Bot releases are hidden (Show)

express-gateway - v1.8.0

Published by XVincentX over 6 years ago

Express Gateway v1.8.0 has been released.

This release bring two interesting new features as well as couple of bug fixes and code reorganization.

Added

We have added a new condition called tlsClientAuthenticated. This condition can be useful when you'd like to check, on policy level, if the client provided a valid client certificate, and react accordingly. For more informations, check out our documentation. Check out our blog as well to understand a good use case for it #674
When a new gateway has been created, you'll now see a nice url that'll point you directly to our Gitter channel #676

Changed

All the project's dependencies have been updated to the last current version #668
The JWT Json Schema has been updated to contain some parameters that were missing #662
We have reorganized the Proxy policy a bit. In the current state, the policy was the result of a bad accumulation of requirements that changed over the time. That made a bit hard to reason about the code and understand where to change the things. This small refactor should hopefully make it more readable. As it's the main policy you might want to use, we'll probably work on it again in one of the following releases #661
After a long discussion, we decided to bring to the Proxy policy the support to both http_proxy and HTTP_PROXY environment variables. We have looked around and, although we know that usually environment variables are upper case, for this one in particular the community seems to be divided — hence our decision #661
We have revamped our Docker images. We were previously offering two Docker images based on the templates that the CLI is offering. However, this was not exactly compliant with the Docker guidelines. So we made several changes and followed the official guidelines. The result is that now we provide a single docker image. You'll then provide the configuration files via a volume mount. Given our work, we've also submitted our docker images to be part of the official images program. The process will take a while, but our final aim is to be part of it. #628

Fixed

The internal error, when a JSON Schema registration fails in the system, is now correctly propagated back to the user so it's easier to know what's going on #664

express-gateway - v1.7.4

Published by XVincentX over 6 years ago

Express Gateway v1.7.4 has been released with a small fix for the CLI experience

Fixed

Fixed the bad default Admin API Url that was preventing the CLI from working correctly in some cases #671

express-gateway - v1.7.3

Published by XVincentX over 6 years ago

Howdy guys!

It's time for another Express-Gateway release.

We've a bit slowed down on Express Gateway lately as we've been pretty busy in deploying some instances on production environments. During the mission, we collected some edge cases and we've put them into this release.

Added

When validating an external JWT and checkCredentialExistence flag is false, the gateway will set the received JWT as the current user object, so you can extract the informations you care about directly from there instead of putting you as an anonymous user #643
Express-Gateway's schema validator (ajv) has now the coercing option enabled. This means that the gaetway will try to convert your data to the correct type whenever is possible. This was required to fully support environment variables in JSON configuration files. #659

Changed

When a policy cannot be loaded, for any reason, an error message will now be shown on the screen so you should know what's happening in an easier way #640
The environment variable support permitted us to remove a small hack we were doing in our test code to check the Redis support #644
Proxy policy has beed reorganized a bit so it's easier to read and reason about it #661

Fixed

The internal http client that talks with the Admin API (and used by the command line) is now correctly encoding all the query parameters that are sent to the API #635 #631 — thanks @iwko for his collaboration.
It is now possible to insert a new basic credential even if you have another one deactivated on the same consumer #660

express-gateway - v1.7.2

Published by XVincentX over 6 years ago

Changed

We've gone through all the policies and extracted, where it made sense, all the default values from the middleware code so you have better insight what's happening under the hood for you #627

express-gateway - v1.7.1

Published by XVincentX over 6 years ago

Fixed

eg plugin install command now does not break the the system.config.yml file anymore #623

express-gateway - v1.7.0

Published by XVincentX over 6 years ago

Here we are again with another Express Gateway release.

This time we wanted to focus on a single particular feature that the community has been asking a lot and it was worth to release it as soon as possible given the benefits of environment variable in configuration files.

Added

Express Gateway now supports environment variables in both configuration files. Check the docs to understand the syntax. #620

Changed

The configuration handler has been refactored so there's less duplication as well as a single chokidar watcher for hot reload feature. #620

express-gateway - v1.6.1

Published by XVincentX over 6 years ago

Fixed

JSON Schema for gateway.config.json was missing some edge cases used in our templates. This was degrading the getting started experience. We've fixed the schema as well as added tests so the getting started templates are always verified to be correct. #614 #616

express-gateway - v1.6.0

Published by XVincentX almost 7 years ago

After all Christmas time holidays, where probably most of you went back to home with your relatives, probably sipping some tea on the sofa, we're all back to work.

We aren't an exception and we're opening the 2018 with a new Express Gateway version

Express-Gateway v1.6.0 is here.

In this release we took advantage of the Christmas slowdown and started to pay some technical debt we've been accumulating over the time. 🎅. The most notable change here is the support for Node 9.

Moreover, we have been working a lot in extending our JSON Schema support.

We already introduced its support for policies, conditions and even for plugins. We decided to keep moving forward and now we're using it as well as for configuration files system.config,gateway.config and models.

We have departed from our homemade JSONSchemaesque system and fully adopted the JSON Schema standard. This will let you express complex model constraints as well as additional property in a standard way.

Thanks to the schema based validation system we've also discovered two subtle bugs that were really hard to detect. This is a sign we're moving toward the right direction. 👍

What am I supposed to do with the old `.js` models? 😱

They won't be loaded anymore by the gateway. Therefore, their presence is basically useless and you should remove them from your models directory and replace them with the new JSON Schema based one.

We have provided a migration script that will go through your current models and transform them into their respective JSON Schema version:

npx migrate --migrations-dir ./node_modules/express-gateway/migrations/ up

This script, however, will run automatically when you upgrade your EG version.

I do not trust you and I want to migrate the things by myself. What are the steps?

In case you didn't modify the schemas at all, this is a really trivial task. You just need to copy and paste these files.

In case you put some custom properties, you'll need to convert them in a JSON Schema property.

This should be extremely easy, though:

This property:

module.exports = {
  properties: {
    firstname: {isRequired: true, isMutable: true},
    //…other properties
  }
};

Becomes:

"firstname": {
  "type": "string"
},
"required": [
  "username",
  "firstname",
  "lastname"
]

Either way you decide to go, once the migration is over and you verified that the gateway is starting correctly, you can safely delete the old .js files.

For extended informations about JSON Schema, check out their website

In case you enter any issue during the migration process or you're in doubt, feel free to ask for questions in our Gitter channel

Detailed Changelog

Added

The gateway is now completely compatible with Node 9 #596 🚀
The gateway now refuses to start if the policies configuration is not valid with regards of its JSON Schema #571
The gateway now shows a warning when a policy or a condition is not providing a schema. The gateway will still start (and of course it will skip the validation, but this should encourage the user to provide one) #571
system.config and gateway.config are now validated through JSON Schema #592
It is now possible to specify a session provider for the oAuth2 policy #601

Changed

Remove body parser direct dependencies. They're part of expressjs #585
Kill custom error classes. We'll stick with default Error object. #588
Deduplicate model instances in the codebase, so we do not have to copy paste the models everytime #576
Removed useless models manipulations in tests #580
All the possible validations have been moved from the code to the JSON Schema #571
All the schemas have now a consistent unique id http://express-gaetway.io/policy/something.json or http://express-gaetway.io/condition/something.json #571
The Schemas API Endpoint has been modified to take advantage of the unique id backed into the schemas #571
.js based model have been replaced with JSON Schema based ones #581
We have update different dependencies in our project #602

Fixed

Fixed some wrong JSON Schemas #571
Fixed the hot-reload mechanism. In case of new wrong config, the gateway was crashing instead of discard the new proposed configuration #592
The application service wasn't checking for user existence when inserting a new application in the system. This has now been fixed #581
Fixed a bug where oAuth2 session preference was not correctly propagated to the underlying framework (passportjs) #600
Properly clean up the resources in tests once they're executed #610
The gateway will now correctly return 404 when no policy can handle a request instead of crashing #612

express-gateway - v1.5.0

Published by XVincentX almost 7 years ago

Express-Gateway v1.5.0 is here.

This release finally brings the JWT support in the gateway. It was the top feature voted on FeatHub and we're glad we made it live.

Added

The gateway is now able to verify JSON Web Tokens issued by any authority. It can be the Gateway itself, but it can also be another system such as oAuth.io, Auth0 or your own system. To find out how to use the policy, please refer to our updated documentation (#555)
In addition to opaque tokens, the oauth2 policy can now issue JSON Web Tokens during the oAuth2 flow. You just need to configure it to do so. You can find further informations on our documentation (#567)

Changed

Changed deprecated node-uuid62 with uuid62 (#568)

Fixed

Fixed wrong credentials check in password flow for oAuth2 Policy (#569)

Note: We have deployed a live gateway instance on Glitch configured with the new two policies. You can take that as a starting point.

express-gateway - v1.4.1

Published by XVincentX almost 7 years ago

We're here again with a small pitstop before v1.5.0.

Fixed

The gateway is now correctly handling the HTTP_PROXY environment variable to allow usage service endpoints that are behind corporate proxy #552. You can find further informations on our documentation page
We're still working on having a good code style standards. We've just updated our ESLint version and made it scan the whole codebase, resulting in an huge reformat. #541
We have fixed a small bug where hot reloading mechanism was triggered twice on gateway start, although no file was changed. This was a misconfiguration in chokidar. #563
We have updated ioredis-mock to the latest version. This let us polish couple of things we had to workaround in the previous release in order to complete the client switch. #565

Changed

We have lowered the minimal level of severity for a log in order to be printed on the standard output from error to warn. This should hopefully help you to reveal some situation where the gateway might be acting in the way you specified because of some things. #562

express-gateway - v1.4.0

Published by XVincentX almost 7 years ago

Almost another month has passed and we've been working hardly to bring new features, as well bug fixes!

Added:

We have almost completely automated our deployment pipeline. Everytime a new tag is pushed on Github, our lovely CI system will publish the package on npm as well as update all our docker images. Less time on errands, more time on code! (#496)
Express Gateway has now got a migration framework, node-migrate. This is required because as we're refactoring different parts of our codebase, we might need to move the data to ensure consistency with the evolution of the product. Don't worry though — when a new migration is in place, we'll let you know through the release notes. (#494)
We have added the schema definition to our Typescript definition file. If you're writing a plugin using Typescript, you'll now benefit for full type checking and autocomplete for JSONSchema (#518)
Speaking about style guide, we started with some changes last month and we're keeping going with that. Now we are emplying lint-staged to check and fix all code before commit it to the git repository. This should lower the barrier for contributors willing to help us writing the code (#529) (Thanks to @dotBits for the initial implementation)
We have replaced our internal Redis client from node-redis to ioredis. This brings to us a lot of improvements (for example, it's Promise based by default so we do not have to monkey patch its methods) and it also supports a lot of features the community has been asking for, such as Sentiel (Redis' built in high avaialabilty solution) and cluster connections. Please refer to our documentation to learn how to leverage those changes (#499) (Big thanks to @stipsan and his great ioredis-mock library. He's been extremely collaborative and responsive and we wouldn't be able to ship this big change without his collaboration)
We have modified our CI environment so now all the tests suite is ran against a real Redis instance as well as the emulate experience. This will ensure that all the scenarios will be working correctly (#499)
We have added a requestID to every request that's passing through the gateway. This should simplify the scenarios where you want to track the journey of a web request and understand what policies processed it. This value will be forwarded as an header under the name eg-request-id(#543).
All our authentication policies have now an additional passthrough parameter. When this is set to true, if an user does not pass the authentication stage it won't stop the pipeline process anymore (returning 401 or 403), but it will continue down into the pipeline as unauthenticated request. (#544)
2 new conditions authenticated and anonymous have been added to the core in order to support new scenarios (such as rate-limiting unauthenticated requests) (#544)
A new terminate policy has been added to the core. You can use this one to stop the request from being processed under some determinate conditions (#544)
A new policy called header has been added into the core. This will let you forward as headers some parts of the gateway that you feel they're important for your application. You can find further information in the documentation section (#546)

Changed:

The proxy policy has been modified to allow you guys to pass the whole set of options that the underlying middleware is offering. This was particularly required by users willing to set certificate and keyfiles in the proxies. (#491)
We have updated all our patch and minor dependencies version. I know we should do the same for major. We'll get there. (#532)
It is now possible to provide keyId and keySecret parameters when creating a new key-auth credential type. This might be helpful when recreating the gateway and you want to preserve the keys. (#523)
We have modified the Admin API (and by cascade on the CLI) so that you can now refer to an application by using its name instead of its ID (#512)
It is now possible to specify a key/cert file tuple when connecting to a Redis instance (#497) (Thanks to @srcnix)

Fixed:

We have fixed our credentials part in the Admin API (and, by cascade, the CLI experience) in a way that now an operation performed on an user by ID is going to be the same as if it would have been performed by name. Therefore: eg credentials create -c username and eg credentials create -c user-id will now look and act on the same user. Previously they were treated as two different entities, causing some bugs during login phases. We have provided a migration script as well to adjust all the data in your system. Please run npx migrate before starting the Gateway once updated. (#490)

Thank you guys!

In this release we have received multiple external contributions and we have acknowledged all of them in our changelog. Thank you.

express-gateway - v1.3.0

Published by XVincentX almost 7 years ago

Added:

The Admin API has been extendend to let you control the gateway even more. In particular, pipelines, endpoints and allowed policies are now exposed. (#418)
Express Gateway is now shipped with a Typescript definition file that should improve the experience when writing plugins. To know more about this feature, point your browser to the docs (#453)
Express Gateway has now a built in schema validator for policies, plugins, options. This will prevent the gateway from starting if required parameters are not valid (#426)
eg credential list command now accepts a -f parameter that will let you filter the credentials based on their status (so far, active and archived) (#428)

Changed:

Removed bluebird and lodash dependency. Promises are first class citizens in Node 6+, therefore we wanted to remove an abstraction layer (#480, #441)
We've changed the way we craft the Docker images — and we're now officially publishing all versions on DockerHub (#430)
Code style is very important not just for us, but also to attract new contributors. Although we're far away from having a standard codebase, we're now slowly start to put some efforts to it. We started with #455, and we hope to fix some of the issues as we roll new gateway versions.
Scopes definition can now be both an array and a string (#441)
All minor and patch dependencies have been updated to the latest versions (#473)

Fixed:

The AppVeyor build, that was testing the Gateway for Windows, has been broken for a while, as well as the CircleCI build due to some flaky tests. We got tired of seeing a red color on our CI system, therefore we fixed it and we're now running on CircleCI 2 (#423, #456)
Fixed wrong logger path in the keyauth policy. Thing might have give you an error while using this policy in particular circumstances. You can now secure your APIs!

express-gateway - v1.2.0

Published by DrMegavolt about 7 years ago

Added

Plugin Engine (https://github.com/ExpressGateway/express-gateway/pull/381)
- Express gateway can be extended with:
  - Policies
  - Conditions
  - Routes
  - Event handlers for lifecycle events
- Plugins have access to:
  - configuration
  - consumer management services
  - running instances of ExpressJS apps
  - internal event bus and events
CLI for Plugins (https://github.com/ExpressGateway/express-gateway/pull/404)
- install a plugin
- configure plugin
- enable plugin and register policies in the whitelist
Plugins API (https://github.com/ExpressGateway/express-gateway/pull/404)
- install and configure plugins (flag required --experimental-plugins-api)