search

mattrw89 / smoke_signal_backend

The backend service for smoke_signal (working name)
0 stars 0 forks source link

HTTP data flow #6

Open mattrw89 opened 9 years ago

mattrw89 commented 9 years ago
  1. HTTP INPUT (do we want HTTPS integrated into the Go app or do we use nginx up front? It may not matter if we're using Docker to deploy. Whether we integrate nginx into the container or use HTTPS in Go. I don't know whether Go or nginx would be more secure. I would think nginx is more robust and would be patched faster. )
  2. Create log entry. Get start time for request and store
  3. Open a database connection and store in request context? Probably need a connection pool.
  4. Inspect access token/Bearer header. If token, check if valid and get the user object and store it in context. If not, store that we're not authenticated
  5. Hit top-level router. All routes w/o access token requirement go first. Think /auth/token, /auth/resetPassword type of stuff. Would also include oauth2 callback routes. The else case will be a secondary router which requires authentication. This router will have the real REST application routes.
  6. Controller code for the endpoint.

Ideas? Improvements? Total miss?

TJkrusinski commented 9 years ago
  1. SSL termination before the app! Doing that in the app is a huge pain for local dev.
  2. Me gusta
  3. Connection pool I'd say.
  4. Me gusta
  5. sounds good
  6. makes sense

I think it's sound?

mattrw89 commented 9 years ago

Totally agreed on SSL termination. Didn't even think about development! I know nginx pretty well now too!