motiv-labs / janus Goto Github PK
View Code? Open in Web Editor NEWAn API Gateway written in Go
Home Page: https://hellofresh.gitbooks.io/janus
License: MIT License
An API Gateway written in Go
Home Page: https://hellofresh.gitbooks.io/janus
License: MIT License
Is there a way to enable plugin for all endpoint without adding for each proxy endpoint?
I would like to add a custom proxy to be hit on every request, is it possible in Janus? Is there any options for adding a custom middleware
?
Thanks in advance.
I perform a POST /apis and register an upstream. I then try and use the route I just registered, but the debug log shows no activity at all.
I then kill and restart Janus, and then try and use the route, and it works.
This looks like a duplicate of #84, which for some reason was closed without a fix.
Reproduction Steps:
Expected behavior:
Upstreams work after registration without a restart required.
Janus version: 1.7.4-rc.6
Our scripts expect bash
to be available in containers, but only sh
is available here. Is it a deliberate choice or could we add bash
?
it will be better to mention install HTTPie to use http in mac cli in readme.MD
i tried the curl and some other tools and failed, later HTTPie worked.
#I can't seem to get the Docker-based build to respond to any http requests. I'm using a build of the latest 1.7.4-rc.6 using my modified Dockerfile, that otherwise matches the standard one but allows me to specify a tag to build.
Reproduction Steps:
$ git clone https://github.com/Megalithic-LLC/janus-dockerfile.git
$ cd janus-dockerfile
$ docker build --build-arg=JANUS_TAG=1.7.4-rc.7 -t janus .
$ vi janus.env
DATABASE_DSN=mongodb://1.2.3.4/janus
REDIS_DSN=redis://1.2.3.4:6379
SECRET=password
ADMIN_USERNAME=admin
ADMIN_PASSWORD=admin
DEBUG=true
LOG_LEVEL=debug
$ docker run --env-file janus.env -i -p 8080:8080 -t janus
{"@timestamp":"2017-03-01T17:44:59.246556501Z","@version":"1","level":"debug","message":"Connected to mongodb","type":"Janus"}
...
01T17:44:59.250617897Z","@version":"1","level":"info","message":"Listening on :0","type":"Janus"}
$ curl -iv -X POST -H "Content-Type: application/json" -H "Accept: application/json, */*" -d '{"username":"admin","password":"admin"}' http://localhost:8080/login
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Content-Type: application/json
> Accept: application/json, */*
> Content-Length: 39
>
* upload completely sent off: 39 out of 39 bytes
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
Janus version: 1.7.4-rc.6
OS and version: standard Dockerfile (golang:1.8-alpine)
Janus with Mongodb storage haven't a hot reload feature.
Reproduction Steps:
docker run -e STORAGE_DNS=redis://<my redis host>:6379 -e DATABASE_DSN=mongodb://<my mongo host>:27017/<schema>-p 8080:8080 -p 8443:8443 -p 8081:8081 -p 8444:8444 quay.io/hellofresh/janus
Expected behavior:
docker run -e STORAGE_DNS=redis://<my redis host>:6379 -e DATABASE_DSN=mongodb://<my mongo host>:27017/<schema>-p 8080:8080 -p 8443:8443 -p 8081:8081 -p 8444:8444 quay.io/hellofresh/janus
Observed behavior:
When I restarted the contained I can access to the new route without problems, but it isn't hot reload.
What I can do for add a new endpoint without restart the container ?
Can I have a hot reload with janus and mongodb storage?
Janus version: latest
OS and version: latest docker image
When using the Gateway to request information a service which already handles CORS, the CORS in the Gateway and the Delivery Logistic Service is duplicating the Access-Control-Allow-Origin header which causes the following error:
Reproduction Steps:
Expected behavior:
No header duplication.
Observed behavior:
XMLHttpRequest cannot load https://end-point-url. The 'Access-Control-Allow-Origin' header contains multiple values 'url, url', but only one is allowed. Origin 'url' is therefore not allowed access.
We at Haufe-Lexware have implemented an open source API Portal on top of Mashape Kong, and would like to look into what it means to also support Janus as an API Gateway for wicked: http://wicked.haufe.io, https://github.com/Haufe-Lexware/wicked.haufe.io. Example portal (very simplistic right now): https://wicked-demo.haufe.io.
From a first glance it seems as if Janus would be well suitable for integration with wicked, as it seems to behave more or less like Kong, i.e. it's configurable over a REST API and is also completely headless. You also have CORS and Rate Limiting support, and claim to support OAuth2.
Is this something you'd be interested in supporting? I guess there might be some edges we might need to enhance, either on wicked or on Janus (I can't quite tell how your OAuth2 support looks like right now, the documentation is a little incomplete, or am I missing something?).
Best regards,
Martin (maintainer of wicked.haufe.io).
With this PR https://github.com/hellofresh/janus/pull/25 we introduced a mutex to protect the loaders map for concurrent access. We should change this to use channels for communication. This would result in a better performance.
According to the auth doc, the token type can be set to JWT or "introspection", but what is meant with "introspection"? In our auth setup, tokens are validated by calling some internal service and I wonder if introspection is the way to route auth requests to this service.
If an upstream (target_url) requires Basic Auth via a statically provisioned API KEY or similar thing, it is customary to be able to provide the credentials in the URL, and for the user agent to detect the userInfo in the URL and to move it over to an Authorization: Basic <base64(userInfo)>
header.
Curl is an example of this, and it allows you to use either of 2 forms to set an Auth Basic header:
$ curl -u user:password http://myhost:port
$ curl http://user:password@myhost:port
Reproduction Steps:
Expected behavior:
Upstream would be presented with Authorization: Basic header and would authorize.
Observed behavior:
Upstream returns 401 Unauthorized which means it was not presented with an Authorization: Basic header.
Janus version: 1.7.4-rc.6
[Short description of problem here]
Reproduction Steps:
more docker-compose.yml
version: '3'
services:
janus:
image: quay.io/hellofresh/janus
ports:
- "8080:8080"
- "8081:8081"
depends_on:
- service1
- janus-database
- janus-storage
volumes:
- ./janus.toml:/etc/janus/janus.toml
janus-database:
image: mongo
ports:
- "27017:27017"
janus-storage:
image: redis:3.2
ports:
- "6379:6379"
# This container is just a helper to seed the database
mongo-seed:
build:
context: .
dockerfile: seed.Dockerfile
depends_on:
- janus-database
service1:
image: rodolpheche/wiremock
ports:
- '9089:8080'
volumes:
- ../front-proxy/stubs:/home/wiremock/mappings
more auth/auth.json
{
"name" : "local",
"oauth_endpoints" : {
"token" : {
"preserve_host" : false,
"listen_path" : "/auth/token",
"upstream_url" : "http://auth-service:8080/token",
"strip_path" : true,
"append_path" : false,
"enable_load_balancing" : false,
"methods" : [
"GET",
"POST"
]
}
},
"token_strategy" : {
"name" : "jwt",
"settings" : [
{"alg": "HS256", "key" : "secret"}
]
}
}
Expected behavior:
[Describe expected behavior here]
http POST localhost:8081/oauth/servers "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDA2ODM0NTQsImlhdCI6MTUwMDY3OTg1NCwiaWQiOiJhZG1pbiJ9.8EgMguMUept5WRUbz29QgfQOCZ4PtWcwA65ja8Igi9E" < auth.json
HTTP/1.1 500 Internal Server Error
Content-Encoding: gzip
Content-Length: 111
Content-Type: application/json
Date: Fri, 21 Jul 2017 23:31:21 GMT
Vary: Origin
"json: cannot unmarshal array into Go struct field TokenStrategy.settings of type oauth.TokenStrategySettings"
[Describe observed behavior here]
Janus version: [Enter Atom version here]
[root@ip-172-31-10-54 auth]# http localhost:8081
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 58
Content-Type: application/json
Date: Fri, 21 Jul 2017 23:31:56 GMT
Vary: Origin
"Welcome to Janus v3.2.0-3c4d321"
OS and version: [Enter OS name and version here]
I've been looking for quite a while at various API gateways, and it look like none have been built or thought as a framework that some developer could pick, plug the things into a bit of Go code, write a few custom endpoints to merge APIs if needed, package all of that into a container and deploy that, without a need of any kind of stateful storage backing up the gateway.
I believe it would be nice to do so with Janus, so I've been starting to use it for this usage, but there is a lot of boilerplate in order to get again yourself the list of plugins, registering them, etc...
Very simple question: would you be happy to merge PRs that refactors a bit the source code in order to go in this direction?
The document about file system configuration only says what directories should be created but it says nothing about naming files, and file schema:
https://github.com/hellofresh/janus/blob/master/docs/quick_start/file_system.md
It would be nice to have a thorough description of the schema, something like composer-schema.json.
The updated_at
property of api_specs
items has a wrong format e.g. -62135596800000
instead of something like 2017-01-20 11:03:17.331Z
.
Expected behavior:
updated_at
should be ISO.
Observed behavior:
updated_at
is not ISO.
Is there anyway for me to put more than one api endpoint in a single file?
Hi,
I would like to know if there is some way to deploy Janus with an mongodb and store the password there, allowing it to be altered by the admin using the APIs?
Hi there,
I forked the project and made some changes. But when I try to build the project I get this error:
$ make all
==> Cleaning project
==> Installing dependencies
==> Building...
Building application version 0.0.1-dev
Building default binary
# github.com/hellofresh/janus/pkg/jwt/provider
../../hellofresh/janus/pkg/jwt/provider/provider.go:9: undefined: sync.Map
../../hellofresh/janus/pkg/jwt/provider/provider.go:12: undefined: sync.Map
../../hellofresh/janus/pkg/jwt/provider/provider.go:27: undefined: sync.Map
make: *** [build] Error 2
Any idea how to fix this? I already tried removing all dependencies from my GOPATH and downloading them again.
Thanks!
I was following the instructions of the readme, copy the docker-compose from the example,
then i get the token and post the json in the example, but I get a 404 error.
In the root I got "Welcome to Janus, this is version 1.0"
First i tried with my own microservice endpoint, and it doesn't work, i think it was for the docker-compose network, then, i tried with the example, and also fails.
Any idea what I'm doing wrong?
config:
"proxy": {
"append_listen_path": false,
"check_host_against_uptime_tests": false,
"enable_load_balancing": false,
"listen_path": "/vvvv",
"methods": [
"GET"
],
"preserve_host_header": false,
"strip_listen_path": true,
"target_list": [],
"target_url": "http://172.31.68.243/app/"
access:
http http://172.31.68.244:8080/vvvv
result:
HTTP/1.1 404 Not Found
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Mon, 13 Mar 2017 08:46:34 GMT
X-Content-Type-Options: nosniff
404 page not found
but can access:
curl http://172.31.68.243/app/
Currently, Janus has two different libs to work with Redis. That's not an ideal scenario, we'd like to use one of these libs:github.com/go-redis/redis
and github.com/garyburd/redigo/redis
.
Please fix a list of following issues:
Screenshot attached:
https://prnt.sc/h79msi
Expected behavior:
Acceptance Criteria and requirements can be found in this ticket : https://hellofresh.atlassian.net/browse/CORE-2236
i think the document wrote in version 1.x
Currently we have list of paths that has ID on the second level right in the code that is bad practice - we expose our internal api and do not allow 3rd party users to use their own values w/out modifying the code. This must be configurable.
For some of our projects we will need localized URL's, so different URL presentations going to the same service.
For example for our recipe page:
https://www.hellofresh.de/recipes/taboule-salat-mit-wurzigem-hallo-58342b3e4348d25f8d3183c2
We want the URL in germany to be:
https://www.hellofresh.de/rezepte/taboule-salat-mit-wurzigem-hallo-58342b3e4348d25f8d3183c2
And both of them should be proxied to the same service, this is of course possible at the moment, but adding all of them will be hard and time consuming.
I would recommend adding a new optional argument to the routes, something like country, and on every request you can map the domain to the specific country and prioritze the routes that have a matching country in its configuration. If none match, use the default
.
I'd like to use a transformer for my response headers as well. Something like the request transformer.
A new version of https://github.com/ulule/limiter is out, and we should try to keep up with it.
The goal is to adapt our rate limit implementation to implement limiter
2.0
Please add support for filtering specific headers when proxying to upstream_url
. The use case is running janus in development environment, where it is used to proxy requests to staging services. In this scenario, the Authorization
header proxied by janus will be incorrect for the staging environment. The solution would be to add something like:
"headers": [
"Authorization": null, //example of header removal
"User-Agent": "Janus" //example of header modification
]
to the API configuration on janus. This will cover a much wider use case (not only filtering, but also adding and modifying headers). The assumption is that specifying null
signals to janus to remove this header.
Now that we deprecated the upstream_url
we need to make sure that whenever someone creates/updates an API Definition, the Admin API returns an error saying upstream_url is deprecated please use upstreams instead
.
Criteria:
proxy.upstream_url
400
HTTP code and a message upstream_url is deprecated please use upstreams instead
Hi there,
I'd like to add a custom route to janus. By seeing oauth2 plugin as an example for building one it got very complicated to understand, i'll have to add a loader.go
to my plugin and make some logic. Is there a better way of doing that?
Most recipe related payloads depend on the type of user requesting it. This is mostly because the API is used to administer entities from HQ, but also serve customer or public data. Of course, an HQ admin and a guest user won't receive the same payload when requesting the same entity, some properties are only served to admin users. Thus, we need to know what is the role of the user issuing a request to return the proper payload.
We believe we won't be the only one with this issue, managing subscriptions without user information is going to be tricky. Especially because customers can update their subscriptions, but admins too.
For performance and practical reasons, we'd rather not have to request a user service, or fetch the user's role, or id, from a database. Since the gateway is already storing the authentication token, could it store information related to the user too, or retrieve it somehow?
The ideal would be to receive X-User-Id
and X-User-Role
headers:
DELETE /recipes/580f10c5b0a36033a0640022 HTTP/1.1
X-User-Id: 123
X-User-Role: admin
Each oauth server has an UUID when created, this id is attached to an API that desires to use that specific oauth server as its auth mechanism. The problem that we have at the moment is that, given the changes on the Transport
layer, now it's impossible to know from which auth server the access token is coming from, this means that all access_tokens from all servers are on the same bucket
. This is not a huge issue when you have just 2 or 3 different oauth servers, but if you have more the access tokens can collide.
Reproduction Steps:
POST /apis
slug
name, whatever that is, and observe that also does not work.Expected behavior:
POST /apis
returns a Location: /apis/<assigned-mongo-_id>
header.
Observed behavior:
POST /apis
returns no identifying information in its headers, and an empty body. An operator has to bypass the self-service REST API and peek into the Mongo DB, find the API registration, and then obtain the _id
field value which can then be used in a delete operation:
$ curl -i -X DELETE -H "Authorization: Bearer eyJ..." http://localhost:8080/apis/58b8521...
HTTP/1.1 204 No Content
Janus version: 1.7.4-rc.6
[Adjust Error messages for Login, APIs definitions and Health check page]
Reproduction Steps:
Screenshot attached:
http://prntscr.com/h79bq8
http://prntscr.com/h7956y
http://prntscr.com/h6y4gw
We get a redirect response when the URI has a trailing slash, but the Location
header and the link in the body are wrong. For instance when I query https://api-v2.hellofresh.com/menus/?week=2016-W45&country=DE I get the following response:
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.0 (Ubuntu)
Date: Fri, 17 Mar 2017 13:52:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 74
Connection: close
Location: /api/menus?week=2016-W45&country=DE
Strict-Transport-Security: max-age=31536000
<a href="/api/menus?week=2016-W45&country=DE">Moved Permanently</a>.
Also, I don't know where api
is coming from :(
Expected behavior:
The Location
header and the link should be https://api-v2.hellofresh.com/menus?week=2016-W45&country=DE
Observed behavior:
The Location
header and the link are /api/menus?week=2016-W45&country=DE
Hi there,
i've forked janus, i want to implement a plugin to make janus hit my auth service on every request instead of using its own auth/autho mechanism. When build it i'm getting an error it seems to be related to package importation.
Reproduction Steps:
I've forked to github.com/iclinic/janus
, path to janus is /Users/michaeltcoelho/goworkspace/src/github.com/iclinic/janus/
on my machine.
I ran make deps
and then make build
. Here i get an error when building for windows quoted on Observed behavior:.
I ran make test
and get an error quoted on Observed behavior:.
Expected behavior:
Build and run forked janus with success.
Observed behavior:
make build
==> Building...
Building application version 0.0.1-dev
Building default binary
Building binary for linux/386...
Building binary for linux/amd64...
Building binary for darwin/386...
Building binary for darwin/amd64...
Building binary for windows/386...
# github.com/iclinic/janus/vendor/golang.org/x/crypto/ssh/terminal
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_ECHO_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_PROCESSED_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_LINE_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:42: undefined: windows.ENABLE_PROCESSED_OUTPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:43: undefined: windows.SetConsoleMode
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:62: undefined: windows.SetConsoleMode
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:67: undefined: windows.ConsoleScreenBufferInfo
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:68: undefined: windows.GetConsoleScreenBufferInfo
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:91: undefined: windows.ENABLE_ECHO_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:92: undefined: windows.ENABLE_PROCESSED_INPUT
vendor/golang.org/x/crypto/ssh/terminal/util_windows.go:92: too many errors
make: *** [build] Error 2
make test
Running unit tests:
ok github.com/iclinic/janus 1.100s coverage: 0.0% of statements
? github.com/iclinic/janus/cmd/janus [no test files]
? github.com/iclinic/janus/features/bootstrap [no test files]
--- FAIL: TestNewFileSystemRepository (0.00s)
Error Trace: file_repository_test.go:16
file_repository_test.go:31
Error: "/Users/michaeltcoelho/goworkspace/src/github.com/iclinic/janus/pkg/api" does not contain "github.com/hellofresh/janus"
Janus version: the latest.
OS and version:
Software:
System Software Overview:
System Version: macOS 10.12.6 (16G29)
Kernel Version: Darwin 16.7.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Computer Name: Michael’s MacBook Pro
User Name: Michael Coelho (michaeltcoelho)
Secure Virtual Memory: Enabled
System Integrity Protection: Enabled
Time since boot: 2:26
api_specs
would be easier to read and define if the oauth_server_id
value was a human readable value such as api_oauth
than a MongoID such as ObjectId("5834110db1c3754274e64f0e")
.
Cannot import the stub APi at /examples/apis/posts.json. It fails with this response:
HTTP/1.1 400 Bad Request
Content-Length: 27
Content-Type: application/json
Date: Wed, 05 Apr 2017 22:43:03 GMT
Vary: Accept-Encoding
"api definition not found"
Reproduction Steps:
http POST 192.168.99.100:8081/apis "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTE0MzM3MTIsImlhdCI6MTQ5MTQzMDExMiwiaWQiOiJhZG1pbiJ9.CfNK3mxh3yArgrDXBLpYArLqPU6PywIDCxBdNEeSQUA" "Content-Type: application/json" < examples/apis/posts.json
Expected behavior:
Successful addition of jsonplaceholder API
Observed behavior:
API definition not found error.
**Janus version: latest version
**OS and version: Mac OSX 10.11.6
how to deploy multiple janus nodes
[Short description of problem here]
I run janus in docker
Reproduction Steps:
$ docker run -d --name janus-database \
-p 27017:27017 \
mongo:3.0
docker run -d --name janus-storage \
-p 6379:6379 \
redis:3.0
docker run -d --name janus \
--link janus-database:janus-database \
--link janus-storage:janus-storage \
-e "DATABASE_DSN=mongodb://janus-database:27017/janus" \
-e "STORAGE_DNS=redis://janus-storage:6379" \
-p 8080:8080 \
-p 8443:8443 \
-p 8081:8081 \
-p 8444:8444 \
quay.io/hellofresh/janus
I add new endpoint with httpbin.json file
{
"name" : "httpbin",
"active" : true,
"proxy" : {
"preserve_host" : false,
"listen_path" : "/ip/*",
"upstream_url" : "http://httpbin.org/ip",
"strip_path" : false,
"append_path" : false,
"methods" : ["GET"]
}
}
get apis is no problem
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 223
Content-Type: application/json
Date: Wed, 05 Jul 2017 09:01:31 GMT
Vary: Origin
[
{
"active": true,
"health_check": {
"timeout": 0,
"url": ""
},
"name": "httpbin",
"plugins": [],
"proxy": {
"append_path": false,
"enable_load_balancing": false,
"hosts": [],
"insecure_skip_verify": false,
"listen_path": "/ip/*",
"methods": [
"GET"
],
"preserve_host": false,
"strip_path": false,
"upstream_url": "http://httpbin.org/ip"
}
}
]
Expected behavior:
[Describe expected behavior here]
can not use new endpoint
http localhost:8080/ip/
HTTP/1.1 404 Not Found
Content-Length: 43
Content-Type: application/json
Date: Wed, 05 Jul 2017 08:57:13 GMT
{
"error": "no API found with those values"
}
restart janus container.
it working
[Describe observed behavior here]
Janus version: [Enter Atom version here]
curl http://127.0.0.1:8081/
"Welcome to Janus v3.1.0-3492f66"
OS and version: [Enter OS name and version here]
uname -a
Linux ip-172-31-10-54 4.4.44-39.55.amzn1.x86_64 #1 SMP Mon Jan 30 18:15:53 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
docker -v
Docker version 17.03.1-ce, build 7392c3b/17.03.1-ce
Is there a plan to support Zipkin?
Apparently, there is a problem with the Rate Limit Middleware, sometimes when running concurrent requests, the rules for the rate limit are not been applied, which means, we limit the number of requests earlier than expected
Reproduction Steps:
50-S
)Expected behavior:
The rate limit should only be applied for a single proxy and should support concurrent requests.
Observed behavior:
The requests are been limited before they should be
Janus version: 1.3
OS and version: Ubuntu 16.04
Seems like there's a major (breaking) change on ulule/limiter
package
Reproduction Steps:
janus
repoObserved behavior:
pkg/plugin/rate/rate_limit_logger.go:60:26: not enough arguments in call to lmt.Peek
have (string)
want (context.Context, string)
pkg/plugin/rate/setup.go:74:21: undefined: limiter.NewLimiter
pkg/plugin/rate/setup.go:76:19: undefined: limiter.NewHTTPMiddleware
pkg/plugin/rate/setup.go:94:10: undefined: limiter.NewRedisStoreWithOptions
pkg/plugin/rate/setup.go:99:10: undefined: limiter.NewMemoryStore
# github.com/hellofresh/janus/pkg/plugin/oauth2
pkg/plugin/oauth2/loader.go:52:19: undefined: limiter.NewMemoryStore
pkg/plugin/oauth2/loader.go:53:22: undefined: limiter.NewLimiter
pkg/plugin/oauth2/loader.go:54:22: undefined: limiter.NewHTTPMiddleware
A conventional Redis-To-Go URL doesn't work.
2017-02-26T20:54:23.538797721Z","@version":"1","level":"debug","message":"Trying to connect to mongodb://user:[email protected]:12345/janus","type":"Janus"}
2017-02-26T20:54:25.293989182Z {"@timestamp":"2017-02-26T20:54:25.293716857Z","@version":"1","level":"debug","message":"Connected to mongodb","type":"Janus"}
2017-02-26T20:54:25.294027164Z {"@timestamp":"2017-02-26T20:54:25.293791179Z","@version":"1","level":"debug","message":"Trying to connect to redis pool: redis://user:[email protected]:12345","type":"Janus"}
2017-02-26T20:54:25.294033972Z {"@timestamp":"2017-02-26T20:54:25.293817677Z","@version":"1","level":"fatal","message":"Couldn't connect to the redis pool: dial tcp: too many colons in address redis://user:[email protected]:12345","type":"Janus"}
Janus version: quay.io/hellofresh/janus:1.7.4
Hey,
Thanks for developing this awesome gateway. It was very easy to configure but I'm stumbling upon an issue and I hope that maybe someone here can help me with it.
Currently, I have a micro service running where users can authenticate via a POST request /authenticate. This endpoint will return a token which the user has to send with it when he does authenticated requests to other endpoints. The requests will have a Authorization header which will include for example "Basic 58ccd028e3ca417829a62d57da1253229f03cca4da8ea2df15dd3ac4cb426c21"
. In this micro service there is also an endpoint named /validate to validate the token via a POST request.
I know there is a plugin named authorization included for basic authorization. Unfortunately, in the documentation, I can't find how to implement/configure this in the gateway. Can any one point me in the right direction?
Thanks in advance!
Instead of storing endpoints configuration in MongoDB, I'd like to use files like nginx or Apache do, in a /etc/janus
directory, with possibly enabled and available directories.
Currently, there is no way to load balance the upstream requests made by Janus. At HelloFresh we rely on HAProxy that does that for us. Ideally what we'd like to have is a possibility to have multiple upstreams
and balance the request between them using the desired algorithm.
This will require some changes:
proxy.Definition
transport
implementation to support balancingLine 35 in https://github.com/hellofresh/janus/blob/master/pkg/plugin/basic/middleware.go leaks timing information that can be used to "guess" the password value.
It's a good idea to use the ConstantTimeCompare function (crypto/subtle package).
The documentation at https://hellofresh.gitbooks.io/janus/quick_start/authenticating.html says to use:
$ curl -X "POST" localhost:8081/login -d '{"username": "admin", "password": "admin"}'
"verification failed: incorrect username or password"
However, that doesn't work on macOS. You need to specify the content type:
$ curl -X "POST" localhost:8081/login -d '{"username": "admin", "password": "admin"}' -H "Content-Type: application/json"
{"token_type":"Bearer","access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDU0NDE3MzQsImlhdCI6MTUwNTQzODEzNH0.EKjszbVQpCMZ_0FI_v8nR0keXEgP9f7K5mQicHmUOfs","expires_in":1505441734}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.