goma-gateway/goma.yml

## Goma - simple lightweight API Gateway and Reverse Proxy.
# Goma Gateway configurations
gateway:
  ########## Global settings
  listenAddr: 0.0.0.0:80
  # Proxy write timeout
  writeTimeout: 15
  # Proxy read timeout
  readTimeout: 15
  # Proxy idle timeout
  idleTimeout: 60
  # Proxy rate limit, it's In-Memory Token Bucket
  # Distributed Rate Limiting for Token based across multiple instances is not yet integrated
  rateLimiter: 0
  accessLog:    "/dev/Stdout"
  errorLog:     "/dev/stderr"
  ## Returns backend route healthcheck errors
  disableRouteHealthCheckError: false
  # Disable display routes on start
  disableDisplayRouteOnStart: false
  # interceptErrors intercepts backend errors based on defined the status codes
  interceptErrors:
  # - 405
  # - 500
  # - 400
  # Proxy Global HTTP Cors
  cors:
    # Global routes cors for all routes
    origins:
      - https://example.com
      - https://auth.example.com
    # Global routes cors headers for all routes
    headers:
      Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
      Access-Control-Allow-Credentials: 'true'
      Access-Control-Max-Age: 1728000
  ##### Define routes
  routes:
    # Example of a route | 1
    - name: Store
    # host Domain/host based request routing
      host: dev.example.com
      path: /store
      ## Rewrite a request path
      # e.g rewrite: /store to /
      rewrite: /
      destination: 'http://store-service:8080'
      #DisableHeaderXForward Disable X-forwarded header.
      # [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
      # It will not match the backend route, by default, it's disabled
      disableHeaderXForward: false
      # Internal health check
      healthCheck: /internal/health/ready
      # Route Cors, global cors will be overridden by route
      cors:
        # Route Origins Cors, global cors will be overridden by route
        origins:
          - https://dev.example.com
          - http://localhost:3000
        # Route Cors headers, global cors will be overridden by route
        headers:
          Access-Control-Allow-Methods: 'GET'
          Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
          Access-Control-Allow-Credentials: 'true'
          Access-Control-Max-Age: 1728000
      #### Define route blocklist paths
      blocklist:
        - /swagger-ui/*
        - /v2/swagger-ui/*
        - /api-docs/*
        - /internal/*
        - /actuator/*
      ##### Define route middlewares from middlewares names
      ## The name must be unique
      ## List of middleware name
      middlewares:
        # path to protect
        - path: /user/account
          # Rules defines which specific middleware applies to a route path
          rules:
            - auth
        # path to protect
        - path: /cart
          # Rules defines which specific middleware applies to a route path
          rules:
            - google-auth
            - auth
        - path: /history
          http:
            url: http://security-service:8080/security/authUser
            headers:
              #Key from backend authentication header, and inject to the request with custom key name
              userId: X-Auth-UserId
              userCountryId: X-Auth-UserCountryId
            params:
              userCountryId: X-countryId
    # Example of a route | 2
    - name: Authentication service
      path: /auth
      rewrite: /
      destination: 'http://security-service:8080'
      healthCheck: /internal/health/ready
      cors: {}
      blocklist: []
      middlewares: []
    # Example of a route | 3
    - name: Notification
      path: /notification
      rewrite: /
      destination: 'http://notification-service:8080'
      healthCheck:
      cors: {}
      blocklist: []
      middlewares: []

#Defines proxy middlewares
middlewares:
  # Enable Basic auth authorization based
  - name: local-auth-basic
    # Authentication types | jwtAuth, basicAuth, auth0
    type: basicAuth
    rule:
      username: admin
      password: admin
  #Enables JWT authorization based on the result of a request and continues the request.
  - name: google-auth
    # Authentication types | jwtAuth, basicAuth, OAuth
    # jwt authorization based on the result of backend's response and continue the request when the client is authorized
    type: jwtAuth
    rule:
      url: https://www.googleapis.com/auth/userinfo.email
      # Required headers, if not present in the request, the proxy will return 403
      requiredHeaders:
        - Authorization
      #Sets the request variable to the given value after the authorization request completes.
      #
      # Add header to the next request from AuthRequest header, depending on your requirements
      # Key is AuthRequest's response header Key, and value is Request's header Key
      # In case you want to get headers from the Authentication service and inject them into the next request's headers
      #Sets the request variable to the given value after the authorization request completes.
      #
      # Add header to the next request from AuthRequest header, depending on your requirements
      # Key is AuthRequest's response header Key, and value is Request's header Key
      # In case you want to get headers from the Authentication service and inject them into the next request's headers
      headers:
        userId: X-Auth-UserId
        userCountryId: X-Auth-UserCountryId
      # In case you want to get headers from the Authentication service and inject them to the next request's params
      params:
        userCountryId: countryId