API Gateway

[zenlex]

Given the plan to use distributed microservices to allow a broad variety of dev approaches for backing services to the site, build an API gateway that handles auth and session management and then delegates all other requests to the appropriate microservice.

Parameters:

• Treat session persistence as a backing service.
• Treat auth as a backing service.
• Easily deployable in container(s) on limited resources.
• Allow route registration via config file (toml, yaml, etc.) without further code changes.
• Auth per route should be configurable, but enabled by default for a security first bias.
• Fast / minimal - should just:
  • auth (only if required by route)
  • add session data if authed
  • forward/reject request as appropriate

For future features, adding a microservice should 'only' require:

• deploying the service somewhere accessible
• registering the route to the microservice with the api gateway
• pointing the frontend fetch at the new api gateway route

Replacing/Lift & Shifting an existing microservice this way should only require modifying the route definition in the gateway.

[zenlex]

Got it started in Rust. Building simple v0.1 with the default Reqwest client that the community Clerk.io adapter uses. There's an open PR on that SDK already for Axum support though and I will likely use Axum for the API web framework once that extractor is merged or I get a chance to review it for myself and just use it. :)

[zenlex]

closing as won't do for now with DOKS handling it all fine for now.