darkorsa/cordo-gateway

Gateway for API calls

Maintainers

Details

github.com/darkorsa/cordo-gateway

Source

Issues

Installs: 2

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 5

1.5.0 2021-01-06 11:06 UTC

Requires

Requires (Dev)

MIT 05aac19dda3330b54040d89a8c619066b0159b4a

This package is auto-updated.

Last update: 2024-03-21 21:06:42 UTC

README

Latest Version on Packagist Software License Build Status Coverage Status Quality Score Total Downloads

Cordo API Gateway - protection, caching, analytics & monitoring.

What is it? What is it for?

An API gateway is an API management tool that acts as reverse proxy and is located between a client and a backend service (or collection of services).

Most common use cases:

  • protection from overuse and abuse
  • analytics and monitoring
  • gathering multiple API calls into one for optimization
  • caching

Requirements

  • PHP 7.4.0 or newer
  • Apache/Nginx
  • PHP Redis extension (nosql db for for request caching and rate limiting)

Install

First make sure that you have Redis expansions installed. To check it run:

$ php -i |grep redis

If any of them is missing you can install it from PECL repository:

$ sudo pecl install redis

# restart PHP
$ sudo service php7.4-fpm restart

Create your new project folder and within this folder type:

$ composer create-project darkorsa/cordo-gateway ./

Then copy .env_example file and rename it to .env and complete it with your configuration data.

Usage

Api Key

First set your API_KEY in .env file, that will extort sending X-Api-Key header with API_KEY value on each request to the gateway.

This can disabled by commenting ApiKeyMiddleware middleware in public/index.php.

$router->addMiddleware(new ApiKeyMiddleware()); // comment this line

Note that X-Api-Key can be also used by rate limiting function.

Defining routes

Since the API gateway is a proxy for the target API you will need to register routes for handling the upcoming requests. This can be done in public/index.php:

(new App\UsersRoutes($router, $container, 'https://apiurladdress.com'))->register();

Place you routes class somewhere in app/ folder.

Example of routes class:

<?php

declare(strict_types=1);

namespace App;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Cordo\Gateway\Core\Application\Service\Register\RoutesRegister;

class UsersRoutes extends RoutesRegister
{
    public function register(): void
    {
        $this->router->addRoute(
            'GET',
            "/users",
            function (ServerRequestInterface $request, array $params): ResponseInterface {
                return $this->cacheRequest($request, '/users', 3600, []);
            }
        );

        $this->router->addRoute(
            'POST',
            "/users",
            function (ServerRequestInterface $request, array $params): ResponseInterface {
                return $this->sendRequest($request, '/users', []);
            }
        );
    }
}

In the above example there are definitions of two endpoints. One for fetching users data (GET) and second for adding a new user (POST).

CacheRequest method will call target API and cache the result in memory (Redis) for the set amount of time. In this example for 1 hour (3600 seconds). Until cache invalidates no request will be made to the target API.

SendRequest method will simple call target API with all the query & form params as in the original request.

Rate Limiting

You can limit requests that can be made to you API in given amount of time in order to prevent from request flooding / API scraping. For that set appropriate config settings in config/los_rate_limit.php file.

Rate limiting config settings are explained here.

Still to come

  • Simple request logger for analytics

Security

If you discover any security related issues, please email dkorsak@gmail.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.