API Client Proxy

A Laravel-based API proxy service that provides authenticated access to an API. This service acts as an intermediary layer, handling client authentication via Auth0 Machine-to-Machine (M2M) tokens and routing requests to the target the API.

Features

• Auth0 Integration: Secure authentication using Auth0 Machine-to-Machine tokens
• Request Proxying: Seamless forwarding of HTTP requests (GET, POST, PUT, DELETE, PATCH)
• Client Validation: Middleware-based client validation for secure access
• Request Logging: Built-in request logging for audit and monitoring
• Error Handling: Comprehensive error handling with appropriate HTTP status codes
• Redis Support: Caching capabilities using Redis
• Database Integration: MySQL support with dual database connections

Requirements

• PHP ^8.2
• Laravel ^12.0
• MySQL
• Redis
• Composer

Installation

1. Clone the repository

   git clone <repository-url>
   cd api.gateway

2. Install PHP dependencies

   composer install

3. Environment setup

   cp .env.example .env

4. Configure environment variables

   Update your .env file with the appropriate values:

   # Application
   APP_NAME="API Proxy"
   APP_URL=https://api-proxy.dev.cloud
   
   # Database
   DB_CONNECTION=mysql
   DB_HOST=db
   DB_PORT=3306
   DB_DATABASE=gateway
   DB_USERNAME=root
   DB_PASSWORD=root
   
   # Redis
   REDIS_HOST=redis
   REDIS_PORT=6379
   
   # Proxy Configuration
   PROXY_TARGET_URL=http://api-proxy.dev.cloud/api/
   
   # Auth0 Configuration
   AUTH0_DOMAIN=https://dev-example.eu.auth0.com
   AUTH0_CLIENT_ID=your-client-id
   AUTH0_CLIENT_SECRET=your-client-secret
   AUTH0_AUDIENCE=https://auth/api

5. Generate application key

   php artisan key:generate

6. Run database migrations

   php artisan migrate

Configuration

Proxy Settings

The proxy behavior is configured in config/proxy.php:

• base_url: Target API URL (set via PROXY_TARGET_URL)
• timeout: Request timeout in seconds (default: 30)
• allowed_methods: HTTP methods that can be proxied
• auth0: Auth0 configuration for token validation

Supported HTTP Methods

The proxy supports the following HTTP methods:

• GET
• POST
• PUT
• DELETE
• PATCH

Usage

API Endpoints

All requests are handled through a catch-all route that validates the client M2M token and forwards requests to the target API:

/{path}

Where {path} can be any valid API endpoint path.

Authentication

Requests must include a valid Auth0 Machine-to-Machine token in the Authorization header:

Authorization: Bearer your-m2m-token

The ValidateClientM2MToken middleware will:

1. Validate the token with Auth0
2. Extract client information
3. Add auth0Id and clientId to request attributes

Example Request

curl -X GET "https://api-proxy.dev.cloud/users" \
  -H "Authorization: Bearer your-m2m-token" \
  -H "Accept: application/json"

Development

Code Quality Tools

This project includes several code quality tools:

# Fix code style issues
make fix-styles
# or
composer run fix:styles

# Check code style
make check-styles  
# or
composer run check:styles

# Run static analysis
make static-analysis
# or
composer run check:static

# Fix Rector issues
make fix-rector
# or 
composer run fix:rector

# Check Rector rules
make check-rector
# or
composer run check:rector

Testing

Run the test suite:

# Run all tests
composer run tests:all

# Run unit tests only
composer run tests:unit

Running with Docker

The project includes Docker configuration for development:

# Using the Makefile
make tests-all

# Or directly with docker-compose
docker compose run --rm composer install
docker compose up -d

Architecture

Key Components

• ProxyController: Main controller handling request proxying
• ValidateClientM2MToken: Middleware for Auth0 token validation
• UrlFactoryService: Service for building target URLs
• CachedModelService: Service for caching model data
• Client Model: Model representing API clients

Request Flow

1. Client sends request with M2M token
2. ValidateClientM2MToken middleware validates token
3. ProxyController receives validated request
4. UrlFactoryService builds target URL
5. Request is forwarded to target API
6. Response is returned to client

Error Handling

The proxy provides standardized error responses:

• 404: Route not found
• 4xx: Client errors (forwarded from target API)
• 5xx: Server errors (handled gracefully)
• 503: Service unavailable (connection issues)

Logging

Request logging is handled through Laravel's logging system. Logs include:

• Request details
• Client information
• Response status
• Error information

Security

• Auth0 Machine-to-Machine token validation
• Request method validation
• Secure header handling
• Input sanitization

Contributing

1. Follow the existing code style using Laravel Pint
2. Run static analysis with PHPStan
3. Ensure all tests pass
4. Use conventional commit messages

License

This project is licensed under the MIT License.