docs: add block common exploits and oauth middleware

docs/index.md

@@ -20,12 +20,17 @@ It comes with a lot of integrated features, such as:
 - Cross-Origin Resource Sharing (CORS)
 - Custom Headers
 - Backend Errors interceptor
+- Support TLS
+- Block common exploits middleware
+  - Patterns to detect SQL injection attempts
+  - Pattern to detect simple XSS attempts
 - Authentication middleware
-    - JWT `client authorization based on the result of a request`
-    - Basic-Auth
+  - JWT `client authorization based on the result of a request`
+  - Basic-Auth
+  - OAuth
 - Rate limiting
-    - In-Memory Token Bucket based
-    - In-Memory client IP based
+  - In-Memory Token Bucket based
+  - In-Memory client IP based
 
 Declare your routes and middlewares as code.
 

docs/middleware.md

@@ -18,6 +18,7 @@ Goma Gateway supports :
 - Authentication middleware
     - JWT `client authorization based on the result of a request`
     - Basic-Auth
+    - OAuth
 - Rate limiting middleware
     - In-Memory client IP based
 - Access middleware 
@@ -133,6 +134,60 @@ middlewares:
      params:
        userCountryId: countryId
 ```
+### OAuth middleware
+
+Example of Google provider
+
+```yaml
+  - name: google-oauth
+    type: oauth
+    paths:
+      - /*
+    rule:
+      clientId: xxx
+      clientSecret: xxxx
+      # oauth provider google, gitlab, github, amazon, facebook, custom
+      provider: google # facebook, gitlab, github, amazon
+      redirectUrl: https://example.com/callback/protected
+      #RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
+      redirectPath: /dashboard
+      scopes:
+        - https://www.googleapis.com/auth/userinfo.email
+        - https://www.googleapis.com/auth/userinfo.profile
+      state: randomStateString
+      jwtSecret: your-strong-jwt-secret | It's optional
+
+```
+
+Example of Authentik provider
+
+```yaml
+    - name: oauth-authentik
+      type: oauth
+      paths:
+        - /protected
+        - /example-of-oauth
+      rule:
+        clientId: xxx
+        clientSecret: xxx
+        # oauth provider google, gitlab, github, amazon, facebook, custom
+        provider: custom
+        endpoint:
+          authUrl: https://authentik.example.com/application/o/authorize/
+          tokenUrl: https://authentik.example.com/application/o/token/
+          userInfoUrl: https://authentik.example.com/application/o/userinfo/
+        redirectUrl: https://example.com/callback
+        #RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
+        redirectPath: ''
+        #CookiePath e.g.: /my-protected-path or / || by default is applied on a route path
+        cookiePath: "/"
+        scopes:
+          - email
+          - openid
+        state: randomStateString
+        jwtSecret: your-strong-jwt-secret | It's optional
+
+```
 ### Access middleware
 
 Access middleware prevents access to a route or specific route path.

docs/quickstart.md

@@ -11,19 +11,19 @@ nav_order: 2
 
 You can generate the configuration file using `config init --output /config/config.yml` command.
 
-The default configuration is automatically generated if any configuration file is not provided, and is available at `/config/goma.yml`
+The default configuration is automatically generated if any configuration file is not provided, and is available at `/etc/goma/goma.yml`
 
 ```shell
 docker run --rm  --name goma-gateway \
- -v "${PWD}/config:/config" \
+ -v "${PWD}/config:/etc/goma/" \
  jkaninda/goma-gateway config init --output /config/config.yml
 ```
 
 ### 3. Start server with a custom config
 ```shell
 docker run --rm --name goma-gateway \
- -v "${PWD}/config:/config" \
- -p 80:80 \
+ -v "${PWD}/config:/etc/goma/" \
+ -p 8080:8080 \
  jkaninda/goma-gateway server --config /config/config.yml
 ```
 ### 4. Healthcheck
@@ -39,16 +39,16 @@ services:
     image: jkaninda/goma-gateway
     command: server
     healthcheck:
-      test: curl -f http://localhost/readyz || exit 1
+      test: curl -f http://localhost/health/live || exit 1
       interval: 30s
       retries: 5
       start_period: 20s
       timeout: 10s
     ports:
-      - "80:80"
-      - "443:443"
+      - "8080:8080"
+      - "8443:8443"
     volumes:
-      - ./config:/config/
+      - ./config:/etc/goma/
 ```
 
 ## Customize configuration file
@@ -79,6 +79,7 @@ gateway:
   disableDisplayRouteOnStart: false
   # disableKeepAlive allows enabling and disabling KeepALive server
   disableKeepAlive: false
+  blockCommonExploits: false
   # interceptErrors intercepts backend errors based on defined the status codes
   interceptErrors:
     - 405