thomaspoignant · thomaspoignant · Apr 4, 2023 · Mar 30, 2023 · Apr 2, 2023 · Apr 2, 2023
diff --git a/cmd/relayproxy/README.md b/cmd/relayproxy/README.md
@@ -47,7 +47,7 @@ Before starting your **relay proxy** you will need to create a minimal configura
 # this is a minimal config containing only where your flag file is located 
 retriever:
   kind: http
-  url: https://raw.githubusercontent.com/thomaspoignant/go-feature-flag/main/examples/file/flags.yaml
+  url: https://raw.githubusercontent.com/thomaspoignant/go-feature-flag/main/examples/retriever_file/flags.yaml
 ```
 
 After that you can launch the **relay proxy** by using this command:
@@ -77,12 +77,12 @@ But if you don't provide this option, the relay proxy will look in these folders
 - `/goff/`
 - `/etc/opt/goff/`
 
-To learn how to configure the relay proxy, read [Configuration](docs/configuration.md).
+To learn how to configure the relay proxy, read [Configuration](https://gofeatureflag.org/docs/relay_proxy/configure_relay_proxy).
 
 ## Exporting metrics and traces
 
 To export the data you can use all the capabilities of `go-feature-flag` SDK.  
-To configure it please refer to the [type `exporter` section](docs/configuration.md#exporter) of the configuration.
+To configure it please refer to the [type `exporter` section](https://gofeatureflag.org/docs/relay_proxy/configure_relay_proxy#exporter) of the configuration.
 
 
 ## Service endpoints

diff --git a/cmd/relayproxy/api/server.go b/cmd/relayproxy/api/server.go
@@ -2,17 +2,18 @@ package api
 
 import (
 	"fmt"
-	"github.com/labstack/echo-contrib/prometheus"
-	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
+	"strings"
 	"time"
 
 	"github.com/brpaz/echozap"
+	"github.com/labstack/echo-contrib/prometheus"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
 	echoSwagger "github.com/swaggo/echo-swagger"
 	ffclient "github.com/thomaspoignant/go-feature-flag"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/config"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/controller"
+	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/service"
 	"go.uber.org/zap"
 )
@@ -61,6 +62,26 @@ func (s *Server) init() {
 	s.echoInstance.Use(middleware.TimeoutWithConfig(
 		middleware.TimeoutConfig{Timeout: time.Duration(s.config.RestAPITimeout) * time.Millisecond}),
 	)
+	if len(s.config.APIKeys) > 0 {
+		s.echoInstance.Use(middleware.KeyAuthWithConfig(middleware.KeyAuthConfig{
+			Skipper: func(c echo.Context) bool {
+				_, ok := map[string]struct{}{
+					"/health":  {},
+					"/info":    {},
+					"/metrics": {},
+				}[c.Path()]
+				return ok || strings.HasPrefix(c.Path(), "/swagger/")
+			},
+			Validator: func(key string, c echo.Context) (bool, error) {
+				for _, k := range s.config.APIKeys {
+					if k == key {
+						return true, nil
+					}
+				}
+				return false, nil
+			},
+		}))
+	}
 
 	// Init controllers
 	cHealth := controller.NewHealth(s.monitoringService)

diff --git a/cmd/relayproxy/config/config.go b/cmd/relayproxy/config/config.go
@@ -2,12 +2,13 @@ package config
 
 import (
 	"fmt"
-	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
-	"go.uber.org/zap"
 	"net/http"
 	"strings"
 	"time"
+
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
 )
 
 var DefaultRetriever = struct {
@@ -137,6 +138,9 @@ type Config struct {
 
 	// Version is the version of the relay-proxy
 	Version string
+
+	// APIKeys list of API keys that authorized to use endpoints
+	APIKeys []string `mapstructure:"apiKeys"`
 }
 
 // IsValid contains all the validation of the configuration.

diff --git a/cmd/relayproxy/config/config_test.go b/cmd/relayproxy/config/config_test.go
@@ -37,6 +37,10 @@ func TestParseConfig_fileFromPflag(t *testing.T) {
 				RestAPITimeout:          5000,
 				Version:                 "1.X.X",
 				EnableSwagger:           true,
+				APIKeys: []string{
+					"apikey1",
+					"apikey2",
+				},
 			},
 			wantErr: assert.NoError,
 		},
@@ -104,6 +108,10 @@ func TestParseConfig_fileFromFolder(t *testing.T) {
 				RestAPITimeout:          5000,
 				Version:                 "1.X.X",
 				EnableSwagger:           true,
+				APIKeys: []string{
+					"apikey1",
+					"apikey2",
+				},
 			},
 			wantErr: assert.NoError,
 		},

diff --git a/cmd/relayproxy/controller/all_flags.go b/cmd/relayproxy/controller/all_flags.go
@@ -1,11 +1,11 @@
 package controller
 
 import (
-	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
 	"net/http"
 
 	"github.com/labstack/echo/v4"
 	ffclient "github.com/thomaspoignant/go-feature-flag"
+	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/model"
 )
 
@@ -26,6 +26,7 @@ func NewAllFlags(goFF *ffclient.GoFeatureFlag) Controller {
 // @Description
 // @Description To get a variation you should provide information about the user.
 // @Description For that you should provide some user information in JSON in the request body.
+// @Security     ApiKeyAuth
 // @Produce      json
 // @Accept			 json
 // @Param 			 data body model.AllFlagRequest true "Payload of the user we want to challenge against the flag."

diff --git a/cmd/relayproxy/controller/collect_eval_data.go b/cmd/relayproxy/controller/collect_eval_data.go
@@ -2,11 +2,12 @@ package controller
 
 import (
 	"fmt"
+	"net/http"
+
 	"github.com/labstack/echo/v4"
 	ffclient "github.com/thomaspoignant/go-feature-flag"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/model"
-	"net/http"
 )
 
 type collectEvalData struct {
@@ -26,6 +27,7 @@ func NewCollectEvalData(goFF *ffclient.GoFeatureFlag) Controller {
 // @Description
 // @Description  It is used by the different Open Feature providers to send in bulk all the cached events to avoid
 // @Description  to lose track of what happen when a cached flag is used.
+// @Security     ApiKeyAuth
 // @Produce      json
 // @Accept		 json
 // @Param 		 data body model.CollectEvalDataRequest true "List of flag evaluation that be passed to the data exporter"

diff --git a/cmd/relayproxy/controller/flag_eval.go b/cmd/relayproxy/controller/flag_eval.go
@@ -2,11 +2,11 @@ package controller
 
 import (
 	"fmt"
-	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
 	"net/http"
 
 	"github.com/labstack/echo/v4"
 	ffclient "github.com/thomaspoignant/go-feature-flag"
+	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/metric"
 	"github.com/thomaspoignant/go-feature-flag/cmd/relayproxy/model"
 )
 
@@ -32,6 +32,7 @@ func NewFlagEval(goFF *ffclient.GoFeatureFlag) Controller {
 // @Description Note that you will always have a usable value in the response, you can use the field `failed` to know if
 // @Description an issue has occurred during the validation of the flag, in that case the value returned will be the
 // @Description default value.
+// @Security     ApiKeyAuth
 // @Produce      json
 // @Accept			 json
 // @Param 			 data body model.EvalFlagRequest true "Payload of the user we want to get all the flags from."

diff --git a/cmd/relayproxy/docs/api.md b/cmd/relayproxy/docs/api.md