motiv-labs / janus Goto Github PK

Is there a way to enable plugin for all endpoint without adding for each proxy endpoint?

I would like to add a custom proxy to be hit on every request, is it possible in Janus? Is there any options for adding a custom middleware?

Thanks in advance.

I perform a POST /apis and register an upstream. I then try and use the route I just registered, but the debug log shows no activity at all.

I then kill and restart Janus, and then try and use the route, and it works.

This looks like a duplicate of #84, which for some reason was closed without a fix.

Reproduction Steps:

1. Register an upstream via POST /API using a <unique_listenpath>
2. curl localhost:8080/<unique_listenpath> and see 404
3. Restart Janus, then retry previous step number 2 which will now work

Expected behavior:

Upstreams work after registration without a restart required.

Janus version: 1.7.4-rc.6

Our scripts expect bash to be available in containers, but only sh is available here. Is it a deliberate choice or could we add bash?

it will be better to mention install HTTPie to use http in mac cli in readme.MD

i tried the curl and some other tools and failed, later HTTPie worked.

#I can't seem to get the Docker-based build to respond to any http requests. I'm using a build of the latest 1.7.4-rc.6 using my modified Dockerfile, that otherwise matches the standard one but allows me to specify a tag to build.

Reproduction Steps:

1. Build

$ git clone https://github.com/Megalithic-LLC/janus-dockerfile.git
$ cd janus-dockerfile
$ docker build --build-arg=JANUS_TAG=1.7.4-rc.7 -t janus .

2. Configure runtime env vars:

$ vi janus.env

DATABASE_DSN=mongodb://1.2.3.4/janus
REDIS_DSN=redis://1.2.3.4:6379
SECRET=password
ADMIN_USERNAME=admin
ADMIN_PASSWORD=admin
DEBUG=true
LOG_LEVEL=debug

3. Launch Janus

$ docker run --env-file janus.env -i -p 8080:8080 -t janus
{"@timestamp":"2017-03-01T17:44:59.246556501Z","@version":"1","level":"debug","message":"Connected to mongodb","type":"Janus"}
...
01T17:44:59.250617897Z","@version":"1","level":"info","message":"Listening on :0","type":"Janus"}

4. Try and talk to it

$ curl -iv -X POST -H "Content-Type: application/json" -H "Accept: application/json, */*" -d '{"username":"admin","password":"admin"}' http://localhost:8080/login

*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Content-Type: application/json
> Accept: application/json, */*
> Content-Length: 39
> 
* upload completely sent off: 39 out of 39 bytes
* Empty reply from server
* Connection #0 to host localhost left intact

curl: (52) Empty reply from server

Janus version: 1.7.4-rc.6
OS and version: standard Dockerfile (golang:1.8-alpine)

Janus with Mongodb storage haven't a hot reload feature.

Reproduction Steps:

1. Run oficial docker image
   docker run -e STORAGE_DNS=redis://<my redis host>:6379 -e DATABASE_DSN=mongodb://<my mongo host>:27017/<schema>-p 8080:8080 -p 8443:8443 -p 8081:8081 -p 8444:8444 quay.io/hellofresh/janus
2. Add an endpoint
3. Call "apis" I'll see the endpoint
4. Call the route
5. Route not found

Expected behavior:

1. Run oficial docker image
   docker run -e STORAGE_DNS=redis://<my redis host>:6379 -e DATABASE_DSN=mongodb://<my mongo host>:27017/<schema>-p 8080:8080 -p 8443:8443 -p 8081:8081 -p 8444:8444 quay.io/hellofresh/janus
2. Add an endpoint
3. I call "apis" endpoint and I'll see the endpoint
4. I call the route
5. Access to the content

Observed behavior:
When I restarted the contained I can access to the new route without problems, but it isn't hot reload.

What I can do for add a new endpoint without restart the container ?
Can I have a hot reload with janus and mongodb storage?

Janus version: latest
OS and version: latest docker image

When using the Gateway to request information a service which already handles CORS, the CORS in the Gateway and the Delivery Logistic Service is duplicating the Access-Control-Allow-Origin header which causes the following error:

Reproduction Steps:

1. Make request to any CORS supporting endpoint through Janus

Expected behavior:

No header duplication.

Observed behavior:

XMLHttpRequest cannot load https://end-point-url. The 'Access-Control-Allow-Origin' header contains multiple values 'url, url', but only one is allowed. Origin 'url' is therefore not allowed access.

We at Haufe-Lexware have implemented an open source API Portal on top of Mashape Kong, and would like to look into what it means to also support Janus as an API Gateway for wicked: http://wicked.haufe.io, https://github.com/Haufe-Lexware/wicked.haufe.io. Example portal (very simplistic right now): https://wicked-demo.haufe.io.

From a first glance it seems as if Janus would be well suitable for integration with wicked, as it seems to behave more or less like Kong, i.e. it's configurable over a REST API and is also completely headless. You also have CORS and Rate Limiting support, and claim to support OAuth2.

Is this something you'd be interested in supporting? I guess there might be some edges we might need to enhance, either on wicked or on Janus (I can't quite tell how your OAuth2 support looks like right now, the documentation is a little incomplete, or am I missing something?).

Best regards,
Martin (maintainer of wicked.haufe.io).

With this PR https://github.com/hellofresh/janus/pull/25 we introduced a mutex to protect the loaders map for concurrent access. We should change this to use channels for communication. This would result in a better performance.

According to the auth doc, the token type can be set to JWT or "introspection", but what is meant with "introspection"? In our auth setup, tokens are validated by calling some internal service and I wonder if introspection is the way to route auth requests to this service.

If an upstream (target_url) requires Basic Auth via a statically provisioned API KEY or similar thing, it is customary to be able to provide the credentials in the URL, and for the user agent to detect the userInfo in the URL and to move it over to an Authorization: Basic <base64(userInfo)> header.

Curl is an example of this, and it allows you to use either of 2 forms to set an Auth Basic header:

1. $ curl -u user:password http://myhost:port
2. $ curl http://user:password@myhost:port

Reproduction Steps:

1. Register an API with /myRoute/* ==> http://user:password@upstream
2. Restart Janus (issue #95 workaround)
3. Attempt to access http://janus/myRoute. Get 401 Unauthorized

Expected behavior:

Upstream would be presented with Authorization: Basic header and would authorize.

Observed behavior:

Upstream returns 401 Unauthorized which means it was not presented with an Authorization: Basic header.

Janus version: 1.7.4-rc.6

[Short description of problem here]

Reproduction Steps:

1. [First Step]
   run janus with docker-compose

more docker-compose.yml
version: '3'
services:

  janus:
    image: quay.io/hellofresh/janus
    ports:
      - "8080:8080"
      - "8081:8081"
    depends_on:
      - service1
      - janus-database
      - janus-storage
    volumes:
      - ./janus.toml:/etc/janus/janus.toml

  janus-database:
      image: mongo
      ports:
        - "27017:27017"

  janus-storage:
      image: redis:3.2
      ports:
        - "6379:6379"

  # This container is just a helper to seed the database
  mongo-seed:
    build:
      context: .
      dockerfile: seed.Dockerfile
    depends_on:
      - janus-database

  service1:
    image: rodolpheche/wiremock
    ports:
      - '9089:8080'
    volumes:
      - ../front-proxy/stubs:/home/wiremock/mappings

2. [Second Step]
   add auth.json

more auth/auth.json
{
    "name" : "local",
    "oauth_endpoints" : {
        "token" : {
            "preserve_host" : false,
            "listen_path" : "/auth/token",
            "upstream_url" : "http://auth-service:8080/token",
            "strip_path" : true,
            "append_path" : false,
            "enable_load_balancing" : false,
            "methods" : [
                "GET",
                "POST"
            ]
        }
    },
    "token_strategy" : {
        "name" : "jwt",
        "settings" : [
            {"alg": "HS256", "key" : "secret"}
        ]
    }
}

Expected behavior:

[Describe expected behavior here]

http POST localhost:8081/oauth/servers "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDA2ODM0NTQsImlhdCI6MTUwMDY3OTg1NCwiaWQiOiJhZG1pbiJ9.8EgMguMUept5WRUbz29QgfQOCZ4PtWcwA65ja8Igi9E" < auth.json
HTTP/1.1 500 Internal Server Error
Content-Encoding: gzip
Content-Length: 111
Content-Type: application/json
Date: Fri, 21 Jul 2017 23:31:21 GMT
Vary: Origin

"json: cannot unmarshal array into Go struct field TokenStrategy.settings of type oauth.TokenStrategySettings"

[Describe observed behavior here]

Janus version: [Enter Atom version here]

[root@ip-172-31-10-54 auth]# http localhost:8081
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 58
Content-Type: application/json
Date: Fri, 21 Jul 2017 23:31:56 GMT
Vary: Origin

"Welcome to Janus v3.2.0-3c4d321"

OS and version: [Enter OS name and version here]

I've been looking for quite a while at various API gateways, and it look like none have been built or thought as a framework that some developer could pick, plug the things into a bit of Go code, write a few custom endpoints to merge APIs if needed, package all of that into a container and deploy that, without a need of any kind of stateful storage backing up the gateway.

I believe it would be nice to do so with Janus, so I've been starting to use it for this usage, but there is a lot of boilerplate in order to get again yourself the list of plugins, registering them, etc...

Very simple question: would you be happy to merge PRs that refactors a bit the source code in order to go in this direction?

The document about file system configuration only says what directories should be created but it says nothing about naming files, and file schema:

https://github.com/hellofresh/janus/blob/master/docs/quick_start/file_system.md

It would be nice to have a thorough description of the schema, something like composer-schema.json.

The updated_at property of api_specs items has a wrong format e.g. -62135596800000 instead of something like 2017-01-20 11:03:17.331Z.

Expected behavior:

updated_at should be ISO.

Observed behavior:

updated_at is not ISO.

Is there anyway for me to put more than one api endpoint in a single file?

Hi,

I would like to know if there is some way to deploy Janus with an mongodb and store the password there, allowing it to be altered by the admin using the APIs?

Hi there,

I forked the project and made some changes. But when I try to build the project I get this error:

$ make all
==> Cleaning project
==> Installing dependencies
==> Building... 
Building application version 0.0.1-dev
Building default binary
# github.com/hellofresh/janus/pkg/jwt/provider
../../hellofresh/janus/pkg/jwt/provider/provider.go:9: undefined: sync.Map
../../hellofresh/janus/pkg/jwt/provider/provider.go:12: undefined: sync.Map
../../hellofresh/janus/pkg/jwt/provider/provider.go:27: undefined: sync.Map
make: *** [build] Error 2

Any idea how to fix this? I already tried removing all dependencies from my GOPATH and downloading them again.

Thanks!

I was following the instructions of the readme, copy the docker-compose from the example,
then i get the token and post the json in the example, but I get a 404 error.

In the root I got "Welcome to Janus, this is version 1.0"

First i tried with my own microservice endpoint, and it doesn't work, i think it was for the docker-compose network, then, i tried with the example, and also fails.

Any idea what I'm doing wrong?

config:

"proxy": {
"append_listen_path": false,
"check_host_against_uptime_tests": false,
"enable_load_balancing": false,
"listen_path": "/vvvv",
"methods": [
"GET"
],
"preserve_host_header": false,
"strip_listen_path": true,
"target_list": [],
"target_url": "http://172.31.68.243/app/"

access:
http http://172.31.68.244:8080/vvvv

result:
HTTP/1.1 404 Not Found
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Mon, 13 Mar 2017 08:46:34 GMT
X-Content-Type-Options: nosniff

404 page not found

but can access:
curl http://172.31.68.243/app/

Currently, Janus has two different libs to work with Redis. That's not an ideal scenario, we'd like to use one of these libs:github.com/go-redis/redis and github.com/garyburd/redigo/redis.

Please fix a list of following issues:

1. [Remove "Problems" from title]
2. [Adjust text for input "Search" area]
3. [Reduce size of clickable area for "Api Name"]
4. [Include a link to the "Edit API" view for that api ]

Screenshot attached:
https://prnt.sc/h79msi
Expected behavior:

Acceptance Criteria and requirements can be found in this ticket : https://hellofresh.atlassian.net/browse/CORE-2236

i think the document wrote in version 1.x

Currently we have list of paths that has ID on the second level right in the code that is bad practice - we expose our internal api and do not allow 3rd party users to use their own values w/out modifying the code. This must be configurable.

For some of our projects we will need localized URL's, so different URL presentations going to the same service.

For example for our recipe page:

https://www.hellofresh.de/recipes/taboule-salat-mit-wurzigem-hallo-58342b3e4348d25f8d3183c2

We want the URL in germany to be:

https://www.hellofresh.de/rezepte/taboule-salat-mit-wurzigem-hallo-58342b3e4348d25f8d3183c2

And both of them should be proxied to the same service, this is of course possible at the moment, but adding all of them will be hard and time consuming.

I would recommend adding a new optional argument to the routes, something like country, and on every request you can map the domain to the specific country and prioritze the routes that have a matching country in its configuration. If none match, use the default.

I'd like to use a transformer for my response headers as well. Something like the request transformer.

A new version of https://github.com/ulule/limiter is out, and we should try to keep up with it.

The goal is to adapt our rate limit implementation to implement limiter 2.0

Please add support for filtering specific headers when proxying to upstream_url. The use case is running janus in development environment, where it is used to proxy requests to staging services. In this scenario, the Authorization header proxied by janus will be incorrect for the staging environment. The solution would be to add something like:

"headers": [
        "Authorization": null, //example of header removal
        "User-Agent": "Janus" //example of header modification
    ]

to the API configuration on janus. This will cover a much wider use case (not only filtering, but also adding and modifying headers). The assumption is that specifying null signals to janus to remove this header.

Now that we deprecated the upstream_url we need to make sure that whenever someone creates/updates an API Definition, the Admin API returns an error saying upstream_url is deprecated please use upstreams instead.

Criteria:

1. Create or Update an API definition using proxy.upstream_url
2. The API should return a 400 HTTP code and a message upstream_url is deprecated please use upstreams instead

Hi there,

I'd like to add a custom route to janus. By seeing oauth2 plugin as an example for building one it got very complicated to understand, i'll have to add a loader.go to my plugin and make some logic. Is there a better way of doing that?

Most recipe related payloads depend on the type of user requesting it. This is mostly because the API is used to administer entities from HQ, but also serve customer or public data. Of course, an HQ admin and a guest user won't receive the same payload when requesting the same entity, some properties are only served to admin users. Thus, we need to know what is the role of the user issuing a request to return the proper payload.

We believe we won't be the only one with this issue, managing subscriptions without user information is going to be tricky. Especially because customers can update their subscriptions, but admins too.

For performance and practical reasons, we'd rather not have to request a user service, or fetch the user's role, or id, from a database. Since the gateway is already storing the authentication token, could it store information related to the user too, or retrieve it somehow?

The ideal would be to receive X-User-Id and X-User-Role headers:

DELETE /recipes/580f10c5b0a36033a0640022 HTTP/1.1
X-User-Id: 123
X-User-Role: admin

Each oauth server has an UUID when created, this id is attached to an API that desires to use that specific oauth server as its auth mechanism. The problem that we have at the moment is that, given the changes on the Transport layer, now it's impossible to know from which auth server the access token is coming from, this means that all access_tokens from all servers are on the same bucket. This is not a huge issue when you have just 2 or 3 different oauth servers, but if you have more the access tokens can collide.

Reproduction Steps:

1. Register an upstream via POST /apis
2. Observe Janus responds with an empty body, no Location header, and no other headers containing any identifying information.
3. Try deleting the API with the slug name, whatever that is, and observe that also does not work.

Expected behavior:

POST /apis returns a Location: /apis/<assigned-mongo-_id> header.

Observed behavior:

POST /apis returns no identifying information in its headers, and an empty body. An operator has to bypass the self-service REST API and peek into the Mongo DB, find the API registration, and then obtain the _id field value which can then be used in a delete operation:

$ curl -i -X DELETE -H "Authorization: Bearer eyJ..." http://localhost:8080/apis/58b8521...

HTTP/1.1 204 No Content

Janus version: 1.7.4-rc.6

[Adjust Error messages for Login, APIs definitions and Health check page]

Reproduction Steps:

1. [Login error message: Try to login with a Github user which is not authorised ]
2. [Create a new API page: Navigate to Apis definition > Create New API > Click on Save button without filling any input fields > Click OK button]
3. [Health check page: Navigate to Health Check page > Refer to listed APi's description]

Screenshot attached:

http://prntscr.com/h79bq8
http://prntscr.com/h7956y
http://prntscr.com/h6y4gw

We get a redirect response when the URI has a trailing slash, but the Location header and the link in the body are wrong. For instance when I query https://api-v2.hellofresh.com/menus/?week=2016-W45&country=DE I get the following response:

HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.0 (Ubuntu)
Date: Fri, 17 Mar 2017 13:52:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 74
Connection: close
Location: /api/menus?week=2016-W45&country=DE
Strict-Transport-Security: max-age=31536000

<a href="/api/menus?week=2016-W45&amp;country=DE">Moved Permanently</a>.

Also, I don't know where api is coming from :(

Expected behavior:

The Location header and the link should be https://api-v2.hellofresh.com/menus?week=2016-W45&country=DE

Observed behavior:

The Location header and the link are /api/menus?week=2016-W45&country=DE

Hi there,
i've forked janus, i want to implement a plugin to make janus hit my auth service on every request instead of using its own auth/autho mechanism. When build it i'm getting an error it seems to be related to package importation.

Reproduction Steps:

1. I've forked to github.com/iclinic/janus, path to janus is /Users/michaeltcoelho/goworkspace/src/github.com/iclinic/janus/ on my machine.

2. I ran make deps and then make build. Here i get an error when building for windows quoted on Observed behavior:.

3. I ran make test and get an error quoted on Observed behavior:.

Expected behavior:

Build and run forked janus with success.

Observed behavior:

make build

==> Building...
Building application version 0.0.1-dev
Building default binary
Building binary for linux/386...
Building binary for linux/amd64...
Building binary for darwin/386...
Building binary for darwin/amd64...
Building binary for windows/386...
# github.com/iclinic/janus/vendor/golang.org/x/crypto/ssh/terminal
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_ECHO_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_PROCESSED_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_LINE_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_PROCESSED_OUTPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:43: undefined: windows.SetConsoleMode
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:62: undefined: windows.SetConsoleMode
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:67: undefined: windows.ConsoleScreenBufferInfo
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:68: undefined: windows.GetConsoleScreenBufferInfo
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:91: undefined: windows.ENABLE_ECHO_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:92: undefined: windows.ENABLE_PROCESSED_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:92: too many errors
make: *** [build] Error 2

make test

Running unit tests:
ok  	github.com/iclinic/janus	1.100s	coverage: 0.0% of statements
?   	github.com/iclinic/janus/cmd/janus	[no test files]
?   	github.com/iclinic/janus/features/bootstrap	[no test files]
--- FAIL: TestNewFileSystemRepository (0.00s)
        Error Trace:    file_repository_test.go:16
			file_repository_test.go:31
	Error:		"/Users/michaeltcoelho/goworkspace/src/github.com/iclinic/janus/pkg/api" does not contain "github.com/hellofresh/janus"

Janus version: the latest.
OS and version:

Software:

System Software Overview:

  System Version: macOS 10.12.6 (16G29)
  Kernel Version: Darwin 16.7.0
  Boot Volume: Macintosh HD
  Boot Mode: Normal
  Computer Name: Michael’s MacBook Pro
  User Name: Michael Coelho (michaeltcoelho)
  Secure Virtual Memory: Enabled
  System Integrity Protection: Enabled
  Time since boot: 2:26

api_specs would be easier to read and define if the oauth_server_id value was a human readable value such as api_oauth than a MongoID such as ObjectId("5834110db1c3754274e64f0e").

Cannot import the stub APi at /examples/apis/posts.json. It fails with this response:

HTTP/1.1 400 Bad Request
Content-Length: 27
Content-Type: application/json
Date: Wed, 05 Apr 2017 22:43:03 GMT
Vary: Accept-Encoding

"api definition not found"

Reproduction Steps:

1. Start all docker containers with: docker-compose up -d
2. Create valid JWT token
3. Submit this request from within the janus-master folder via CLI:

http POST 192.168.99.100:8081/apis "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTE0MzM3MTIsImlhdCI6MTQ5MTQzMDExMiwiaWQiOiJhZG1pbiJ9.CfNK3mxh3yArgrDXBLpYArLqPU6PywIDCxBdNEeSQUA" "Content-Type: application/json" < examples/apis/posts.json

Expected behavior:

Successful addition of jsonplaceholder API

Observed behavior:

API definition not found error.

**Janus version: latest version
**OS and version: Mac OSX 10.11.6

how to deploy multiple janus nodes

[Short description of problem here]
I run janus in docker

Reproduction Steps:

$ docker run -d --name janus-database \
               -p 27017:27017 \
               mongo:3.0

docker run -d --name janus-storage \
               -p 6379:6379 \
               redis:3.0

docker run -d --name janus \
              --link janus-database:janus-database \
              --link janus-storage:janus-storage \
              -e "DATABASE_DSN=mongodb://janus-database:27017/janus" \
              -e "STORAGE_DNS=redis://janus-storage:6379" \
              -p 8080:8080 \
              -p 8443:8443 \
              -p 8081:8081 \
              -p 8444:8444 \
              quay.io/hellofresh/janus

I add new endpoint with httpbin.json file

{
    "name" : "httpbin",
    "active" : true,
    "proxy" : {
        "preserve_host" : false,
        "listen_path" : "/ip/*",
        "upstream_url" : "http://httpbin.org/ip",
        "strip_path" : false,
        "append_path" : false,
        "methods" : ["GET"]
    }
}

get apis is no problem

HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 223
Content-Type: application/json
Date: Wed, 05 Jul 2017 09:01:31 GMT
Vary: Origin

[
    {
        "active": true,
        "health_check": {
            "timeout": 0,
            "url": ""
        },
        "name": "httpbin",
        "plugins": [],
        "proxy": {
            "append_path": false,
            "enable_load_balancing": false,
            "hosts": [],
            "insecure_skip_verify": false,
            "listen_path": "/ip/*",
            "methods": [
                "GET"
            ],
            "preserve_host": false,
            "strip_path": false,
            "upstream_url": "http://httpbin.org/ip"
        }
    }
]

Expected behavior:

[Describe expected behavior here]

can not use new endpoint

http localhost:8080/ip/
HTTP/1.1 404 Not Found
Content-Length: 43
Content-Type: application/json
Date: Wed, 05 Jul 2017 08:57:13 GMT

{
    "error": "no API found with those values"
}

restart janus container.
it working

[Describe observed behavior here]

Janus version: [Enter Atom version here]

curl http://127.0.0.1:8081/
"Welcome to Janus v3.1.0-3492f66"

OS and version: [Enter OS name and version here]

uname -a
Linux ip-172-31-10-54 4.4.44-39.55.amzn1.x86_64 #1 SMP Mon Jan 30 18:15:53 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

docker -v
Docker version 17.03.1-ce, build 7392c3b/17.03.1-ce

Is there a plan to support Zipkin?

Apparently, there is a problem with the Rate Limit Middleware, sometimes when running concurrent requests, the rules for the rate limit are not been applied, which means, we limit the number of requests earlier than expected

Reproduction Steps:

1. Setup a proxy with the rate limit (i.e 50-S)
2. Make 50 concurrent requests

Expected behavior:
The rate limit should only be applied for a single proxy and should support concurrent requests.

Observed behavior:

The requests are been limited before they should be

Janus version: 1.3
OS and version: Ubuntu 16.04

Seems like there's a major (breaking) change on ulule/limiter package

Reproduction Steps:

1. Pull janus repo
2. Make deps
3. Run binary

Observed behavior:

pkg/plugin/rate/rate_limit_logger.go:60:26: not enough arguments in call to lmt.Peek
	have (string)
	want (context.Context, string)
pkg/plugin/rate/setup.go:74:21: undefined: limiter.NewLimiter
pkg/plugin/rate/setup.go:76:19: undefined: limiter.NewHTTPMiddleware
pkg/plugin/rate/setup.go:94:10: undefined: limiter.NewRedisStoreWithOptions
pkg/plugin/rate/setup.go:99:10: undefined: limiter.NewMemoryStore
# github.com/hellofresh/janus/pkg/plugin/oauth2
pkg/plugin/oauth2/loader.go:52:19: undefined: limiter.NewMemoryStore
pkg/plugin/oauth2/loader.go:53:22: undefined: limiter.NewLimiter
pkg/plugin/oauth2/loader.go:54:22: undefined: limiter.NewHTTPMiddleware

A conventional Redis-To-Go URL doesn't work.

2017-02-26T20:54:23.538797721Z","@version":"1","level":"debug","message":"Trying to connect to mongodb://user:[email protected]:12345/janus","type":"Janus"}
2017-02-26T20:54:25.293989182Z {"@timestamp":"2017-02-26T20:54:25.293716857Z","@version":"1","level":"debug","message":"Connected to mongodb","type":"Janus"}
2017-02-26T20:54:25.294027164Z {"@timestamp":"2017-02-26T20:54:25.293791179Z","@version":"1","level":"debug","message":"Trying to connect to redis pool: redis://user:[email protected]:12345","type":"Janus"}
2017-02-26T20:54:25.294033972Z {"@timestamp":"2017-02-26T20:54:25.293817677Z","@version":"1","level":"fatal","message":"Couldn't connect to the redis pool: dial tcp: too many colons in address redis://user:[email protected]:12345","type":"Janus"}

Janus version: quay.io/hellofresh/janus:1.7.4

Hey,

Thanks for developing this awesome gateway. It was very easy to configure but I'm stumbling upon an issue and I hope that maybe someone here can help me with it.

Currently, I have a micro service running where users can authenticate via a POST request /authenticate. This endpoint will return a token which the user has to send with it when he does authenticated requests to other endpoints. The requests will have a Authorization header which will include for example "Basic 58ccd028e3ca417829a62d57da1253229f03cca4da8ea2df15dd3ac4cb426c21". In this micro service there is also an endpoint named /validate to validate the token via a POST request.

I know there is a plugin named authorization included for basic authorization. Unfortunately, in the documentation, I can't find how to implement/configure this in the gateway. Can any one point me in the right direction?

Thanks in advance!

Instead of storing endpoints configuration in MongoDB, I'd like to use files like nginx or Apache do, in a /etc/janus directory, with possibly enabled and available directories.

Currently, there is no way to load balance the upstream requests made by Janus. At HelloFresh we rely on HAProxy that does that for us. Ideally what we'd like to have is a possibility to have multiple upstreams and balance the request between them using the desired algorithm.

This will require some changes:

• add extra configurations to support balancing on the proxy.Definition
• create the supported balancing algorithms
• change the transport implementation to support balancing

Line 35 in https://github.com/hellofresh/janus/blob/master/pkg/plugin/basic/middleware.go leaks timing information that can be used to "guess" the password value.

It's a good idea to use the ConstantTimeCompare function (crypto/subtle package).

The documentation at https://hellofresh.gitbooks.io/janus/quick_start/authenticating.html says to use:

$ curl -X "POST" localhost:8081/login -d '{"username": "admin", "password": "admin"}'
"verification failed: incorrect username or password"

However, that doesn't work on macOS. You need to specify the content type:

$ curl -X "POST" localhost:8081/login -d '{"username": "admin", "password": "admin"}' -H "Content-Type: application/json"
{"token_type":"Bearer","access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDU0NDE3MzQsImlhdCI6MTUwNTQzODEzNH0.EKjszbVQpCMZ_0FI_v8nR0keXEgP9f7K5mQicHmUOfs","expires_in":1505441734}