I’m redesigning our website and want to use Caddy as our web server (gateway) instead of nginx, coz it’s easier to use, to extend, and still have acceptable performance. My goal is to make our services behind the gateway more stateless and easier to develop. One of the most stateful thing is the user session. I’ve searched a bit and did not find any plugin relevant to it yet. So i’m planning to write one.
The idea is from https://www.slideshare.net/opencredo/authentication-in-microservice-systems-david-borsos: after user authentication, some user identity data is generated and encoded as a token: JWT or just plain JSON without signature, then set to a header and response. When Caddy as the gateway receives such header from upstream, it creates a reference (opaque) token mapping to the real one, storing them in a kv store, response the ref token in a header (or cookie) instead of the real one to the client. In the following requests, when Caddy receives the ref token, it translate back to the real one and send to upstream services as header. Thus services can use this header as user identity directly. There are some other benefits i think:
- logout is easy to implement since tokens are stored server-side
- services can use the same way to identify a user no matter whether the request is sent from a web page using cookie as ref token, or from API request.
But i’m not very confident Is it worthwhile? I want to hear your opinion ~~