			`rewrite: /`
			`destination: 'http://security-service:8080'`
			`healthCheck: /internal/health/ready`
			`cors: {}`
			`blocklist: []`
			`middlewares: []`
			`# Example of a route \| 3`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`- name: Basic auth`
			`path: /protected`
Initial commit 2024-10-27 06:10:27 +01:00			`rewrite: /`
			`destination: 'http://notification-service:8080'`
			`healthCheck:`
			`cors: {}`
			`blocklist: []`
			`middlewares: []`

			`#Defines proxy middlewares`
			`middlewares:`
			`# Enable Basic auth authorization based`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`- name: local-auth-basic`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`# Authentication types \| jwtAuth, basicAuth, auth0`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`type: basic`
Initial commit 2024-10-27 06:10:27 +01:00			`rule:`
			`username: admin`
			`password: admin`
			`#Enables JWT authorization based on the result of a request and continues the request.`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`- name: google-auth`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`# Authentication types \| jwtAuth, basicAuth, OAuth`
feat: add proxy backend errors interceptor 2024-10-29 09:39:31 +01:00			`# jwt authorization based on the result of backend's response and continue the request when the client is authorized`
refactor: rename middleware type 2024-10-29 22:55:09 +01:00			`type: jwt`
Initial commit 2024-10-27 06:10:27 +01:00			`rule:`
docs: update example of configurations 2024-10-29 19:38:43 +01:00			`# This is an example URL`
Initial commit 2024-10-27 06:10:27 +01:00			`url: https://www.googleapis.com/auth/userinfo.email`
			`# Required headers, if not present in the request, the proxy will return 403`
			`requiredHeaders:`
			`- Authorization`
			`#Sets the request variable to the given value after the authorization request completes.`
			`#`
			`# Add header to the next request from AuthRequest header, depending on your requirements`
			`# Key is AuthRequest's response header Key, and value is Request's header Key`
			`# In case you want to get headers from the Authentication service and inject them into the next request's headers`
			`#Sets the request variable to the given value after the authorization request completes.`
			`#`
			`# Add header to the next request from AuthRequest header, depending on your requirements`
			`# Key is AuthRequest's response header Key, and value is Request's header Key`
			`# In case you want to get headers from the Authentication service and inject them into the next request's headers`
			`headers:`
			`userId: X-Auth-UserId`
			`userCountryId: X-Auth-UserCountryId`
			`# In case you want to get headers from the Authentication service and inject them to the next request's params`
			`params:`
docs: update deployment example 2024-10-28 02:47:52 +01:00			`userCountryId: countryId`
Initial commit 2024-10-27 06:10:27 +01:00			```

			`## Requirement`

			`- Docker`