Gateway & Routing
The Gateway Service is the single entry point for all client traffic. Built with Express.js, it handles authentication, rate limiting, and proxying requests to the appropriate backend service.
Routing Table
| Path Prefix | Target Service | Port |
|---|---|---|
/api/tenant | Tenant Service | :8001 |
/api/notification | Notification Service | :8002 |
/api/cms | CMS Service | :8003 |
/api/admin | Admin Service | :8004 |
/api/media | Media Service | :8005 |
/api/bi | BI Service | :8006 |
/api/electronic | Electronic Service | :8007 |
/api/correspondence | Correspondence Service | :8008 |
/api/task | Task Service | :8014 |
/api/search | Search Service | :8015 |
/api/identity | Identity Service | :8016 |
/api/profile | Profile Service | :8017 |
Middleware Chain
Gateway Middleware Chain
Loading diagram...
Middleware Details
| Middleware | Purpose |
|---|---|
| Helmet | HTTP security headers (XSS, HSTS, etc.) |
| CORS | Cross-origin request handling |
| Rate Limiter | Per-tenant/per-user request throttling |
| JWT Validation | Token verification via Identity Service |
| Tenant Resolution | Extract and validate tenant context |
| Proxy Forward | Route to target service via http-proxy-middleware |
Service-to-Service (S2S) Forwarding
The Gateway also handles internal service-to-service authentication. When a service needs to call another, it can either:
- Direct HTTP — Service calls another service directly with S2S token
- Via Gateway — Requests routed through the gateway for consistent auth handling
ℹInfo
The Gateway maintains a Redis-backed session store for token caching and session management. JWT tokens are validated on every request.
Configuration
| Name | Type | Default | Description |
|---|---|---|---|
| PORT | number | 80 | Gateway listening port |
| REDIS_HOST | string | localhost | Redis host for session store |
| REDIS_PORT | number | 6379 | Redis port |
| JWT_SECRET | string | - | JWT signing secret |
| RATE_LIMIT_MAX | number | 100 | Max requests per window |
| RATE_LIMIT_WINDOW | string | 15m | Rate limit time window |
Health Check
The Gateway exposes a health endpoint that checks connectivity to all downstream services:
GET
/healthReturns health status of the gateway and all downstream service connections