├── .eslintrc ├── .gitignore ├── .travis.yml ├── CHANGES.md ├── CONDUCT.md ├── CONTRIBUTING.md ├── DC01.1.txt ├── Dockerfile ├── LICENSE ├── MAINTAINERS.txt ├── README.md ├── config ├── cert.pem ├── default │ └── .gitignore ├── defaultTLS.json ├── key.pem └── onPremProfessionalTLS.json ├── docker-compose.yaml ├── images └── readme │ ├── ContextVariablesPart1.png │ ├── ContextVariablesPart2.png │ └── MicroGatewayArchitecture2.png ├── index.js ├── lib ├── analytics.js ├── api-loader │ ├── README.md │ └── index.js ├── api-matcher │ ├── README.md │ └── index.js ├── apim-context │ ├── README.md │ └── index.js ├── assembly │ ├── apim-param-resolver.js │ └── index.js ├── cipher-suites.json ├── context │ ├── README.md │ ├── index.js │ └── lib │ │ ├── populate-message-variables.js │ │ ├── populate-request-variables.js │ │ └── populate-system-variables.js ├── cors │ ├── README.md │ └── index.js ├── error-handler.js ├── microgw.js ├── oauth2 │ ├── az-server │ │ ├── exchange │ │ │ ├── authorizationCode.js │ │ │ ├── clientCredentials.js │ │ │ ├── password.js │ │ │ └── refreshToken.js │ │ ├── grant │ │ │ ├── code.js │ │ │ └── token.js │ │ ├── index.js │ │ ├── middleware │ │ │ ├── authentication.js │ │ │ ├── authorization.js │ │ │ ├── consent-form.pug │ │ │ ├── custom-consent-form.js │ │ │ ├── custom-login-form.js │ │ │ ├── decision.js │ │ │ ├── default-consent-form.js │ │ │ ├── default-login-form.js │ │ │ ├── errorHandler.js │ │ │ ├── id-extractor.js │ │ │ ├── login-page.pug │ │ │ ├── redirect.js │ │ │ ├── revoke.js │ │ │ ├── token.js │ │ │ ├── transactionLoader.js │ │ │ └── utils.js │ │ ├── oauth2orize.js │ │ ├── server.js │ │ └── unorderedlist.js │ ├── common │ │ └── models │ │ │ ├── oauth-access-token.json │ │ │ ├── oauth-authorization-code.json │ │ │ ├── oauth-client-application.json │ │ │ ├── oauth-permission.json │ │ │ ├── oauth-refresh-token.json │ │ │ ├── oauth-scope-mapping.json │ │ │ └── oauth-scope.json │ ├── errors │ │ ├── authorizationerror.js │ │ ├── badrequesterror.js │ │ ├── forbiddenerror.js │ │ ├── oauth2error.js │ │ └── tokenerror.js │ ├── models │ │ └── index.js │ ├── oauth2-helper.js │ └── resource-server │ │ ├── index.js │ │ ├── mac-token.js │ │ ├── resource-server.js │ │ ├── scope.js │ │ └── utils.js ├── policy-loader.js ├── postflow │ ├── README.md │ └── index.js ├── rate-limit │ ├── README.md │ ├── index.js │ └── util.js ├── security-check │ ├── README.md │ ├── basic-ldap.js │ ├── configure-tls.js │ ├── eval-apikey.js │ ├── eval-basic.js │ ├── eval-oauth2.js │ ├── index.js │ └── security.js └── urlrewrite │ ├── README.md │ └── index.js ├── nginx ├── Dockerfile ├── nginx.tmpl └── run.sh ├── package.json ├── policies ├── handlebars │ ├── README.md │ ├── index.js │ ├── package.json │ └── policy.yml ├── invoke │ ├── README.md │ ├── index.js │ ├── package.json │ └── policy.yml ├── javascript │ ├── README.md │ ├── index.js │ ├── package.json │ └── policy.yml ├── operation-switch │ ├── README.md │ ├── index.js │ ├── package.json │ └── policy.yml ├── rate-limiting │ ├── helper.js │ ├── index.js │ ├── package.json │ ├── policy.yml │ ├── redis.js │ └── token-bucket.js ├── set-variable │ ├── README.md │ ├── index.js │ └── policy.yml ├── throw │ ├── README.md │ ├── index.js │ ├── package.json │ └── policy.yml └── validate │ ├── index.js │ ├── package.json │ └── policy.yml ├── test ├── apic-config.laptop.test.js ├── assembly.test.js ├── at.ratelimit.policy.laptop.test.js ├── basic.policy.laptop.test.js ├── basic.policy.test.js ├── context.https.laptop.test.js ├── context.laptop.test.js ├── context.test.js ├── context.with-mock-apim.test.js ├── cors.lifecycle.laptop.test.js ├── datastore.handshake.test.js.tmp ├── datastore.test.js ├── definitions │ ├── analytics │ │ ├── id_rsa │ │ ├── id_rsa.pub │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── apic-config │ │ ├── apic-tls-profiles.json │ │ ├── apic.json │ │ ├── bob.crt │ │ ├── bob.key │ │ ├── root.crt │ │ ├── root2.crt │ │ ├── swagger-bank-account.yaml │ │ ├── swagger-invoke.yaml │ │ ├── swagger-stock-quote.yaml │ │ └── swagger-weather.yaml │ ├── assembly │ │ ├── assembly_1.0.0.yaml │ │ ├── climbingweather-missingbasepath:2.0.0.yaml │ │ └── climbingweather-rootpath:2.0.0.yaml │ ├── basic │ │ ├── basic-product_1.0.0.json │ │ ├── basic-product_1.0.0.yaml │ │ ├── basic_1.0.0.json │ │ ├── basic_1.0.0.yaml │ │ └── registries-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.yaml │ ├── context │ │ ├── context_1.0.0.yaml │ │ ├── https │ │ │ └── context_1.0.0.yaml │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── cors │ │ ├── cors-default_1.0.0.yaml │ │ ├── cors-disabled_1.0.0.yaml │ │ ├── cors-options_1.0.0.yaml │ │ ├── cors-policy_1.0.0.yaml │ │ └── cors_1.0.0.yaml │ ├── datastore │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── default │ │ ├── apis-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.json │ │ ├── ascents:1.0.0.yaml │ │ ├── catalogs-.json │ │ ├── forecasts:1.0.0.yaml │ │ ├── products-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.json │ │ ├── products-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-5.yaml │ │ ├── products-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-6.yaml │ │ ├── registries-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.json │ │ ├── routes:1.0.0.yaml │ │ ├── subs-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.json │ │ ├── tlsprofs-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.json │ │ └── uber-api:1.0.0.yaml │ ├── https │ │ ├── combined1 │ │ │ ├── http_1.0.0.yaml │ │ │ ├── https_1.0.0.yaml │ │ │ ├── uber2-api:1.0.0.yaml │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── combined2 │ │ │ ├── httpandhttps_1.0.0.yaml │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── http │ │ │ ├── http_1.0.0.yaml │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── httpsdefault │ │ │ └── default_1.0.0.yaml │ │ └── httpsexplicit │ │ │ ├── https_1.0.0.yaml │ │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── invoke │ │ ├── cert.pem │ │ ├── key.pem │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── javascript │ │ └── javascript_1.0.0.yaml │ ├── oauth │ │ ├── authen.html │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ ├── catalog007 │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── oauth2-az │ │ ├── basic-authenticated │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ ├── basic-bad-custom-consent │ │ │ ├── bad-form.html │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ ├── basic-custom-consent │ │ │ ├── custom-consent-form.html │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ ├── basic-default-consent │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ ├── custom-consent-form │ │ │ ├── custom-consent-form.html │ │ │ ├── no-approve.html │ │ │ ├── no-form.html │ │ │ └── no-input-fields.html │ │ ├── custom-form-authenticated │ │ │ ├── custom-login-form.html │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ ├── default-form-authenticated │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ ├── default-form-default-consent │ │ │ └── v1 │ │ │ │ ├── catalogs │ │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ │ ├── apis │ │ │ │ │ ├── catalogs │ │ │ │ │ ├── products │ │ │ │ │ ├── registries │ │ │ │ │ ├── subscriptions │ │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ │ │ ├── cert.pem │ │ │ │ └── key.pem │ │ └── redirect │ │ │ ├── custom-login-form.html │ │ │ └── v1 │ │ │ ├── catalogs │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ ├── apis │ │ │ │ ├── catalogs │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ └── index.html │ │ │ ├── cert.pem │ │ │ └── key.pem │ ├── oauth2-ctx │ │ └── v1 │ │ │ ├── catalogs │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ │ ├── apis │ │ │ │ ├── catalogs │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ └── index.html │ │ │ ├── cert.pem │ │ │ └── key.pem │ ├── oauth2-resource │ │ ├── cert.pem │ │ ├── key.pem │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 573d26bae4b091411e1e7bad │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── oauth2-token │ │ ├── cert.pem │ │ ├── key.pem │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 573d26bae4b091411e1e7bad │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── operation-switch │ │ └── switchPolicyTesting.yaml │ ├── performance │ │ ├── apis_template │ │ ├── perf_config │ │ ├── products_template │ │ ├── subscriptions_template │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 5714b14ce4b0e6c6f7d287eb │ │ │ ├── apis │ │ │ ├── catalogs │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── policy-loader │ │ ├── .apiconnect │ │ │ └── config │ │ ├── config │ │ ├── location1 │ │ │ ├── mypolicy1 │ │ │ │ ├── index.js │ │ │ │ ├── policy-config.json │ │ │ │ └── policy.yml │ │ │ ├── mypolicy2 │ │ │ │ ├── index.js │ │ │ │ └── policy.yml │ │ │ └── mypolicy3 │ │ │ │ ├── index.js │ │ │ │ └── policy.yml │ │ ├── location2 │ │ │ ├── mypolicy1 │ │ │ │ ├── index.js │ │ │ │ ├── policy-config.json │ │ │ │ └── policy.yml │ │ │ └── mypolicy4 │ │ │ │ ├── index.js │ │ │ │ └── policy.yml │ │ ├── location3 │ │ │ ├── mypolicy-1.0.0 │ │ │ │ ├── index.js │ │ │ │ └── policy.yml │ │ │ └── mypolicy-1.0.1 │ │ │ │ ├── index.js │ │ │ │ └── policy.yml │ │ ├── package.json │ │ └── policy-loader1.yaml │ ├── preflow-apimeta │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── preflow │ │ ├── context │ │ │ └── context.yaml │ │ ├── preflow1.yaml │ │ ├── preflow2.yaml │ │ ├── preflow3.yaml │ │ ├── preflow4.yaml │ │ ├── preflow5.yaml │ │ └── security │ │ │ ├── security1.yaml │ │ │ ├── security2.yaml │ │ │ ├── security3.yaml │ │ │ ├── security4.yaml │ │ │ ├── security5.yaml │ │ │ ├── security6.yaml │ │ │ ├── security7.yaml │ │ │ ├── security8.yaml │ │ │ ├── security9.yaml │ │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── quickstart │ │ ├── testappenabled │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── testappenabledfalse │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── testappenablednocredentials │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── testappenablednosub │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ ├── testappenablednotspecified │ │ │ └── v1 │ │ │ │ └── catalogs │ │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ │ ├── apis │ │ │ │ ├── products │ │ │ │ ├── registries │ │ │ │ ├── subscriptions │ │ │ │ └── tls-profiles │ │ │ │ └── index.html │ │ └── testappenabledtruefornondevcat │ │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── ratelimit │ │ └── ratelimit_1.0.0.yaml │ ├── set-variable │ │ └── set-variable_1.0.0.yaml │ ├── spaces │ │ ├── cert.pem │ │ ├── key.pem │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── throw │ │ └── throw_1.0.0.yaml │ ├── yaml │ │ └── yaml_1.0.0.yaml │ └── yaml_monitor │ │ ├── yaml_1.0.0.yaml.mod │ │ └── yaml_1.0.0.yaml.orig ├── env-yaml.test.js ├── error-handler.js ├── handlebars.policy.test.js ├── https.laptop.test.js ├── https.test.js ├── invoke.policy.http.test.js ├── javascript.policy.laptop.test.js ├── javascript.policy.test.js ├── mocha.opts ├── oauth2.az-server.test.js ├── oauth2.ctx.test.js ├── oauth2.resource.test.js ├── oauth2.token.test.js ├── operation-ratelimit.policy.test.js ├── operation-switch.policy.laptop.test.js ├── policy-loader-runtime.test.js ├── policy-loader.test.js ├── preflow-apimeta.test.js ├── preflow.test.js ├── quickstart.test.js ├── score.test.js ├── set-variable.policy.laptop.test.js ├── support │ ├── analytics-server │ │ ├── httpsOptions.json │ │ └── index.js │ ├── auth-server │ │ ├── index.js │ │ ├── sarah.crt │ │ ├── sarah.csr │ │ ├── sarah.key │ │ ├── users.json │ │ └── users2.json │ ├── echo-server │ │ ├── index.js │ │ └── tls.json │ ├── env-yaml.child.js │ ├── https │ │ ├── pfx-obfuscated-password.json │ │ ├── pfx-password.json │ │ ├── server-cert.pem │ │ ├── server-key.pem │ │ ├── server.pfx │ │ ├── tlsconfig-pfx-obfuscated.json │ │ ├── tlsconfig-pfx.json │ │ └── tlsconfig.json │ ├── invoke-server │ │ ├── README │ │ ├── alice.crt │ │ ├── alice.csr │ │ ├── alice.key │ │ ├── bob.crt │ │ ├── bob.csr │ │ ├── bob.key │ │ ├── carol.crt │ │ ├── carol.csr │ │ ├── carol.key │ │ ├── index.js │ │ ├── root.crt │ │ ├── root.key │ │ ├── root2.crt │ │ ├── root2.key │ │ ├── sandy.crt │ │ ├── sandy.csr │ │ ├── sandy.key │ │ ├── sarah.crt │ │ ├── sarah.csr │ │ └── sarah.key │ ├── ldap-server │ │ ├── index.js │ │ ├── ldap-methods.js │ │ ├── tls.json │ │ └── users.json │ ├── mock-apim-server │ │ ├── apim-server.js │ │ ├── cert.pem │ │ ├── key.pem │ │ └── v1 │ │ │ └── catalogs │ │ │ ├── 564b48aae4b0869c782edc2b │ │ │ ├── apis │ │ │ ├── products │ │ │ ├── registries │ │ │ ├── subscriptions │ │ │ └── tls-profiles │ │ │ └── index.html │ ├── mock-apim-server2 │ │ ├── apim-server.js │ │ ├── cert.pem │ │ ├── id_rsa │ │ ├── id_rsa.pub │ │ └── key.pem │ └── utils.js ├── throw.policy.laptop.test.js ├── tools │ ├── jmeter_sample.jmx │ ├── performance.js │ └── performance.md ├── urlrewrite.test.js ├── yaml.laptop.test.js ├── zzz-analytics.test.js └── zzz-spaces.test.js └── utils └── genkeycert.js /.eslintrc: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "loopback", 3 | "rules": { 4 | "one-var": 0, 5 | "camelcase": 0, 6 | "object-curly-spacing": 0, 7 | "array-bracket-spacing": 0, 8 | "max-len": ["error", 120, { 9 | "ignoreComments": true, 10 | "ignoreUrls": true, 11 | "ignorePattern": "^\\s*var\\s.+=\\s*(require\\s*\\()|(/)" 12 | }] 13 | } 14 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | npm-global/ 2 | .idea/ 3 | coverage/ 4 | *.iml 5 | *.dat 6 | *.gz 7 | *.log 8 | *.out 9 | *.pid 10 | .nyc_output 11 | .project 12 | .idea 13 | *node_modules* 14 | npm-debug.log 15 | test/sandbox 16 | coverage 17 | .vscode 18 | .DS_Store 19 | .npmrc 20 | .datastore 21 | .apiconnect 22 | test/definitions/policy-loader/token 23 | env.yaml 24 | gw_skel 25 | .idea 26 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | language: node_js 3 | node_js: 4 | - "8" 5 | -------------------------------------------------------------------------------- /DC01.1.txt: -------------------------------------------------------------------------------- 1 | Developer's Certificate of Origin 1.1 2 | 3 | By making a contribution to this project, I certify that: 4 | 5 | (a) The contribution was created in whole or in part by me and I 6 | have the right to submit it under the open source license 7 | indicated in the file; or 8 | 9 | (b) The contribution is based upon previous work that, to the best 10 | of my knowledge, is covered under an appropriate open source 11 | license and I have the right under that license to submit that 12 | work with modifications, whether created in whole or in part 13 | by me, under the same open source license (unless I am 14 | permitted to submit under a different license), as indicated 15 | in the file; or 16 | 17 | (c) The contribution was provided directly to me by some other 18 | person who certified (a), (b) or (c) and I have not modified 19 | it. 20 | 21 | (d) I understand and agree that this project and the contribution 22 | are public and that a record of the contribution (including all 23 | personal information I submit with it, including my sign-off) is 24 | maintained indefinitely and may be redistributed consistent with 25 | this project or the open source license(s) involved. -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:6-alpine 2 | 3 | RUN mkdir -p /usr/src/app 4 | WORKDIR /usr/src/app 5 | 6 | COPY package.json index.js ./ 7 | COPY lib lib/ 8 | COPY utils utils/ 9 | COPY config config/ 10 | COPY policies policies/ 11 | 12 | ARG NPM_REGISTRY 13 | ENV npm_config_registry ${NPM_REGISTRY:-https://registry.npmjs.com} 14 | RUN npm install --prod --quiet --depth 0 15 | 16 | ENV NODE_ENV production 17 | 18 | CMD [ "node", "index.js" ] 19 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) IBM Corp. 2012,2017. All Rights Reserved. 2 | Node module: microgateway 3 | 4 | -------- 5 | Copyright 2012,2017 IBM Corp. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | -------------------------------------------------------------------------------- /MAINTAINERS.txt: -------------------------------------------------------------------------------- 1 | Maintainers 2 | 3 | Tony Ffrench tonyf tffrench@us.ibm.com 4 | Jeremy R Geddes jgeddes jgeddes@us.ibm.com 5 | Ozair Sheikh iozairs iozairs@ca.ibm.com 6 | -------------------------------------------------------------------------------- /config/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC1zCCAkACCQCvTHR9TkwBOzANBgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMC 3 | VVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMSgw 4 | JgYDVQQKEx9JbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzMRQwEgYDVQQL 5 | EwtBUEkgQ29ubmVjdDEVMBMGA1UEAxMMYXBpYy5pYm0uY29tMR4wHAYJKoZIhvcN 6 | AQkBFg9hcGljQHVzLmlibS5jb20wHhcNMTYwMzEwMDI0MDA0WhcNMTgwMzEwMDI0 7 | MDA0WjCBrzELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAw 8 | DgYDVQQHEwdSYWxlaWdoMSgwJgYDVQQKEx9JbnRlcm5hdGlvbmFsIEJ1c2luZXNz 9 | IE1hY2hpbmVzMRQwEgYDVQQLEwtBUEkgQ29ubmVjdDEVMBMGA1UEAxMMYXBpYy5p 10 | Ym0uY29tMR4wHAYJKoZIhvcNAQkBFg9hcGljQHVzLmlibS5jb20wgZ8wDQYJKoZI 11 | hvcNAQEBBQADgY0AMIGJAoGBANP040jbW1X+lWcdf+xwzBQZpecdUG56pL2NRZvr 12 | bV+6GMz/xZ+hlCmwxli9lGCn+gpVIqk4NTmuA1iJ71VRZtEC7zRWqygIiPjSpdid 13 | fG/SgPguKvWt24jRA7dfsVXE+X5qcpy767rKZzAFCgUArks+XCAYBNFh/FnV6wk2 14 | EwNRAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEALnvK7dfRReVaaG4+DacIQMTJt1kF 15 | D7bKWmxdJV6M6Yion/jDNpNls2wilkaogvcVwaJ0kdBOimn4XQwmew5SRxRdoc9F 16 | 0+u0oDYfDneaDAuW+anj7JmwZvlWzG0525+pgsQV5rOoAWGzcOVQGwSP5yTFiIDU 17 | 7ZVSdeHUM7nLUCQ= 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /config/default/.gitignore: -------------------------------------------------------------------------------- 1 | !.gitignore 2 | -------------------------------------------------------------------------------- /config/defaultTLS.json: -------------------------------------------------------------------------------- 1 | { 2 | "cert" : "./cert.pem", 3 | "key" : "./key.pem" 4 | } 5 | 6 | -------------------------------------------------------------------------------- /config/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXgIBAAKBgQDT9ONI21tV/pVnHX/scMwUGaXnHVBueqS9jUWb621fuhjM/8Wf 3 | oZQpsMZYvZRgp/oKVSKpODU5rgNYie9VUWbRAu80VqsoCIj40qXYnXxv0oD4Lir1 4 | rduI0QO3X7FVxPl+anKcu+u6ymcwBQoFAK5LPlwgGATRYfxZ1esJNhMDUQIDAQAB 5 | AoGBAIcm5uqlHMdnz2Jx+AkPH8JNXHFTSt83iuZnN5SleReKNZg6G4yfXjd7Re59 6 | 7Cf51EFUagaXFbFS2UVSpu6zOigxccGacX/7aMGz/nhJpC5JPH8Wsmnt4ZSiDiTQ 7 | Ul5GldgWgsjzVSLcVefwzeaTj1qaMrdD/5GZOxlI6rh+PFgBAkEA6fOZ/yQirboD 8 | 94HPvyWRJ/4sh8xzcGLSjVToIdbHPB+z19dWEed5RQ1C0nkJMFgkxZAy9L8at4v7 9 | btMdpoS5gQJBAOfuoLF/4zu+uMq/GcghMbB6nxT6N0fI3JEDTOIguHFjK05v4fU2 10 | gaa4mjdgUPZsISH6DWe+aSX/EjN85IpmEdECQFIi/YEPTcGSmkvuXmKsrM7OtRGk 11 | XS8q8uM92RXwUxivxLNV3dkBXJk6s6gzaF95wsc9/jXhVl70nXzmT/WjiYECQQCa 12 | HiKf8GhyAflPmI8sQop/R+xAB0kGpX2Tywqi1LVbe1eCpqwSwuaCf/bSR2llZlLZ 13 | /gw8XPYILqfMmPhQ0ySRAkEAl3dcC+iLuL96xSWuR0MHKVy7R6jY85X33/0eKRc2 14 | DsqVH2fe+HyfhVcFvuP/26j/ilMGTFpPF57aEutLgZU4Tw== 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /config/onPremProfessionalTLS.json: -------------------------------------------------------------------------------- 1 | { 2 | "pfx" : "../../serverIdentity.pfx", 3 | "passphrase" : "../../join.json:keystorePassword" 4 | } 5 | -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | microgateway: 5 | build: . 6 | environment: 7 | - PORT=80 8 | container_name: microgateway 9 | networks: 10 | - microgateway 11 | 12 | nginx: 13 | build: nginx 14 | environment: 15 | - GATEWAY_DNS=microgateway:80 16 | ports: 17 | - "443:443" 18 | container_name: nginx 19 | depends_on: 20 | - microgateway 21 | networks: 22 | - microgateway 23 | 24 | networks: 25 | microgateway: 26 | -------------------------------------------------------------------------------- /images/readme/ContextVariablesPart1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strongloop/microgateway/967f562cd6ea0da2405b00c500ac6088a3a9a80c/images/readme/ContextVariablesPart1.png -------------------------------------------------------------------------------- /images/readme/ContextVariablesPart2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strongloop/microgateway/967f562cd6ea0da2405b00c500ac6088a3a9a80c/images/readme/ContextVariablesPart2.png -------------------------------------------------------------------------------- /images/readme/MicroGatewayArchitecture2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strongloop/microgateway/967f562cd6ea0da2405b00c500ac6088a3a9a80c/images/readme/MicroGatewayArchitecture2.png -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2019. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | var fs = require('fs'); 7 | var path = require('path'); 8 | var YAML = require('yamljs'); 9 | var logger = require('apiconnect-cli-logger/logger.js') 10 | .child({ loc: 'microgateway:index' }); 11 | 12 | var env = { 13 | NODE_ENV: 'production', 14 | APIMANAGER_CATALOG: '', 15 | APIMANAGER_PORT: 443, 16 | APIMANAGER_REFRESH_INTERVAL: 15 * 1000 * 60, 17 | }; 18 | 19 | try { 20 | var envPath = path.join(__dirname, '/env.yaml'); 21 | if (!fs.existsSync(envPath)) { 22 | logger.warn('File not exist: env.yaml'); 23 | } else { 24 | var envjson = YAML.load(envPath); 25 | Object.keys(envjson).forEach(function(k) { 26 | env[k] = envjson[k]; 27 | }); 28 | } 29 | } catch (e) { 30 | logger.info('Fail to load environment variables: ', e); 31 | } 32 | 33 | Object.keys(env).forEach(function(k) { 34 | // Don't override env variables that were set explicitly 35 | if (typeof process.env[k] === 'undefined') { 36 | process.env[k] = env[k]; 37 | } 38 | }); 39 | 40 | // Should we do any extra sanity checks here? 41 | require('./lib/microgw.js').start(process.env.PORT); 42 | -------------------------------------------------------------------------------- /lib/api-loader/README.md: -------------------------------------------------------------------------------- 1 | This middleware checks and loads the latest APIs from the data store, so that 2 | the subsequent middlewares can access the data models, including APIs, Plans, 3 | Subscribptions and so on, directly. 4 | 5 | ## API 6 | ```js 7 | var express = require('express'); 8 | var apiLoader = require('./lib/api-loader'); 9 | 10 | var app = express(); 11 | app.use(apiLoader(options)); 12 | 13 | ... 14 | ``` 15 | 16 | To be added... 17 | 18 | ### options 19 | `options` is an JSON object. You can define the following properties to 20 | customize this middleware's behavior. 21 | 22 | To be added... 23 | 24 | -------------------------------------------------------------------------------- /lib/apim-context/README.md: -------------------------------------------------------------------------------- 1 | Create the APIM related context variables to be accessed in the following 2 | middlewares and assembly. The responsibility of the `apim-context` middleware is 3 | to populate any context variables that may be needed by the flow-engine, the 4 | policies it enforces, or subsequent middlewares. 5 | 6 | ## API 7 | ```js 8 | var express = require('express'); 9 | var apimCtx = require('./lib/apim-context'); 10 | 11 | var app = express(); 12 | app.use(apimCtx(options)); 13 | 14 | ... 15 | ``` 16 | 17 | To be added... 18 | 19 | ### options 20 | `options` is an JSON object. You can define the following properties to 21 | customize this middleware's behavior. 22 | 23 | To be added... 24 | 25 | -------------------------------------------------------------------------------- /lib/assembly/apim-param-resolver.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | /* 6 | * This module provides function to replace APIm context 7 | * variables (syntax: $(varname)) configured on a policy 8 | * with the actual context variable value. 9 | * 10 | * For example, 11 | * - invoke: 12 | * url: "https://$(target-host)/services/climbing/$(reqest.path) 13 | * 14 | * The url after replaced will be: 15 | * url: "https://somehost/sevices/climbing/apim/stockQuote 16 | * 17 | * if APIm context has the following two variables: 18 | * - target-host: somehost 19 | * - request.path: apim/stockQuote 20 | * 21 | */ 22 | 'use strict'; 23 | var logger = require('apiconnect-cli-logger/logger.js') 24 | .child({ loc: 'microgateway:assembly:apim-param-resolver' }); 25 | var _ = require('lodash'); 26 | 27 | module.exports = function(context, name, value) { 28 | if (_.isString(value)) { 29 | var matchCount = 0; 30 | var matchName; 31 | var newValue = value.replace(/\$\(([^)]+)\)/gm, function(m, g1) { 32 | matchCount++; 33 | matchName = g1; 34 | return context.get(g1); 35 | }); 36 | // if the pattern is '$(the-variable-name)' 37 | // return the original value of the referenced context variable 38 | // instead of returning a string value 39 | if (matchCount === 1 && value.match(/^\$\(.+\)$/)) { 40 | newValue = context.get(matchName); 41 | } 42 | logger.debug('replace parameter "' + name + '": "' + value + '" with "' + newValue + '"'); 43 | return newValue; 44 | } else { 45 | return value; 46 | } 47 | }; 48 | 49 | -------------------------------------------------------------------------------- /lib/cors/README.md: -------------------------------------------------------------------------------- 1 | Prepare the CORS headers, and process the preflight requests. 2 | 3 | ## API 4 | ```js 5 | var express = require('express'); 6 | var cors = require('./lib/cors'); 7 | 8 | var app = express(); 9 | app.use(cors(options)); 10 | app.use(function(req, res) { 11 | //... 12 | }); 13 | 14 | ``` 15 | 16 | To be added... 17 | 18 | ### options 19 | `options` is an JSON object. You can define the following properties to 20 | customize this middleware's behavior. 21 | 22 | To be added... 23 | 24 | -------------------------------------------------------------------------------- /lib/cors/index.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | /* 6 | * Prepare the CORS headers, and process the preflight requests. 7 | */ 8 | 'use strict'; 9 | 10 | var logger = require('apiconnect-cli-logger/logger.js') 11 | .child({ loc: 'microgateway:cors' }); 12 | 13 | module.exports = function createCorsMiddleware(options) { 14 | logger.debug('CORS middleware options: ', options); 15 | options = options || {}; 16 | 17 | return function(req, res, next) { 18 | var target = req.ctx._apis; 19 | var allowMethods = target.allowMethods; 20 | var isPreflight = target.isPreflight; 21 | 22 | if (isPreflight || allowMethods !== '') { 23 | logger.info('CORS setting up the headers...'); 24 | 25 | var allowedOrigin = req.headers.origin ? req.headers.origin : '*'; 26 | res.setHeader('access-control-allow-origin', allowedOrigin); 27 | res.setHeader('access-control-allow-credentials', allowedOrigin === '*' ? 'false' : 'true'); 28 | res.setHeader('access-control-allow-headers', req.headers['access-control-request-headers'] || ''); 29 | res.setHeader('access-control-allow-methods', allowMethods); 30 | res.setHeader('access-control-expose-headers', 31 | 'APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, ' + 32 | 'X-RateLimit-Reset, X-Global-Transaction-ID'); 33 | } 34 | 35 | // skip the following middlwares for preflight requests. 36 | if (target.isPreflight) { 37 | logger.info('cors: the preflight request is done'); 38 | res.end(); 39 | return; 40 | } 41 | 42 | next(); 43 | }; 44 | }; 45 | 46 | -------------------------------------------------------------------------------- /lib/oauth2/az-server/middleware/default-login-form.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var _ = require('lodash'); 8 | var path = require('path'); 9 | var pug = require('pug'); 10 | 11 | module.exports = function(config) { 12 | config = config || {}; 13 | var page = config.page || path.resolve(__dirname, 'login-page.pug'); 14 | var contentFn = pug.compileFile(page); 15 | 16 | return function(req, resp, next) { 17 | var oauth2 = req.oauth2; 18 | var ctx = req.ctx; 19 | if (oauth2.client.logined && oauth2.client.logined === true) { 20 | // already logined skip; 21 | next(); 22 | } else { 23 | var options = { 24 | transaction_id: oauth2.transactionID, 25 | action: ctx.request.path + ctx.request.search, 26 | firstLogin: false }; 27 | 28 | if (_.isUndefined(oauth2.client.logined)) { 29 | // first login 30 | oauth2.client.logined = false; 31 | options.firstLogin = true; 32 | } 33 | ctx.message.body = contentFn(options); 34 | // reset all headers 35 | ctx.message.headers = { 'Content-Type': 'text/html' }; 36 | next('route'); 37 | } 38 | }; 39 | }; 40 | -------------------------------------------------------------------------------- /lib/oauth2/common/models/oauth-access-token.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "OAuthAccessToken", 3 | "base": "PersistedModel", 4 | "properties": { 5 | "id": { 6 | "type": "string", 7 | "id": true, 8 | "length": 300, 9 | "generated": false 10 | }, 11 | "apiId": { 12 | "type": "string", 13 | "length": 128, 14 | "index": true 15 | }, 16 | "appId": { 17 | "type": "string", 18 | "length": 128, 19 | "index": true 20 | }, 21 | "secret": { 22 | "type": "string", 23 | "length": 32 24 | }, 25 | "userId": { 26 | "type": "string", 27 | "index": true 28 | }, 29 | "issuedAt": { 30 | "type": "date", 31 | "index": true 32 | }, 33 | "expiresIn": "number", 34 | "expiredAt": { 35 | "type": "date", 36 | "index": true 37 | }, 38 | "scopes": [ "string" ], 39 | "parameters": [ 40 | { 41 | "name": "string", 42 | "value": "string" 43 | } 44 | ], 45 | "authorizationCode": { 46 | "type": "string", 47 | "length": 300, 48 | "index": true 49 | }, 50 | "grant": { 51 | "type": "string", 52 | "enum": [ "application", 53 | "password", 54 | "accessCode", 55 | "implicit", 56 | "refershToken" ] 57 | }, 58 | "refreshToken": { 59 | "type": "string", 60 | "length": 300, 61 | "index": true 62 | }, 63 | "tokenType": { 64 | "type": "string", 65 | "enum": [ "Bearer", "MAC" ] 66 | }, 67 | "hash": "string" 68 | } 69 | } 70 | 71 | -------------------------------------------------------------------------------- /lib/oauth2/common/models/oauth-authorization-code.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "OAuthAuthorizationCode", 3 | "base": "PersistedModel", 4 | "properties": { 5 | "id": { 6 | "type": "string", 7 | "id": true, 8 | "length": 300, 9 | "generated": false 10 | }, 11 | "apiId": { 12 | "type": "string", 13 | "length": 128, 14 | "index": true 15 | }, 16 | "appId": { 17 | "type": "string", 18 | "length": 128, 19 | "index": true 20 | }, 21 | "userId": { 22 | "type": "string", 23 | "index": true 24 | }, 25 | "issuedAt": { 26 | "type": "date", 27 | "index": true 28 | }, 29 | "expiresIn": "number", 30 | "expiredAt": { 31 | "type": "date", 32 | "index": true 33 | }, 34 | "scopes": [ "string" ], 35 | "parameters": [ 36 | { 37 | "name": "string", 38 | "value": "string" 39 | } 40 | ], 41 | "used": "boolean", 42 | "redirectURI": "string", 43 | "hash": "string" 44 | } 45 | } 46 | 47 | -------------------------------------------------------------------------------- /lib/oauth2/common/models/oauth-permission.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "OAuthPermission", 3 | "base": "PersistedModel", 4 | "properties": { 5 | "apiId": { 6 | "type": "string", 7 | "length": 128, 8 | "index": true 9 | }, 10 | "appId": { 11 | "type": "string", 12 | "length": 128, 13 | "index": true 14 | }, 15 | "userId": { 16 | "type": "string", 17 | "index": true 18 | }, 19 | "issuedAt": { 20 | "type": "date", 21 | "index": true 22 | }, 23 | "expiresIn": "number", 24 | "expiredAt": { 25 | "type": "date", 26 | "index": true 27 | }, 28 | "scopes": [ "string" ] 29 | } 30 | } 31 | 32 | -------------------------------------------------------------------------------- /lib/oauth2/common/models/oauth-refresh-token.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "OAuthRefreshToken", 3 | "base": "PersistedModel", 4 | "properties": { 5 | "id": { 6 | "type": "string", 7 | "id": true, 8 | "length": 300, 9 | "generated": false 10 | }, 11 | "apiId": { 12 | "type": "string", 13 | "length": 128, 14 | "index": true 15 | }, 16 | "appId": { 17 | "type": "string", 18 | "length": 128, 19 | "index": true 20 | }, 21 | "secret": { 22 | "type": "string", 23 | "length": 32 24 | }, 25 | "userId": { 26 | "type": "string", 27 | "index": true 28 | }, 29 | "issuedAt": { 30 | "type": "date", 31 | "index": true 32 | }, 33 | "expiresIn": "number", 34 | "expiredAt": { 35 | "type": "date", 36 | "index": true 37 | }, 38 | "countDown": "number", 39 | "scopes": [ "string" ], 40 | "parameters": [ 41 | { 42 | "name": "string", 43 | "value": "string" 44 | } 45 | ], 46 | "grant": { 47 | "type": "string", 48 | "enum": [ "application", 49 | "password", 50 | "accessCode", 51 | "implicit", 52 | "refershToken" ] 53 | }, 54 | "tokenType": { 55 | "type": "string", 56 | "enum": [ "Bearer", "MAC" ] 57 | }, 58 | "hash": "string" 59 | } 60 | } 61 | 62 | -------------------------------------------------------------------------------- /lib/oauth2/common/models/oauth-scope-mapping.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "OAuthScopeMapping", 3 | "properties": { 4 | "scope": { 5 | "type": "string", 6 | "length": 255, 7 | "index": true, 8 | "description": "The scope name" 9 | }, 10 | "route": { 11 | "type": "string", 12 | "description": "The route as [verb] /api/users" 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /lib/oauth2/common/models/oauth-scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "OAuthScope", 3 | "properties": { 4 | "scope": { 5 | "type": "string", 6 | "id": true, 7 | "generated": false 8 | }, 9 | "description": "string", 10 | "iconURL": "string", 11 | "ttl": "number" 12 | } 13 | } -------------------------------------------------------------------------------- /lib/oauth2/errors/authorizationerror.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var util = require('util'); 8 | /** 9 | * Module dependencies. 10 | */ 11 | var OAuth2Error = require('./oauth2error'); 12 | 13 | /** 14 | * `AuthorizationError` error. 15 | * 16 | * @api public 17 | */ 18 | function AuthorizationError(message, code, uri, status) { 19 | if (!status) { 20 | switch (code) { 21 | case 'invalid_request': status = 400; break; 22 | case 'invalid_client': status = 401; break; 23 | case 'unauthorized_client': status = 403; break; 24 | case 'access_denied': status = 403; break; 25 | case 'invalid_token': status = 403; break; 26 | case 'unsupported_response_type': status = 400; break; 27 | case 'invalid_scope': status = 400; break; 28 | case 'temporarily_unavailable': status = 503; break; 29 | case 'server_error': status = 500; break; 30 | case 'authentication_error': status = 401; break; 31 | default: throw new Error('Invalid code for AuthorizationError'); 32 | } 33 | } 34 | 35 | OAuth2Error.call(this, message, code, uri, status); 36 | Error.captureStackTrace(this, AuthorizationError); 37 | this.name = 'AuthorizationError'; 38 | } 39 | 40 | /** 41 | * Inherit from `OAuth2Error`. 42 | */ 43 | util.inherits(AuthorizationError, OAuth2Error); 44 | 45 | /** 46 | * Expose `AuthorizationError`. 47 | */ 48 | module.exports = AuthorizationError; 49 | -------------------------------------------------------------------------------- /lib/oauth2/errors/badrequesterror.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var util = require('util'); 8 | 9 | /** 10 | * `BadRequestError` error. 11 | * 12 | * @api public 13 | */ 14 | function BadRequestError(message) { 15 | Error.call(this); 16 | Error.captureStackTrace(this, BadRequestError); 17 | this.name = 'BadRequestError'; 18 | this.message = message; 19 | this.status = 400; 20 | } 21 | 22 | /** 23 | * Inherit from `Error`. 24 | */ 25 | util.inherits(BadRequestError, Error); 26 | 27 | /** 28 | * Expose `BadRequestError`. 29 | */ 30 | module.exports = BadRequestError; 31 | -------------------------------------------------------------------------------- /lib/oauth2/errors/forbiddenerror.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var util = require('util'); 8 | /** 9 | * `ForbiddenError` error. 10 | * 11 | * @api public 12 | */ 13 | function ForbiddenError(message) { 14 | Error.call(this); 15 | Error.captureStackTrace(this, ForbiddenError); 16 | this.name = 'ForbiddenError'; 17 | this.message = message; 18 | this.status = 403; 19 | } 20 | 21 | /** 22 | * Inherit from `Error`. 23 | */ 24 | util.inherits(ForbiddenError, Error); 25 | 26 | /** 27 | * Expose `ForbiddenError`. 28 | */ 29 | module.exports = ForbiddenError; 30 | -------------------------------------------------------------------------------- /lib/oauth2/errors/oauth2error.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | /** 8 | * `OAuth2Error` error. 9 | * 10 | * @api public 11 | */ 12 | function OAuth2Error(message, code, uri, status) { 13 | Error.call(this); 14 | this.message = message; 15 | this.code = code || 'server_error'; 16 | this.uri = uri; 17 | this.status = status || 500; 18 | } 19 | 20 | /** 21 | * Inherit from `Error`. 22 | */ 23 | Object.setPrototypeOf(OAuth2Error.prototype, Error.prototype); 24 | 25 | /** 26 | * Expose `OAuth2Error`. 27 | */ 28 | module.exports = OAuth2Error; 29 | -------------------------------------------------------------------------------- /lib/oauth2/errors/tokenerror.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var util = require('util'); 8 | /** 9 | * Module dependencies. 10 | */ 11 | var OAuth2Error = require('./oauth2error'); 12 | 13 | /** 14 | * `TokenError` error. 15 | * 16 | * @api public 17 | */ 18 | function TokenError(message, code, uri, status) { 19 | if (!status) { 20 | switch (code) { 21 | case 'invalid_request': status = 400; break; 22 | case 'invalid_client': status = 401; break; 23 | case 'invalid_grant': status = 403; break; 24 | case 'unauthorized_client': status = 403; break; 25 | case 'unsupported_grant_type': status = 400; break; 26 | case 'invalid_scope': status = 400; break; 27 | case 'unsupported_token_type': status = 400; break; 28 | default: throw new Error('Invalid code for TokenError'); 29 | } 30 | } 31 | 32 | OAuth2Error.call(this, message, code, uri, status); 33 | Error.captureStackTrace(this, TokenError); 34 | this.name = 'TokenError'; 35 | } 36 | 37 | /** 38 | * Inherit from `OAuth2Error`. 39 | */ 40 | util.inherits(TokenError, OAuth2Error); 41 | 42 | /** 43 | * Expose `TokenError`. 44 | */ 45 | module.exports = TokenError; 46 | -------------------------------------------------------------------------------- /lib/oauth2/resource-server/utils.js: -------------------------------------------------------------------------------- 1 | // Copyright IBM Corp. 2016,2017. All Rights Reserved. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | exports.merge = require('lodash').assign; 8 | exports.uid = require('uid-safe').sync; 9 | -------------------------------------------------------------------------------- /lib/postflow/README.md: -------------------------------------------------------------------------------- 1 | # postflow 2 | 3 | The `postflow` middleware should populate the final response with the `context.message` 4 | -------------------------------------------------------------------------------- /lib/rate-limit/README.md: -------------------------------------------------------------------------------- 1 | Read the rate-limit setting from the plan and apply it to the current client's 2 | API request. 3 | 4 | ## API 5 | ```js 6 | var express = require('express'); 7 | var rateLimit = require('./lib/rate-limit'); 8 | 9 | var app = new express(); 10 | app.use(rateLimit(options)); 11 | 12 | ... 13 | ``` 14 | 15 | To be added... 16 | 17 | ### options 18 | `options` is an JSON object. You can define the following properties to 19 | customize this middleware's behavior. 20 | 21 | To be added... 22 | 23 | -------------------------------------------------------------------------------- /lib/rate-limit/util.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var rateLimitingPolicyFactory = require('../../policies/rate-limiting'); 8 | 9 | // Cache of the created rate limiters 10 | var rateLimiterCache = {}; 11 | 12 | // To create rate-limit policy 13 | function createLimiter(options) { 14 | options = options || {}; 15 | // The prefix should be unique per catalog 16 | options.prefix = options.prefix || 'ibm-microgateway'; 17 | var handler = rateLimitingPolicyFactory(options); 18 | 19 | return function(ctx, cb) { 20 | var flow = { 21 | proceed: function() { 22 | cb(); 23 | }, 24 | fail: function(err) { 25 | cb(err); 26 | } }; 27 | return handler({}, ctx, flow); 28 | }; 29 | }; 30 | 31 | // Reset the limiter cache. 32 | // This is for mocha testing for cleanup. You should not call it otherwise 33 | function resetLimiterCache() { 34 | for (var i in rateLimiterCache) { 35 | delete rateLimiterCache[i]; 36 | } 37 | } 38 | 39 | module.exports = { 40 | createLimiter: createLimiter, 41 | limiterCache: rateLimiterCache, 42 | resetLimiterCache: resetLimiterCache }; 43 | -------------------------------------------------------------------------------- /lib/security-check/configure-tls.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var tls = require('tls'); 8 | var cipherMappings = require('../cipher-suites'); 9 | 10 | var availableCiphers = tls.getCiphers().map( 11 | function(c) { return c.toUpperCase(); }); 12 | 13 | function getCiphers(profileCiphers) { 14 | return profileCiphers 15 | .map(function(c) { return c.toUpperCase(); }) 16 | .map(function(c) { return cipherMappings[c]; }) 17 | .filter(function(c) { return availableCiphers.indexOf(c) !== -1; }) 18 | .join(':'); 19 | } 20 | 21 | function configureTls(tlsprofile) { 22 | var cert; 23 | var caList = []; 24 | for (var i in tlsprofile.certs) { 25 | var o = tlsprofile.certs[i]; 26 | if (o && o['cert-type'] === 'PUBLIC') { 27 | // options.ca is not an array 28 | cert = o.cert; 29 | } else if (o && o['cert-type'] === 'CLIENT') { 30 | caList.push(o.cert); 31 | } 32 | } 33 | 34 | return { key: tlsprofile['private-key'], 35 | cert: cert, 36 | ca: caList, 37 | ciphers: getCiphers(tlsprofile.ciphers), 38 | rejectUnauthorized: !!tlsprofile['mutual-auth'] }; 39 | } 40 | 41 | module.exports = configureTls; 42 | -------------------------------------------------------------------------------- /lib/security-check/eval-oauth2.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | var evalOauth2 = require('../oauth2/resource-server')({}); 8 | 9 | module.exports = { 10 | evalOauth2: evalOauth2 }; 11 | 12 | -------------------------------------------------------------------------------- /lib/urlrewrite/README.md: -------------------------------------------------------------------------------- 1 | # urlrewrite 2 | 3 | The `urlrewrite` middleware should rewrite the incoming URL to not contain the organization and catalog short names 4 | -------------------------------------------------------------------------------- /lib/urlrewrite/index.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | /* 6 | * Remove org/cat from the URI 7 | */ 8 | 'use strict'; 9 | var url = require('url'); 10 | var logger = require('apiconnect-cli-logger/logger.js') 11 | .child({ loc: 'microgateway:urlrewrite' }); 12 | 13 | module.exports = function createURLRewriteMiddleware(options) { 14 | return function urlrewrite(req, res, next) { 15 | if (process.env.WLPN_APP_ROUTE) { // only rewrite when WPLN_APP_ROUTE is specified 16 | logger.debug('In the urlrewrite, remove org and cat short names'); 17 | try { 18 | var route = url.parse(process.env.WLPN_APP_ROUTE); 19 | var regexp = new RegExp('^' + route.pathname); 20 | req.url = req.url.replace(regexp, ''); // strip out /org/cat from beginning of URI 21 | } catch (e) { 22 | logger.error(e); 23 | } 24 | } 25 | 26 | next(); 27 | }; 28 | }; 29 | 30 | -------------------------------------------------------------------------------- /nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx 2 | 3 | ADD nginx.tmpl /etc/nginx/ 4 | ADD run.sh / 5 | 6 | RUN chmod +x /run.sh 7 | 8 | RUN apt-get update; apt-get install -y \ 9 | openssl 10 | 11 | CMD /run.sh 12 | -------------------------------------------------------------------------------- /nginx/nginx.tmpl: -------------------------------------------------------------------------------- 1 | events { 2 | worker_connections 4096; 3 | } 4 | 5 | http { 6 | server { 7 | listen 443; 8 | 9 | ssl_certificate /etc/nginx/cert.pem; 10 | ssl_certificate_key /etc/nginx/key.pem; 11 | 12 | ssl on; 13 | ssl_session_cache builtin:1000 shared:SSL:10m; 14 | ssl_protocols TLSv1.2; 15 | ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 16 | ssl_prefer_server_ciphers on; 17 | 18 | location / { 19 | 20 | proxy_set_header Host $host; 21 | proxy_set_header X-Real-IP $remote_addr; 22 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 23 | proxy_set_header X-Forwarded-Proto $scheme; 24 | 25 | proxy_pass http://GATEWAY; 26 | proxy_read_timeout 60; 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /nginx/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | cp -f /etc/nginx/nginx.tmpl /etc/nginx/nginx.conf 4 | sed -i -e "s/GATEWAY/${GATEWAY_DNS}/g" /etc/nginx/nginx.conf 5 | 6 | if [ ! -e "/etc/nginx/cert.pem" ] || [! -e "/etc/nginx/key.pem" ] 7 | then 8 | openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -sha256 \ 9 | -keyout "/etc/nginx/key.pem" -out "/etc/nginx/cert.pem" \ 10 | -subj "/C=NN/ST=NN/L=NN/O=NN/CN=localhost" 11 | fi 12 | 13 | exec nginx -g "daemon off;" 14 | -------------------------------------------------------------------------------- /policies/handlebars/README.md: -------------------------------------------------------------------------------- 1 | ## Handlebars Policy 2 | 3 | #### Overview 4 | It's a policy to apply a handlebars template. Values will be taken directly from the context. 5 | 6 | #### Properties 7 | See the `policy.yml` 8 | 9 | #### JSON schema 10 | See the `policy.yml` 11 | 12 | #### Throw 13 | The `handlebars` policy may throw a `HandlebarsError` or custom error during the template execution. 14 | 15 | -------------------------------------------------------------------------------- /policies/handlebars/index.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | var Handlebars = require('handlebars'); 7 | var _ = require('lodash'); 8 | 9 | module.exports = function(config) { 10 | var handlebarsPolicyHandler = function(props, context, flow) { 11 | var logger = flow.logger; 12 | logger.debug('ENTER handlebars policy'); 13 | 14 | if (_.isUndefined(props.source) || !_.isString(props.source)) { 15 | flow.fail({ name: 'HandlebarsError', value: 'Missing Handlebars template' }); 16 | return; 17 | } 18 | if (props.output && !_.isString(props.output)) { 19 | flow.fail({ name: 'HandlebarsError', value: 'Invalid output' }); 20 | return; 21 | } 22 | var output = 'message.body'; 23 | if (props.output) { 24 | output = props.output; 25 | } 26 | var templateFn; 27 | try { 28 | templateFn = Handlebars.compile(props.source); 29 | context.set(output, templateFn(context)); 30 | } catch (e) { 31 | flow.fail({ name: 'HandlebarsError', value: 'Invalid Handlebars template' }); 32 | return; 33 | } 34 | logger.debug('EXIT'); 35 | flow.proceed(); 36 | }; 37 | return handlebarsPolicyHandler; 38 | }; 39 | -------------------------------------------------------------------------------- /policies/handlebars/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "handlebars", 3 | "version": "1.0.0", 4 | "description": "Handlebars Policy", 5 | "main": "index.js", 6 | "keywords": [ 7 | "policy", 8 | "api", 9 | "handlebars" 10 | ], 11 | "scripts": { 12 | "test": "echo \"Error: no test specified\" && exit 1" 13 | }, 14 | "dependencies": { 15 | "handlebars": "^4.0.5", 16 | "lodash": "^4.5.1" 17 | }, 18 | "author": "IBM", 19 | "license": "Apache 2.0" 20 | } 21 | -------------------------------------------------------------------------------- /policies/handlebars/policy.yml: -------------------------------------------------------------------------------- 1 | policy: 1.0.0 2 | 3 | info: 4 | title: Handlebars 5 | name: handlebars 6 | version: 1.0.0 7 | description: Handlebars Policy 8 | contact: 9 | name: IBM API Connect 10 | email: ibmapi@us.ibm.com 11 | url: http://www.ibm.com/apiconnect 12 | 13 | gateways: 14 | - micro-gateway 15 | 16 | attach: 17 | - rest 18 | - soap 19 | 20 | properties: 21 | type: object 22 | properties: 23 | source: 24 | label: Source 25 | description: The Handlebars template to apply 26 | default: Hello {{name}}! 27 | type: string 28 | output: 29 | label: Output 30 | description: The context object to write to 31 | default: message.body 32 | type: string 33 | required: 34 | - source 35 | throw: 36 | - HandlebarsError 37 | -------------------------------------------------------------------------------- /policies/invoke/README.md: -------------------------------------------------------------------------------- 1 | ## Invoke 2 | 3 | #### Overview 4 | The invoke policy is capable of calling an api. 5 | 6 | By default, the invoke policy sends data in `context.message` and receives data 7 | in `context.message` from the api. After the return of the invoke policy, the 8 | content of `context.message` is updated. Check the `status.code`, 9 | `status.reason`, `headers`, and `body` in the `context.message` for the returned 10 | result. 11 | 12 | 13 | #### Properties 14 | See the `policy.yml` 15 | 16 | #### JSON schema 17 | See the `policy.yml` 18 | 19 | #### Examples 20 | - invoke: 21 | target-url: https://foo.com/order?id=123 22 | timeout: 30 23 | verb: GET 24 | username: dude 25 | password: secret 26 | tls-profile: MySSLProfile 27 | 28 | #### Throw 29 | The `invoke` may throw `PropertyError` for a bad configuration, 30 | `ConnectionError` for connection issues like timeout, and `OperationError` for 31 | non-2xx response code. With the `stop-on-error` property, customers can control 32 | the assembly flow when there are errors during the execution of the invoke 33 | policy. Please see the `policy.yml` for details. 34 | 35 | -------------------------------------------------------------------------------- /policies/invoke/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "invoke", 3 | "version": "1.0.0", 4 | "description": "Invoke Policy", 5 | "main": "index.js", 6 | "keywords": [ 7 | "policy", 8 | "api", 9 | "apiconnect", 10 | "invoke" 11 | ], 12 | "author": "IBM", 13 | "license": "Apache 2.0", 14 | "dependencies": { 15 | "debug": "^2.x" 16 | }, 17 | "scripts": { 18 | "test": "echo \"Error: no test specified\" && exit 1" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /policies/javascript/README.md: -------------------------------------------------------------------------------- 1 | ## JavaScript Policy 2 | 3 | #### Overview 4 | It's a policy to execute a snippet of JavaScript code. The JavaScript code is executed with limited capabilities. The limitations are: 5 | 6 | - No `require()` is available 7 | - Global objects of nodejs are not available 8 | - Can't use 'use strict' inside the JavaScript code 9 | - Therefore, no block-scoped declarations. i.e.: let and const 10 | 11 | Inside the JavaScript code, the properties of context object could be accessed/modified directly. For example: 12 | ``` 13 | if (request.verb === 'POST') { 14 | //perform some business logic when the request is POST 15 | } 16 | ``` 17 | 18 | You can throw an error object which contains the error information and changes the flow afterwards. For example: 19 | ``` 20 | if (request.body.order === undefined) { 21 | throw { name : 'IncorrectOrder', message: 'the payload should contain valid order' }; 22 | } 23 | ``` 24 | 25 | The error object above could be caught by `catch` assembly like this: 26 | ``` 27 | catch: 28 | - errors: 29 | - 'IncorrectOrder' 30 | execute: 31 | - set-variable: 32 | actions: 33 | - set: 'message.body' 34 | value: '{ "error" : "found an incorrect order" }' 35 | ``` 36 | 37 | #### Properties 38 | See the `policy.yml` 39 | 40 | #### JSON schema 41 | See the `policy.yml` 42 | 43 | #### Throw 44 | The `javascript` policy may throw a `JavaScriptError` or custom error during the script execution. 45 | 46 | -------------------------------------------------------------------------------- /policies/javascript/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "javascript", 3 | "version": "1.0.0", 4 | "description": "JavaScript Policy", 5 | "main": "index.js", 6 | "keywords": [ 7 | "policy", 8 | "api", 9 | "javascript" 10 | ], 11 | "scripts": { 12 | "test": "echo \"Error: no test specified\" && exit 1" 13 | }, 14 | "dependencies": { 15 | "debug": "^2.2.0", 16 | "lodash": "^4.5.1" 17 | }, 18 | "author": "IBM", 19 | "license": "Apache 2.0" 20 | } 21 | -------------------------------------------------------------------------------- /policies/javascript/policy.yml: -------------------------------------------------------------------------------- 1 | policy: 1.0.0 2 | 3 | info: 4 | title: JavaScript 5 | name: javascript 6 | version: 1.0.0 7 | description: JavaScript Policy 8 | contact: 9 | name: IBM API Connect 10 | email: ibmapi@us.ibm.com 11 | url: http://www.ibm.com/apiconnect 12 | 13 | attach: 14 | - rest 15 | - soap 16 | 17 | properties: 18 | type: object 19 | properties: 20 | source: 21 | label: Source 22 | description: The JavaScript source to execute 23 | default: console.log ('hello apim') 24 | type: string 25 | required: 26 | - source 27 | throw: 28 | - JavaScriptError 29 | -------------------------------------------------------------------------------- /policies/operation-switch/README.md: -------------------------------------------------------------------------------- 1 | ## Operation-Switch 2 | 3 | #### Overview 4 | The Operation Switch policy evaluates the incoming request's 5 | operation `verb` (HTTP `GET`, `POST`, etc), operation `path`, 6 | and `operationId`, matching to a `case` clause, and executes 7 | the policies associated with that case. 8 | 9 | #### Properties 10 | See the [policy.yml](policy.yml) 11 | 12 | #### Examples 13 | 14 | ``` 15 | - operation-switch: 16 | case: 17 | - operations: 18 | - verb: GET 19 | path: /order 20 | execute: 21 | - set-variable: 22 | actions: 23 | - set: message.body 24 | value: Retrieve orders 25 | - operations: 26 | - createOrder 27 | execute: 28 | - set-variable: 29 | actions: 30 | - set: message.body 31 | value: A new order is created 32 | ``` 33 | -------------------------------------------------------------------------------- /policies/operation-switch/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "operation-switch", 3 | "version": "1.0.0", 4 | "description": "Operation-Switch Policy", 5 | "main": "index.js", 6 | "keywords": [ 7 | "policy", 8 | "api", 9 | "apiconnect", 10 | "operation", 11 | "switch" 12 | ], 13 | "author": "IBM", 14 | "license": "Apache 2.0", 15 | "dependencies": { 16 | "debug": "^2.x" 17 | }, 18 | "scripts": { 19 | "test": "echo \"Error: no test specified\" && exit 1" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /policies/operation-switch/policy.yml: -------------------------------------------------------------------------------- 1 | policy: 1.1.0 2 | 3 | info: 4 | title: Operation-Switch 5 | name: operation-switch 6 | version: 1.0.0 7 | description: Operation-Switch policy for the IBM API Connect 8 | contact: 9 | name: IBM API Connect 10 | url: https://www.ibm.com/apiconnect 11 | email: ibmapi@us.ibm.com 12 | properties: 13 | type: "object" 14 | properties: 15 | title: 16 | type: string 17 | case: 18 | type: array 19 | minItems: 1 20 | items: 21 | type: object 22 | required: 23 | - operations 24 | - execute 25 | properties: 26 | operations: 27 | type: array 28 | minItems: 1 29 | items: 30 | oneOf: 31 | - operationId: 32 | type: string 33 | - operationVerbPath: 34 | type: object 35 | required: 36 | - verb 37 | - path 38 | properties: 39 | verb: 40 | type: string 41 | path: 42 | type: string 43 | execute: 44 | type: array 45 | minItems: 1 46 | items: 47 | $ref: '#/definitions/assembly-policy' 48 | required: 49 | - case 50 | -------------------------------------------------------------------------------- /policies/rate-limiting/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "apiconnect-policy-rate-limiting", 3 | "version": "1.0.0", 4 | "description": "Rate Limiting Policy for API Connect", 5 | "main": "index.js", 6 | "scripts": { 7 | }, 8 | "keywords": [ 9 | "apiconnect", 10 | "policy", 11 | "rate", 12 | "limiting" 13 | ], 14 | "author": "IBM", 15 | "license": "Apache 2.0" 16 | } 17 | -------------------------------------------------------------------------------- /policies/rate-limiting/policy.yml: -------------------------------------------------------------------------------- 1 | policy: 1.0.0 2 | 3 | info: 4 | title: Rate Limiting 5 | name: rate-limiting 6 | version: 1.0.0 7 | description: Limit the number of API requests 8 | contact: 9 | name: IBM API Connect 10 | url: https://www.ibm.com/apiconnect 11 | email: ibmapi@us.ibm.com 12 | 13 | properties: 14 | type: "object" 15 | properties: 16 | requests: 17 | label: ${messages:property.requests.label} 18 | description: ${messages:property.requests.description} 19 | type: integer 20 | minimum: 1 21 | #default: 1000 22 | unit: #scale: 23 | label: ${messages:property.scale.label} 24 | description: ${messages:property.scale.description} 25 | enum: 26 | - second 27 | - minute 28 | - hour 29 | - day 30 | - week 31 | #default: day 32 | period: 33 | label: ${messages:property.period.label} 34 | description: ${messages:property.period.description} 35 | type: integer 36 | minimum: 1 37 | default: 1 38 | reject: 39 | label: ${messages:property.reject.label} 40 | description: ${messages:property.reject.description} 41 | type: boolean 42 | default: true 43 | shared: 44 | label: ${messages:property.sharedCounter.label} 45 | description: ${messages:property.sharedCounter.description} 46 | type: boolean 47 | default: true 48 | #unlimited: 49 | # label: ${messages:property.unlimited.label} 50 | # description: ${messages:property.unlimited.description} 51 | # type: boolean 52 | # default: false 53 | required: 54 | - requests 55 | - unit 56 | - period 57 | - reject 58 | -------------------------------------------------------------------------------- /policies/rate-limiting/redis.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | var RateLimiter = require('rolling-rate-limiter'); 7 | var redis = require('redis'); 8 | var handleResponse = require('./helper').handleResponse; 9 | var logger = require('apiconnect-cli-logger/logger.js') 10 | .child({ loc: 'microgateway:policies:rate-limiting:redis' }); 11 | 12 | module.exports = function(options) { 13 | options = options || {}; 14 | var redisOptions = options.redis || {}; 15 | var client = // redisOptions.client || 16 | redis.createClient(redisOptions); 17 | 18 | var limit = options.limit; 19 | var interval = options.interval; 20 | var reject = options.reject; 21 | 22 | var limiter = RateLimiter({ 23 | redis: client, 24 | namespace: options.prefix, 25 | interval: interval, 26 | maxInInterval: limit }); 27 | 28 | return function(props, context, flow) { 29 | var key = options.getKey(); 30 | logger.debug('Key: %s', key); 31 | if (!key) { 32 | return flow.proceed(); 33 | } 34 | 35 | var fields = key.split(':'); 36 | var name = fields[fields.length - 1]; 37 | limiter(key, function(err, timeLeft, remaining) { 38 | if (err) { 39 | return flow.fail(err); 40 | } 41 | logger.debug('Result: %d %d', timeLeft, remaining); 42 | handleResponse(name, limit, remaining, timeLeft, reject, context, flow); 43 | }); 44 | }; 45 | }; 46 | -------------------------------------------------------------------------------- /policies/set-variable/README.md: -------------------------------------------------------------------------------- 1 | ## Set Variable 2 | 3 | #### Overview 4 | The set-variable policy manipulates context variables in the runtime 5 | 6 | #### Properties 7 | See the `policy.yml` 8 | 9 | #### JSON schema 10 | See the `policy.yml` 11 | 12 | #### Examples 13 | ``` 14 | - set-variable: 15 | actions: 16 | - set: message.headers.X-FOO-ID 17 | value: hello world 18 | - clear: message.headers.X-BAR-ID 19 | ``` 20 | 21 | #### Throw 22 | The `set-variable` may throw a `PropertyError` if action is not in set, add, and clear. 23 | -------------------------------------------------------------------------------- /policies/set-variable/index.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | var _ = require('lodash'); 7 | 8 | module.exports = function(config) { 9 | return function(props, context, flow) { 10 | var logger = flow.logger; 11 | 12 | var hasError = props.actions.some(function(action) { 13 | if (action.hasOwnProperty('set')) { 14 | logger.debug('set "%s" to %j', action.set, action.value); 15 | 16 | context.set(action.set, action.value); 17 | } else if (action.hasOwnProperty('add')) { 18 | logger.debug('add "%s" to %j', action.add, action.value); 19 | 20 | var value = context.get(action.add); 21 | if (_.isNil(value)) { 22 | value = _.concat([], action.value); 23 | } else if (_.isArray(value)) { 24 | value = _.concat(value, action.value); 25 | } else { 26 | value = _.concat([], value, action.value); 27 | } 28 | 29 | context.set(action.add, value); 30 | } else if (action.hasOwnProperty('clear')) { 31 | logger.debug('clear the "%s"', action.clear); 32 | 33 | context.del(action.clear); 34 | } else { 35 | logger.error('Action is not one of set, add, and clear.'); 36 | 37 | var error = { 38 | name: 'PropertyError', 39 | message: 'Action is not one of set, add, and clear.' }; 40 | flow.fail(error); 41 | return true; 42 | } 43 | }); 44 | 45 | if (!hasError) { 46 | flow.proceed(); 47 | } 48 | }; 49 | }; 50 | -------------------------------------------------------------------------------- /policies/throw/README.md: -------------------------------------------------------------------------------- 1 | ## Throw 2 | 3 | #### Overview 4 | The `throw` policy allows the assembly devloper to throw a custom error at runtime. 5 | 6 | Specify the `name` and the human-readable `message` to generate a custom error. The error can be caught by its name. 7 | 8 | 9 | #### Properties 10 | See the `policy.yml` 11 | 12 | #### JSON schema 13 | See the `policy.yml` 14 | 15 | #### Examples 16 | ``` 17 | - throw: 18 | name: DeleteOrderError 19 | message: Cannot find the order with the id '123' 20 | ``` 21 | 22 | #### Throw 23 | The `throw` may throw any custom error. 24 | -------------------------------------------------------------------------------- /policies/throw/index.js: -------------------------------------------------------------------------------- 1 | // © Copyright IBM Corporation 2016,2017. 2 | // Node module: microgateway 3 | // LICENSE: Apache 2.0, https://www.apache.org/licenses/LICENSE-2.0 4 | 5 | 'use strict'; 6 | 7 | module.exports = function(config) { 8 | return function(props, context, flow) { 9 | var error = { 10 | name: (props.name ? props.name + '' : 'ThrowError'), 11 | message: (props.message ? props.message + '' : undefined), 12 | }; 13 | 14 | var logger = flow.logger; 15 | logger.error('[throw] throwing %j', error); 16 | flow.fail(error); 17 | }; 18 | }; 19 | -------------------------------------------------------------------------------- /policies/throw/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "throw", 3 | "version": "1.0.0", 4 | "description": "Throw Policy", 5 | "main": "index.js", 6 | "keywords": [ 7 | "policy", 8 | "api", 9 | "apiconnect", 10 | "throw" 11 | ], 12 | "author": "IBM", 13 | "license": "Apache 2.0", 14 | "dependencies": { 15 | "debug": "^2.x" 16 | }, 17 | "scripts": { 18 | "test": "echo \"Error: no test specified\" && exit 1" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /policies/throw/policy.yml: -------------------------------------------------------------------------------- 1 | policy: 1.1.0 2 | 3 | info: 4 | title: Throw 5 | name: throw 6 | version: 1.0.0 7 | description: Throw policy for the IBM API Connect 8 | contact: 9 | name: IBM API Connect 10 | url: https://www.ibm.com/apiconnect 11 | email: ibmapi@us.ibm.com 12 | 13 | properties: 14 | type: "object" 15 | properties: 16 | name: 17 | label: Error name 18 | description: The name of the error to be thrown 19 | type: string 20 | message: 21 | label: Error message 22 | description: The message to be sent with the error 23 | type: string 24 | required: 25 | - name 26 | throw: 27 | - '*' 28 | -------------------------------------------------------------------------------- /policies/validate/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "apiconnect-policy-validate", 3 | "version": "1.0.0", 4 | "description": "Validate Policy for API Connect", 5 | "main": "index.js", 6 | "scripts": { 7 | }, 8 | "keywords": [ 9 | "apiconnect", 10 | "policy", 11 | "validate" 12 | ], 13 | "author": "IBM", 14 | "license": "Apache 2.0" 15 | } 16 | -------------------------------------------------------------------------------- /policies/validate/policy.yml: -------------------------------------------------------------------------------- 1 | policy: 1.0.0 2 | 3 | info: 4 | title: Validate 5 | name: validate 6 | version: 1.0.0 7 | description: Use the validate policy to validate the payload in an assembly flow against a JSON schema. 8 | contact: 9 | name: IBM API Connect 10 | email: ibmapi@us.ibm.com 11 | url: http://www.ibm.com/apiconnect 12 | 13 | attach: 14 | - rest 15 | 16 | properties: 17 | type: object 18 | properties: 19 | definition: 20 | label: Definition 21 | description: Specify a Swagger schema definition with which to validate the payload ('request', 'response', '#/definitions/XXXX' or XXXX). 22 | type: "string" 23 | required: 24 | - definition 25 | -------------------------------------------------------------------------------- /test/definitions/analytics/id_rsa.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoxEGGE27ivNCXR6J60CI 3 | zCKEmW4MeO11zgNoB8JjEzd9xwY+hhuFHmtMUP86mY7ooTgZnHbbwiMA3Dzy/T8w 4 | MfY5105nGZerdZ8nt1HV5sLwwsDF9fCtKOeTEKW1eU6LCkQbAO/uPIxco1rPdkfE 5 | 4QdYxO6YGhI+W5Nrr43HvFeoSmRL42xFxHWsqeF4NHD8DqCIu20EWwX3dbKAHIHe 6 | looanxF/rtkbKKq07iTGbethU6GMzJBq+qsrd7y6BIsO6qT8+2H0V8TNMvlOA9A/ 7 | 6AnnENwOJAeQwTVjy5lzz+iiChV2ZM255kBEHRUKs0MtDCysX8+jmUzmgmlIbRiz 8 | vznmpQtL8HJdqUITz3DitFj1puPvNe608tR7r2+fkQRKAPI6d2p31/upDndsonKY 9 | ngN3d00hm1K84NcFacyJ/I4qYo6hmLlWw2Yb25MUx4WUc/Nop94mzl2kF1I/ujoA 10 | FSxXl1lLdyJZGs7ngC42ezchOHRXLSPwFT/oWXYMtZ9QHIHSsX4VLwWODc+BnzsP 11 | E3nW0Sitj4CkkBPghoOnrX9jB928Kn4KSeKt9IsWXnNpTY53G+hVzpCp9cr0SdiT 12 | 4SNzvyjzIFaEqeIHNQMqiIEQ0Ugbw6Jo5wRji8CJzX4LRgkykpKQSqXbTgT9KdLV 13 | Mty9AW3RwVVyuWABD7fcbCcCAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /test/definitions/analytics/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/analytics/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/analytics/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing TLS profiles" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/apic-config/apic-tls-profiles.json: -------------------------------------------------------------------------------- 1 | { 2 | "theTlsProfile-bob": { 3 | "ca": [ 4 | "root.crt", 5 | "root2.crt" 6 | ], 7 | "cert": "bob.crt", 8 | "key": "bob.key", 9 | "rejectUnauthorized": true, 10 | "secureProtocols": [ 11 | "TLSv1_1_method", 12 | "TLSv1_2_method" 13 | ] 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /test/definitions/apic-config/apic.json: -------------------------------------------------------------------------------- 1 | { 2 | "COMMENT": "The APIs 'weather' and 'invoke' are public, they have no security requirement.", 3 | "applications": { 4 | "foo": { 5 | "client-secret": "fooSecret", 6 | "oauth-redirection-uri": "http://foo.com/redirect", 7 | "subscription": "plan-b" 8 | }, 9 | "bar": { 10 | "client-secret": "barSecret", 11 | "oauth-redirection-uri": "http://bar.com/redirect", 12 | "subscription": "plan-a" 13 | } 14 | }, 15 | "plans": { 16 | "plan-a": { 17 | "apis": [ 18 | "invoke", 19 | "stock-quote", 20 | "weather" 21 | ], 22 | "hard-limit": false, 23 | "rate-limit": "100/minute" 24 | }, 25 | "plan-b": { 26 | "apis": [ 27 | "bank-account" 28 | ], 29 | "hard-limit": true, 30 | "rate-limit": "1/second" 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /test/definitions/apic-config/swagger-bank-account.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | version: 1.0.0 4 | title: BankAccount 5 | x-ibm-name: bank-account 6 | host: $(catalog.host) 7 | basePath: /account 8 | paths: 9 | /balance: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | securityDefinitions: 15 | api-key-client-secret: 16 | type: apiKey 17 | description: '' 18 | in: header 19 | name: X-IBM-Client-Secret 20 | api-key-client-d: 21 | type: apiKey 22 | description: '' 23 | in: header 24 | name: X-IBM-Client-Id 25 | security: 26 | - api-key-client-secret: [] 27 | api-key-client-d: [] 28 | schemes: 29 | - http 30 | produces: 31 | - application/json 32 | x-ibm-configuration: 33 | assembly: 34 | execute: 35 | - set-variable: 36 | title: set-variable 37 | actions: 38 | - set: message.body 39 | value: '{ "id": "$(client.app.id)", "balance": 23501 }' 40 | - set: message.headers.content-type 41 | value: application/json 42 | enforced: true 43 | testable: true 44 | phase: realized 45 | cors: 46 | enabled: true 47 | 48 | -------------------------------------------------------------------------------- /test/definitions/apic-config/swagger-invoke.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | version: 1.0.0 4 | title: Invoke 5 | x-ibm-name: invoke 6 | host: $(catalog.host) 7 | basePath: /invoke 8 | paths: 9 | /: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | securityDefinitions: {} 15 | security: [] 16 | schemes: 17 | - http 18 | produces: 19 | - application/json 20 | x-ibm-configuration: 21 | assembly: 22 | execute: 23 | - invoke: 24 | target-url: "https://localhost:8890/" 25 | tls-profile: "theTlsProfile-bob" 26 | enforced: true 27 | testable: true 28 | phase: realized 29 | cors: 30 | enabled: true 31 | 32 | -------------------------------------------------------------------------------- /test/definitions/apic-config/swagger-stock-quote.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | version: 1.0.0 4 | title: StockQuote 5 | x-ibm-name: stock-quote 6 | host: $(catalog.host) 7 | basePath: /stock/quote 8 | paths: 9 | /: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | parameters: 15 | - name: symbol 16 | type: string 17 | required: true 18 | in: query 19 | description: stock symbol 20 | securityDefinitions: 21 | api-key-client-secret: 22 | type: apiKey 23 | description: '' 24 | in: header 25 | name: X-IBM-Client-Secret 26 | api-key-client-d: 27 | type: apiKey 28 | description: '' 29 | in: header 30 | name: X-IBM-Client-Id 31 | security: 32 | - api-key-client-secret: [] 33 | api-key-client-d: [] 34 | schemes: 35 | - http 36 | produces: 37 | - application/json 38 | x-ibm-configuration: 39 | assembly: 40 | execute: 41 | - set-variable: 42 | title: set-variable 43 | actions: 44 | - set: message.body 45 | value: '{ "$(request.parameters.symbol)": 129 }' 46 | - set: message.headers.content-type 47 | value: application/json 48 | enforced: true 49 | testable: true 50 | phase: realized 51 | cors: 52 | enabled: true 53 | 54 | -------------------------------------------------------------------------------- /test/definitions/apic-config/swagger-weather.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | version: 1.0.0 4 | title: Weather 5 | x-ibm-name: weather 6 | host: $(catalog.host) 7 | basePath: /weather 8 | paths: 9 | /wind: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | /temperature: 15 | get: 16 | responses: 17 | '200': 18 | description: 200 OK 19 | securityDefinitions: {} 20 | security: [] 21 | schemes: 22 | - http 23 | produces: 24 | - application/json 25 | x-ibm-configuration: 26 | assembly: 27 | execute: 28 | - operation-switch: 29 | title: operation-switch 30 | case: 31 | - operations: 32 | - verb: get 33 | path: /wind 34 | execute: 35 | - set-variable: 36 | title: set-variable 37 | actions: 38 | - set: message.body 39 | value: '{ "wind": "17km/h" }' 40 | - set: message.headers.content-type 41 | value: application/json 42 | - operations: 43 | - verb: get 44 | path: /temperature 45 | execute: 46 | - set-variable: 47 | title: set-variable 48 | actions: 49 | - set: message.body 50 | value: '{ "temperature": "27C" }' 51 | - set: message.headers.content-type 52 | value: application/json 53 | enforced: true 54 | testable: true 55 | phase: realized 56 | cors: 57 | enabled: true 58 | 59 | -------------------------------------------------------------------------------- /test/definitions/assembly/climbingweather-missingbasepath:2.0.0.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | x-ibm-name: climbingweather 4 | title: Climbing Weather 5 | version: 2.0.0 6 | schemes: 7 | - http 8 | host: $(catalog.host) 9 | 10 | consumes: 11 | - application/json 12 | produces: 13 | - application/json 14 | x-ibm-configuration: 15 | testable: true 16 | enforced: true 17 | cors: 18 | enabled: true 19 | gateway: micro-gateway 20 | assembly: 21 | execute: 22 | - invoke: 23 | target-url: 'http://api.climbingweather.com/api/area/daily/518?apiKey=c9db14bf581e6eab4fceaac87b9125ef&days=2' 24 | paths: 25 | /yosemite: 26 | get: 27 | responses: 28 | '200': 29 | description: Success 30 | -------------------------------------------------------------------------------- /test/definitions/assembly/climbingweather-rootpath:2.0.0.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | x-ibm-name: climbingweather 4 | title: Climbing Weather 5 | version: 2.0.0 6 | schemes: 7 | - http 8 | host: $(catalog.host) 9 | basePath: /v2 10 | consumes: 11 | - application/json 12 | produces: 13 | - application/json 14 | x-ibm-configuration: 15 | testable: true 16 | enforced: true 17 | cors: 18 | enabled: true 19 | gateway: micro-gateway 20 | assembly: 21 | execute: 22 | - operation-switch: 23 | title: operation-switch 24 | case: 25 | - operations: 26 | - get1 27 | execute: 28 | - invoke: 29 | target-url: 'http://api.climbingweather.com/api/area/daily/518?apiKey=c9db14bf581e6eab4fceaac87b9125ef&days=2' 30 | - operations: 31 | - get2 32 | execute: 33 | - invoke: 34 | target-url: 'http://api.climbingweather.com/api/area/daily/518?apiKey=c9db14bf581e6eab4fceaac87b9125ef&days=2' 35 | paths: 36 | /: 37 | get: 38 | operationId: get1 39 | responses: 40 | '200': 41 | description: Success 42 | /yosemite: 43 | get: 44 | operationId: get2 45 | responses: 46 | '200': 47 | description: Success 48 | -------------------------------------------------------------------------------- /test/definitions/basic/basic-product_1.0.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "product": "1.0.0", 3 | "info": { 4 | "name": "basic-product", 5 | "title": "basic-product", 6 | "version": "1.0.0" 7 | }, 8 | "apis": [ 9 | { 10 | "$ref": "basic:1.0.0" 11 | } 12 | ], 13 | "plans": { 14 | "Default": { 15 | "title": "Default", 16 | "apis": [ 17 | { 18 | "$ref": "basic:1.0.0" 19 | } 20 | ] 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /test/definitions/basic/basic-product_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | product: 1.0.0 2 | info: 3 | name: basic-product 4 | title: basic-product 5 | version: 1.0.0 6 | apis: 7 | basic: 8 | name: 'basic:1.0.0' 9 | plans: 10 | Default: 11 | title: Default 12 | apis: 13 | basic: {} -------------------------------------------------------------------------------- /test/definitions/basic/basic_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: basic 4 | x-ibm-name: basic 5 | securityDefinitions: 6 | basic-ldap: 7 | type: basic 8 | description: '' 9 | x-ibm-authentication-url: 10 | url: 'ldap://localhost:1389' 11 | basic-http: 12 | type: basic 13 | description: '' 14 | x-ibm-authentication-url: 15 | url: 'http://localhost:8889/auth' 16 | basePath: /basic 17 | swagger: '2.0' 18 | paths: 19 | /path-2: 20 | get: 21 | responses: 22 | '200': 23 | description: 200 OK 24 | security: 25 | - basic-http: [] 26 | /path-1: 27 | get: 28 | responses: 29 | '200': 30 | description: 200 OK 31 | security: 32 | - basic-ldap: [] 33 | x-ibm-configuration: 34 | assembly: 35 | execute: 36 | - invoke: 37 | title: invoke 38 | target-url: 'http://localhost:8889/' 39 | 40 | schemes: 41 | - 'http' -------------------------------------------------------------------------------- /test/definitions/basic/registries-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.yaml: -------------------------------------------------------------------------------- 1 | id: '56bbacbae4b0f7b17cf97540' 2 | url: 'https://example.com/v1/catalogs/564b48aae4b0869c782edc2b/registries/56bbacbae4b0f7b17cf97540' 3 | name: ldap1 4 | type: ldap 5 | title: ldap1 6 | description: "" 7 | ldap-config: 8 | host: 127.0.0.1 9 | port: 1389 10 | ssl: false 11 | protocol-version: '3' 12 | authenticated-bind: true 13 | authenticated-bind-admin-dn: cn=root 14 | authenticated-bind-admin-password: secret 15 | search-dn-base: 'ou=myorg,ou=com' 16 | search-dn-filter-prefix: (cn= 17 | search-dn-filter-suffix: ) 18 | auth-method: searchDN 19 | bind-prefix: "" 20 | bind-suffix: "" 21 | search-dn-scope: sub 22 | group-auth-method: none 23 | static-group-dn: "" 24 | static-group-filter-prefix: "" 25 | static-group-filter-suffix: "" 26 | static-group-scope: sub 27 | dynamic-group-filter: "" 28 | tls-profile: "" 29 | -------------------------------------------------------------------------------- /test/definitions/context/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Climb On" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/cors/cors-default_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: cors-default 4 | x-ibm-name: cors-default 5 | basePath: /cors-default 6 | swagger: '2.0' 7 | paths: 8 | /path-cors: 9 | get: 10 | responses: 11 | '200': 12 | description: 200 OK 13 | x-ibm-configuration: 14 | assembly: 15 | execute: 16 | - invoke: 17 | title: invoke 18 | target-url: 'http://localhost:8889/' 19 | schemes: 20 | - http -------------------------------------------------------------------------------- /test/definitions/cors/cors-disabled_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: cors-disabled 4 | x-ibm-name: cors-disabled 5 | basePath: /cors-disabled 6 | swagger: '2.0' 7 | paths: 8 | /path-cors: 9 | get: 10 | responses: 11 | '200': 12 | description: 200 OK 13 | x-ibm-configuration: 14 | assembly: 15 | execute: 16 | - invoke: 17 | title: invoke 18 | target-url: 'http://localhost:8889/' 19 | cors: 20 | enabled: false 21 | 22 | schemes: 23 | - http -------------------------------------------------------------------------------- /test/definitions/cors/cors-options_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: cors-options 4 | x-ibm-name: cors-options 5 | basePath: /cors-options 6 | swagger: '2.0' 7 | paths: 8 | /path-cors: 9 | get: 10 | responses: 11 | '200': 12 | description: 200 OK 13 | /path-cors: 14 | options: 15 | responses: 16 | '200': 17 | description: 200 OK 18 | x-ibm-configuration: 19 | assembly: 20 | execute: 21 | - invoke: 22 | title: invoke 23 | target-url: 'http://localhost:8889/' 24 | cors: 25 | enabled: true 26 | schemes: 27 | - http -------------------------------------------------------------------------------- /test/definitions/cors/cors-policy_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: cors-policy 4 | x-ibm-name: cors-policy 5 | basePath: /cors-policy 6 | swagger: '2.0' 7 | paths: 8 | /cors1: 9 | get: 10 | operationId: cors1 11 | responses: 12 | '200': 13 | description: 200 OK 14 | /cors2: 15 | get: 16 | operationId: cors2 17 | responses: 18 | '200': 19 | description: 200 OK 20 | x-ibm-configuration: 21 | assembly: 22 | execute: 23 | - operation-switch: 24 | title: operation-switch 25 | case: 26 | - operations: 27 | - cors1 28 | execute: 29 | - cors: 30 | allow-credentials: true 31 | allow-headers: FOO, BAR 32 | allow-methods: GET, POST 33 | allow-origin: http://foo.example.com 34 | expose-headers: X-Foo-Header, X-Bar-Header 35 | max-age: 3600 36 | 37 | - operations: 38 | - cors2 39 | execute: 40 | - cors: 41 | allow-credentials: false 42 | 43 | - invoke: 44 | title: invoke 45 | target-url: 'http://localhost:8889/' 46 | schemes: 47 | - http 48 | -------------------------------------------------------------------------------- /test/definitions/cors/cors_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: cors 4 | x-ibm-name: cors 5 | basePath: /cors 6 | swagger: '2.0' 7 | paths: 8 | /path-cors: 9 | get: 10 | responses: 11 | '200': 12 | description: 200 OK 13 | x-ibm-configuration: 14 | assembly: 15 | execute: 16 | - invoke: 17 | title: invoke 18 | target-url: 'http://localhost:8889/' 19 | cors: 20 | enabled: true 21 | schemes: 22 | - http -------------------------------------------------------------------------------- /test/definitions/datastore/v1/catalogs/564b48aae4b0869c782edc2b/apis: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/datastore/v1/catalogs/564b48aae4b0869c782edc2b/products: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/datastore/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/datastore/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/datastore/v1/catalogs/564b48aae4b0869c782edc2b/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/datastore/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing datastore" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/default/products-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-5.yaml: -------------------------------------------------------------------------------- 1 | product: 1.0.0 2 | info: 3 | name: uber 4 | title: 'Uber Product' 5 | version: 1.0.0 6 | visibility: 7 | view: 8 | enabled: true 9 | type: public 10 | tags: [] 11 | orgs: [] 12 | subscribe: 13 | enabled: true 14 | type: authenticated 15 | tags: [] 16 | orgs: [] 17 | apis: 18 | uber-api: 19 | name: "uber-api:1.0.0" 20 | plans: 21 | gold: 22 | title: 'Gold Plan' 23 | rate-limit: 24 | hard-limit: false 25 | value: 1/sec 26 | apis: 27 | uber-api: {} 28 | -------------------------------------------------------------------------------- /test/definitions/default/registries-564b48a9e4b0869c782edc24-564b48aae4b0869c782edc2b-.json: -------------------------------------------------------------------------------- 1 | [{"id":"56bbacbae4b0f7b17cf97540","url":"https://example.com/v1/catalogs/564b48aae4b0869c782edc2b/registries/56bbacbae4b0f7b17cf97540","name":"ldap1","type":"ldap","title":"ldap1","description":"","ldap-config":{"host":"127.0.0.1","port":1389,"ssl":false,"protocol-version":"3","authenticated-bind":true,"authenticated-bind-admin-dn":"cn=root","authenticated-bind-admin-password":"secret","search-dn-base":"ou=myorg,ou=com","search-dn-filter-prefix":"(cn=","search-dn-filter-suffix":")","auth-method":"searchDN","bind-prefix":"","bind-suffix":"","search-dn-scope":"sub","group-auth-method":"none","static-group-dn":"","static-group-filter-prefix":"","static-group-filter-suffix":"","static-group-scope":"sub","dynamic-group-filter":"","tls-profile":""}}] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined1/http_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: http 4 | x-ibm-name: http 5 | description: https test suite 6 | basePath: /http 7 | swagger: '2.0' 8 | paths: 9 | /http: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | x-ibm-configuration: 15 | assembly: 16 | execute: 17 | - invoke: 18 | title: invoke 19 | target-url: 'http://localhost:8889/' 20 | schemes: 21 | - http 22 | -------------------------------------------------------------------------------- /test/definitions/https/combined1/https_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: https 4 | x-ibm-name: https 5 | description: https test suite 6 | basePath: /https 7 | swagger: '2.0' 8 | paths: 9 | /https: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | x-ibm-configuration: 15 | assembly: 16 | execute: 17 | - invoke: 18 | title: invoke 19 | target-url: 'http://localhost:8889/' 20 | schemes: 21 | - https 22 | -------------------------------------------------------------------------------- /test/definitions/https/combined1/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined1/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined1/v1/catalogs/564b48aae4b0869c782edc2b/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined1/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing TLS profiles" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/https/combined2/httpandhttps_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: httpandhttps 4 | x-ibm-name: httpandhttps 5 | description: https test suite 6 | basePath: /httpandhttps 7 | swagger: '2.0' 8 | paths: 9 | /httpandhttps: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | x-ibm-configuration: 15 | assembly: 16 | execute: 17 | - invoke: 18 | title: invoke 19 | target-url: 'http://localhost:8889/' 20 | schemes: 21 | - https 22 | - http 23 | -------------------------------------------------------------------------------- /test/definitions/https/combined2/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined2/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined2/v1/catalogs/564b48aae4b0869c782edc2b/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/combined2/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing TLS profiles" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/https/http/http_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: http 4 | x-ibm-name: http 5 | description: https test suite 6 | basePath: /http 7 | swagger: '2.0' 8 | paths: 9 | /http: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | x-ibm-configuration: 15 | assembly: 16 | execute: 17 | - invoke: 18 | title: invoke 19 | target-url: 'http://localhost:8889/' 20 | schemes: 21 | - http 22 | -------------------------------------------------------------------------------- /test/definitions/https/http/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/http/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/http/v1/catalogs/564b48aae4b0869c782edc2b/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/http/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing TLS profiles" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/https/httpsdefault/default_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: http 4 | x-ibm-name: http 5 | description: https test suite 6 | basePath: /http 7 | swagger: '2.0' 8 | paths: 9 | /http: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | x-ibm-configuration: 15 | assembly: 16 | execute: 17 | - invoke: 18 | title: invoke 19 | target-url: 'http://localhost:8889/' -------------------------------------------------------------------------------- /test/definitions/https/httpsexplicit/https_1.0.0.yaml: -------------------------------------------------------------------------------- 1 | info: 2 | version: 1.0.0 3 | title: https 4 | x-ibm-name: https 5 | description: https test suite 6 | basePath: /https 7 | swagger: '2.0' 8 | paths: 9 | /https: 10 | get: 11 | responses: 12 | '200': 13 | description: 200 OK 14 | x-ibm-configuration: 15 | assembly: 16 | execute: 17 | - invoke: 18 | title: invoke 19 | target-url: 'http://localhost:8889/' 20 | schemes: 21 | - https 22 | -------------------------------------------------------------------------------- /test/definitions/https/httpsexplicit/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/httpsexplicit/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/httpsexplicit/v1/catalogs/564b48aae4b0869c782edc2b/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/https/httpsexplicit/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing TLS profiles" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/invoke/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC2jCCAkOgAwIBAgIEXAWA7zANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV 3 | UzELMAkGA1UECBMCTUExEjAQBgNVBAcTCUNhbWJyaWRnZTESMBAGA1UEChMJRGF0 4 | YVBvd2VyMQ4wDAYDVQQDEwVBbGljZTAeFw0wNjA5MjgwMTI1MDZaFw0xNjA5MjUw 5 | MTI1MDZaMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTESMBAGA1UEBxMJQ2Ft 6 | YnJpZGdlMRIwEAYDVQQKEwlEYXRhUG93ZXIxDjAMBgNVBAMTBUFsaWNlMIGfMA0G 7 | CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhfHY/tcY2U74oRyXb8Y/o08HnAMiG55Ey 8 | M0Qad/GVnlIpKndZPnGaYPMB7nA2J3Y/fOtKi3rQClqPMM+Wd54lYG37TwjHde67 9 | YT2TjYncpKOrgScl9GAYyXGcMB/nBERFo0LIiWTQp1gHokCtglxdHqfAJWg7mC08 10 | NeNDvv/xyQIDAQABo4G8MIG5MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFMERS5af 11 | Hx/fIu1OqYpyJ4SDWhUEMH0GA1UdIwR2MHSAFMERS5afHx/fIu1OqYpyJ4SDWhUE 12 | oVakVDBSMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEjAQBgNVBAcTCUNhbWJy 13 | aWRnZTESMBAGA1UEChMJRGF0YVBvd2VyMQ4wDAYDVQQDEwVBbGljZYIEXAWA7zAL 14 | BgNVHQ8EBAMCArwwDQYJKoZIhvcNAQEFBQADgYEAjA+44l1rYsQl9uIyKQz4+xJ5 15 | YR3aiuPonmI8PfDTpc/e9jYZJFYKWgEI6/o1gZ61Fnr85QbJQSE4f7xptcuIaBU9 16 | gkgg6/vBW8AmbNFHMMg3W60cImp8NvCO70AHymkGNidJVg4h4zwjs562JdiHUDP1 17 | ygBCd5ZBhwEHKNs26nY= 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /test/definitions/invoke/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXQIBAAKBgQDhfHY/tcY2U74oRyXb8Y/o08HnAMiG55EyM0Qad/GVnlIpKndZ 3 | PnGaYPMB7nA2J3Y/fOtKi3rQClqPMM+Wd54lYG37TwjHde67YT2TjYncpKOrgScl 4 | 9GAYyXGcMB/nBERFo0LIiWTQp1gHokCtglxdHqfAJWg7mC08NeNDvv/xyQIDAQAB 5 | AoGBAK8zsAWszchkpTpSnf4Z4gG8l8tP9n+r6kuhPed7DwF8NMa7smRreoXDks4L 6 | YLETVHPcMk6HtfN0OA1Old2KMBvRRUIreAqorngSOvVQ14ZAG7wAmVmNNoroHZ1b 7 | uuAVEF8wl4RI8T5Y8RxWdLAr77npJ2cZnKMaeI3KVCA03ISpAkEA8Ne9R7HTGib7 8 | osSwTVq+gnxeRlphdbqqdTRDy+jU0QNT/NYaCbYqvxBLyCasjSVQ+ko9EtKe8E3/ 9 | tng//Mt14wJBAO+tT3MajlIkba9a4IRR3vZV7y/5bebXa/un8lxZ69edJK6vlJsa 10 | fLZ2YXQK1AVQHUK2p52uVSRUWdUk10rQKWMCQQDLEXyc6MjP8jKVyTXF409igi6T 11 | Lz2hoGR9MjY/xe861I2KT5PgwGJGex0Kg+FVmTMv9kyMhF5Sy9FiLv30zjB1AkBB 12 | udEzy3CD7iF2GQHAx4LRIre4/Dm7OBAQrvmzgaU/N4S7ssKZ1iWlE8mdvOpvmoyr 13 | otNMVmZa1BbecH/psDPpAkAo96tZAIQggfphaNEIfK32MHcRQBornvLG5LgScsN6 14 | LJ6MFF4HkmArnVI4LOHm/ijvQUmUuT647Sr/1c6lXK2w 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /test/definitions/invoke/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/invoke/v1/catalogs/564b48aae4b0869c782edc2b/subscriptions: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/invoke/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "564b48aae4b0869c782edc2b", 3 | "url": "https://example.com/v1/catalogs/564b48aae4b0869c782edc2b", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "564b48a9e4b0869c782edc24", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing TLS profiles" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/oauth/v1/catalogs/564b48aae4b0869c782edc2b/registries: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "$note$": "tenant1.xml", 4 | "id": "registry1", 5 | "url": "https://example.com:7203/v1/catalogs/catalog008/registries/registry1", 6 | "name": "ldap200", 7 | "title": "ldap200", 8 | "description": "OpenLDAP with Compose DN + Dynamic Group Authorization", 9 | "type": "ldap", 10 | "ldap-config": { 11 | "host": "example.com", 12 | "port": 389, 13 | "protocol-version": "3", 14 | "ssl": false, 15 | "authenticated-bind": false, 16 | "auth-method": "bindDN", 17 | "bind-prefix": "uid=", 18 | "bind-suffix": ",ou=people,dc=sixfour1,dc=com", 19 | "group-auth-method": "dynamicAuth", 20 | "dynamic-group-filter": "(gidNumber=501)" 21 | } 22 | }, 23 | { 24 | "$note$": "tenant1.xml", 25 | "id": "registry2", 26 | "url": "https://example.com:7203/v1/catalogs/catalog008/registries/registry2", 27 | "name": "ldap203", 28 | "title": "ldap203", 29 | "description": "OpenLDAP with Compose DN + Dynamic Group Authorization", 30 | "type": "ldap", 31 | "ldap-config": { 32 | "host": "example.com", 33 | "port": 389, 34 | "protocol-version": "2", 35 | "ssl": false, 36 | "authenticated-bind": false, 37 | "auth-method": "bindDN", 38 | "bind-prefix": "uid=", 39 | "bind-suffix": ",ou=people,dc=sixfour1,dc=com", 40 | "group-auth-method": "dynamicAuth", 41 | "dynamic-group-filter": "(gidNumber=501)" 42 | } 43 | } 44 | ] 45 | -------------------------------------------------------------------------------- /test/definitions/oauth/v1/catalogs/564b48aae4b0869c782edc2b/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/oauth/v1/catalogs/catalog007/registries: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "$note$": "tenant1.xml", 4 | "id": "registry1", 5 | "url": "https://example.com:7203/v1/catalogs/catalog008/registries/registry1", 6 | "name": "ldap200", 7 | "title": "ldap200", 8 | "description": "OpenLDAP with Compose DN + Dynamic Group Authorization", 9 | "type": "ldap", 10 | "ldap-config": { 11 | "host": "localhost", 12 | "port": 10389, 13 | "protocol-version": "3", 14 | "ssl": false, 15 | "authenticated-bind": false, 16 | "auth-method": "bindDN", 17 | "bind-prefix": "uid=", 18 | "bind-suffix": ",ou=people,dc=sixfour1,dc=com", 19 | "group-auth-method": "dynamicAuth", 20 | "dynamic-group-filter": "(gidNumber=501)" 21 | } 22 | }, 23 | { 24 | "$note$": "tenant1.xml", 25 | "id": "registry2", 26 | "url": "https://example.com:7203/v1/catalogs/catalog008/registries/registry2", 27 | "name": "ldap203", 28 | "title": "ldap203", 29 | "description": "OpenLDAP with Compose DN + Dynamic Group Authorization", 30 | "type": "ldap", 31 | "ldap-config": { 32 | "host": "localhost", 33 | "port": 11389, 34 | "protocol-version": "2", 35 | "ssl": false, 36 | "authenticated-bind": false, 37 | "auth-method": "bindDN", 38 | "bind-prefix": "uid=", 39 | "bind-suffix": ",ou=people,dc=sixfour1,dc=com", 40 | "group-auth-method": "dynamicAuth", 41 | "dynamic-group-filter": "(gidNumber=501)" 42 | } 43 | } 44 | ] 45 | -------------------------------------------------------------------------------- /test/definitions/oauth/v1/catalogs/catalog007/tls-profiles: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/oauth/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [{ 2 | "id": "catalog007", 3 | "url": "https://example.com/v1/catalogs/catalog007", 4 | "name": "sb", 5 | "title": "Sandbox", 6 | "sandbox": true, 7 | "organization": { 8 | "id": "catalog007", 9 | "name": "apim", 10 | "title": "Mock APIm server for testing datastore" 11 | }, 12 | "default": true, 13 | "gateway-cluster": { 14 | "id": "564b45c1e4b0869c782ed85b", 15 | "title": "Gateway", 16 | "host-name": "example.com" 17 | } 18 | }] 19 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-authenticated/v1/catalogs/5714b14ce4b0e6c6f7d287eb/catalogs: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "5714b14ce4b0e6c6f7d287eb", 4 | "url": "https://172.16.154.175/v1/catalogs/5714b14ce4b0e6c6f7d287eb", 5 | "name": "oauth2-ut", 6 | "title": "oauth2-ut", 7 | "sandbox": false, 8 | "organization": { 9 | "id": "5714857ee4b0e6c6f7d28767", 10 | "name": "microgateway-ut", 11 | "title": "microgateway-ut", 12 | "tags": [], 13 | "members": [] 14 | }, 15 | "default": false, 16 | "custom-portal-url": "https://example.com/portal", 17 | "portal-type": "ADVANCED", 18 | "gateway-url": "https://172.16.154.162:5000", 19 | "is-saas": false 20 | } 21 | ] 22 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-authenticated/v1/catalogs/5714b14ce4b0e6c6f7d287eb/registries: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-authenticated/v1/catalogs/5714b14ce4b0e6c6f7d287eb/tls-profiles: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "57457d40e4b06d109c274e71", 4 | "url": "https://172.16.154.175/v1/catalogs/5714b14ce4b0e6c6f7d287eb/tls-profiles/57457d40e4b06d109c274e71", 5 | "name": "new-tls-profile-1", 6 | "title": "New TLS profile 1", 7 | "description": "", 8 | "public": false, 9 | "ciphers": [ 10 | "SSL_RSA_WITH_AES_256_CBC_SHA", 11 | "SSL_RSA_WITH_AES_128_CBC_SHA", 12 | "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 13 | "SSL_RSA_WITH_RCA_128_SHA", 14 | "SSL_RSA_WITH_RCA_128_MD5" 15 | ], 16 | "protocols": [ 17 | "TLSv11", 18 | "TLSv12" 19 | ], 20 | "certs": [], 21 | "org-id": "5714857ee4b0e6c6f7d28767", 22 | "mutual-auth": false 23 | } 24 | ] 25 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-authenticated/v1/catalogs/index.html: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "5714b14ce4b0e6c6f7d287eb", 4 | "url": "https://172.16.154.175/v1/catalogs/5714b14ce4b0e6c6f7d287eb", 5 | "name": "oauth2-ut", 6 | "title": "oauth2-ut", 7 | "sandbox": false, 8 | "organization": { 9 | "id": "5714857ee4b0e6c6f7d28767", 10 | "name": "microgateway-ut", 11 | "title": "microgateway-ut", 12 | "tags": [], 13 | "members": [] 14 | }, 15 | "default": false, 16 | "custom-portal-url": "https://example.com/portal", 17 | "portal-type": "ADVANCED", 18 | "gateway-url": "https://172.16.154.162:5000", 19 | "is-saas": false 20 | } 21 | ] 22 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-authenticated/v1/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC2jCCAkOgAwIBAgIEXAWA7zANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV 3 | UzELMAkGA1UECBMCTUExEjAQBgNVBAcTCUNhbWJyaWRnZTESMBAGA1UEChMJRGF0 4 | YVBvd2VyMQ4wDAYDVQQDEwVBbGljZTAeFw0wNjA5MjgwMTI1MDZaFw0xNjA5MjUw 5 | MTI1MDZaMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTESMBAGA1UEBxMJQ2Ft 6 | YnJpZGdlMRIwEAYDVQQKEwlEYXRhUG93ZXIxDjAMBgNVBAMTBUFsaWNlMIGfMA0G 7 | CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhfHY/tcY2U74oRyXb8Y/o08HnAMiG55Ey 8 | M0Qad/GVnlIpKndZPnGaYPMB7nA2J3Y/fOtKi3rQClqPMM+Wd54lYG37TwjHde67 9 | YT2TjYncpKOrgScl9GAYyXGcMB/nBERFo0LIiWTQp1gHokCtglxdHqfAJWg7mC08 10 | NeNDvv/xyQIDAQABo4G8MIG5MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFMERS5af 11 | Hx/fIu1OqYpyJ4SDWhUEMH0GA1UdIwR2MHSAFMERS5afHx/fIu1OqYpyJ4SDWhUE 12 | oVakVDBSMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEjAQBgNVBAcTCUNhbWJy 13 | aWRnZTESMBAGA1UEChMJRGF0YVBvd2VyMQ4wDAYDVQQDEwVBbGljZYIEXAWA7zAL 14 | BgNVHQ8EBAMCArwwDQYJKoZIhvcNAQEFBQADgYEAjA+44l1rYsQl9uIyKQz4+xJ5 15 | YR3aiuPonmI8PfDTpc/e9jYZJFYKWgEI6/o1gZ61Fnr85QbJQSE4f7xptcuIaBU9 16 | gkgg6/vBW8AmbNFHMMg3W60cImp8NvCO70AHymkGNidJVg4h4zwjs562JdiHUDP1 17 | ygBCd5ZBhwEHKNs26nY= 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-authenticated/v1/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXQIBAAKBgQDhfHY/tcY2U74oRyXb8Y/o08HnAMiG55EyM0Qad/GVnlIpKndZ 3 | PnGaYPMB7nA2J3Y/fOtKi3rQClqPMM+Wd54lYG37TwjHde67YT2TjYncpKOrgScl 4 | 9GAYyXGcMB/nBERFo0LIiWTQp1gHokCtglxdHqfAJWg7mC08NeNDvv/xyQIDAQAB 5 | AoGBAK8zsAWszchkpTpSnf4Z4gG8l8tP9n+r6kuhPed7DwF8NMa7smRreoXDks4L 6 | YLETVHPcMk6HtfN0OA1Old2KMBvRRUIreAqorngSOvVQ14ZAG7wAmVmNNoroHZ1b 7 | uuAVEF8wl4RI8T5Y8RxWdLAr77npJ2cZnKMaeI3KVCA03ISpAkEA8Ne9R7HTGib7 8 | osSwTVq+gnxeRlphdbqqdTRDy+jU0QNT/NYaCbYqvxBLyCasjSVQ+ko9EtKe8E3/ 9 | tng//Mt14wJBAO+tT3MajlIkba9a4IRR3vZV7y/5bebXa/un8lxZ69edJK6vlJsa 10 | fLZ2YXQK1AVQHUK2p52uVSRUWdUk10rQKWMCQQDLEXyc6MjP8jKVyTXF409igi6T 11 | Lz2hoGR9MjY/xe861I2KT5PgwGJGex0Kg+FVmTMv9kyMhF5Sy9FiLv30zjB1AkBB 12 | udEzy3CD7iF2GQHAx4LRIre4/Dm7OBAQrvmzgaU/N4S7ssKZ1iWlE8mdvOpvmoyr 13 | otNMVmZa1BbecH/psDPpAkAo96tZAIQggfphaNEIfK32MHcRQBornvLG5LgScsN6 14 | LJ6MFF4HkmArnVI4LOHm/ijvQUmUuT647Sr/1c6lXK2w 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /test/definitions/oauth2-az/basic-bad-custom-consent/bad-form.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |Greeting..
17 |This app
18 |would like to access your data.
20 |