fomalhaut is an api gateway acts as the frontend and api router for numerous backend json api servers.
This project is still in development, api may change anytime. If you want to use it, fix what you need.
API is connected to the App and the server database of the bridges, in the App and various API after for these API management and protection brings a series of problems.For example:
- How to protect the API from unauthorized access, only by the App initiates normal request?
- How to control a different App for many API access permissions?
- API access how to log how to view it?
Thus, it is with fomalhaut this project.
Supported Python versions: 2.7, 3.3, 3.4, 3.5, 3.6 pypy, pypy3
You need to install Redis first, the corresponding dependency package can be installed by the following command:
pip install -r requirements.txt
## Valid time of access signature, seconds
SIGNATURE_EXPIRE_SECONDS = 3600
HOST = '127.0.0.1'
PORT = 6500
# Is the debug mode
DEBUG = False
# Redis configuration
REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379
REDIS_DB = 0
REDIS_PASSWORD = 'your_password'
Run
python -m fomalhaut.runserver --port=6500
- api-gateway-dashboard Web Console for API Gateway
- api-python-client Python version of API Client
This is a gateway to the JSON API, which actually works regardless of what is being transferred behind the protected API, except that the gateway will return an error message to the JSON data if something goes wrong. In the design of the torngas middleware mode. Currently only the GET
and POST
methods are supported.
As with most cloud applications, each Client will be assigned a pair of access_key
and secret_key
.access_key
is used to uniquely identify the Client,secret_key
is used to perform HMAC signature and AES encryption.Both the URL of the API request and the Body data are signed by secret_key
, and the signature of the data is verified bidirectionally to ensure that the request and the returned data are not tampered with.The signature method uses the HMAC-SHA256.
In order to distinguish the gateway level when there is an error in the implementation of the return data, or behind the real API to provide services to return data, define a special status code 949
, if the status code is 949, then the gateway returns.
Although HTTPS is popular in most sites, but if you still can only use HTTP, or there is a middleman attack, there is a risk of data content leakage,thus providing AES encryption function, you can transfer data URL, Headers, Body are encrypted, AES encryption is optional.
There are cases where some APIs need to be logged in before they can be accessed, and others do not.fomalhaut has built-in Auth Endpoint (endpoint_name: auth, version: v1) and includes three APIs:
/auth/v1/login/
Login/auth/v1/token/refresh/
get newaccess_token
with `refresh_token'/auth/v1/token/alive/
checkaccess_token
is valid/account/v1/logout/
logout/account/v1/password/change/
Change Password
For APIs that require login, you need to first access /auth/v1/login/
to get access_token
, the data returned is as follows:
{
"code": 200,
"msg": "",
"data": {
"access_token": "abcd",
"refersh_token": "efgh",
"expires_in": 168000,
"user_info": {
}
}
}
expires_in
:access_token
will expire after many secondsrefresh_token
: whenaccess_token
expires, it is used to get the newaccess_token
user_info
: user information returned by the Auth API
/auth/v1/login/
API will check whether the submitted login information is correct according to the configured Auth API, if the login is correct Auth API returns the user information.
/auth/v1/token/refresh/
API used to fetch new access_token
, submitted data:
{
"refersh_token": "efgh"
}
Later access requires login to access the API in the url with access_token, for example:
http://api.example.com/api-name/v1/?access_token=abcd
API Gateway will use this access_token
to verify the validity of the access_token
in redis when accessing the APIs that need to be logged in, and obtain the user's information.The user information is then stored in Headers and passed to the backend API with X-User-Json
.The data stored in this Header is base64 encoded data of the JSON string of user_info.
The built-in Endpoint needs to be configured in the console api-gateway-dashboard
To speed things up, the access logs generated by fomalhaut are temporarily stored in the list in Redis, and a Celery scheduled task is configured in the api-gateway-dashboard project that automatically migrates the access logs to MongoDB.Therefore, these Celery tasks must be run at the same time, in order to ensure the normal operation of fomalhaut.
For more information about how to run these Celery background tasks, see [api-gateway-dashboard] (https://github.com/restran/api-gateway-dashboard) of the relevant documents.
- login check, check
access_token
- built-in login, logout and update
access_token
API - Single sign-on, login in one place, old
access_token
andrefresh_token
to be invalidated - access to the log store for requesting full content for size limits
- configuration information in-program cache
- API monitoring, access exception can mail alarm
- Rate-Limiting
- api-android-client
- api-swift-client