service-proxy/distribution/tutorials/orchestration/40-Authentication-Call.yaml at master · precoder/service-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# yaml-language-server: $schema=https://www.membrane-api.io/v7.1.2.json
#
# Tutorial: Authentication Call
#
# Problem: A backend API (port 3001) requires authentication, but the client
#          does not support it.
#
# Solution: The gateway authenticates against a login endpoint and forwards the
#          session cookie to the backend.
#
# Try:
#     curl -i http://localhost:3001
#       No session => 401 Unauthorized
#     curl http://localhost:3000/login -i
#       Returns SESSION cookie
#     curl -H "Cookie: SESSION=akj34" http://localhost:3001
#       Valid session => Success!
#     curl http://localhost:2000
#       Gateway performs login and forwards cookie to backend (see logs)
#
# Variations:
#     - Protect the API (port 2000) with other auth methods apis.yaml(Basic, API key, OAuth2, ...)
#     - Protect the login API (port 3000)

api:
  port: 2000
  name: Gateway
  flow:
    - request:
        - log:
            message: Authenticating via login API
        - call:
            url: http://localhost:3000/login
        - log:
            message: "Got Cookie: ${header['Set-Cookie']}"
        # Forward session to backend
        - setHeader:
            name: Cookie
            value: ${header['Set-Cookie']}
        # Do not forward Set-Cookie
        - headerFilter:
            - exclude: Set-Cookie
        - log:
            message: "Forwarding Cookie: ${header['Cookie']}"
  target:
    url: http://localhost:3001

---
# Login API
api:
  port: 3000
  name: Login API
  path:
    uri: /login
  flow:
    # Place authentication here: Basic, API key, OAuth2, ...
    - response:
        - setCookies:
            - name: SESSION
              value: akj34
        - log:
            message: Login successful. Issue SESSION cookie.
    - return:
        status: 200
---
# Backend API protected by session cookie
api:
  port: 3001
  name: Target API
  flow:
    - request:
        - log:
            message: "Session: ${cookie.SESSION}"
        - if:
            test: cookie.SESSION != 'akj34'
            flow:
              - return:
                  status: 401
    - response:
        - static:
            src: Success!
    - return:
        status: 200