devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

refactor: refatcoring code

Browse Source
This commit is contained in:
Jonas Kaninda
2024-10-30 18:01:53 +01:00
parent c45b62ec67
commit c228c605ef
7 changed files with 58 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
README.md
View File

@@ -145,46 +145,12 @@ gateway:
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
Access-Control-Allow-Credentials: 'true'
Access-Control-Max-Age: 1728000
#### Define route blocklist paths
blocklist:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
##### Define route middlewares from middlewares names
## The name must be unique
## List of middleware name
middlewares:
# path to protect
- path: /user
# Rules defines which specific middleware applies to a route path
rules:
- basic-auth
# path to protect
- path: /path-example
# Rules defines which specific middleware applies to a route path
rules:
- jwt
# path to protect
- path: /admin
# Rules defines which specific middleware applies to a route path
rules:
- basic-auth
# path to protect
- path: /path-example
# Rules defines which specific middleware applies to a route path
rules:
- jwt
- path: /history
http:
url: http://security-service:8080/security/authUser
headers:
#Key from backend authentication header, and inject to the request with custom key name
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
params:
userCountryId: X-countryId
- api-forbidden-paths
- basic-auth
# Example of a route | 2
- name: Authentication service
path: /auth
@@ -192,8 +158,8 @@ gateway:
destination: 'http://security-service:8080'
healthCheck: /internal/health/ready
cors: {}
blocklist: []
middlewares: []
middlewares:
- api-forbidden-paths
# Example of a route | 3
- name: Basic auth
path: /protected
@@ -201,7 +167,6 @@ gateway:
destination: 'http://notification-service:8080'
healthCheck:
cors: {}
blocklist: []
middlewares: []
#Defines proxy middlewares
@@ -210,6 +175,10 @@ middlewares:
- name: basic-auth
# Authentication types | jwt, basic, OAuth
type: basic
paths:
- /user
- /admin
- /account
rule:
username: admin
password: admin
@@ -218,6 +187,10 @@ middlewares:
# Authentication types | jwt, basic, OAuth
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
type: jwt
# Paths to protect
paths:
- /protected-access
- /example-of-jwt
rule:
# This is an example URL
url: https://www.googleapis.com/auth/userinfo.email
@@ -234,12 +207,22 @@ middlewares:
# Add header to the next request from AuthRequest header, depending on your requirements
# Key is AuthRequest's response header Key, and value is Request's header Key
# In case you want to get headers from the Authentication service and inject them into the next request's headers
headers:
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
headers:
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
# In case you want to get headers from the Authentication service and inject them to the next request's params
params:
userCountryId: countryId
params:
userCountryId: countryId
# The server will return 404
- name: api-forbidden-paths
type: access
## Forbidden paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
## Requirement

68
goma.yml
View File

@@ -66,46 +66,12 @@ gateway:
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
Access-Control-Allow-Credentials: 'true'
Access-Control-Max-Age: 1728000
#### Define route blocklist paths
blocklist:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
##### Define route middlewares from middlewares names
## The name must be unique
## List of middleware name
middlewares:
# path to protect
- path: /user
# Rules defines which specific middleware applies to a route path
rules:
- basic-auth
# path to protect
- path: /path-example
# Rules defines which specific middleware applies to a route path
rules:
- jwt
# path to protect
- path: /admin
# Rules defines which specific middleware applies to a route path
rules:
- basic-auth
# path to protect
- path: /path-example
# Rules defines which specific middleware applies to a route path
rules:
- jwt
- path: /history
http:
url: http://security-service:8080/security/authUser
headers:
#Key from backend authentication header, and inject to the request with custom key name
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
params:
userCountryId: X-countryId
- api-forbidden-paths
- basic-auth
# Example of a route | 2
- name: Authentication service
path: /auth
@@ -113,8 +79,8 @@ gateway:
destination: 'http://security-service:8080'
healthCheck: /internal/health/ready
cors: {}
blocklist: []
middlewares: []
middlewares:
- api-forbidden-paths
# Example of a route | 3
- name: Basic auth
path: /protected
@@ -122,15 +88,19 @@ gateway:
destination: 'http://notification-service:8080'
healthCheck:
cors: {}
blocklist: []
middlewares: []
#Defines proxy middlewares
# middleware name must be unique
middlewares:
# Enable Basic auth authorization based
- name: basic-auth
# Authentication types | jwt, basic, OAuth
type: basic
paths:
- /user
- /admin
- /account
rule:
username: admin
password: admin
@@ -139,6 +109,10 @@ middlewares:
# Authentication types | jwt, basic, OAuth
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
type: jwt
# Paths to protect
paths:
- /protected-access
- /example-of-jwt
rule:
# This is an example URL
url: https://www.googleapis.com/auth/userinfo.email
@@ -155,9 +129,19 @@ middlewares:
# Add header to the next request from AuthRequest header, depending on your requirements
# Key is AuthRequest's response header Key, and value is Request's header Key
# In case you want to get headers from the Authentication service and inject them into the next request's headers
headers:
headers:
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
# In case you want to get headers from the Authentication service and inject them to the next request's params
params:
userCountryId: countryId
params:
userCountryId: countryId
# The server will return 404
- name: api-forbidden-paths
type: access
## Forbidden paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*

4
internal/logger/logger.go
View File

@@ -77,9 +77,9 @@ func Debug(msg string, args ...interface{}) {
log.SetOutput(getStd(util.GetStringEnv("GOMA_ACCESS_LOG", "/dev/stdout")))
formattedMessage := fmt.Sprintf(msg, args...)
if len(args) == 0 {
log.Printf("DUBUG: %s\n", msg)
log.Printf("DEBUG: %s\n", msg)
} else {
log.Printf("DUBUG: %s\n", formattedMessage)
log.Printf("DEBUG: %s\n", formattedMessage)
}
}
func getStd(out string) *os.File {

6
pkg/config.go
View File

@@ -103,12 +103,6 @@ type Middleware struct {
type MiddlewareName struct {
name string `yaml:"name"`
}
type RouteMiddleware struct {
//Path contains the path to protect
Path string `yaml:"path"`
//Rules defines which specific middleware applies to a route path
Rules []string `yaml:"rules"`
}
// Route defines gateway route
type Route struct {

2
pkg/middleware/access-middleware.go
View File

@@ -30,7 +30,7 @@ func (blockList AccessListMiddleware) AccessMiddleware(next http.Handler) http.H
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
for _, block := range blockList.List {
if isPathBlocked(r.URL.Path, util.ParseURLPath(blockList.Path+block)) {
logger.Warn("%s: access to %s is forbidden", getRealIP(r), r.URL.Path)
logger.Debug("%s: access to %s is forbidden", getRealIP(r), r.URL.Path)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusNotFound)
err := json.NewEncoder(w).Encode(ProxyResponseError{

2
pkg/middleware/middleware.go
View File

@@ -162,7 +162,7 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
client := &http.Client{}
authResp, err := client.Do(authReq)
if err != nil || authResp.StatusCode != http.StatusOK {
logger.Info("%s %s %s %s", r.Method, r.RemoteAddr, r.URL, r.UserAgent())
logger.Info("%s %s %s %s", r.Method, getRealIP(r), r.URL, r.UserAgent())
logger.Warn("Proxy authentication error")
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)

2
util/constants.go
View File

@@ -30,6 +30,6 @@ func FullVersion() string {
return ver
}
const MainExample = "Initialize config: init config --output config.yml\n" +
const MainExample = "Initialize config: config init --output config.yml\n" +
"Start server: server \n" +
"Start server with custom config file: server --config config.yml"