Skip to content

Microservices, API Gateway, Authentication with FastAPI, non-blocking i/o

Notifications You must be signed in to change notification settings

JirawatChayayan/microservices-with-fastapi

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Microservices, API Gateway, Authentication with FastAPI, non-blocking i/o

  • This repo is composed of a bunch of small microservices considering api gateway approach
  • Expected number of microservices was two, but considering that services should not create dependency on each other to prevent SPOF, also to prevent duplicate codes, i decided to put one api gateway in front that does JWT authentication for both services which i am insired by Netflix/Zuul
  • We have 3 services including gateway.
  • Only gateway can access internal microservices through the internal network (users, orders)

Services

  • gateway: Built on top of FastAPI, simple api gateway which its only duty is to make proper routing while also handling authentication and authorization
  • users (a.k.a admin): Keeps user info in its own fake db (file system). Can be executed simple CRUD operations through the service. There is also another endpoint for login, but client is abstracted from real response. Thus, gateway service will handle login response and generate jwt token accordingly.
  • orders: Users (subscribed ones - authentication) can create and view (their - authorization) orders.

Running

  • check ./gateway/.env => 2 services url are defined based on twelvefactor conf
  • docker-compose up --build
  • visit => http://localhost:8001/docs

Example requests

  • There are already created 2 users in users db
  • get api token with admin user
    curl --header "Content-Type: application/json" \
         --request POST \
         --data '{"username":"admin","password":"a"}' \
         http://localhost:8001/api/login
    
  • You'll see something similar to below
    {"access_token":"***","token_type":"bearer"}
    
  • use this token to make administrative level requests
    curl --header "Content-Type: application/json" \
         --header "Authorization: Bearer ***" \
         --request GET \
         http://localhost:8001/api/users
    
  • Similar trials can be also done with default user to create & view orders

IMPORTANT NOTES & POSSIBLE TODOs

  • Tried to use coroutines on especially i/o operations to boost the performance of gateway. (aiohttp)
  • Again, non-blocking db client library is used. (tortoise-orm)
  • Tried to use dependency injection on gateway api as a new router, because i am thinking to feed this project and make it open source for other people as well.
  • Tried to implement declarative way for api gateway rules, for now it works based on decorator, but my purpose is to make it more declarative like using yaml configuration
  • Since it is executed with docker-compose file, it shouldn't be considered as production ready (a.k.a scalability)
  • API gateway approach is considered, also inspired by Zuul, event-driven approach can be easily applied in case needed.
  • Authentication and authorization are seperated from the services to keep things clean, one service does for all.
  • JWT token are generated in gateway service and other services behind the gateway receive a seperated header called request-user-id to use user specific info.
  • thread-safety was not considered especially on fake users service since we use file operations, and it might produce race conditions
  • Another authorization level can be added into private-network services checking if request-user-id header exists
  • hashed_password might be shadowed in users response
  • API versioning might be considered
  • JWT token TTL can be changed under ./gateway/conf.py[settings]
  • Nginx or similar tool can be added in front of all services to leverage more benefits

Overall Diagram

ScreenShot

Documentation Page

ScreenShot

About

Microservices, API Gateway, Authentication with FastAPI, non-blocking i/o

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 98.1%
  • Dockerfile 1.9%