Skip to content

feat(gateway): implement routing, auth, and logging for API gateway #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
devin-ai-integration wants to merge 1 commit into
base: default
Choose a base branch
from
Open

feat(gateway): implement routing, auth, and logging for API gateway #43

devin-ai-integration wants to merge 1 commit into from

Conversation

@devin-ai-integration
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot commented Nov 30, 2025
edited
Loading

feat(gateway): implement routing, auth, and logging for API gateway

Summary

This PR implements three core API gateway components for issue #27:

Circuit Breaker (circuit_breaker.lua): Redis-backed fault tolerance with CLOSED/OPEN/HALF_OPEN state machine. Each backend service has configurable failure thresholds, success thresholds for recovery, and timeout periods. Fails open if Redis is unavailable.

GNAP Authentication (gnap_auth.lua): Gateway-level token introspection with role-based access control (ADMIN, MODERATOR, USER). Caches validated tokens in Redis for 5 minutes. Defines public endpoints that bypass auth and role requirements per endpoint pattern.

Request ID Tracking (request_id.lua): UUID v4 request ID generation with X-Request-ID, X-Correlation-ID, and X-Span-ID header propagation for distributed tracing.

nginx config updates: All upstream blocks now use least_conn load balancing with enhanced keepalive settings. All location blocks integrate circuit breaker checks, rate limiting, and request ID tracking. Enhanced JSON log format includes tracing fields. New /internal/circuit-status endpoint for monitoring.

Note: Prometheus metrics integration was intentionally excluded to avoid merge conflicts with another session working on that component.

Review & Testing Checklist for Human

  • Validate nginx syntax: Run nginx -t inside the OpenResty container to verify configuration is valid - this was NOT done before PR creation
  • Verify resty.http availability: The gnap_auth.lua requires resty.http module - confirm it's installed in the OpenResty Docker image or add it to the Dockerfile
  • Confirm GNAP introspect endpoint exists: The auth service must have /gnap/introspect endpoint for token validation to work
  • Review PUBLIC_ENDPOINTS list in gnap_auth.lua:49-62: Verify these match the actual public endpoints your API should expose without authentication
  • Test circuit breaker behavior: Verify state transitions work correctly when backends fail and recover

Recommended Test Plan

  1. Start the Docker Compose stack with Redis and all backend services
  2. Verify nginx starts without errors (docker compose logs nginx)
  3. Test public endpoints return 200 without auth header
  4. Test protected endpoints return 401 without auth header
  5. Test with valid GNAP token to verify auth flow
  6. Simulate backend failure to verify circuit breaker opens
  7. Check /internal/circuit-status endpoint returns service states
  8. Verify X-Request-ID appears in response headers and logs

Notes

@devin-ai-integration @erkinalp
feat(gateway): implement routing, auth, and logging for API gateway
41d7d89 
- Add circuit_breaker.lua for fault tolerance with Redis-backed state
  - Implements CLOSED/OPEN/HALF_OPEN states per service
  - Configurable failure/success thresholds and timeouts
  - Automatic recovery with half-open testing

- Add gnap_auth.lua for GNAP token introspection and RBAC
  - Gateway-level authentication and authorization
  - Role-based access control (ADMIN, MODERATOR, USER)
  - Token caching in Redis for performance
  - Public endpoint handling

- Add request_id.lua for distributed tracing
  - UUID v4 request ID generation
  - Correlation ID and span ID propagation
  - X-Request-ID, X-Correlation-ID, X-Span-ID headers

- Update default.conf with enhanced configuration
  - least_conn load balancing for all upstreams
  - Enhanced keepalive settings
  - Integrated circuit breaker, auth, and tracing in all locations
  - Enhanced JSON log format with tracing fields
  - Circuit breaker status endpoint at /internal/circuit-status
  - Error handling with proxy_next_upstream

Closes #27 (routing, auth, logging components)

Co-Authored-By: Erkin Alp Güney <[email protected]>
@devin-ai-integration
Copy link
Contributor Author

devin-ai-integration bot commented Nov 30, 2025

Original prompt from Erkin 
Complete the API Gateway development for the 4chan-go-rs v2 project.

Repository: https://github.com/erkinalp/4chan-go-rs
Issue: #27 - API Gateway development

Remaining tasks (rate limiting already done via #33):
- Implement routing and load balancing in Nginx/OpenResty
- Set up authentication/authorization validation at gateway level
- Implement centralized logging and metrics collection

Work in v2/infrastructure/docker/nginx/ and follow the existing patterns for upstream blocks and location routing.

@devin-ai-integration
Copy link
Contributor Author

devin-ai-integration bot commented Nov 30, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erkinalp erkinalp Awaiting requested review from erkinalp

Assignees

@erkinalp erkinalp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erkinalp