Skip to content

Express

API Gateway with Node.js and Express

In Sprint 4, we implemented an API Gateway using Node.js and Express, which acts as the entry point for all microservices.

// Example of an API Gateway with Express
const express = require('express');
const { createProxyMiddleware } = require('http-proxy-middleware');
const jwt = require('jsonwebtoken');

const app = express();
const PORT = process.env.PORT || 80;
const SECRET_KEY = process.env.JWT_SECRET_KEY || '4Z^XrroxR@dWxqf$!@#qGr4P';
const ISSUER = process.env.JWT_ISSUER || 'user-api';

// Middleware to validate JWT
const validateJwt = (req, res, next) => {
    const token = req.headers['authorization']?.split(' ')[1];

    if (!token) {
        return res.status(401).json({ message: 'Token not provided' });
    }

    try {
        const decoded = jwt.verify(token, SECRET_KEY, { issuer: ISSUER });
        req.user = decoded.user;
        next();
    } catch (error) {
        return res.status(401).json({ message: 'Invalid token' });
    }
};

// Proxy event configuration
const proxyEvents = {
    proxyReq: (proxyReq, req, res) => {
        if (req.user) {
            proxyReq.setHeader('x-user', JSON.stringify(req.user));
        }
    }
};

// Public routes (without authentication)
app.use('/auth', createProxyMiddleware({
    target: 'http://usermanagement:8080',
    changeOrigin: true,
    pathRewrite: { '^/auth': '/auth' },
    logger: console
}));

// Authentication middleware for protected routes
app.use(validateJwt);

// Protected routes
app.use('/users', createProxyMiddleware({
    target: 'http://usermanagement:8080',
    changeOrigin: true,
    pathRewrite: { '^/users': '/users' },
    on: proxyEvents,
    logger: console
}));

app.use('/requests', createProxyMiddleware({
    target: 'http://feedbackrequest:8082',
    changeOrigin: true,
    pathRewrite: { '^/requests': '/requests' },
    on: proxyEvents,
    logger: console
}));

app.use('/responses', createProxyMiddleware({target: 'http://feedbackresponse:8081',
    changeOrigin: true,
    pathRewrite: { '^/responses': '/responses' },
    on: proxyEvents,
    logger: console
}));

app.use('/responsesview', createProxyMiddleware({
    target: 'http://feedbackresponseview:8000',
    changeOrigin: true,
    pathRewrite: { '^/responsesview': '/responsesview' },
    on: proxyEvents,
    logger: console
}));

// Middleware to handle not found routes
app.use((req, res) => {
    res.status(404).json({ message: 'Route not found' });
});

// Start the server
app.listen(PORT, () => {
    console.log(`API Gateway running on port ${PORT}`);
});