Pangea Connect

A collection of middleware for the most popular frameworks, gateways and more. Based on Pangea IP Intel service, Connect helps with drop-in centralized security solution using Pangea

Comment

About Pangea

Pangea is the first Security Platform as a Service (SPaaS) and delivers a single platform of API-based security services that are easily accessible and simple for any developer to build a secure app experience.

Some offerings include Secure Audit Log, IP Intelligence, etc (More info available on Pangea.cloud)

Inspiration

During my observation from the last Pangea hackathon, I noticed many amazing submissions utilizing several features of Pangea in various areas of the project. Further, from my experience working with monolith and micro-services at my day job, It came to be thought that there are certain Pangea services that can be generic/centralized across an application or platform(e.x. A REST framework / API gateway). These set of services can be centralized irrespective of the industry the application is being built for, to secure applications with Pangea services.

A light bulb moment struck, when I was watching a DevOps conference online to wonder if there was a way to allow teams beyond developers to integrate a subset of Pangea services.

This lead me to create my submission "Pangea Connect", a collection of middlewares published as Code development kit (Use as is / fully customizable code).

Connect currently provides ready to deploy middlewares / plugins based on Pangea IP Intel services (current submission) for some of the top/popular, namely;

  • Web frameworks in different languages
  • API Gateways
  • Load Balancers
  • Ingress Gateways

While integrating Pangea services for security, minimal coding experience is atleast required. The Connect platform further caters to DevOps engineers too, offering a drop-in solution to secure their applications with little to no developer intervention.

Connect thus enables developers / DevOps engineers to have a drop-in + customizable solution when using certain Pangea services.

What it does

Connect provides ready-to-deploy middlewares for different platforms / frameworks. Typically, a Pangea service like IP Intel ideally can be centralized across all routes. Therefore, the middleware helps you to verify the users' IP with Pangea API's and deny/ allow access to your application endpoints.

How we built it

Since the collection is specific to the framework / platform, the technology involves either developing web filters (e.g. spring boot), language-dependent middleware plugins (e.g. express, gin-gonic), go-based plugins(e.g. Kong, Krakend).

When you first place a request to your server, the middleware checks in cache (Redis compatible protocol) if the IP intel has been conducted. If not, then a background task/thread is created to verify the IP address with Pangea IP Intel service and updated to cache with allow or deny status.

The process of background task and cache helps the middleware have near zero latency to your existing requests.

Challenges we ran into

Even though integrating Pangea services is a breeze with the documentation provided, developing a plugin for each framework / platform has its own set of guidelines / interfaces or build process. Hence, the learning curve is long, especially to do it right.

Some examples include:

  • Middleware's approach to each platform is different.
  • Libraries version mismatches had to be manually updated when the final plugin build is created
  • Going through different documentation, languages / framework experience needed to write code the right way.

Thankfully golang was the default language for most API gateways. However, in some case there are more efficient languages for writing middleware (e.g. Lua for Kong)

Accomplishments that we're proud of

While integrating Pangea services is extremely easy, now with Connect (IP intel service), Developers & Devops have a drop-in solution and that too centralized.

What we learned

With Pangea services, adding security to your applications was a breeze as a developer. With Connect, the experience is reciprocated to DevOps team too.

What's next for Pangea Connect

Although the submission includes a few frameworks and API gateways. There are many activities to be done.

A Few of them include;

  • Revisiting the solution by comparing other middleware / plugin (doing it right) for each platform / framework
  • Unit Tests, Performance Test, etc
  • Extending Connect to other Pangea services that can be centralized and easy to configure

The next goal is to now develop middlewares for top 5

  • Frameworks in node, java, golang, rust for now
  • API gateways
  • Load Balancers
  • Ingress gateways

The code is fully opensource for anyone to use and customize, means extending the development and maintenance to community contributions too.

Share this project:

Updates