aasaam / palantir Goto Github PK

:crystal_ball: HTTP REST API reverse proxy

License: Apache License 2.0

Rust 100.00%

reverse-proxy cache-service ddos-protection

palantir's Introduction

palantir

palantir is a HTTP REST API reverse proxy. It will perform load balance, caching, and health check. Also, it will prevent DDOS and will report metrics concerning health status of backend servers.

Important: palantir is still under development and is not ready.

Getting started

If you are using Linux or macOS, you need to install Rust using rustup:

curl https://sh.rustup.rs -sSf | sh

For installation on Windows, read the instructions in rust-lang book.

Then, clone palantir repository:

git clone [email protected]:AASAAM/palantir.git

After modifying config.toml based on your upstream server:

cd palantir
cargo run --release --features fast

Performance

palantir is built in Rust, so it can be compiled to native code for your architecture. Rust, unlike some languages such as Golang, does not have a garbage collector (GC) which constantly looks for no longer used memory while the program runs. Therefore, GC is usually a bad thing for high-throughput / high-load production systems. "In Rust, memory is handled through a system of ownership with a set of rules that the compiler checks at compile time. None of the ownership features slow down your program as it is running" (reference).

In early benchmarks, we observed that palantir competes with the nginx reverse proxy.

License

Licensed under either of

Apache License, Version 2.0 (LICENSE-APACHE or http://apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

palantir is inspired by actix-reverse-proxy, bloom, rustnish, and weldr.

Contribution

To contribute to palantir, please see CONTRIBUTING and CODE_OF_CONDUCT.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Name Origin

"But alone it could do nothing but see small images of things far off and days remote."
the Lord of the Rings, The Two Towers by John R. R. Tolkien

The proxy's name palantír is derived from the Lord of the Rings, which is an artefact "used for both communication and as a means of seeing events in other parts of the world or in the distant past or in the future" (reference).

This name has been chosen because:

Reverse proxies are communication tools similar to seeing-stones. They could do nothing alone, but can be used to converse.
They may show something from the past (i.e., cached data).
They where designed to guard and unite humans' world, by obtaining information. This reverse proxy tries also to collect metrics and prevent DDOS in collaboration with other microservices.
Palantíri (plural of palantír), may mislead you since the health status of the message is not guaranteed per se. Much work is required for revealing the real health status of the upstream servers, which is going to be developed in health module.

palantir's People

Contributors

Stargazers

Watchers

Forkers

maanibeigy gitter-badger duzhanyuan aamchi

palantir's Issues

Protection senario check

Add cookie parser for check request and system status.

Consider HTTP request always carry the cookie of client unique identifier.
For example Cookie: cuid=blahblahblah;

Add Cookie parser for parse multiple cookie parse what' you need
Know status of protection: Consider statuses N, P{N}
Which means Normal N every thing is good so let all request go.
By P**{N}**
Depend on config file we follow these:
Define cookie name for example asm_prt=xxxxx*

  SampleConfig: P1: Protection Level 1
  cookie ttl: **604800**
  cookie parameters: 
     - CUID
  SampleConfig: P2: Protection Level 2
  cookie ttl: **86400**
  cookie parameters: 
     - CUID
     - IP Address
  SampleConfig: P3: Protection Level 3
  cookie ttl: **7200**
  cookie parameters: 
     - CUID
     - IP Address
     - User Agent

JWT decode for parse general Auth base on Authorization and Cookie for status of user is guest or logged in user.
If user not logged in : For guest members follow cookie mechanism (Not logged in and not authorized servers) Encryption and Decryption by special cookie for status of request (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
This method will use for captcha application to generate same cookie algorithm for Palantir proxy.
For mobile application they are same but using special header X-Cuid: blahblahblah same follow for cookie.

Document workflow
Accpet workflow
Implementation

Standard Verb of HTTP https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
Full URL Manipulation https://en.wikipedia.org/wiki/Uniform_Resource_Identifier

          userinfo     host        port
          ┌─┴────┐ ┌────┴────────┐ ┌┴┐ 
  https://[email protected]:123/forum/questions/?tag=networking&order=newest#top
  └─┬─┘ └───────┬────────────────────┘└─┬─────────────┘└──┬───────────────────────┘└┬─┘  
  scheme     authority                 path              query                 fragment

Write TDD.

Reformat config file

In roadmap to release version 1.0.0, It is required to have a config file like:

[backends]

  [[backends.webapp1]]
  target = "http://127.0.0.1:9000"
  health = "/health"

  [[backends.webapp2]]
  target = "http://127.0.0.1:9000"
  health = "/health"

  [[backends.webapp3]]
  target = "https://127.0.0.1:9000"
  health = "/health"
  ssl_ca = "/path/to/ca.pem"

[[frontends]]

  [frontends.sample]

    [[frontends.sample.backends]]
    target = "webapp1"
    weight = 5.0

    [[frontends.sample.backends]]
    target = "webapp2"
    weight = 2.0

    [[frontends.sample.backends]]
    target = "webapp3"
    backup = true