Skip to content

Instantly share code, notes, and snippets.

View OrionStark's full-sized avatar
🔭
explorer

Robby Muhammad Nst OrionStark

🔭
explorer
View GitHub Profile
function __addSecureAndCacheHeaders(res) {
// OWASP Secure Headers
res.set('X-Content-Type-Options', 'nosniff')
res.set('X-XSS-Protection', '1; mode=block')
res.set('X-Frame-Options', 'DENY')
res.set('Strict-Transport-Security', 'max-age=63072000; includeSubDomains')
// Avoid Caching Tokens
res.set('Cache-Control', 'no-cache, no-store, must-revalidate')
res.set('Pragma', 'no-cache')
@OrionStark
OrionStark / request_forwarding.js
Created February 11, 2020 06:59
Axios as adapter
axios({
method: method,
baseURL: service.base_url + ':' + service.port,
url: request.path,
responseType: 'json',
data: request.body,
params: request.params,
headers: {
gateway_signature: token,
authorization: request.authorization
function __generateGatewaySignature(serviceSecretKey, callback) {
jwt.sign({
gateway: 'ORION_GATEWAY',
gateway_secret: SECRET_KEY,
}, serviceSecretKey, { expiresIn: 1800000 }, callback)
}
__getServiceInformation(request.app_id || '')
.then(service => {
let flag = false
const availableEndPoints = service.endpoints[request.method.toLowerCase()] || []
const splittedRequestPath = request.path.replace(/^\/|\/$/g, '').split('/')
for ( let i = 0; i < availableEndPoints.length; i++ ) {
let splittedEndPointPath = availableEndPoints[i].replace(/^\/|\/$/g, '').split('/')
if ( splittedRequestPath.length === splittedEndPointPath.length ) {
let fractalCheckFlag = true
services:
firstService:
port: 3422
base_url: http://localhost
endpoints:
get:
- /user
- /item
- /testing
put:
function __grabRequest(req) {
// We need the consume IP Address for collecting a log for our Gateway
const ipAddress = (req.headers['x-forwarded-for'] || '').split(',').pop() ||
req.connection.remoteAddress ||
req.socket.remoteAddress ||
req.connection.socket.remoteAddress
const apiSignatureKey = req.headers['basic_auth'] || '' // Basic Auth for consumer.
return {
ip_address: ipAddress,
basic_auth: apiSignatureKey,