Request Gateway - address restricting add-on for auth.
This package is a GCP Datastore controlled IP Address access controller. It can be plugged into AppEngine services in order to deliver service specific IP restriction. Works with or instead of the AppEngine Firewall. Originally written for use with auth.
This is a fairly rudimentary backend client which persists a list of approved address names (IPs, hostnames, whatever you want to use to differentiate), and will provide a boolean check to indicate if a given address name is on the approved list.
This was written to augment a GCP Appengine service. Appengine already provides a firewall service which can be used to control incoming traffic, so this address restriction utility is useful where a appengine default service already exists serving a superset of incoming traffic. This can be plugged into middleware to permit access to a non-default service for a subset of traffic.
The best place to start is probably with the examples and tests. Initialise the approval list entity in Datastore by running the tests.
See examples for a http/appengine implementations which uses requestgateway and auth. This is written for appengine standard 2nd gen, but also works as a standalone.
This utilises the following fine pieces of work:
If you want to run the example code, then install using
$ go get -u github.com/lidstromberg/examples
If you only want the requestgateway utility, then install with
$ go get -u github.com/lidstromberg/requestgateway
You will also need to export (linux/macOS) or create (Windows) some environment variables.
################################
# GCP DETAILS
################################
export GTWAY_GCP_PROJECT='{{PROJECTNAME}}'
################################
# GCP CREDENTIALS
################################
export GOOGLE_APPLICATION_CREDENTIALS="/PATH/TO/GCPCREDENTIALS.JSON"
(See Google Application Credentials)
Change LB_DEBUGON to true/false if you want verbose logging on/off. The other variables don't need to be changed.
################################
# REQUEST GATEWAY
################################
export GTWAY_DEBUGON='true'
export GTWAY_NAMESP='global'
export GTWAY_KD='gateway'
export GTWAY_CLIPOOL='5'
File | Purpose |
---|---|
requestgateway.go | Logic manager |
requestgateway_test.go | Tests |
File | Purpose |
---|---|
config.go | Boot package parameters, environment var collection |
entity.go | Package structs |
env | Package environment variables for local/dev installation |
gogets | Statements for go-getting required packages |