What does the gateway provide?

  1. Unified login
  2. The reverse proxy
  3. The web server
  4. The interface interceptor

These are the features I have implemented according to the requirements of the project, and I can extend some other features in the future: grey publishing, etc.

background

Prevent cross-domain from adding proxyTable configuration to Webpack when developing the environment. This configuration only applies to the development environment. Once in production, a separate Express service will be started to provide web static resources and Proxytables.

In other words, each application has an Express service, which is difficult to manage and deploy when there are many applications.

How did I do that

Middleware for egg service

cors Middleware

The egg-CORS plug-in has built-in middleware to support processing of cross-domain requests

static Middleware

Egg-static plug-in built-in middleware that provides static resources externally

multiApplicationStatic Middleware

Egg-multi-application-static Maps different static resource paths for multiple applications. Implemented using the KOA-static plug-in and packaged as a plug-in

  • The prefix of the domain name
  • Dir Static entry path

The source code parsing

  1. Iterate through configuration items

  2. Compare the source domain name with the prefix of the configuration item

    If yes, take out the dir of the configuration item to generate a middleware that provides static resource services and return.

    Not satisfied: Return next()

  3. Use the compose tool function to form an onion ring call and return it

bodyParser Middleware

The parameters in the request body will be parsed and added to the request object. Post parameters may be lost when the request is proxy parsed by the plug-in, so here is a filter:

If the access path is the gateway’s own route, it is resolved; otherwise, it is skipped

Note the order of the middleware. Parameters may be lost after the POST request is processed by the middleware

securities Middleware

Egg-security prevents and handles XSS (cross-site scripting attacks).

permissions Middleware

Verify and refresh tokens.

The source code parsing

  • Have a token
    1. Verify that token is valid, return 401 if not
    2. The request path is/gateway/loginor/When the directJump back refererSAddress or promptLogged in,refererS does not exist
    3. Update cookie.refererS validity time
    4. Update the cookie.token validity period
  • There is no token
    1. If the source domain is registered, return 401 if notApplication not register!
    2. The request path is/gateway/loginCookie. RefererS is set
    3. If the requested path requires login, return 401 if yesRequest path not authorized!
  • Return next() if the above process does not return

proxy Middleware

Perform reverse proxy for the domain name and path configured in config.proxy.

Check whether the domain name of the request source is in config.proxy. If the conditions are met, take out the configuration under the domain name and cooperate with http-proxy-Middleware and KOA-Connect plug-in for proxy and response.

A request resolution process

  1. Enter the multiApplication Static middleware to determine whether it is a static resource
  2. Enter the Permissions middleware to verify that the token is valid
  3. Access the proxy middleware and forward the request according to the config configuration
  4. To be processed by egg-Router

PS

Big guy please light spray, copy directly from the notes, I may be able to understand their own.