Gateway Service
Express.js:80Core
The Gateway Service is the single entry point for all external traffic into the Tarasol platform. Built with Express.js and TypeScript, it provides centralized authentication, rate limiting, request routing, and session management.
Architecture
Gateway Service Architecture
Loading diagram...
Key Features
- Request Routing — Proxies requests to 12+ backend services based on URL path
- JWT Validation — Validates access tokens on every request
- Rate Limiting — Per-tenant and per-user throttling via express-rate-limit
- Session Management — Redis-backed session storage
- Security Headers — Helmet middleware for XSS, HSTS, CSP
- CORS — Configurable cross-origin request handling
- Health Checks — Monitors connectivity to all downstream services
Routing Table
| Path Prefix | Target Service | Port |
|---|---|---|
/api/tenant | Tenant Service | :8001 |
/api/notification | Notification Service | :8002 |
/api/cms | CMS Service | :8003 |
/api/admin | Admin Service | :8004 |
/api/media | Media Service | :8005 |
/api/bi | BI Service | :8006 |
/api/electronic | Electronic Service | :8007 |
/api/correspondence | Correspondence Service | :8008 |
/api/task | Task Service | :8014 |
/api/search | Search Service | :8015 |
/api/identity | Identity Service | :8016 |
/api/profile | Profile Service | :8017 |
API Endpoints
GET
/healthGateway health check — returns status of all downstream services
Configuration
| Name | Type | Default | Description |
|---|---|---|---|
| PORT | number | 80 | Gateway listening port |
| REDIS_HOST | string | localhost | Redis host for session store |
| REDIS_PORT | number | 6379 | Redis port |
| JWT_SECRET | string | - | JWT signing secret (must match Identity) |
| RATE_LIMIT_MAX | number | 100 | Max requests per rate limit window |
| RATE_LIMIT_WINDOW | string | 15m | Rate limit window duration |
| HELMET_ENABLED | boolean | true | Enable Helmet security headers |
| CORS_ORIGIN | string | * | Allowed CORS origins |
Dependencies
- Redis — Session storage and token caching
- All Backend Services — Proxied traffic destinations
- Identity Service — JWT validation
Startup Order
The Gateway should start last after all downstream services are healthy. This ensures all proxy targets are available.