简体繁体 English

将Fusionauth与Express Gateway集成

[英]Integrating Fusionauth with Express Gateway

原文 2019-07-25 08:58:29 1 1 nestjs/ express-gateway/ fusionauth

I'd like to implement a (small) microservice infrastructure, separating the app business logic (domain-related) from the tedious task of user authentication and api key management. 我想实现一个（小型）微服务基础架构，将应用程序业务逻辑（与域相关）与用户身份验证和api密钥管理这样繁琐的任务分开。

In my scenario, I have some registered Users which belong to some Organizations. 在我的方案中，我有一些属于某些组织的注册用户。 Registered Users can read the data of their Organization (of course with roles and so on) and they also have some automated services which read and write data, using an api-key authentication for simplicity. 注册用户可以读取其组织的数据（当然还有角色等），并且他们还具有一些自动化服务，这些服务使用api-key身份验证来简化数据的读写。

Budget is low (say zero), since it's a concept for now. 预算很低（例如零），因为这是目前的概念。 So no cool paid services like AWS, Azure, Auth0. 因此，没有像AWS，Azure，Auth0这样的出色付费服务。 I'd also like it to run on local containers with Docker. 我也希望它可以在Docker的本地容器上运行。 Preferred language for the business logic is TypeScript/JavaScript ( Nest.js ), although I imagine a language-agnostic scenario. 业务逻辑的首选语言是TypeScript / JavaScript（ Nest.js ），尽管我认为与语言无关。

So my idea was to use: 所以我的想法是使用：

FusionAuth for user management, since it provides a neat UI and all the stuff for managing user data (CIAM) and supports many authentication strategies (OAuth2, JWT, ...), defines user, applications, roles, etc, but does not handle per-application api-keys nor routing ( it is not an api-gateway ) . 用于用户管理的FusionAuth ，因为它提供了一个简洁的UI和用于管理用户数据（CIAM）的所有内容，并支持许多身份验证策略（OAuth2，JWT等），定义了用户，应用程序，角色等，但无法处理每个应用程序的api键或路由（ 它不是api网关 ）。
Express Gateway for api-key authentication, routing and access to consumed services, but bypassing its user and application management system, which I feel I don't need here Express Gateway用于api密钥身份验证，路由和对已使用服务的访问，但绕过了它的用户和应用程序管理系统，我觉得我在这里不需要
Nest.js (or other web frameworks) for the business logic service(s), eg inserting and querying data to/from the main application database(s) 用于业务逻辑服务的Nest.js （或其他Web框架），例如，向/从主应用程序数据库插入和查询数据

I'd like FusionAuth and Express Gateway to work together, but it's not clear to me whether I need to implement a custom express-gateway-plugin or not (eg use jwt?). 我希望FusionAuth和Express Gateway可以一起工作，但是我不清楚我是否需要实现自定义的express-gateway-plugin（例如，使用jwt？）。

Everything will work behind a reverse proxy (nginx) that will handle https. 一切都会在处理HTTPS的反向代理（nginx）后面起作用。

I'd like to hear some suggestions, eg if this scenario can be correct and if those technologies can work well together, if somebody experienced a similar scenario, or if there are better alternatives for this scenario. 我想听听一些建议，例如，这种情况是否正确，这些技术是否可以很好地协同工作，是否有人遇到过类似的情况，或者是否有更好的替代方法。

1 个解决方案

I'm using React and the full Express package, but you can see what I've started at my repo I have linked. 我正在使用React和完整的Express包，但是您可以在我链接的仓库中看到我开始的内容。 Not everything is implemented yet, but you can see how I implement login via JWT and refresh tokens, and how I authenticate access to pages. 尚未实现所有功能，但是您可以看到我如何通过JWT和刷新令牌实现登录，以及如何对页面访问进行身份验证。 In my application, the frontend makes requests to Express to determine access to a page, so it's a little different than you'll typically see. 在我的应用程序中，前端向Express发出请求以确定对页面的访问，因此它与您通常看到的有所不同。 This does add some load time since it involves two HTTPS requests (or local host as in the codebase example). 这确实增加了一些加载时间，因为它涉及两个HTTPS请求（或本地主机，如代码库示例中所示）。 It might not be quite what you're looking for, but it may give you some ideas. 它可能不是您要找的东西，但是可能会给您一些想法。