README.md

December 21, 2020 ยท View on GitHub

Deprecated

This repo is no longer supported, please look to tyk-demo

Tyk-Bank

This repository contains a PoC demonstrating a full stack SPA powered by:

  • Angular
  • GraphQL
  • GO
  • NodeJS & Express

and secured by:

  • Tyk API Gateway & Management Platform
  • Keycloak via OIDC

Prerequisites

  • Docker,
  • a Tyk Pro Dashboard license key
  • Some time on your hands.

If you don't have a license key, please head on over to www.tyk.io to get a trial key.

When you have your license, please add it to "license_key" field in "confs/tyk_analytics.conf".

What Is The Stack?

The following are the included services needed to run this PoC

TitleDescriptionPort
Front endAngular SPA4200
BackendGraphQL Server. visit http://localhost:18080 for playground.18080
PostgreSQL - Go Server DB15432
Adminer - DB Management for PostgreSQL7777
Loans Microservice - Node/Express3001
IDPKeycloak8081
TykDashboard3000
Gateway8080
PumpN/A
Redis - GW dependency6379
Mongo - DB Depedendency27017
Analytics(Optional) Splunk - Head to splunk directory for install instructions8000, 8088
(Optional) ELK - Head to ELK direcotry for install instructions9200, 9300, 5001, 5601
- Elastic Search9200, 9300
- Logstash5001
- Kibana5601

IMPORTANT

disabling CORS

If you run into CORS issues, You will need to run your browser without CORS in order for the front-end to talk to the API.

If Chrome is downloaded on OSX, you can copy paste the following into a terminal to get a CORS compliant browser - this is not safe for regular web browsing: open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_test" --disable-web-security

MAC OS

This PoC will only work turn-key on Mac OS. That's basically because the Docker networking takes advantage of a special hostname docker.for.mac.localhost to wire up a few things together. It's definitely possible to get this running outside OSX, you'll just need to make minor modifications.

Running The Stack

1) Docker-Compose up

Inside the tyk-bank folder, run docker-compose up -d to run all services

2) Bootstrap

Run setup.sh

$ ./setup.sh

Note that the setup.sh setup will generate a Tyk user/pw that you will log into the Dashboard with.

3. Create bank users with balances

======= Note that the setup.sh setup will generate some usernames & passwords which we will need for the remainder of the setup.

3. Create Keycloak user with graphql_tag

Log into Keycloak via http://localhost:8081. The default user and PW are located in the docker-compose env variables.

Create a user, then head over to the Attributes page for that user and create a key called graphql_id with the value of graphid generated by the setup script.

4. Setup Tyk

Log onto the Tyk Dashboard at http://localhost:3000. The username and password were generated by the "setup.sh" script.

  1. Create a policy that gives access to both "loan-service-api" & "graphql". Add this policies' ID to the API definitions by going to: APIs -> Select API -> RAW API DESIGNER
"openid_options": {
    "providers": [
        {
        "issuer": "http://docker.for.mac.localhost:8081/auth/realms/master",
        "client_ids": {
            "dHlrLWJhbms=": "<REPLACE_ME_WITH_POLICY_ID>"
        }
        }
    ],
}

Done! Now you can log into the application as a Banking customer on http://localhost:4200. Hit sign in and log in using the credentials you created for the keycloak user.

Custom IdP?

If you are using everything included in this guide, you can skip to next section. You will need to inject the generated GraphQL User ID into the OIDC claims (ID_TOKEN) so this app can inject it into the Header to Tyk. Also set up the issuer with your provider when creating the API definition within Tyk.

Todos

Hello Open Source World, can you help ?

  • Make work with Windows + Linux
  • Replace 'implicit flow' OIDC with something more secure IE OAuth Access Code Flow