├── .env.example ├── .github └── workflows │ └── makefile.yml ├── .gitignore ├── Makefile ├── README.md ├── deployments └── otel │ ├── confs │ └── otel-collector.yml │ └── docker-compose.yml ├── docker-compose-oss.yml ├── docker-compose.yml ├── go └── src │ └── CustomGoPlugin.go └── tyk ├── bundle ├── bundle-entrypoint.sh └── manifest-template.json ├── confs ├── pump-oss.env ├── pump.env ├── tyk-oss.env ├── tyk.env └── tyk_analytics.env ├── middleware └── .gitkeep └── scripts ├── bootstrap-oss.sh ├── bootstrap.sh ├── oas.json └── wait-for-it.sh /.env.example: -------------------------------------------------------------------------------- 1 | # Tyk License 2 | TYK_LICENSE_KEY= 3 | 4 | # Organization 5 | ORG="Tyk Technologies" 6 | SLUG=tyk 7 | 8 | # User 9 | EMAIL=demo@tyk.io 10 | FIRST=Demo 11 | LAST=User 12 | PASSWORD=topsecretpassword 13 | -------------------------------------------------------------------------------- /.github/workflows/makefile.yml: -------------------------------------------------------------------------------- 1 | name: Build, Bundle, Release Go Plugin 2 | 3 | on: 4 | push: 5 | branches: [ "master" ] 6 | pull_request: 7 | branches: [ "master" ] 8 | 9 | jobs: 10 | build: 11 | 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - uses: actions/checkout@v4 16 | - name: Setup Go v1.21.8 17 | with: 18 | go-version: '1.21.8' 19 | uses: actions/setup-go@v5 20 | - name: Copy Env Files 21 | run: cp .env.example .env 22 | 23 | - name: Bundle Go Plugin 24 | run: DOCKER_USER=root make go-bundle 25 | 26 | - name: Upload Bundle 27 | uses: actions/upload-artifact@v3 28 | with: 29 | name: customgoplugin.zip 30 | path: tyk/bundle/bundle.zip 31 | 32 | - uses: jakejarvis/s3-sync-action@master 33 | with: 34 | args: --acl public-read --follow-symlinks 35 | env: 36 | AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} 37 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 38 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 39 | AWS_REGION: 'us-east-1' 40 | SOURCE_DIR: 'tyk/bundle' 41 | 42 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | tyk/middleware/bundles/* 3 | tyk/bundle/manifest.json 4 | **/.env 5 | **/*.so 6 | **/*.zip 7 | **/.DS_Store 8 | dist/ 9 | go/src/go.mod 10 | go/src/go.sum 11 | go/src/vendor -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # 3 | # Makefile for project lifecycle 4 | # 5 | ############################################################################### 6 | 7 | export TYK_VERSION := v5.3.0 8 | 9 | ifeq ($(origin DOCKER_USER), undefined) 10 | DOCKER_USER := 1000 11 | endif 12 | 13 | # Default task: sets up development environment 14 | install: up build 15 | 16 | ### PROJECT ################################################################### 17 | 18 | # Builds the Go plugin 19 | build: go-build restart-gateway 20 | 21 | # Builds production-ready plugin bundle 22 | bundle: go-bundle restart-gateway 23 | 24 | # Outputs the project logs 25 | logs: docker-logs 26 | 27 | # Outputs the gateway log with formatting to make it easier to read in local dev 28 | log: docker-gateway-log 29 | 30 | # Brings up the project - Pro 31 | up: docker-up bootstrap docker-status 32 | 33 | # Brings up the project - Pro w/ oTel 34 | up-otel: docker-up-otel bootstrap docker-status 35 | 36 | # Brings up the project - OSS 37 | up-oss: docker-up-oss bootstrap-oss docker-status 38 | 39 | # Brings up the project - OSS w/ oTel 40 | up-oss-otel: docker-up-oss-otel bootstrap-oss docker-status 41 | 42 | # Brings down the project 43 | down: docker-down docker-status 44 | 45 | # Cleans the project 46 | clean: docker-clean go-clean 47 | 48 | # Gets the status of the docker containers 49 | status: docker-status 50 | 51 | ### DOCKER #################################################################### 52 | 53 | # Gets the status of the running containers 54 | .PHONY: docker-status 55 | docker-status: 56 | docker compose ps 57 | 58 | # Gets the container logs 59 | .PHONY: docker-logs 60 | docker-logs: 61 | docker compose logs -t --tail="all" 62 | 63 | # Gets the container log for gateway and applies formatting for easier reading in local dev 64 | .PHONY: docker-gateway-log 65 | docker-gateway-log: 66 | docker compose logs tyk-gateway -t -f | perl -ne 'if (/time="([^"]+)" level=(\w+) msg="((?:\\"|[^"])*)"(\s*prefix=([^\s]+))?/) { print "$$1 ".sprintf("%-20s", "[$$2]".($$5 ? "[".substr($$5,0,10)."] " : (" " x 12)))."$$3\n" }' 67 | 68 | # Bring docker containers up 69 | .PHONY: docker-up 70 | docker-up: 71 | docker compose up -d --remove-orphans tyk-dashboard tyk-gateway 72 | 73 | # Bring docker containers up /w oTel 74 | .PHONY: docker-up-otel 75 | docker-up-otel: 76 | docker compose -f docker compose.yml -f deployments/otel/docker compose.yml up -d --remove-orphans tyk-dashboard tyk-gateway 77 | 78 | # Bring docker containers up in OSS 79 | .PHONY: docker-up-oss 80 | docker-up-oss: 81 | docker compose -f docker compose-oss.yml up -d --remove-orphans tyk-gateway 82 | 83 | # Bring docker containers up in OSS /w oTel 84 | .PHONY: docker-up-oss-otel 85 | docker-up-oss-otel: 86 | docker compose -f docker compose-oss.yml -f deployments/otel/docker compose.yml up -d --remove-orphans tyk-gateway 87 | 88 | # Bootstrap dashboard 89 | .PHONY: bootstrap 90 | bootstrap: 91 | $(shell ./tyk/scripts/bootstrap.sh) 92 | 93 | # Bring docker containers down 94 | .PHONY: docker-down 95 | docker-down: 96 | docker compose down --remove-orphans 97 | 98 | # Clean docker containers volumes 99 | .PHONY: docker-clean 100 | docker-clean: 101 | docker compose down --volumes --remove-orphans 102 | 103 | ### Tyk Go Plugin ######################################################################## 104 | 105 | go/src/go.mod: 106 | cd ./go/src ; \ 107 | go mod init tyk-plugin ; \ 108 | go get -d github.com/TykTechnologies/tyk@`git ls-remote https://github.com/TykTechnologies/tyk.git refs/tags/${TYK_VERSION} | awk '{print $$1;}'` ; \ 109 | go mod tidy ; \ 110 | go mod vendor 111 | 112 | # Builds Go plugin and moves it into local Tyk instance 113 | .PHONY: go-build 114 | go-build: go/src/go.mod 115 | /bin/sh -c "cd ./go/src && go mod tidy && go mod vendor" 116 | docker compose run --rm tyk-plugin-compiler CustomGoPlugin.so _$$(date +%s) 117 | mv -f ./go/src/CustomGoPlugin*.so ./tyk/middleware/ 118 | 119 | # Runs Go Linter 120 | lint: 121 | /bin/sh -c "docker run --rm -v ${PWD}/go/src:/app -v ~/.cache/golangci-lint/v1.53.2:/root/.cache -w /app golangci/golangci-lint:v1.53.2 golangci-lint run" 122 | 123 | # Runs Go unit tests 124 | test: 125 | /bin/sh -c "cd ./go/src && go test" 126 | 127 | # Run Go test coverage 128 | coverage: 129 | mkdir -p /tmp/test-results ; \ 130 | cd ./go/src ; \ 131 | go test ./... -coverprofile coverage.out -covermode count ; \ 132 | grep -v tyk-plugin/tyk_util.go coverage.out > coverage.out.tmp ; \ 133 | mv coverage.out.tmp coverage.out ; \ 134 | go tool cover -func coverage.out ; \ 135 | go tool cover -html=coverage.out -o coverage.html ; \ 136 | mv coverage.out coverage.html /tmp/test-results ; \ 137 | totalCoverage=`go tool cover -func=/tmp/test-results/coverage.out | grep total | grep -Eo '[0-9]+\.[0-9]+'` ; \ 138 | echo "Total Coverage: $$totalCoverage %" ; \ 139 | rm -rf /tmp/test-results 140 | 141 | # Builds production-ready Go plugin bundle as non-root user, using Tyk Bundler tool 142 | .PHONY: go-bundle 143 | go-bundle: go-build 144 | sed "s/replace_version/$(TYK_VERSION)/g" tyk/bundle/manifest-template.json | \ 145 | sed "s/replace_platform/amd64/g" > tyk/bundle/manifest.json 146 | cp tyk/middleware/CustomGoPlugin*.so tyk/bundle/ 147 | docker compose run --rm --user=$(DOCKER_USER) -w /opt/tyk-gateway/bundle tyk-gateway bundle build -y 148 | rm tyk/bundle/CustomGoPlugin*.so 149 | 150 | # Cleans application files 151 | .PHONY: go-clean 152 | go-clean: 153 | -rm -rf ./go/src/vendor 154 | -rm -rf ./go/src/go.mod 155 | -rm -rf ./go/src/go.sum 156 | -rm -f ./tyk/middleware/CustomGoPlugin*.so 157 | -rm -f ./tyk/bundle/CustomGoPlugin*.so 158 | -rm -f ./tyk/bundle/manifest.so 159 | -rm -f ./tyk/bundle/bundle.zip 160 | 161 | # Restarts the Tyk Gateway to instantly load new iterations of the Go plugin 162 | .PHONY: restart-gateway 163 | restart-gateway: 164 | docker compose restart tyk-gateway 165 | 166 | # Bootstrap dashboard 167 | .PHONY: bootstrap-oss 168 | bootstrap-oss: 169 | $(shell ./tyk/scripts/bootstrap-oss.sh) 170 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Tyk Gateway Custom Go Plugins 2 | 3 | ### Description 4 | 5 | This project is an environment for writing, compiling and bundling Golang plugins for the Tyk Gateway. 6 | 7 | ### Quickstart 8 | 9 | Follow these [instructions](https://tyk.io/docs/nightly/plugins/get-started-plugins/). 10 | 11 | Alternatively, you can watch our video Quickstart [here](https://www.youtube.com/watch?v=2AsSWZRZW24). 12 | 13 | ### Dependencies 14 | 15 | - Golang 16 | - Make 17 | - Docker 18 | - Docker Compose 19 | 20 | ### Relevant Documentation 21 | 22 | - [Native Golang Plugins](https://pkg.go.dev/plugin) 23 | - [Tyk Custom Plugins](https://tyk.io/docs/plugins/) 24 | - [Tyk Golang Plugins](https://tyk.io/docs/plugins/supported-languages/golang/) 25 | - [Tyk Authentication Plugins](https://tyk.io/docs/plugins/auth-plugins/) 26 | - [Tyk Authentication Plugin ID Extractor](https://tyk.io/docs/plugins/auth-plugins/id-extractor/) 27 | - [Tyk OAuth 2.0](https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/oauth-2-0/) 28 | - [Tyk Plugin Bundles](https://tyk.io/docs/plugins/how-to-serve-plugins/plugin-bundles/) 29 | - [Tyk Docker Pro Demo](https://tyk.io/docs/tyk-on-premises/docker/docker-pro-demo/) 30 | 31 | ## Getting Started 32 | 33 | To get started, make sure you have Go installed locally on your machine. Visit https://go.dev/doc/install to download 34 | the latest version of Go and for instructions how to install it for your operating system. 35 | 36 | Alternatively if on Ubuntu >= 21.04: 37 | 38 | ```shell 39 | $ sudo snap install go --classic 40 | ``` 41 | or if on MacOS with [Homebrew](https://brew.sh/): 42 | ```shell 43 | $ brew install go 44 | ``` 45 | Verify Go is installed on your machine by running in a terminal: 46 | ```shell 47 | $ go version 48 | go version go1.17.4 linux/amd64 49 | ``` 50 | You will also need `make` to run project commands. 51 | 52 | On Ubuntu: 53 | ```shell 54 | $ sudo apt-get install -y build-essential 55 | ``` 56 | 57 | On MacOS with Homebrew: 58 | ```shell 59 | $ brew install make 60 | ``` 61 | 62 | Verify `make` is installed on your machine by running in a terminal: 63 | ```shell 64 | $ make --version 65 | GNU Make 4.3 66 | Built for x86_64-pc-linux-gnu 67 | Copyright (C) 1988-2020 Free Software Foundation, Inc. 68 | License GPLv3+: GNU GPL version 3 or later 69 | This is free software: you are free to change and redistribute it. 70 | There is NO WARRANTY, to the extent permitted by law. 71 | ``` 72 | 73 | This project uses [tyk-pro-docker-demo](https://github.com/TykTechnologies/tyk-pro-docker-demo) 74 | as a local development environment to test and validate the Go authentication plugin, so we will also require 75 | [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) 76 | to be installed on your machine. 77 | 78 | Verify Docker and Docker Compose are installed by running in a terminal: 79 | ```shell 80 | $ docker --version 81 | Docker version 24.0.5, build ced0996 82 | $ docker compose version 83 | Docker Compose version v2.23.0 84 | ``` 85 | 86 | ## Building the Go Plugin 87 | 88 | A specific of Tyk Golang plugins is that they need to be built using exactly the same Tyk binary as the one to be 89 | installed. In order to make it work, we provide a special Docker image, which we internally use for building our 90 | official binaries too. These Docker images can be found at https://hub.docker.com/r/tykio/tyk-plugin-compiler. 91 | 92 | Therefore, it is imperative that the version of the `tyk-plugin-compiler` that you use must match the version of 93 | Tyk Gateway you are using, e.g., `tykio/tyk-plugin-compiler:v4.0.0` for `tykio/tyk-gateway:v4.0.0` 94 | 95 | You can set version, by setting TYK_VERSION environment variable, like: `TYK_VERSION=v4.0.0` 96 | 97 | To build the plugin using the `tyk-plugin-compiler`, run the following command in a terminal: 98 | ```shell 99 | $ TYK_VERSION=v4.2.1 make build 100 | ``` 101 | 102 | This command will run the plugin compiler and create a Go plugin called `CustomGoPlugin.so` 103 | which can be found in `tyk/middleware/CustomGoPlugin.so` after it successfully builds. This `.so` file can be loaded 104 | into Tyk Gateway as a custom plugin directly from the filesystem, but in a production setting, it is strongly recommended to 105 | load the plugin as a [plugin bundle](https://tyk.io/docs/plugins/how-to-serve-plugins/plugin-bundles/). 106 | 107 | The `make build` command will also restart 108 | Tyk Gateway if the container is running so that any changes made to the plugin will be applied after being built. See below 109 | for more background on updating Go plugins. 110 | 111 | ## Deploying the Go Plugin 112 | 113 | In production environments, it is strongly recommended to deploy your Tyk custom plugin 114 | as a [plugin bundle](https://tyk.io/docs/plugins/how-to-serve-plugins/plugin-bundles/). 115 | 116 | A plugin bundle is a ZIP file that contains your custom middleware files and its associated configuration block 117 | (the `custom_middleware` block). The idea behind plugin bundles is to enhance the process of attaching and loading custom 118 | middleware. It allows you to avoid duplicating the content of the `custom_middleware` section onto each of your APIs definitions, 119 | which is still possible if you do not want to support a bundle server within your global Tyk setup. 120 | 121 | Tyk provides a bundler tool to generate plugin bundles. Please note that the generated bundles must be served using your 122 | own web server. 123 | See [Downloading and Updating Bundles](https://tyk.io/docs/plugins/how-to-serve-plugins/plugin-bundles/#downloading-and-updating-bundles) 124 | for more documentation. 125 | 126 | To run the bundler tool and generate a plugin bundle, run the following command in a terminal: 127 | ```shell 128 | $ make bundle 129 | ``` 130 | 131 | This will create a production-ready plugin bundle that can be found at `tyk/bundle/bundle.zip`. 132 | 133 | ## Updating the Go Plugin 134 | 135 | Loading an updated version of your plugin require one of the following actions: 136 | 137 | - An API reload with a NEW path or file name of your `.so` file with the plugin. You will need to update the API spec 138 | - section `"custom_middleware"`, specifying a new value for the `"path"` field of the plugin you need to reload. 139 | - Tyk main process reload. This will force a reload of all Golang plugins for all APIs. 140 | 141 | In this project, we will be loading the plugin through the filesystem for development purposes, but it is strongly 142 | recommended to use the plugin bundles for production environments. 143 | 144 | If a plugin is loaded as a bundle and you need to update it you will need to update your API spec with new `.zip` file 145 | name in the `"custom_middleware_bundle"` field. Make sure the new `.zip` file is uploaded and available via the bundle 146 | HTTP endpoint before you update your API spec. 147 | 148 | ### Open Telemetry and Troubleshooting 149 | The **Custom Go Plugin repository** now deploys [Open Telemetry with Jaeger](https://tyk.io/docs/product-stack/tyk-gateway/advanced-configurations/distributed-tracing/open-telemetry/otel_jaeger/) by default to enhance API observability and troubleshooting experience. You can visit the **Jaeger Dashboard** at [http://localhost:16686/](http://localhost:16686/). **It is very important to note that the support for Open Telemetry with the Tyk Gateway is only avaiable for versions `v5.2.0+`.** 150 | 151 | To get started, please review our documentation on [Open Telemetry Overview](https://tyk.io/docs/product-stack/tyk-gateway/advanced-configurations/distributed-tracing/open-telemetry/open-telemetry-overview/). 152 | 153 | You can refer to our official documentation on [How to instrument Custom Go Plugins with OpenTelemetry](https://tyk.io/docs/product-stack/tyk-gateway/advanced-configurations/plugins/otel-plugins/). 154 | 155 | To stand up, oTel example: 156 | ```shell 157 | $ make up-otel build 158 | ``` 159 | 160 | To stand up, oTel example in OSS: 161 | ```shell 162 | $ make up-oss-otel build 163 | ``` 164 | 165 | ### Examples 166 | - [Open Telemetry Instrumentation](plugins/otel-instrumentation/) 167 | 168 | ## Project Lifecycle Makefile Commands 169 | 170 | To build the project and bring up your local instance of Tyk, run in a terminal: 171 | ```shell 172 | $ make 173 | ``` 174 | 175 | To build the Go plugin and restart the Tyk Gateway if its currently running, run in a terminal: 176 | ```shell 177 | $ make build 178 | ``` 179 | 180 | To run the Tyk bundler tool and generate a production plugin bundle, run in a terminal: 181 | ```shell 182 | $ make bundle 183 | ``` 184 | 185 | To clean ephemeral project files (including built plugins), run in a terminal: 186 | ```shell 187 | $ make clean 188 | ``` 189 | 190 | To bring up the Docker containers running Tyk, run in a terminal: 191 | ```shell 192 | $ make up 193 | ``` 194 | 195 | To bring down the Docker containers running Tyk, run in a terminal: 196 | ```shell 197 | $ make down 198 | ``` 199 | 200 | To get logs from the Docker containers running Tyk, run in a terminal: 201 | ```shell 202 | $ make logs 203 | ``` 204 | 205 | To get the current status of the Docker containers running Tyk, run in a terminal: 206 | ```shell 207 | $ make status 208 | ``` 209 | -------------------------------------------------------------------------------- /deployments/otel/confs/otel-collector.yml: -------------------------------------------------------------------------------- 1 | receivers: 2 | otlp: 3 | protocols: 4 | http: 5 | endpoint: 0.0.0.0:4318 6 | grpc: 7 | endpoint: 0.0.0.0:4317 8 | processors: 9 | batch: 10 | exporters: 11 | jaeger: 12 | endpoint: otel-jaeger-all-in-one:14250 13 | tls: 14 | insecure: true 15 | extensions: 16 | health_check: 17 | pprof: 18 | endpoint: :1888 19 | zpages: 20 | endpoint: :55679 21 | service: 22 | extensions: [pprof, zpages, health_check] 23 | pipelines: 24 | traces: 25 | receivers: [otlp] 26 | processors: [batch] 27 | exporters: [jaeger] -------------------------------------------------------------------------------- /deployments/otel/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | tyk-gateway: 3 | depends_on: 4 | - otel-jaeger-all-in-one 5 | - otel-collector-gateway 6 | environment: 7 | - TYK_GW_OPENTELEMETRY_ENABLED=true 8 | - TYK_GW_OPENTELEMETRY_EXPORTER=grpc 9 | - TYK_GW_OPENTELEMETRY_ENDPOINT=otel-collector-gateway:4317 10 | 11 | otel-jaeger-all-in-one: 12 | image: jaegertracing/all-in-one:1.47 13 | ports: 14 | - "16686:16686" 15 | - "14268" 16 | - "14250" 17 | networks: 18 | - tyk 19 | 20 | otel-collector-gateway: 21 | image: otel/opentelemetry-collector:0.81.0 22 | volumes: 23 | - ./deployments/otel/confs/otel-collector.yml:/etc/otel-collector.yml 24 | command: [ "--config=/etc/otel-collector.yml" ] 25 | ports: 26 | - "1888:1888" # pprof extension 27 | - "13133:13133" # health_check extension 28 | - "4317:4317" # OTLP gRPC receiver 29 | - "4318:4318" # OTLP http receiver 30 | - "55670:55679" # zpages extension 31 | depends_on: 32 | - otel-jaeger-all-in-one 33 | networks: 34 | - tyk 35 | -------------------------------------------------------------------------------- /docker-compose-oss.yml: -------------------------------------------------------------------------------- 1 | version: '3.8' 2 | services: 3 | 4 | tyk-plugin-compiler: 5 | image: tykio/tyk-plugin-compiler:${TYK_VERSION:-v5.2.4} 6 | volumes: 7 | - ./go/src:/plugin-source 8 | 9 | tyk-gateway: 10 | image: tykio/tyk-gateway:${TYK_VERSION:-v5.2.4-amd64} 11 | ports: 12 | - "8080:8080" 13 | volumes: 14 | - ./tyk/bundle:/opt/tyk-gateway/bundle 15 | - ./tyk/middleware:/opt/tyk-gateway/middleware 16 | env_file: 17 | - ./tyk/confs/tyk-oss.env 18 | networks: 19 | - tyk 20 | 21 | tyk-pump: 22 | image: tykio/tyk-pump-docker-pub:v1.8.3 23 | depends_on: 24 | - tyk-gateway 25 | - tyk-redis 26 | env_file: 27 | - ./tyk/confs/pump-oss.env 28 | networks: 29 | - tyk 30 | 31 | tyk-redis: 32 | image: redis 33 | ports: 34 | - "6379:6379" 35 | volumes: 36 | - redis-data:/data 37 | networks: 38 | - tyk 39 | 40 | volumes: 41 | mongo-data: 42 | redis-data: 43 | 44 | networks: 45 | tyk: 46 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | tyk-plugin-compiler: 3 | image: tykio/tyk-plugin-compiler:${TYK_VERSION} 4 | platform: linux/amd64 5 | volumes: 6 | - ./go/src:/plugin-source 7 | 8 | tyk-gateway: 9 | image: tykio/tyk-gateway:${TYK_VERSION} 10 | platform: linux/amd64 11 | ports: 12 | - "8080:8080" 13 | volumes: 14 | - ./tyk/bundle:/opt/tyk-gateway/bundle 15 | - ./tyk/middleware:/opt/tyk-gateway/middleware 16 | env_file: 17 | - ./tyk/confs/tyk.env 18 | environment: 19 | - SOME_CONFIG_DATA=some-config-data-from-env 20 | networks: 21 | - tyk 22 | 23 | tyk-pump: 24 | image: tykio/tyk-pump-docker-pub:v1.8.3 25 | depends_on: 26 | - tyk-gateway 27 | - tyk-mongo 28 | - tyk-redis 29 | env_file: 30 | - ./tyk/confs/pump.env 31 | networks: 32 | - tyk 33 | 34 | tyk-dashboard: 35 | image: tykio/tyk-dashboard:${TYK_VERSION} 36 | depends_on: 37 | - tyk-gateway 38 | - tyk-pump 39 | ports: 40 | - "3000:3000" 41 | env_file: 42 | - ./tyk/confs/tyk_analytics.env 43 | environment: 44 | - TYK_DB_LICENSEKEY=${TYK_LICENSE_KEY} 45 | networks: 46 | - tyk 47 | 48 | tyk-mongo: 49 | image: mongo:4.0 50 | command: [ "mongod", "--smallfiles" ] 51 | ports: 52 | - "27017:27017" 53 | volumes: 54 | - mongo-data:/data/db 55 | networks: 56 | - tyk 57 | 58 | tyk-redis: 59 | image: redis 60 | ports: 61 | - "6379:6379" 62 | volumes: 63 | - redis-data:/data 64 | networks: 65 | - tyk 66 | 67 | volumes: 68 | mongo-data: 69 | redis-data: 70 | 71 | networks: 72 | tyk: 73 | -------------------------------------------------------------------------------- /go/src/CustomGoPlugin.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "io/ioutil" 5 | "net/http" 6 | 7 | "github.com/TykTechnologies/opentelemetry/trace" 8 | "github.com/TykTechnologies/tyk/apidef/oas" 9 | "github.com/TykTechnologies/tyk/ctx" 10 | 11 | "github.com/TykTechnologies/tyk/log" 12 | "github.com/TykTechnologies/tyk/user" 13 | ) 14 | 15 | var logger = log.Get() 16 | 17 | // AddFooBarHeader adds custom "Foo: Bar" header to the request 18 | func AddFooBarHeader(rw http.ResponseWriter, r *http.Request) { 19 | // We create a new span using the context from the incoming request. 20 | _, newSpan := trace.NewSpanFromContext(r.Context(), "", "GoPlugin_first-span") 21 | 22 | // Ensure that the span is properly ended when the function completes. 23 | defer newSpan.End() 24 | 25 | // Set a new name for the span. 26 | newSpan.SetName("AddFooBarHeader Function") 27 | 28 | // Set the status of the span. 29 | newSpan.SetStatus(trace.SPAN_STATUS_OK, "") 30 | 31 | r.Header.Add("X-SimpleHeader-Inject", "foo") 32 | } 33 | 34 | // Custom Auth, applies a rate limit of 35 | // 2 per 10 given a token of "abc" 36 | func AuthCheck(rw http.ResponseWriter, r *http.Request) { 37 | token := r.Header.Get("Authorization") 38 | 39 | _, newSpan := trace.NewSpanFromContext(r.Context(), "", "GoPlugin_custom-auth") 40 | defer newSpan.End() 41 | 42 | if token != "d3fd1a57-94ce-4a36-9dfe-679a8f493b49" && token != "3be61aa4-2490-4637-93b9-105001aa88a5" { 43 | newSpan.SetAttributes(trace.NewAttribute("auth", "failed")) 44 | newSpan.SetStatus(trace.SPAN_STATUS_ERROR, "") 45 | 46 | rw.WriteHeader(http.StatusUnauthorized) 47 | return 48 | } 49 | 50 | newSpan.SetAttributes(trace.NewAttribute("auth", "success")) 51 | newSpan.SetStatus(trace.SPAN_STATUS_OK, "") 52 | 53 | session := &user.SessionState{ 54 | Alias: token, 55 | Rate: 2, 56 | Per: 10, 57 | MetaData: map[string]interface{}{ 58 | token: token, 59 | }, 60 | KeyID: token, 61 | } 62 | 63 | ctx.SetSession(r, session, true) 64 | } 65 | 66 | // Injects meta data from a token where the metadata key is "foo" 67 | func InjectMetadata(rw http.ResponseWriter, r *http.Request) { 68 | session := ctx.GetSession(r) 69 | if session != nil { 70 | // Access session fields such as MetaData 71 | metaData := session.MetaData 72 | foo, ok := metaData["foo"].(string) // Type assert foo to string 73 | if !ok { 74 | // Handle the case where foo is not a string or foo does not exist 75 | logger.Error("Error: 'foo' is not a string or not found in metaData") 76 | return // or continue, depending on your error handling strategy 77 | } 78 | // Process metaData as needed 79 | r.Header.Add("X-Metadata-Inject", foo) 80 | } 81 | } 82 | 83 | // Injects config data, both from an env variable and hard-coded 84 | func InjectConfigData(rw http.ResponseWriter, r *http.Request) { 85 | oasDef := ctx.GetOASDefinition(r) 86 | 87 | // Extract the middleware section safely 88 | xTyk, ok := oasDef.Extensions["x-tyk-api-gateway"].(*oas.XTykAPIGateway) 89 | if !ok { 90 | logger.Println("Middleware extension is missing or invalid.") 91 | return 92 | } 93 | 94 | configKey := xTyk.Middleware.Global.PluginConfig.Data.Value["env-config-example"].(string) 95 | r.Header.Add("X-ConfigData-Config", configKey) 96 | } 97 | 98 | // Injects config data, both from an env variable and hard-coded 99 | func MakeOutboundCall(rw http.ResponseWriter, r *http.Request) { 100 | // Define the URL 101 | url := "https://httpbin.org/get" 102 | 103 | // Create a GET request 104 | response, err := http.Get(url) 105 | if err != nil { 106 | logger.Info("Error making GET request: %s\n", err) 107 | return 108 | } 109 | defer response.Body.Close() 110 | 111 | // Read the response body 112 | responseData, err := ioutil.ReadAll(response.Body) 113 | if err != nil { 114 | logger.Info("Error reading response: %s\n", err) 115 | return 116 | } 117 | 118 | // Print the response body 119 | logger.Info(string(responseData)) 120 | } 121 | 122 | func main() {} 123 | 124 | // This will be run during Gateway startup 125 | func init() { 126 | logger.Info("--- Go custom plugin init success! ---- ") 127 | } 128 | -------------------------------------------------------------------------------- /tyk/bundle/bundle-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script serves a helper script to run the Tyk bundler tool to create a production-ready plugin bundle. 3 | set -euo pipefail; 4 | echo "Building plugin bundle..."; 5 | 6 | # Copy custom plugin to bundle directory 7 | cp /opt/tyk-gateway/middleware/CustomGoPlugin*.so /opt/tyk-gateway/bundle/; 8 | 9 | # Run bundler tool in bundle directory 10 | cd /opt/tyk-gateway/bundle && /opt/tyk-gateway/tyk bundle build -y; 11 | 12 | # Cleanup 13 | rm /opt/tyk-gateway/bundle/CustomGoPlugin*.so; 14 | 15 | # Exit 16 | echo "Done building plugin bundle."; 17 | exit 0; 18 | -------------------------------------------------------------------------------- /tyk/bundle/manifest-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "file_list": [ 3 | "CustomGoPlugin_replace_version_linux_replace_platform.so" 4 | ], 5 | "custom_middleware": { 6 | "pre": [ 7 | { 8 | "name": "AddFooBarHeader", 9 | "path": "CustomGoPlugin.so", 10 | "require_session": false, 11 | "raw_body_only": false 12 | } 13 | ], 14 | "driver": "goplugin", 15 | "id_extractor": { 16 | "extract_from": "", 17 | "extract_with": "", 18 | "extractor_config": {} 19 | } 20 | }, 21 | "checksum": "", 22 | "signature": "" 23 | } 24 | -------------------------------------------------------------------------------- /tyk/confs/pump-oss.env: -------------------------------------------------------------------------------- 1 | TYK_PMP_OMITCONFIGFILE=true 2 | 3 | TYK_PMP_ANALYTICSSTORAGETYPE=redis 4 | TYK_PMP_ANALYTICSSTORAGECONFIG_TYPE=redis 5 | TYK_PMP_ANALYTICSSTORAGECONFIG_HOST=tyk-redis 6 | TYK_PMP_ANALYTICSSTORAGECONFIG_PORT=6379 7 | TYK_PMP_ANALYTICSSTORAGECONFIG_HOSTS= 8 | TYK_PMP_ANALYTICSSTORAGECONFIG_USERNAME= 9 | TYK_PMP_ANALYTICSSTORAGECONFIG_PASSWORD= 10 | TYK_PMP_ANALYTICSSTORAGECONFIG_DATABASE=0 11 | TYK_PMP_ANALYTICSSTORAGECONFIG_MAXIDLE=100 12 | TYK_PMP_ANALYTICSSTORAGECONFIG_MAXACTIVE=100 13 | TYK_PMP_ANALYTICSSTORAGECONFIG_ENABLECLUSTER=false 14 | TYK_PMP_PURGEDELAY=2 15 | 16 | TYK_PMP_PUMPS_STDOUT_TYPE=stdout 17 | TYK_PMP_PUMPS_STDOUT_META_LOGFIELDNAME=tyk-analytics-record 18 | TYK_PMP_PUMPS_STDOUT_META_FORMAT=json 19 | 20 | TYK_PMP_DONTPURGEUPTIMEDATA=true 21 | -------------------------------------------------------------------------------- /tyk/confs/pump.env: -------------------------------------------------------------------------------- 1 | TYK_PMP_OMITCONFIGFILE=true 2 | 3 | TYK_PMP_ANALYTICSSTORAGETYPE=redis 4 | TYK_PMP_ANALYTICSSTORAGECONFIG_TYPE=redis 5 | TYK_PMP_ANALYTICSSTORAGECONFIG_HOST=tyk-redis 6 | TYK_PMP_ANALYTICSSTORAGECONFIG_PORT=6379 7 | TYK_PMP_ANALYTICSSTORAGECONFIG_HOSTS= 8 | TYK_PMP_ANALYTICSSTORAGECONFIG_USERNAME= 9 | TYK_PMP_ANALYTICSSTORAGECONFIG_PASSWORD= 10 | TYK_PMP_ANALYTICSSTORAGECONFIG_DATABASE=0 11 | TYK_PMP_ANALYTICSSTORAGECONFIG_MAXIDLE=100 12 | TYK_PMP_ANALYTICSSTORAGECONFIG_MAXACTIVE=100 13 | TYK_PMP_ANALYTICSSTORAGECONFIG_ENABLECLUSTER=false 14 | TYK_PMP_PURGEDELAY=2 15 | 16 | TYK_PMP_PUMPS_MONGO_TYPE=mongo 17 | TYK_PMP_PUMPS_MONGO_META_COLLECTIONNAME=tyk_analytics 18 | TYK_PMP_PUMPS_MONGO_META_MONGOURL=mongodb://tyk-mongo:27017/tyk_analytics 19 | TYK_PMP_PUMPS_MONGO_META_MAXINSERTBATCHSIZEBYTES=80000 20 | TYK_PMP_PUMPS_MONGO_META_MAXDOCUMENTSIZEBYTES=20112 21 | 22 | TYK_PMP_PUMPS_MONGOAGG_TYPE=mongo-pump-aggregate 23 | TYK_PMP_PUMPS_MONGOAGG_META_MONGOURL=mongodb://tyk-mongo:27017/tyk_analytics 24 | TYK_PMP_PUMPS_MONGOAGG_META_USEMIXEDCOLLECTION=true 25 | 26 | TYK_PMP_UPTIMEPUMPCONFIG_COLLECTIONNAME=tyk_uptime_analytics 27 | TYK_PMP_UPTIMEPUMPCONFIG_MONGOURL=mongodb://tyk-mongo:27017/tyk_analytics 28 | TYK_PMP_UPTIMEPUMPCONFIG_MAXINSERTBATCHSIZEBYTES=500000 29 | TYK_PMP_UPTIMEPUMPCONFIG_MAXDOCUMENTSIZEBYTES=200000 30 | TYK_PMP_DONTPURGEUPTIMEDATA=false 31 | -------------------------------------------------------------------------------- /tyk/confs/tyk-oss.env: -------------------------------------------------------------------------------- 1 | ### Server Settings 2 | TYK_GW_LISTENPORT=8080 3 | TYK_GW_SECRET=352d20ee67be67f6340b4c0605b044b7 4 | TYK_GW_NODESECRET=352d20ee67be67f6340b4c0605b044b7 5 | 6 | ### Tyk GW operating mode (OSS / Pro) 7 | TYK_GW_POLICIES_POLICYSOURCE=file 8 | TYK_GW_POLICIES_POLICYRECORDNAME=tyk_policies 9 | TYK_GW_POLICIES_ALLOWEXPLICITPOLICYID=true 10 | TYK_GW_USEDBAPPCONFIGS=false 11 | 12 | ### Templates & Custom Plugins 13 | TYK_GW_TEMPLATEPATH=./templates 14 | TYK_GW_TYKJSPATH=./js/tyk.js 15 | TYK_GW_MIDDLEWAREPATH=./middleware 16 | TYK_GW_APPPATH=./apps/ 17 | TYK_GW_ENABLEJSVM=true 18 | TYK_GW_COPROCESSOPTIONS_ENABLECOPROCESS=false 19 | TYK_GW_COPROCESSOPTIONS_COPROCESSGRPCSERVER=tcp://localhost:5555 20 | 21 | ### Redis Connection Details 22 | TYK_GW_STORAGE_TYPE=redis 23 | TYK_GW_STORAGE_HOST=tyk-redis 24 | TYK_GW_STORAGE_PORT=6379 25 | TYK_GW_STORAGE_HOSTS= 26 | TYK_GW_STORAGE_USERNAME= 27 | TYK_GW_STORAGE_PASSWORD= 28 | TYK_GW_STORAGE_DATABASE=0 29 | TYK_GW_STORAGE_MAXIDLE=3000 30 | TYK_GW_STORAGE_MAXACTIVE=5000 31 | TYK_GW_STORAGE_ENABLECLUSTER=false 32 | 33 | ### Advanced Server & SSL Settings 34 | TYK_GW_ENABLECUSTOMDOMAINS=true 35 | TYK_GW_HTTPSERVEROPTIONS_READTIMEOUT=0 36 | TYK_GW_HTTPSERVEROPTIONS_WRITETIMEOUT=0 37 | TYK_GW_HTTPSERVEROPTIONS_USESSL=false 38 | TYK_GW_HTTPSERVEROPTIONS_USELE_SSL=false 39 | TYK_GW_HTTPSERVEROPTIONS_ENABLEWEBSOCKETS=true 40 | TYK_GW_HTTPSERVEROPTIONS_SERVERNAME= 41 | TYK_GW_HTTPSERVEROPTIONS_MINVERSION=0 42 | TYK_GW_HTTPSERVEROPTIONS_FLUSHINTERVAL=0 43 | 44 | ### Analytics 45 | TYK_GW_ENABLEANALYTICS=true 46 | TYK_GW_ANALYTICSCONFIG_TYPE=mongo 47 | TYK_GW_ANALYTICSCONFIG_ENABLEDETAILEDRECORDING=true 48 | TYK_GW_ANALYTICSCONFIG_ENABLEGEOIP=false 49 | TYK_GW_ANALYTICSCONFIG_GEOIPDBLOCATION=./GeoLite2-City.mmdb 50 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_ENABLED=true 51 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_NORMALISEUUIDS=true 52 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_NORMALISENUMBERS=true 53 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_CUSTOM= 54 | 55 | ### Other defaults 56 | TYK_GW_ENABLESEPERATECACHESTORE=false 57 | TYK_GW_HEALTHCHECK_ENABLEHEALTHCHECKS=false 58 | TYK_GW_HEALTHCHECK_HEALTHCHECKVALUETIMEOUT=0 59 | TYK_GW_ALLOWMASTERKEYS=false 60 | TYK_GW_HASHKEYS=true 61 | TYK_GW_HASHKEYFUNCTION=murmur64 62 | TYK_GW_ENABLEHASHEDKEYSLISTING=true 63 | TYK_GW_SUPPRESSREDISSIGNALRELOAD=false 64 | TYK_GW_SUPRESSDEFAULTORGSTORE=false 65 | TYK_GW_USEREDISLOG=true 66 | TYK_GW_SENTRYCODE= 67 | TYK_GW_USESENTRY=false 68 | TYK_GW_USESYSLOG=false 69 | TYK_GW_USEGRAYLOG=false 70 | TYK_GW_USELOGSTASH=false 71 | TYK_GW_GRAYLOGNETWORKADDR= 72 | TYK_GW_LOGSTASHNETWORKADDR= 73 | TYK_GW_SYSLOGTRANSPORT= 74 | TYK_GW_LOGSTASHTRANSPORT= 75 | TYK_GW_SYSLOGNETWORKADDR= 76 | TYK_GW_ENFORCEORGDATAAGE=true 77 | TYK_GW_ENFORCEORGDATADETAILLOGGING=false 78 | TYK_GW_ENFORCEORGQUOTAS=true 79 | TYK_GW_EXPERIMENTALPROCESSORGOFFTHREAD=false 80 | TYK_GW_ENABLENONTRANSACTIONALRATELIMITER=true 81 | TYK_GW_DRLENABLESENTINELRATELIMITER=false 82 | TYK_GW_MONITOR_ENABLETRIGGERMONITORS=false 83 | TYK_GW_MONITOR_CONFIG_METHOD= 84 | TYK_GW_MONITOR_CONFIG_TARGETPATH= 85 | TYK_GW_MONITOR_CONFIG_TEMPLATEPATH= 86 | TYK_GW_MONITOR_CONFIG_HEADERLIST= 87 | TYK_GW_MONITOR_CONFIG_EVENTTIMEOUT=0 88 | TYK_GW_MONITOR_GLOBALTRIGGERLIMIT=0 89 | TYK_GW_MONITOR_MONITORUSERKEYS=false 90 | TYK_GW_MONITOR_MONITORORGKEYS=false 91 | TYK_GW_OAUTHREFRESHEXPIRE=0 92 | TYK_GW_OAUTHTOKENEXPIRE=0 93 | TYK_GW_OAUTHREDIRECTURISEPARATOR=; 94 | TYK_GW_SLAVEOPTIONS_USERPC=false 95 | TYK_GW_SLAVEOPTIONS_CONNECTIONSTRING= 96 | TYK_GW_SLAVEOPTIONS_RPCKEY= 97 | TYK_GW_SLAVEOPTIONS_APIKEY= 98 | TYK_GW_SLAVEOPTIONS_ENABLERPCCACHE=false 99 | TYK_GW_SLAVEOPTIONS_BINDTOSLUGSINSTEADOFLISTENPATHS=false 100 | TYK_GW_SLAVEOPTIONS_DISABLEKEYSPACESYNC=false 101 | TYK_GW_SLAVEOPTIONS_GROUPID= 102 | TYK_GW_DISABLEVIRTUALPATHBLOBS=false 103 | TYK_GW_LOCALSESSIONCACHE_DISABLECACHESESSIONSTATE=true 104 | TYK_GW_LOCALSESSIONCACHE_CACHEDSESSIONTIMEOUT=0 105 | TYK_GW_LOCALSESSIONCACHE_CACHESESSIONEVICTION=0 106 | TYK_GW_SERVICEDISCOVERY_DEFAULTCACHETIMEOUT=0 107 | TYK_GW_CLOSECONNECTIONS=false 108 | TYK_GW_AUTHOVERRIDE_FORCEAUTHPROVIDER=false 109 | TYK_GW_AUTHOVERRIDE_AUTHPROVIDER_NAME= 110 | TYK_GW_AUTHOVERRIDE_AUTHPROVIDER_STORAGEENGINE= 111 | TYK_GW_AUTHOVERRIDE_AUTHPROVIDER_META= 112 | TYK_GW_AUTHOVERRIDE_FORCESESSIONPROVIDER=false 113 | TYK_GW_AUTHOVERRIDE_SESSIONPROVIDER_NAME= 114 | TYK_GW_AUTHOVERRIDE_SESSIONPROVIDER_STORAGEENGINE= 115 | TYK_GW_AUTHOVERRIDE_SESSIONPROVIDER_META= 116 | TYK_GW_UPTIMETESTS_DISABLE=true 117 | TYK_GW_UPTIMETESTS_CONFIG_FAILURETRIGGERSAMPLESIZE=1 118 | TYK_GW_UPTIMETESTS_CONFIG_TIMEWAIT=2 119 | TYK_GW_UPTIMETESTS_CONFIG_CHECKERPOOLSIZE=50 120 | TYK_GW_UPTIMETESTS_CONFIG_ENABLEUPTIMEANALYTICS=true 121 | TYK_GW_CONTROLAPIHOSTNAME= 122 | TYK_GW_HIDEGENERATORHEADER=false 123 | TYK_GW_EVENTHANDLERS_EVENTS= 124 | TYK_GW_EVENTTRIGGERS= 125 | TYK_GW_PIDFILELOCATION=./tyk-gateway.pid 126 | TYK_GW_ALLOWINSECURECONFIGS=true 127 | TYK_GW_PUBLICKEYPATH= 128 | TYK_GW_ALLOWREMOTECONFIG=true 129 | TYK_GW_ENABLEBUNDLEDOWNLOADER=true 130 | TYK_GW_BUNDLEBASEURL=https://myhost 131 | TYK_GW_MAXIDLECONNSPERHOST=500 -------------------------------------------------------------------------------- /tyk/confs/tyk.env: -------------------------------------------------------------------------------- 1 | ### Server Settings 2 | TYK_GW_LISTENPORT=8080 3 | TYK_GW_SECRET=352d20ee67be67f6340b4c0605b044b7 4 | TYK_GW_NODESECRET=352d20ee67be67f6340b4c0605b044b7 5 | 6 | ### Gateway (incl Plugins) Log Level 7 | TYK_LOGLEVEL=debug 8 | 9 | ### Tyk GW operating mode (OSS / Pro) 10 | TYK_GW_POLICIES_POLICYSOURCE=service 11 | TYK_GW_POLICIES_POLICYCONNECTIONSTRING=http://tyk-dashboard:3000 12 | TYK_GW_POLICIES_POLICYRECORDNAME=tyk_policies 13 | TYK_GW_POLICIES_ALLOWEXPLICITPOLICYID=true 14 | TYK_GW_USEDBAPPCONFIGS=true 15 | TYK_GW_DBAPPCONFOPTIONS_CONNECTIONSTRING=http://tyk-dashboard:3000 16 | TYK_GW_DBAPPCONFOPTIONS_NODEISSEGMENTED=false 17 | TYK_GW_DBAPPCONFOPTIONS_TAGS= 18 | TYK_GW_DISABLEDASHBOARDZEROCONF=false 19 | 20 | ### Templates & Custom Plugins 21 | TYK_GW_TEMPLATEPATH=./templates 22 | TYK_GW_TYKJSPATH=./js/tyk.js 23 | TYK_GW_MIDDLEWAREPATH=./middleware 24 | TYK_GW_APPPATH=./test_apps/ 25 | TYK_GW_ENABLEJSVM=true 26 | TYK_GW_COPROCESSOPTIONS_ENABLECOPROCESS=false 27 | TYK_GW_COPROCESSOPTIONS_COPROCESSGRPCSERVER=tcp://localhost:5555 28 | 29 | ### Redis Connection Details 30 | TYK_GW_STORAGE_TYPE=redis 31 | TYK_GW_STORAGE_HOST=tyk-redis 32 | TYK_GW_STORAGE_PORT=6379 33 | TYK_GW_STORAGE_HOSTS= 34 | TYK_GW_STORAGE_USERNAME= 35 | TYK_GW_STORAGE_PASSWORD= 36 | TYK_GW_STORAGE_DATABASE=0 37 | TYK_GW_STORAGE_MAXIDLE=3000 38 | TYK_GW_STORAGE_MAXACTIVE=5000 39 | TYK_GW_STORAGE_ENABLECLUSTER=false 40 | 41 | ### Advanced Server & SSL Settings 42 | TYK_GW_HOSTNAME=localhost 43 | TYK_GW_ENABLECUSTOMDOMAINS=true 44 | TYK_GW_HTTPSERVEROPTIONS_READTIMEOUT=0 45 | TYK_GW_HTTPSERVEROPTIONS_WRITETIMEOUT=0 46 | TYK_GW_HTTPSERVEROPTIONS_USESSL=false 47 | TYK_GW_HTTPSERVEROPTIONS_USELE_SSL=false 48 | TYK_GW_HTTPSERVEROPTIONS_ENABLEWEBSOCKETS=true 49 | TYK_GW_HTTPSERVEROPTIONS_SERVERNAME= 50 | TYK_GW_HTTPSERVEROPTIONS_MINVERSION=0 51 | TYK_GW_HTTPSERVEROPTIONS_FLUSHINTERVAL=0 52 | 53 | ### Analytics 54 | TYK_GW_ENABLEANALYTICS=true 55 | TYK_GW_ANALYTICSCONFIG_TYPE=mongo 56 | TYK_GW_ANALYTICSCONFIG_ENABLEDETAILEDRECORDING=false 57 | TYK_GW_ANALYTICSCONFIG_ENABLEGEOIP=false 58 | TYK_GW_ANALYTICSCONFIG_GEOIPDBLOCATION=./GeoLite2-City.mmdb 59 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_ENABLED=true 60 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_NORMALISEUUIDS=true 61 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_NORMALISENUMBERS=true 62 | TYK_GW_ANALYTICSCONFIG_NORMALISEURLS_CUSTOM= 63 | 64 | ### Other defaults 65 | TYK_GW_ENABLESEPERATECACHESTORE=false 66 | TYK_GW_HEALTHCHECK_ENABLEHEALTHCHECKS=false 67 | TYK_GW_HEALTHCHECK_HEALTHCHECKVALUETIMEOUT=0 68 | TYK_GW_ALLOWMASTERKEYS=false 69 | TYK_GW_HASHKEYS=true 70 | TYK_GW_HASHKEYFUNCTION=murmur64 71 | TYK_GW_ENABLEHASHEDKEYSLISTING=true 72 | TYK_GW_SUPPRESSREDISSIGNALRELOAD=false 73 | TYK_GW_SUPRESSDEFAULTORGSTORE=false 74 | TYK_GW_USEREDISLOG=true 75 | TYK_GW_SENTRYCODE= 76 | TYK_GW_USESENTRY=false 77 | TYK_GW_USESYSLOG=false 78 | TYK_GW_USEGRAYLOG=false 79 | TYK_GW_USELOGSTASH=false 80 | TYK_GW_GRAYLOGNETWORKADDR= 81 | TYK_GW_LOGSTASHNETWORKADDR= 82 | TYK_GW_SYSLOGTRANSPORT= 83 | TYK_GW_LOGSTASHTRANSPORT= 84 | TYK_GW_SYSLOGNETWORKADDR= 85 | TYK_GW_ENFORCEORGDATAAGE=true 86 | TYK_GW_ENFORCEORGDATADETAILLOGGING=false 87 | TYK_GW_ENFORCEORGQUOTAS=true 88 | TYK_GW_EXPERIMENTALPROCESSORGOFFTHREAD=false 89 | TYK_GW_ENABLENONTRANSACTIONALRATELIMITER=true 90 | TYK_GW_DRLENABLESENTINELRATELIMITER=false 91 | TYK_GW_MONITOR_ENABLETRIGGERMONITORS=false 92 | TYK_GW_MONITOR_CONFIG_METHOD= 93 | TYK_GW_MONITOR_CONFIG_TARGETPATH= 94 | TYK_GW_MONITOR_CONFIG_TEMPLATEPATH= 95 | TYK_GW_MONITOR_CONFIG_HEADERLIST= 96 | TYK_GW_MONITOR_CONFIG_EVENTTIMEOUT=0 97 | TYK_GW_MONITOR_GLOBALTRIGGERLIMIT=0 98 | TYK_GW_MONITOR_MONITORUSERKEYS=false 99 | TYK_GW_MONITOR_MONITORORGKEYS=false 100 | TYK_GW_OAUTHREFRESHEXPIRE=0 101 | TYK_GW_OAUTHTOKENEXPIRE=0 102 | TYK_GW_OAUTHREDIRECTURISEPARATOR=; 103 | TYK_GW_SLAVEOPTIONS_USERPC=false 104 | TYK_GW_SLAVEOPTIONS_CONNECTIONSTRING= 105 | TYK_GW_SLAVEOPTIONS_RPCKEY= 106 | TYK_GW_SLAVEOPTIONS_APIKEY= 107 | TYK_GW_SLAVEOPTIONS_ENABLERPCCACHE=false 108 | TYK_GW_SLAVEOPTIONS_BINDTOSLUGSINSTEADOFLISTENPATHS=false 109 | TYK_GW_SLAVEOPTIONS_DISABLEKEYSPACESYNC=false 110 | TYK_GW_SLAVEOPTIONS_GROUPID= 111 | TYK_GW_DISABLEVIRTUALPATHBLOBS=false 112 | TYK_GW_LOCALSESSIONCACHE_DISABLECACHESESSIONSTATE=true 113 | TYK_GW_LOCALSESSIONCACHE_CACHEDSESSIONTIMEOUT=0 114 | TYK_GW_LOCALSESSIONCACHE_CACHESESSIONEVICTION=0 115 | TYK_GW_SERVICEDISCOVERY_DEFAULTCACHETIMEOUT=0 116 | TYK_GW_CLOSECONNECTIONS=false 117 | TYK_GW_AUTHOVERRIDE_FORCEAUTHPROVIDER=false 118 | TYK_GW_AUTHOVERRIDE_AUTHPROVIDER_NAME= 119 | TYK_GW_AUTHOVERRIDE_AUTHPROVIDER_STORAGEENGINE= 120 | TYK_GW_AUTHOVERRIDE_AUTHPROVIDER_META= 121 | TYK_GW_AUTHOVERRIDE_FORCESESSIONPROVIDER=false 122 | TYK_GW_AUTHOVERRIDE_SESSIONPROVIDER_NAME= 123 | TYK_GW_AUTHOVERRIDE_SESSIONPROVIDER_STORAGEENGINE= 124 | TYK_GW_AUTHOVERRIDE_SESSIONPROVIDER_META= 125 | TYK_GW_UPTIMETESTS_DISABLE=true 126 | TYK_GW_UPTIMETESTS_CONFIG_FAILURETRIGGERSAMPLESIZE=1 127 | TYK_GW_UPTIMETESTS_CONFIG_TIMEWAIT=2 128 | TYK_GW_UPTIMETESTS_CONFIG_CHECKERPOOLSIZE=50 129 | TYK_GW_UPTIMETESTS_CONFIG_ENABLEUPTIMEANALYTICS=true 130 | TYK_GW_CONTROLAPIHOSTNAME= 131 | TYK_GW_HIDEGENERATORHEADER=false 132 | TYK_GW_EVENTHANDLERS_EVENTS= 133 | TYK_GW_EVENTTRIGGERS= 134 | TYK_GW_PIDFILELOCATION=./tyk-gateway.pid 135 | TYK_GW_ALLOWINSECURECONFIGS=true 136 | TYK_GW_PUBLICKEYPATH= 137 | TYK_GW_ALLOWREMOTECONFIG=true 138 | TYK_GW_ENABLEBUNDLEDOWNLOADER=true 139 | TYK_GW_BUNDLEBASEURL=https://myhost 140 | TYK_GW_MAXIDLECONNSPERHOST=500 141 | -------------------------------------------------------------------------------- /tyk/confs/tyk_analytics.env: -------------------------------------------------------------------------------- 1 | ### Server Settings 2 | TYK_DB_LISTENPORT=3000 3 | TYK_DB_ADMINSECRET=12345 4 | 5 | ### Tyk Gateway Connection Details 6 | TYK_DB_TYKAPI_HOST=http://tyk-gateway 7 | TYK_DB_TYKAPI_PORT=8080 8 | TYK_DB_TYKAPI_SECRET=352d20ee67be67f6340b4c0605b044b7 9 | TYK_DB_NODESECRET=352d20ee67be67f6340b4c0605b044b7 10 | 11 | ### Dashboard DB Connection Details 12 | TYK_DB_MONGOURL=mongodb://tyk-mongo:27017/tyk_analytics 13 | 14 | ### Redis Connection Details 15 | TYK_DB_REDISPORT=6379 16 | TYK_DB_REDISHOST=tyk-redis 17 | TYK_DB_REDISPASSWORD= 18 | TYK_DB_ENABLECLUSTER=false 19 | TYK_DB_REDISDATABASE=0 20 | 21 | ### Advanced Server Settings + SSL 22 | TYK_DB_HOSTCONFIG_ENABLEHOSTNAMES=true 23 | TYK_DB_HOSTCONFIG_DISABLEORGSLUGPREFIX=true 24 | TYK_DB_HOSTCONFIG_HOSTNAME=localhost 25 | TYK_DB_HOSTCONFIG_GATEWAYHOSTNAME=localhost:8080 26 | TYK_DB_HOSTCONFIG_PORTALROOTPATH=/portal 27 | TYK_DB_HOSTCONFIG_PORTALDOMAINS= 28 | TYK_DB_HOSTCONFIG_GENERATEHTTPS=false 29 | TYK_DB_HOSTCONFIG_USESTRICT=false 30 | TYK_DB_HTTPSERVEROPTIONS_USESSL=false 31 | TYK_DB_HTTPSERVEROPTIONS_MINVERSION=0 32 | 33 | ### Other Defaults 34 | TYK_DB_PAGESIZE=10 35 | TYK_DB_FORCEAPIDEFAULTS=false 36 | TYK_DB_NOTIFYONCHANGE=true 37 | TYK_DB_HOSTS= 38 | TYK_DB_HASHKEYS=true 39 | TYK_DB_ENABLEDELETEKEYBYHASH=true 40 | TYK_DB_ENABLEUPDATEKEYBYHASH=true 41 | TYK_DB_ENABLEHASHEDKEYSLISTING=true 42 | TYK_DB_EMAILBACKEND_ENABLEEMAILNOTIFICATIONS=false 43 | TYK_DB_EMAILBACKEND_CODE=sendgrid 44 | TYK_DB_EMAILBACKEND_SETTINGS= 45 | TYK_DB_EMAILBACKEND_DEFAULTFROMEMAIL=you@somewhere.com 46 | TYK_DB_EMAILBACKEND_DEFAULTFROMNAME=Some Person 47 | TYK_DB_HIDELISTENPATH=false 48 | TYK_DB_USESENTRY=false 49 | TYK_DB_SENTRYCODE= 50 | TYK_DB_SENTRYJSCODE= 51 | TYK_DB_ENABLEMASTERKEYS=false 52 | TYK_DB_ENABLEDUPLICATESLUGS=true 53 | TYK_DB_SHOWORGID=true 54 | TYK_DB_UI_LANGUAGES=Chinese:cn,English:en,Korean:ko 55 | TYK_DB_UI_HIDEHELP=true 56 | TYK_DB_UI_DEFAULTLANG=en 57 | TYK_DB_UI_LOGINPAGE= 58 | TYK_DB_UI_NAV=dont_show_admin_sockets:false,hide_activity_by_api_section:false,hide_geo:false,hide_licenses_section:false,hide_logs:false,hide_tib_section:false 59 | TYK_DB_UI_UPTIME= 60 | TYK_DB_UI_PORTALSECTION= 61 | TYK_DB_UI_DESIGNER= 62 | TYK_DB_UI_DONTSHOWADMINSOCKETMESSAGES=false 63 | TYK_DB_UI_DONTALLOWLICENSEMANAGEMENT=false 64 | TYK_DB_UI_DONTALLOWLICENSEMANAGEMENTVIEW=false 65 | TYK_DB_HOMEDIR=/opt/tyk-dashboard 66 | TYK_DB_USESHARDEDANLAYTICS=false 67 | TYK_DB_ENABLEAGGREGATELOOKUPS=true 68 | TYK_DB_AGGREGATELOOKUPCUTOFF=26/05/2016 69 | TYK_DB_MAINTENANCEMODE=false 70 | TYK_DB_ALLOWEXPLICITPOLICYID=true 71 | TYK_DB_PRIVATEKEYPATH= 72 | TYK_DB_NODESCHEMADIR= 73 | TYK_DB_OAUTHREDIRECTURISEPARATOR=; 74 | TYK_DB_STATSDCONNECTIONSTRING= 75 | TYK_DB_STATSDPREFIX= -------------------------------------------------------------------------------- /tyk/middleware/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TykTechnologies/custom-go-plugin/5f2fcd41c41ef4a1d410eb6bd8b668482c3f7369/tyk/middleware/.gitkeep -------------------------------------------------------------------------------- /tyk/scripts/bootstrap-oss.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ./tyk/scripts/wait-for-it.sh -t 300 localhost:8080 3 | sleep 1; 4 | status=$(curl -s -o /dev/null -w "%{http_code}" localhost:8080/hello) 5 | 6 | if [ "302" == "$status" ] || [ "200" == "$status" ]; then 7 | 8 | # Create httpbin API 9 | curl -s -X POST localhost:8080/tyk/apis \ 10 | --header "X-Tyk-Authorization: 352d20ee67be67f6340b4c0605b044b7" \ 11 | --data "{ 12 | \"jwt_issued_at_validation_skew\": 0, 13 | \"upstream_certificates\": {}, 14 | \"use_keyless\": true, 15 | \"enable_coprocess_auth\": false, 16 | \"base_identity_provided_by\": \"\", 17 | \"custom_middleware\": { 18 | \"pre\": [ 19 | { 20 | \"name\": \"AddFooBarHeader\", 21 | \"path\": \"/opt/tyk-gateway/middleware/CustomGoPlugin.so\", 22 | \"require_session\": false, 23 | \"raw_body_only\": false 24 | } 25 | ], 26 | \"post\": [], 27 | \"post_key_auth\": [], 28 | \"auth_check\": { 29 | \"name\": \"\", 30 | \"path\": \"\", 31 | \"require_session\": false, 32 | \"raw_body_only\": false 33 | }, 34 | \"response\": [], 35 | \"driver\": \"goplugin\", 36 | \"id_extractor\": { 37 | \"extract_from\": \"\", 38 | \"extract_with\": \"\", 39 | \"extractor_config\": {} 40 | } 41 | }, 42 | \"disable_quota\": false, 43 | \"custom_middleware_bundle\": \"\", 44 | \"cache_options\": { 45 | \"cache_timeout\": 60, 46 | \"enable_cache\": true, 47 | \"cache_all_safe_requests\": false, 48 | \"cache_response_codes\": [], 49 | \"enable_upstream_cache_control\": false, 50 | \"cache_control_ttl_header\": \"\", 51 | \"cache_by_headers\": [] 52 | }, 53 | \"enable_ip_blacklisting\": false, 54 | \"tag_headers\": [], 55 | \"jwt_scope_to_policy_mapping\": {}, 56 | \"pinned_public_keys\": {}, 57 | \"expire_analytics_after\": 0, 58 | \"external_oauth\": { 59 | \"enabled\": false, 60 | \"providers\": [] 61 | }, 62 | \"domain\": \"\", 63 | \"openid_options\": { 64 | \"providers\": [], 65 | \"segregate_by_client\": false 66 | }, 67 | \"jwt_policy_field_name\": \"\", 68 | \"enable_proxy_protocol\": false, 69 | \"jwt_default_policies\": [], 70 | \"active\": true, 71 | \"jwt_expires_at_validation_skew\": 0, 72 | \"config_data\": {}, 73 | \"notifications\": { 74 | \"shared_secret\": \"\", 75 | \"oauth_on_keychange_url\": \"\" 76 | }, 77 | \"jwt_client_base_field\": \"\", 78 | \"auth\": { 79 | \"disable_header\": false, 80 | \"auth_header_name\": \"Authorization\", 81 | \"cookie_name\": \"\", 82 | \"name\": \"\", 83 | \"validate_signature\": false, 84 | \"use_param\": false, 85 | \"signature\": { 86 | \"algorithm\": \"\", 87 | \"header\": \"\", 88 | \"use_param\": false, 89 | \"param_name\": \"\", 90 | \"secret\": \"\", 91 | \"allowed_clock_skew\": 0, 92 | \"error_code\": 0, 93 | \"error_message\": \"\" 94 | }, 95 | \"use_cookie\": false, 96 | \"param_name\": \"\", 97 | \"use_certificate\": false 98 | }, 99 | \"check_host_against_uptime_tests\": false, 100 | \"auth_provider\": { 101 | \"name\": \"\", 102 | \"storage_engine\": \"\", 103 | \"meta\": {} 104 | }, 105 | \"blacklisted_ips\": [], 106 | \"graphql\": { 107 | \"schema\": \"\", 108 | \"enabled\": false, 109 | \"engine\": { 110 | \"field_configs\": [], 111 | \"data_sources\": [] 112 | }, 113 | \"type_field_configurations\": [], 114 | \"execution_mode\": \"proxyOnly\", 115 | \"proxy\": { 116 | \"auth_headers\": {} 117 | }, 118 | \"subgraph\": { 119 | \"sdl\": \"\" 120 | }, 121 | \"supergraph\": { 122 | \"subgraphs\": [], 123 | \"merged_sdl\": \"\", 124 | \"global_headers\": {}, 125 | \"disable_query_batching\": false 126 | }, 127 | \"version\": \"2\", 128 | \"playground\": { 129 | \"enabled\": false, 130 | \"path\": \"\" 131 | } 132 | }, 133 | \"hmac_allowed_clock_skew\": -1, 134 | \"dont_set_quota_on_create\": false, 135 | \"uptime_tests\": { 136 | \"check_list\": [], 137 | \"config\": { 138 | \"expire_utime_after\": 0, 139 | \"service_discovery\": { 140 | \"use_discovery_service\": false, 141 | \"query_endpoint\": \"\", 142 | \"use_nested_query\": false, 143 | \"parent_data_path\": \"\", 144 | \"data_path\": \"\", 145 | \"cache_timeout\": 60 146 | }, 147 | \"recheck_wait\": 0 148 | } 149 | }, 150 | \"enable_jwt\": false, 151 | \"do_not_track\": false, 152 | \"name\": \"httpbin\", 153 | \"slug\": \"httpbin\", 154 | \"analytics_plugin\": {}, 155 | \"oauth_meta\": { 156 | \"allowed_access_types\": [], 157 | \"allowed_authorize_types\": [], 158 | \"auth_login_redirect\": \"\" 159 | }, 160 | \"CORS\": { 161 | \"enable\": false, 162 | \"max_age\": 24, 163 | \"allow_credentials\": false, 164 | \"exposed_headers\": [], 165 | \"allowed_headers\": [ 166 | \"Origin\", 167 | \"Accept\", 168 | \"Content-Type\", 169 | \"X-Requested-With\", 170 | \"Authorization\" 171 | ], 172 | \"options_passthrough\": false, 173 | \"debug\": false, 174 | \"allowed_origins\": [ 175 | \"*\" 176 | ], 177 | \"allowed_methods\": [ 178 | \"GET\", 179 | \"POST\", 180 | \"HEAD\" 181 | ] 182 | }, 183 | \"event_handlers\": { 184 | \"events\": {} 185 | }, 186 | \"proxy\": { 187 | \"target_url\": \"http://httpbin.org/\", 188 | \"service_discovery\": { 189 | \"endpoint_returns_list\": false, 190 | \"cache_timeout\": 0, 191 | \"parent_data_path\": \"\", 192 | \"query_endpoint\": \"\", 193 | \"use_discovery_service\": false, 194 | \"_sd_show_port_path\": false, 195 | \"target_path\": \"\", 196 | \"use_target_list\": false, 197 | \"use_nested_query\": false, 198 | \"data_path\": \"\", 199 | \"port_data_path\": \"\" 200 | }, 201 | \"check_host_against_uptime_tests\": false, 202 | \"transport\": { 203 | \"ssl_insecure_skip_verify\": false, 204 | \"ssl_min_version\": 0, 205 | \"proxy_url\": \"\", 206 | \"ssl_ciphers\": [] 207 | }, 208 | \"target_list\": [], 209 | \"preserve_host_header\": false, 210 | \"strip_listen_path\": true, 211 | \"enable_load_balancing\": false, 212 | \"listen_path\": \"/httpbin/\", 213 | \"disable_strip_slash\": true 214 | }, 215 | \"client_certificates\": [], 216 | \"use_basic_auth\": false, 217 | \"version_data\": { 218 | \"not_versioned\": true, 219 | \"default_version\": \"\", 220 | \"versions\": { 221 | \"Default\": { 222 | \"name\": \"Default\", 223 | \"expires\": \"\", 224 | \"paths\": { 225 | \"ignored\": [], 226 | \"white_list\": [], 227 | \"black_list\": [] 228 | }, 229 | \"use_extended_paths\": true, 230 | \"extended_paths\": { 231 | \"ignored\": [], 232 | \"white_list\": [], 233 | \"black_list\": [], 234 | \"transform\": [], 235 | \"transform_response\": [], 236 | \"transform_jq\": [], 237 | \"transform_jq_response\": [], 238 | \"transform_headers\": [], 239 | \"transform_response_headers\": [], 240 | \"hard_timeouts\": [], 241 | \"circuit_breakers\": [], 242 | \"url_rewrites\": [], 243 | \"virtual\": [], 244 | \"size_limits\": [], 245 | \"method_transforms\": [], 246 | \"track_endpoints\": [], 247 | \"do_not_track_endpoints\": [], 248 | \"validate_json\": [], 249 | \"internal\": [], 250 | \"persist_graphql\": [] 251 | }, 252 | \"global_headers\": {}, 253 | \"global_headers_remove\": [], 254 | \"global_response_headers\": {}, 255 | \"global_response_headers_remove\": [], 256 | \"ignore_endpoint_case\": false, 257 | \"global_size_limit\": 0, 258 | \"override_target\": \"\" 259 | } 260 | } 261 | }, 262 | \"jwt_scope_claim_name\": \"\", 263 | \"use_standard_auth\": false, 264 | \"session_lifetime\": 0, 265 | \"hmac_allowed_algorithms\": [], 266 | \"disable_rate_limit\": false, 267 | \"definition\": { 268 | \"enabled\": false, 269 | \"name\": \"\", 270 | \"default\": \"\", 271 | \"location\": \"header\", 272 | \"key\": \"x-api-version\", 273 | \"strip_path\": false, 274 | \"strip_versioning_data\": false, 275 | \"versions\": {} 276 | }, 277 | \"use_oauth2\": false, 278 | \"jwt_source\": \"\", 279 | \"jwt_signing_method\": \"\", 280 | \"jwt_not_before_validation_skew\": 0, 281 | \"use_go_plugin_auth\": false, 282 | \"jwt_identity_base_field\": \"\", 283 | \"allowed_ips\": [], 284 | \"request_signing\": { 285 | \"is_enabled\": false, 286 | \"secret\": \"\", 287 | \"key_id\": \"\", 288 | \"algorithm\": \"\", 289 | \"header_list\": [], 290 | \"certificate_id\": \"\", 291 | \"signature_header\": \"\" 292 | }, 293 | \"enable_ip_whitelisting\": false, 294 | \"global_rate_limit\": { 295 | \"rate\": 0, 296 | \"per\": 0 297 | }, 298 | \"protocol\": \"\", 299 | \"enable_context_vars\": false, 300 | \"tags\": [], 301 | \"basic_auth\": { 302 | \"disable_caching\": false, 303 | \"cache_ttl\": 0, 304 | \"extract_from_body\": false, 305 | \"body_user_regexp\": \"\", 306 | \"body_password_regexp\": \"\" 307 | }, 308 | \"listen_port\": 0, 309 | \"session_provider\": { 310 | \"name\": \"\", 311 | \"storage_engine\": \"\", 312 | \"meta\": {} 313 | }, 314 | \"auth_configs\": { 315 | \"authToken\": { 316 | \"disable_header\": false, 317 | \"auth_header_name\": \"Authorization\", 318 | \"cookie_name\": \"\", 319 | \"name\": \"\", 320 | \"validate_signature\": false, 321 | \"use_param\": false, 322 | \"signature\": { 323 | \"algorithm\": \"\", 324 | \"header\": \"\", 325 | \"use_param\": false, 326 | \"param_name\": \"\", 327 | \"secret\": \"\", 328 | \"allowed_clock_skew\": 0, 329 | \"error_code\": 0, 330 | \"error_message\": \"\" 331 | }, 332 | \"use_cookie\": false, 333 | \"param_name\": \"\", 334 | \"use_certificate\": false 335 | }, 336 | \"basic\": { 337 | \"disable_header\": false, 338 | \"auth_header_name\": \"Authorization\", 339 | \"cookie_name\": \"\", 340 | \"name\": \"\", 341 | \"validate_signature\": false, 342 | \"use_param\": false, 343 | \"signature\": { 344 | \"algorithm\": \"\", 345 | \"header\": \"\", 346 | \"use_param\": false, 347 | \"param_name\": \"\", 348 | \"secret\": \"\", 349 | \"allowed_clock_skew\": 0, 350 | \"error_code\": 0, 351 | \"error_message\": \"\" 352 | }, 353 | \"use_cookie\": false, 354 | \"param_name\": \"\", 355 | \"use_certificate\": false 356 | }, 357 | \"coprocess\": { 358 | \"disable_header\": false, 359 | \"auth_header_name\": \"Authorization\", 360 | \"cookie_name\": \"\", 361 | \"name\": \"\", 362 | \"validate_signature\": false, 363 | \"use_param\": false, 364 | \"signature\": { 365 | \"algorithm\": \"\", 366 | \"header\": \"\", 367 | \"use_param\": false, 368 | \"param_name\": \"\", 369 | \"secret\": \"\", 370 | \"allowed_clock_skew\": 0, 371 | \"error_code\": 0, 372 | \"error_message\": \"\" 373 | }, 374 | \"use_cookie\": false, 375 | \"param_name\": \"\", 376 | \"use_certificate\": false 377 | }, 378 | \"hmac\": { 379 | \"disable_header\": false, 380 | \"auth_header_name\": \"Authorization\", 381 | \"cookie_name\": \"\", 382 | \"name\": \"\", 383 | \"validate_signature\": false, 384 | \"use_param\": false, 385 | \"signature\": { 386 | \"algorithm\": \"\", 387 | \"header\": \"\", 388 | \"use_param\": false, 389 | \"param_name\": \"\", 390 | \"secret\": \"\", 391 | \"allowed_clock_skew\": 0, 392 | \"error_code\": 0, 393 | \"error_message\": \"\" 394 | }, 395 | \"use_cookie\": false, 396 | \"param_name\": \"\", 397 | \"use_certificate\": false 398 | }, 399 | \"jwt\": { 400 | \"disable_header\": false, 401 | \"auth_header_name\": \"Authorization\", 402 | \"cookie_name\": \"\", 403 | \"name\": \"\", 404 | \"validate_signature\": false, 405 | \"use_param\": false, 406 | \"signature\": { 407 | \"algorithm\": \"\", 408 | \"header\": \"\", 409 | \"use_param\": false, 410 | \"param_name\": \"\", 411 | \"secret\": \"\", 412 | \"allowed_clock_skew\": 0, 413 | \"error_code\": 0, 414 | \"error_message\": \"\" 415 | }, 416 | \"use_cookie\": false, 417 | \"param_name\": \"\", 418 | \"use_certificate\": false 419 | }, 420 | \"oauth\": { 421 | \"disable_header\": false, 422 | \"auth_header_name\": \"Authorization\", 423 | \"cookie_name\": \"\", 424 | \"name\": \"\", 425 | \"validate_signature\": false, 426 | \"use_param\": false, 427 | \"signature\": { 428 | \"algorithm\": \"\", 429 | \"header\": \"\", 430 | \"use_param\": false, 431 | \"param_name\": \"\", 432 | \"secret\": \"\", 433 | \"allowed_clock_skew\": 0, 434 | \"error_code\": 0, 435 | \"error_message\": \"\" 436 | }, 437 | \"use_cookie\": false, 438 | \"param_name\": \"\", 439 | \"use_certificate\": false 440 | }, 441 | \"oidc\": { 442 | \"disable_header\": false, 443 | \"auth_header_name\": \"Authorization\", 444 | \"cookie_name\": \"\", 445 | \"name\": \"\", 446 | \"validate_signature\": false, 447 | \"use_param\": false, 448 | \"signature\": { 449 | \"algorithm\": \"\", 450 | \"header\": \"\", 451 | \"use_param\": false, 452 | \"param_name\": \"\", 453 | \"secret\": \"\", 454 | \"allowed_clock_skew\": 0, 455 | \"error_code\": 0, 456 | \"error_message\": \"\" 457 | }, 458 | \"use_cookie\": false, 459 | \"param_name\": \"\", 460 | \"use_certificate\": false 461 | } 462 | }, 463 | \"strip_auth_data\": false, 464 | \"certificates\": [], 465 | \"enable_signature_checking\": false, 466 | \"use_openid\": false, 467 | \"internal\": false, 468 | \"jwt_skip_kid\": false, 469 | \"enable_batch_request_support\": false, 470 | \"enable_detailed_recording\": true, 471 | \"scopes\": { 472 | \"jwt\": {}, 473 | \"oidc\": {} 474 | }, 475 | \"response_processors\": [], 476 | \"use_mutual_tls_auth\": false 477 | }" > /dev/null 478 | 479 | # Create httpbin API 480 | curl -s localhost:8080/tyk/reload \ 481 | --header "X-Tyk-Authorization: 352d20ee67be67f6340b4c0605b044b7" > /dev/null 482 | 483 | fi 484 | -------------------------------------------------------------------------------- /tyk/scripts/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ./tyk/scripts/wait-for-it.sh -t 300 localhost:3000 3 | sleep 1; 4 | status=$(curl -s -o /dev/null -w "%{http_code}" localhost:3000) 5 | 6 | if [ "302" == "$status" ] || [ "200" == "$status" ]; then 7 | source .env 8 | 9 | # Bootstrap Tyk dashboard with default organisation. 10 | curl -s -X POST localhost:3000/bootstrap \ 11 | --data "owner_name=$ORG" \ 12 | --data "owner_slug=$SLUG" \ 13 | --data "email_address=$EMAIL" \ 14 | --data "first_name=$FIRST" \ 15 | --data "last_name=$LAST" \ 16 | --data "password=$PASSWORD" \ 17 | --data "confirm_password=$PASSWORD" \ 18 | --data "terms=on" 19 | 20 | # Get organisation ID. 21 | ORG=$(curl -s -X GET localhost:3000/admin/organisations \ 22 | --header "admin-auth: 12345" | \ 23 | jq -r '.organisations[0].id') 24 | 25 | # Create a new admin user and get user access token. 26 | TOKEN=$(curl -s -X POST localhost:3000/admin/users \ 27 | --header "admin-auth: 12345" \ 28 | --data "{ 29 | \"org_id\": \"$ORG\", 30 | \"first_name\": \"Admin\", 31 | \"last_name\": \"User\", 32 | \"email_address\": \"admin@tyk.io\", 33 | \"active\": true, 34 | \"user_permissions\": { \"IsAdmin\": \"admin\" } 35 | }" | \ 36 | jq -r '.Message') 37 | 38 | # Create httpbin API 39 | curl -s -X POST localhost:3000/api/apis/oas \ 40 | --header "authorization: $TOKEN" \ 41 | --header "Content-Type: application/json" \ 42 | --data "@tyk/scripts/oas.json" > /dev/null 43 | fi 44 | -------------------------------------------------------------------------------- /tyk/scripts/oas.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "title": "json", 4 | "version": "1.0.0" 5 | }, 6 | "openapi": "3.0.3", 7 | "servers": [ 8 | { 9 | "url": "http://localhost:8080/json/" 10 | } 11 | ], 12 | "security": [ 13 | { 14 | "authToken": [] 15 | } 16 | ], 17 | "paths": {}, 18 | "components": { 19 | "securitySchemes": { 20 | "authToken": { 21 | "type": "apiKey", 22 | "in": "header", 23 | "name": "Authorization" 24 | } 25 | } 26 | }, 27 | "x-tyk-api-gateway": { 28 | "info": { 29 | "dbId": "6633c933eba45e00017ca1ef", 30 | "id": "0b30d18d1b8548bb458af4d0e1089db9", 31 | "name": "json", 32 | "state": { 33 | "active": true, 34 | "internal": false 35 | } 36 | }, 37 | "middleware": { 38 | "global": { 39 | "pluginConfig": { 40 | "data": { 41 | "enabled": true, 42 | "value": { 43 | "env-config-example": "env://SOME_CONFIG_DATA" 44 | } 45 | }, 46 | "driver": "goplugin" 47 | }, 48 | "postAuthenticationPlugins": [ 49 | { 50 | "enabled": true, 51 | "functionName": "InjectConfigData", 52 | "path": "/opt/tyk-gateway/middleware/CustomGoPlugin.so" 53 | } 54 | ], 55 | "postPlugins": [ 56 | { 57 | "enabled": true, 58 | "functionName": "InjectMetadata", 59 | "path": "/opt/tyk-gateway/middleware/CustomGoPlugin.so" 60 | } 61 | ], 62 | "prePlugins": [ 63 | { 64 | "enabled": true, 65 | "functionName": "AddFooBarHeader", 66 | "path": "/opt/tyk-gateway/middleware/CustomGoPlugin.so" 67 | } 68 | ] 69 | } 70 | }, 71 | "server": { 72 | "authentication": { 73 | "enabled": true, 74 | "securitySchemes": { 75 | "authToken": { 76 | "enabled": true 77 | } 78 | } 79 | }, 80 | "listenPath": { 81 | "strip": true, 82 | "value": "/json/" 83 | } 84 | }, 85 | "upstream": { 86 | "url": "http://httpbin.org/" 87 | } 88 | } 89 | } -------------------------------------------------------------------------------- /tyk/scripts/wait-for-it.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Use this script to test if a given TCP host/port are available 3 | 4 | WAITFORIT_cmdname=${0##*/} 5 | 6 | echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi } 7 | 8 | usage() 9 | { 10 | cat << USAGE >&2 11 | Usage: 12 | $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args] 13 | -h HOST | --host=HOST Host or IP under test 14 | -p PORT | --port=PORT TCP port under test 15 | Alternatively, you specify the host and port as host:port 16 | -s | --strict Only execute subcommand if the test succeeds 17 | -q | --quiet Don't output any status messages 18 | -t TIMEOUT | --timeout=TIMEOUT 19 | Timeout in seconds, zero for no timeout 20 | -- COMMAND ARGS Execute command with args after the test finishes 21 | USAGE 22 | exit 1 23 | } 24 | 25 | wait_for() 26 | { 27 | if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then 28 | echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT" 29 | else 30 | echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout" 31 | fi 32 | WAITFORIT_start_ts=$(date +%s) 33 | while : 34 | do 35 | if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then 36 | nc -z $WAITFORIT_HOST $WAITFORIT_PORT 37 | WAITFORIT_result=$? 38 | else 39 | (echo > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1 40 | WAITFORIT_result=$? 41 | fi 42 | if [[ $WAITFORIT_result -eq 0 ]]; then 43 | WAITFORIT_end_ts=$(date +%s) 44 | echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds" 45 | break 46 | fi 47 | sleep 1 48 | done 49 | return $WAITFORIT_result 50 | } 51 | 52 | wait_for_wrapper() 53 | { 54 | # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692 55 | if [[ $WAITFORIT_QUIET -eq 1 ]]; then 56 | timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT & 57 | else 58 | timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT & 59 | fi 60 | WAITFORIT_PID=$! 61 | trap "kill -INT -$WAITFORIT_PID" INT 62 | wait $WAITFORIT_PID 63 | WAITFORIT_RESULT=$? 64 | if [[ $WAITFORIT_RESULT -ne 0 ]]; then 65 | echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT" 66 | fi 67 | return $WAITFORIT_RESULT 68 | } 69 | 70 | # process arguments 71 | while [[ $# -gt 0 ]] 72 | do 73 | case "$1" in 74 | *:* ) 75 | WAITFORIT_hostport=(${1//:/ }) 76 | WAITFORIT_HOST=${WAITFORIT_hostport[0]} 77 | WAITFORIT_PORT=${WAITFORIT_hostport[1]} 78 | shift 1 79 | ;; 80 | --child) 81 | WAITFORIT_CHILD=1 82 | shift 1 83 | ;; 84 | -q | --quiet) 85 | WAITFORIT_QUIET=1 86 | shift 1 87 | ;; 88 | -s | --strict) 89 | WAITFORIT_STRICT=1 90 | shift 1 91 | ;; 92 | -h) 93 | WAITFORIT_HOST="$2" 94 | if [[ $WAITFORIT_HOST == "" ]]; then break; fi 95 | shift 2 96 | ;; 97 | --host=*) 98 | WAITFORIT_HOST="${1#*=}" 99 | shift 1 100 | ;; 101 | -p) 102 | WAITFORIT_PORT="$2" 103 | if [[ $WAITFORIT_PORT == "" ]]; then break; fi 104 | shift 2 105 | ;; 106 | --port=*) 107 | WAITFORIT_PORT="${1#*=}" 108 | shift 1 109 | ;; 110 | -t) 111 | WAITFORIT_TIMEOUT="$2" 112 | if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi 113 | shift 2 114 | ;; 115 | --timeout=*) 116 | WAITFORIT_TIMEOUT="${1#*=}" 117 | shift 1 118 | ;; 119 | --) 120 | shift 121 | WAITFORIT_CLI=("$@") 122 | break 123 | ;; 124 | --help) 125 | usage 126 | ;; 127 | *) 128 | echoerr "Unknown argument: $1" 129 | usage 130 | ;; 131 | esac 132 | done 133 | 134 | if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then 135 | echoerr "Error: you need to provide a host and port to test." 136 | usage 137 | fi 138 | 139 | WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15} 140 | WAITFORIT_STRICT=${WAITFORIT_STRICT:-0} 141 | WAITFORIT_CHILD=${WAITFORIT_CHILD:-0} 142 | WAITFORIT_QUIET=${WAITFORIT_QUIET:-0} 143 | 144 | # check to see if timeout is from busybox? 145 | WAITFORIT_TIMEOUT_PATH=$(type -p timeout) 146 | WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH) 147 | if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then 148 | WAITFORIT_ISBUSY=1 149 | WAITFORIT_BUSYTIMEFLAG="-t" 150 | 151 | else 152 | WAITFORIT_ISBUSY=0 153 | WAITFORIT_BUSYTIMEFLAG="" 154 | fi 155 | 156 | if [[ $WAITFORIT_CHILD -gt 0 ]]; then 157 | wait_for 158 | WAITFORIT_RESULT=$? 159 | exit $WAITFORIT_RESULT 160 | else 161 | if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then 162 | wait_for_wrapper 163 | WAITFORIT_RESULT=$? 164 | else 165 | wait_for 166 | WAITFORIT_RESULT=$? 167 | fi 168 | fi 169 | 170 | if [[ $WAITFORIT_CLI != "" ]]; then 171 | if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then 172 | echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess" 173 | exit $WAITFORIT_RESULT 174 | fi 175 | exec "${WAITFORIT_CLI[@]}" 176 | else 177 | exit $WAITFORIT_RESULT 178 | fi --------------------------------------------------------------------------------