Flurry is an application proxy designed to connect, monitor, and secure http requests. All requests to a flurry server are proxied upstream to the specified server. This enables highly concurrent traffic routing and middleware for your applications.

To configure a flurry server, run flurry.exe and pass the -f flag with the path to the config file. To create a config file see configuring a flurry server. Flurry can also be added to any existing projects simply by including the flurry package.

    import "github.com/walln/flurry2"

    func main() {
        server := flurry.Initialize()
	    server.ListenAndServe()
    }

Flurry listens on the port environment variable and automatically intializes a proxy server based on the specifcation in the config file. A config file is passed to the binary through the -f flag.

    ./flurry -f flurry-config.yaml

Flurry is a competent proxy gatway with many features for managing microservices.

• Traffic Monitoring and Logging
• Dynamic configuring of different routes
• Supports authentication plugins
• Packaged as a single self contained binary

Authentication schemas are entirely optional with flurry but can enable developers to control the access of their services granularly. Flurry supports JWT, Firebase, and AWS Cognito...(soon). To Enable any of these authentication schemas, set the flurry authentication mode in the config file to either JWT, FIREBASE, COGNITO, or NONE.

Authenticating requests with JSON Web Tokens requires that the config file has the signingMethod filed set with a valid schema. Flurry supports:

• HMAC
• ECDSA
• RSA
• RSAPSS

In addtion to setting the signing method, the JWT_SECRET environment variable must be set.

Flurry supports Firebase Authentication out of the box. If the authentication field in the config file is set to FIREBASE, the only other necessary component is the path to the GCP service acccount used to validate the token. This can be specified using the GOOGLE_APPLICATION_CREDENTIALS environment variable. If you happen to be deploying flurry on Google Cloud Platform, this should already be set for you.

Flurry generates proxy routes and policies based off of a YAML file passed in at runtime.

A flurry config file is composed of two main parts, the Server configuration, and the proxy configuration.

Flurry configurations are primarily used for enabling plugins and specifiyng plugin-specific information. Additionally server configurations are used for logging purposes and monitoring.

This exmple server configuration outlines simple flurry server with no authentication.

name: 'Flurry Server'
authentication: NONE

Most server configuration values are optional and are not required for flurry to function. However, it is recommended to fill in these values as it can be useful for documentation and logging purposes. For instance, the authentication field is not required. The NONE value is implied if no value is supplied.

If using JWT authentication an additional field is required, the signingMethod field specifies the cryptographic method used to sign the token.

---
name: Flurry Server
authentication: JWT
signingMethod: HMAC

The primary content of a Flurry Config file is in the proxy settings. A flurry proxy is a predfined route that forwards all traffic to another host. Proxy configs are defined as an array of routes.

routes:
  - endpoint: '/users/user/{id}'
    host: 'https://example.com'
    authenticated: true
    methods:
      - GET
      - POST
      - PUT
      - DELETE
  - endpoint: /users
    host: 'https://example.com'
    authenticated: false
    methods:
      - GET

When defining proxy routes a route on the flurry host and the declared proxy are linked. For example:

    https://my-flurry-server.io/users
        ->
    https://example.com/user

A flurry server cannot have multiple routes to the same endpoint. Design routes as if you are composing an API from multiple hosts. Flurry was created to enable APIs to be composed across distributed architectures.

Each proxy route is defined by four fields, the endpoint, the host, authentication, and the enabled methods.

The endpoint value specifies the routes to link on both the proxy and the flurry server.

endpoint: /route/{param}

Endpoints can have request parameters embeded, variables in the request URL are resolved by Flurry and passed to the upstream server.

    https://flurry-example-server.io/catalog/{id}

Consider this request, any requests to this endpoint require an id value to be passed through.

    curl https://flurry-example-server.io/catalog/1

Requests need only a parameter name in the config file to forward these values. The specify a request parameter in a Flurry Config, surrond the variable name with braces. - {foo}

Every proxy route requires a host to be defined, including the host schema. Upstream requests format the requests from flurry according to the HTTP specs to it is important to include this value.

host: "https://google.com" #Valid

host: "http://example.com" #Valid

host: "my-example-site.com" #Not Valiid

Flurry proxy servers can support any number of hosts including other proxy servers. This can be useful for load balancing requests through successive gateways.

Flurry locks down forwarded requests based on the request methods that are accepted on the upstream server. To specify acceptable methods for an endpoint, set the methods field to an array of methods. Acceptable methods are outlined in RFC 2616 section 9.

methods:
  - GET
  - DELETE
  - HEAD

Attempting to access a proxy route with a disallowed method will result in a 405 Method Not Allowed response code from the flurry server, blocking upstream traffic.

Every proxy route on a Flurry server has granular control of authentication and access policy. Proxy routes inherit their authentication methods from the Server Config. Authentication is not necessary but it is best-practice to set the field value for every proxy-route.

authenticated: false