go get github.com/baturalpk/apigateway
See examples/ folder for sample config.yaml and main.go files.
🔥 Works well with @baturalpk/auth-service as intended to be.
-
Each request that matches with
/auth/:intentschema, is forwarded to the auth service endpoints depending on the intents (i.e., signin, signout, signup). -
Each request that begins with
/api/..., is evaluated to match with predefined paths (matchPaths[].valueproperty in config.yaml):-
If matching occurs, the gateway determines whether end-user is authorized by interacting with the auth service endpoint
-
If claimed authorization is valid:
- Binds the unique identifier
(i.e., ID)of verified user to the predefined header (auth.internal.idHeaderproperty in config.yaml). By that way, internal services can trust this header to recognize the authenticated end-user. - Ultimately, the request of end-user is forwarded to the target service by reverse proxy.
- Binds the unique identifier
-
-
All auth service paths (e.g., signupPath) must allow HTTP POST method
-
After the successful validation of an end-user session, auth service must return a JSON response with the following property:
id: "System-wide strictly unique identifier" of an end-user. -
All requests, which are going towards internal services, must be fully authorized. For the time being, different paths that belong to same service cannot be excluded from authorization process conditionally. In brief, no public API endpoints yet!