Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redesign CORS middleware implementation #39

Merged
merged 2 commits into from
Dec 3, 2020
Merged

Redesign CORS middleware implementation #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
17f1b04
feat(web): redesign cors middleware implementation
caiorcferreira Oct 21, 2020
9aea220
chore(docs): update cors documentation
caiorcferreira Oct 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 19 additions & 15 deletions docs/restql/config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,44 +37,48 @@ You can use the `pprof` tool to investigate restQL performance. To enable it set
- Health port: set through `RESTQL_HEALTH_PORT` environment variable.
- Profiler port: set through `RESTQL_PPROF_PORT` environment variable.

**Graceful shutdown**: when restQL receives a `SIGTERM` signal it starts the shutdown, avoiding accepting new requests and waiting for the ongoing ones to finish before exiting. You can define a timeout for this process using `web.server.gracefulShutdownTimeout` field in the YAML configuration, after which restQL will break all running requests and exit.
**Graceful shutdown**: when restQL receives a `SIGTERM` signal it starts the shutdown, avoiding accepting new requests and waiting for the ongoing ones to finish before exiting. You can define a timeout for this process using `http.server.gracefulShutdownTimeout` field in the YAML configuration, after which restQL will break all running requests and exit.

**Read timeout**: you can specify the maximum time taken to read the client request to the restQL API through the `web.server.readTimeout` field.
**Read timeout**: you can specify the maximum time taken to read the client request to the restQL API through the `http.server.readTimeout` field.

**Middlewares**: currently restQL support 3 built-in middlewares, setting any of the fields automatically enable the given middleware.

- Request ID: this middleware generates a unique id for each request restQL API receives. The `web.server.middlewares.requestId.header` field define the header name use to return the generated id. The `web.server.middlewares.requestId.strategy` defines how the id will be generated and can be either `base64` or `uuid`.
- Timeout: this middleware limits the maximum time any request can take. The `web.server.middlewares.timeout.duration` field aceppt a time duration value.
- Request ID: this middleware generates a unique id for each request restQL API receives. The `http.server.middlewares.requestId.header` field define the header name use to return the generated id. The `http.server.middlewares.requestId.strategy` defines how the id will be generated and can be either `base64` or `uuid`.
- Timeout: this middleware limits the maximum time any request can take. The `http.server.middlewares.timeout.duration` field aceppt a time duration value.
- CORS: Cross-Origin Resource Sharing is a specification that enables truly open access across domain-boundaries.
You can configure your own CORS headers either via the configuration file:
```yaml
web:
http:
server:
middlewares:
cors:
allowOrigin: ${allowed_custom_origin}
allowMethods: ${allowed_custom_methods}
allowHeaders: ${allowed_custom_headers}
exposeHeaders: ${allowed_custom_expose_headers}
allowOrigin: "example.com, hero.api"
allowMethods: "GET, POST"
allowHeaders: "X-TID, X-Custom"
allowCredentials: false
exposeHeaders: "X-TID"
maxAge: 10 # seconds, as per specification
```
Or via environment variables:
```shell script
RESTQL_CORS_ALLOW_ORIGIN=${allowed_custom_origin}
RESTQL_CORS_ALLOW_METHODS=${allowed_custom_methods}
RESTQL_CORS_ALLOW_HEADERS=${allowed_custom_headers}
RESTQL_CORS_EXPOSE_HEADERS=${allowed_custom_expose_headers}
RESTQL_CORS_ALLOW_CREDENTIALS=${allowed_credentials}
RESTQL_CORS_MAX_AGE=${allowed_max_age}
```

### Http Client

RestQL primary feature is performing optimized HTTP calls, but since each environment has different characteristics like workload and latency, it is important that you tune the parameters for the internal HTTP client in order to achieve the best performance. You can set these parameters throught the configuration file.

- `web.client.connectionTimeout`: limits the time taken to establish a TCP connection with a host.
- `web.client.maxRequestTimeout`: although every the timeout for calling a resource can be defined by the client in the query you can set a upper limit to request time, for example, if you set it to `2s` even though a query specifies a timeout of `10s` restQL will drop the request when it reachs its maximum timeout. It accepts a duration string.
- `web.client.maxConnectionsPerHost`: limits the size of the connection pool for each host.
- `web.client.maxIdleConnections`: limits the size of the global idle connection pool.
- `web.client.maxIdleConnectionsPerHost`: limits the size of the idle connection pool for each host.
- `web.client.maxIdleConnectionDuration`: set the time a connection will be kept open in idle state, after it the connection will be closed. It accepts a duration string.
- `http.client.connectionTimeout`: limits the time taken to establish a TCP connection with a host.
- `http.client.maxRequestTimeout`: although every the timeout for calling a resource can be defined by the client in the query you can set a upper limit to request time, for example, if you set it to `2s` even though a query specifies a timeout of `10s` restQL will drop the request when it reachs its maximum timeout. It accepts a duration string.
- `http.client.maxConnectionsPerHost`: limits the size of the connection pool for each host.
- `http.client.maxIdleConnections`: limits the size of the global idle connection pool.
- `http.client.maxIdleConnectionsPerHost`: limits the size of the idle connection pool for each host.
- `http.client.maxIdleConnectionDuration`: set the time a connection will be kept open in idle state, after it the connection will be closed. It accepts a duration string.

## Caching

Expand Down
10 changes: 6 additions & 4 deletions internal/platform/conf/conf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,12 @@ type timeoutConf struct {
}

type corsConf struct {
AllowOrigin string `yaml:"allowOrigin" env:"RESTQL_CORS_ALLOW_ORIGIN"`
AllowMethods string `yaml:"allowMethods" env:"RESTQL_CORS_ALLOW_METHODS"`
AllowHeaders string `yaml:"allowHeaders" env:"RESTQL_CORS_ALLOW_HEADERS"`
ExposeHeaders string `yaml:"exposeHeaders" env:"RESTQL_CORS_EXPOSE_HEADERS"`
AllowOrigin string `yaml:"allowOrigin" env:"RESTQL_CORS_ALLOW_ORIGIN"`
AllowMethods string `yaml:"allowMethods" env:"RESTQL_CORS_ALLOW_METHODS"`
AllowHeaders string `yaml:"allowHeaders" env:"RESTQL_CORS_ALLOW_HEADERS"`
ExposeHeaders string `yaml:"exposeHeaders" env:"RESTQL_CORS_EXPOSE_HEADERS"`
MaxAge int `yaml:"maxAge" env:"RESTQL_CORS_MAX_AGE"`
AllowCredentials bool `yaml:"allowCredentials" env:"RESTQL_CORS_ALLOW_CREDENTIALS"`
}

type requestCancellationConf struct {
Expand Down
Loading