tyk

Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols

OTHER License

Stars
9.2K
Committers
115
View Code on GitHub
Ecosystems: gRPC, GraphQL, Go, Kubernetes

Bot releases are visible (Hide)

tyk - v2.4.3

Published by buger almost 7 years ago

Tyk Gateway 2.4.3

Dashboard 1.4.3

tyk - v2.4.2

Published by buger almost 7 years ago

Tyk Gateway 2.4.2 and Tyk Dashboard 1.4.2

New set of bugfixes to our latest major release

Tyk Gateway

  • JSVM HTTP calls now respect proxy_ssl_insecure_skip_verify option
  • Fixed websockets functionality
  • Fixed response transform when url rewrite is used
  • Fixed VirtualPath when caching turned on

Tyk Dashboard

  • Fixed webhook creation
  • Fixed “whitelisted”, “ignored” and “blacklisted” plugins
  • Fixed OpenID issuer url check, preventing adding path
  • Remove file extension check when uploading certificates
  • Fixed multiple UI edge cases on multiple pages
tyk - v2.4.1

Published by buger almost 7 years ago

This is the first patch release for the Gateway and Dashboard after our major release 2 weeks ago.
Starting from this release we switching Docker "latest" tags to 2.4.X version.

Tyk Gateway

  • Fixed panic when both caching and detailed analytics recording turned on
  • Fixed caching when "Cache all safe headers" turned on
  • Fixed organization quotas in MDCB and Hybrid environments
  • Fixed various Python middleware issues
  • Added additional JWT check to validate policy on each request

Tyk Dashboard

  • Fixed usage of CORS allowed methods
  • Fixed portal login issues with users emails containing + character
  • Fixed adding webhook
  • Improved security of dashboard by changing "Cache-Control" from "no-cache" to "no-store, no-cache"
  • Fixed showing HMAC secret for keys
  • Fixed "Filter by tag" in Activity by API report
  • Lot of small UX bug fixes
tyk - Gateway v2.4.0 and more

Published by buger almost 7 years ago

We exited to show you the long-awaited release of Tyk Gateway.

In fact, we updated all our products, and changelog is so big, so we have to create a separate page for it https://tyk.io/docs/release-notes/version-2.4/

Happy hacking!

tyk - Tyk Gateway 2.3.13 and Tyk Dashboard 1.3.10

Published by buger almost 7 years ago

Tyk Gateway 2.3.13

  • Added new strip_auth_data API definition boolean option, which removes authentication data from the request when "Auth token" middleware is used. Can be useful if you do not want pass token to upstream API
  • Fix bug with wrong API load order
  • Fixed Python loader issue introduced in 2.3.11, requiring middleware code be placed in fixed middleware.py file. Restored default behavior, now you can use files with any name.
  • Additional improvements of DRL for small rate limits

Tyk Dashboard 1.3.10

  • Added support for strip_auth_data feature
  • Fixed bug when audit does not work if custom domains enabled
tyk - Tyk Gateway 2.3.12

Published by buger almost 7 years ago

Tyk Gateway

tyk - Tyk Gateway 2.3.11

Published by buger almost 7 years ago

Tyk Gateway v2.3.11 continue addressing bugs in Python middleware and rate limiter.

  • Fix Python bundle load on hot reloads
  • Fixed potential rate-limiting issue, allowing to bypass rate limits

This release is fully compatible with Dashboard v1.3.9

tyk - Tyk Gateway v2.3.10

Published by lonelycode about 7 years ago

We have released Tyk Gateway v2.3.10 which addresses serious bugs in how Python middleware is executed and a the distributed rate limiter:

  • Distributed rate limiter would randmoly crash after long periods of uptime, this has now been fixed.
  • Python plugins in some OS versions would delete bundles on reload due to a PYTHONPATH misconfiguration
  • Removed bug where the bundles directory is not created automatically

This release is fully compatible with Dashboard v1.3.9

tyk - v2.3.9

Published by buger about 7 years ago

Tyk Gateway 2.3.9

  • Fixed http_server_options.skip_url_cleaning option
  • Fixed few possible JSVM leaks
  • Improved JSVM middleware error messages
tyk - Tyk Gateway v2.3.8 and Tyk Dashboard v1.3.8

Published by buger about 7 years ago

Tyk Gateway v2.3.8

Tyk Dashboard 1.3.8

With the new Portal API, it is now possible to create completely custom developer portals and even embed them into your own software. We prepared a guide on creating own developer portal: https://tyk.io/docs/publish/customise/custom-developer-portal/

In addition, our deb and rpm packages now properly handle config files upgrades and do not override user changes.

tyk - Tyk Gateway v2.3.7 and Tyk Dashboard v1.3.7

Published by buger over 7 years ago

Tyk Gateway v2.3.7

Tyk Dashboard v1.3.7

  • Added config_data field to API designer user interface
  • Updated Swagger documentation to support latest specification changes
  • Added option to allow admin users reset password without additional permissions security.allow_admin_reset_password

MDCB v1.3.0

  • Added support for secure TLS connections with Gateway
  • Improved Gateway authentification mechanism to fix hot reload issues

UPGRADE NOTICE
New gateway version v2.3.7 require MDCB v1.3.0, thus MDCB should be upgraded first.

tyk - Tyk Gateway v2.3.6 and Tyk Dashboard v1.3.6

Published by buger over 7 years ago

Tyk Gateway v2.3.6

Tyk Dashboard v1.3.6

Password reset

Added ability to reset user passwords.
By default user can reset only their own password.

Add a new permission ResetPassword, but it can be granted only via the admin API using new endpoints: /admin/users/:userId/actions/allow_reset_passwords /admin/users/:userId/actions/disallow_reset_passwords

You need to make the request using the PUT HTTP method, for example:
curl -X PUT -H "admin-auth: <your secret>" http://<dashboard>/admin/users/:userId/actions/allow_reset_passwords

Password recovery

It's now possible for users to recover their dashboard password using email. To enable this feature, ensure that you have configured email https://tyk.io/tyk-documentation/configure/outbound-email-configuration/. Do not forget about the new email_backend.dashboard_domain option which should be your public dashboard hostname.

Other

  • Updated user interface branding.
  • Added support for Mongo SSL protocol, using new mongo_ssl_insecure_skip_verify and mongo_use_ssl boolean variables.
  • Current user now can't revoke themselves.
  • Dashboard session timeout now configurable using dashboard_session_lifetime option and reduced to 1 hour by default.
  • Fixed missing API name on analytics pages for newly created APIs.
  • Fixed Dashboard API key reset, if there were issues with old key.

Binaries built with Go 1.7.6

tyk - Tyk Gateway v2.3.5 and Tyk Dashboard v1.3.5

Published by buger over 7 years ago

Tyk Gateway v2.3.5

  • New: Added http_server_options.ssl_insecure_skip_verify boolean option to allow self-signed certificates for Gateway. #693
  • New: Added proxy_ssl_insecure_skip_verify boolean option to skip SSL check for upstream APIs with self-signed certificates. #693
  • Fix: Control API was not working when both hostname and control_api_hostname set. #670
  • Fix: Uptime tests when failure_trigger_sample_size set to 1. #632
  • Fix: Uptime tests when uptime_tests.time_wait is not explicitly set in config. #669
  • Fix: Log flooding when management_node is turned on. #660
  • Fix: /keys/* endpoint when api_id param is provided but API not loaded on this node (due to tags). Now tagged gateways have access to all keys. #663
  • Fix: Reduced default values for uptime test in default tyk.config. Old ones has 20 minutes wait time. #668
  • Fix: Duplicated hostnames in uptime logs. #678
  • Fix: IP whitelisting using X-Fowarder-IP header. #704
  • Fix: Potential memory leak in hot reload with JSVM enabled. #496

Tyk Dashboard v1.3.5

New: Dashboard and Portal login rate limiting

Login rate limiting applies both to dashboard and developer portal.
Once user reached limit, they will see an error, and will not be able to login into dashboard/portal.

Added new configuration section:

"security": {
  "login_failure_username_limit": 3,
  "login_failure_ip_limit": 10,
  "login_failure_expiration": 900
}

By default, limit values are zero and login_failure_expiration is 15 minutes (900).

New: Audit log

Now you can enable audit log by setting security.audit_log_path configuration option. It will log all user actions and responses statuses to it. Security information like password gets removed from this log.

Other

  • New: Added new host_config.secure_cookie boolean option which enables "secure" cookies, working only under https.
  • Fix: Dashboard for authorization now internally uses HTTP Only cookies instead of Headers to improve defense against Cross-Site scripting attacks.
  • Fix: Ensure that API responses not cached by explicitly adding Cache-Control: no-cache header.
  • Fix: Potential Content-Type sniffing issues by setting X-Content-Type-Options: nosniff header.
  • Set proper mime types for font assets.
  • Fix: Deny API Catalogue documentation access, if catalog was set to inactive or portal is only for logged-in users.
  • Fix: Policy selector in the developer view only shows 10 policies, it should show all of them.
  • Fix: Saving developer should not flush their password.
  • Fix: Fix broken URLs to get free or commercial license on first start screen.
  • Fix: Use canonical casing for X-Frame-Options header.
  • Fix: Improved protection for Cross-Frame scripting.
  • Fix: Fixed checks for duplicate listen path and slugs (including Swagger import). To make it work, ensure that enable_duplicate_slugs option is set to false.
  • Fix: Swagger APIs import now properly set Slug and ListenPath based on basePath.
  • Fix: Attached key to a policy does not inherit the expiration date.
  • UX: Hide access token generator for disabled users.
tyk - Tyk Gateway v2.3.4 and Tyk Dashboard v1.3.4

Published by buger over 7 years ago

Tyk Gateway v2.3.4

  • Added new management_node boolean configuration option. When turned on, it will exclude the node from distributed rate limiter.
  • /tyk/api endpoint, used for managing APIs, now can be accessed without trailing slash to avoid confusion.

Tyk Dashboard v1.3.4: security focused release

  • Fix: Deactivating a user now disables their API access and logs them out from existing dashboard sessions.
  • Fix: Updating user permissions now does not empty user password.
  • Fix: Updating user permissions now updates both current API session and all opened dashboard sessions, and does not require user to re-login.
  • User access to OAuth tokens now controlled using separate permission group.
  • Disabled auto-completion for all forms with passwords.
  • Enable HSTS for all requests to improve HTTPS security.
  • Added new disable_parallel_sessions boolean configuration option. When turned on it allows only one active dashboard session. When a user logs in, all of their other active sessions are automatically logged out.
  • Using Admin API you now can set the password. If the password field is empty, it gets ignored.
tyk - v2.3.3

Published by buger over 7 years ago

Tyk gateway v2.3.3

This version is a patch update and fully backwards compatible with other 2.3 releases. We recommend upgrading to this version for improved stability:

This version will work with the latest version of Tyk Dashboard, no changes are required.

Changelog for v2.3.3

  • Fixed a bug which could crash hybrid gateways if MDCB returned a nil object
  • Modified hot reload behaviour to be more robust, addresses potential memory leak
  • Redis reconnect and connect logic has been updated for better handling

Tyk Dashboard version 1.3.2

This is a patch release to beef up security of dashboard users and fix some security concerns with the users API.

Changelog:

Password validation and constraints

Added more verbose password rules for user creation, it is now possible to use the password.json schema in the tyk dashboard schemas/ directory to set complex

Example of password.json with full validation:

{
"title": "User password schema",
"type": "string",

"minLength": 6,
"multiCase": true,
"minNumeric": 2,
"minSpecial": 2,
"disableSequential": true

}

Password hash exposed in users/ API

The users API will no longer expose the password hash as part of the call, this aplies to both portal and dashboard users.

tyk - Tyk v2.3.2 and Dashboard v1.3.1 Patches

Published by buger over 7 years ago

Tyk Gateway v2.3.2

  • Added http_server_options.skip_url_cleaning option to allow having double slashes in URL. Fixes #340
  • Fixed tyk-hybrid-docker container: ensure the docker container always restarts https://github.com/TykTechnologies/tyk-hybrid-docker/issues/1
  • Added --httpprof command line option to enable standard HTTP Go profiler, eg: /debug/pprof/ #392
  • Allow "/tyk/apis" without trailing slash #381
  • Improve OAuth error messages #382
  • HTTP OPTION requests now not cached #397
  • Added gRPC Java bindings #358

Tyk Dashboard 1.3.1

  • Added labels for displaying the user name and the organisation name
  • Fixed search in "Analytics by key" view
  • Fixed importing API when api_model field set
  • Fixed uptime tests for requests with body data
  • Fixes policy import so that malformed outbound objects will work without breaking compatibility with other components
tyk - Patch v2.2.0.4

Published by lonelycode about 8 years ago

Fixes a load balancer issue

tyk - Gateway v2.2 and Dashboard v1.2

Published by lonelycode over 8 years ago

v2.2

  • Fixed URL Rewriter to better handle query strings
  • Added XML transform support for requests and responses, simply set the data type to xml int he transforms section and create your template the same way you would for JSON.

XML transform demo

For this XML:

    <?xml version="1.0" encoding="utf-8"?>
    <servers version="1">
        <server>
            <serverName>Shanghai_VPN</serverName>
            <serverIP>127.0.0.1</serverIP>
        </server>
        <server>
            <serverName>Beijing_VPN</serverName>
            <serverIP>127.0.0.2</serverIP>
        </server>
    </servers>

And this Template:

    {
    {{range $x, $s := .servers.server}}    "{{$s.serverName}}": "{{$s.serverIP}}"{{if not $x}},{{end}}
    {{end}}
    }

You get this output:

    {
        "Shanghai_VPN": "127.0.0.1",
        "Beijing_VPN": "127.0.0.2"

    }

  • Added request method transform: This is very simple at the moment, and only chagnes the type of method, it does not data massaging, to enaqble, add to your extended paths:

    method_transforms: [
    {
    path: "post",
    method: "GET",
    to_method: "POST"
    }
    ],

  • Out of the box, tyk will ship with HA settings enabled where possible (this means using the new non-transactional rate limiter)

  • Added a new concept called "Partitioned Policies", with policies that are partitioned, only sections of the policy will be applied to the underlying token so that tokens can be generated with a dynamic ACL, but still subscribe to a fixed quota and rate limit level. THIS MEANS THAT THE TOKEN MUST HAVE A FULL SET OF ACL RULES AND QUOTAS BEFORE USING AND PARTITIONED POLICIES ARE NOT SUITABLE FOR PORTAL USE.

To set up a partitioned policy

Add the following section to the policy object:

"partitions": {
    "quota": false,
    "rate_limit": false,
    "acl": false
}

Then set the partitions that you want to overwrite to "true", the partitions that are marked as true will then be applied to the token instead of the full policy.

  • Added context variable support, this middleware will extract the path, the path parts (break on /), and try to pull all form-related data (url-form-encoded or query string params) and put them into a context variable that is available to other middleware. Currently this is only integrated with the body transform middleware as _tyk_context. To enable set "enable_context_vars": true in the API Definition. Transform sample:

Path: {{._tyk_context.path}}

Path Elements:
{{ range $i, $v := ._tyk_context.path_parts }}
--> {{$v}}
{{ end }}

Form/QueryString Data: {{._tyk_context.request_data}} 
Token: {{._tyk_context.token}}
  • Context variables also available in headers using $tyk_context. namespace
  • WARNING: POTENTIALLY BREAKING CHANGE: Flush interval is now in milliseconds, not seconds, before upgrading, if you are using flush interval, make sure that the value has been updated.
  • Context variables also available in URL rewriter
  • Added Websockets support (beta), websockets can now be proxied like a regular HTP request, tyk will detect the upgrade and initiate a proxy to the upstream websocket host. This can be TLS enabled and Tyk can proxy over HTTPS -> WSS upstream.
  • Websockets execute at the end of the middleware chain, so all the benefits of CB and auth middleware can be enabled (within the limits of the WebSockets protocol)
  • No analytics are gatthered for these requests, but rate limiting, quotas and auth will work fully for initial connection requsts (e.g . to prevent connection flooding)
tyk - Tyk Analytics v0.9.7.3 - Email Driver Patch Update

Published by lonelycode over 8 years ago

This is a mini-release that integrates the email driver changes to support more email back ends such as SendGrid, Mailgun and Amazon SES:

SendGrid

"email_backend": {
        "enable_email_notifications": true,
        "code": "sendgrid",
        "settings": {
            "ClientKey": "KEY"
        },
        "default_from_email": "[email protected]",
        "default_from_name": "A guy at a place"
},

MailGun

"email_backend": {
        "enable_email_notifications": true,
        "code": "mailgun",
        "settings": {
            "Domain": "KEY",
            "PrivateKey": "KEY",
            "PublicKey": "KEY"
        },
        "default_from_email": "[email protected]",
        "default_from_name": "A guy at a place"
},

AmazonSES

"email_backend": {
        "enable_email_notifications": true,
        "code": "amazonses",
        "settings": {
            "Endpoint": "Endpoint",
            "AccessKeyId": "Access-key",
            "SecretAccessKey": "KEY"
        },
        "default_from_email": "[email protected]",
        "default_from_name": "A guy at a place"
},
tyk - Security Release v1.9.1.1 & 0.9.7.2

Published by lonelycode almost 9 years ago

This is a security release to address CVE-2015-8618

Updates are available via our package repository as usual for easy upgrade an installation. Tarballs attached to this release.

Changelog:

  • Fixes potential security issue with TLS on 32-bit systems (CVE-2015-8618)
  • IP Whitelisting now supports CIDR-notation for IP ranges
  • Recompiled Gateway, Dashboard and Host Manager binary with Go 1.5.3

Upgrade Notes:

Should be an in-place upgrade, no changes necessary.

Package Rankings
Top 1.05% on Proxy.golang.org
Badges
Extracted from project README
FOSSA Status GitHub Latest Release GitHub Release Date Docker Pulls GitHub Workflow Status (with event) Go Report Card GitHub Repo Stars GitHub Repo Forks
Related Projects
typhoon

Minimal and free Kubernetes distribution with Terraform

07 Aug 2017 1,907
apiclarity

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API...

02 Sep 2021 477
glasskube

🧊 The next generation Package Manager for Kubernetes 📦 Featuring a GUI and a CLI. Glasskube packa...

11 Jan 2024 2,778
kubeclarity

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulne...

10 Aug 2024 26
kyverno

Kubernetes Native Policy Management

04 Feb 2019 5,090
yokai

Simple, modular, and observable Go framework for backend applications.

10 Jan 2024 365
authelia

The Single Sign-On Multi-Factor portal for web apps

07 Dec 2016 21,292
booking-microservices

Practical microservices, built with .Net 8, DDD, CQRS, Event Sourcing, Vertical Slice Architectur...

07 May 2022 912
go-api-boilerplate

Go Server/API boilerplate using best practices DDD CQRS ES gRPC

14 Oct 2017 888
apisix

The Cloud-Native API Gateway

10 Apr 2019 13,769
arkade

Open Source Marketplace For Developer Tools

26 Feb 2020 4,211
tke

Native Kubernetes container management platform supporting multi-tenant and multi-cluster

06 Nov 2019 1,473
dyrectorio

dyrector.io is a self-hosted continuous delivery & deployment platform with version management.

27 Jun 2022 1,122
nxplorerjs-microservice-starter

Node JS , Typescript , Express based reactive microservice starter project for REST and GraphQL APIs

23 Jun 2017 233
coolstore-microservices

A full-stack .NET microservices build on Dapr and Tye

01 Jun 2018 2,475