11# speed-proxy
22
3+ [ ![ Test] ( https://github.com/m-lab/speed-proxy/actions/workflows/test.yml/badge.svg )] ( https://github.com/m-lab/speed-proxy/actions/workflows/test.yml )
4+ [ ![ Coverage Status] ( https://coveralls.io/repos/github/m-lab/speed-proxy/badge.svg?branch=main )] ( https://coveralls.io/github/m-lab/speed-proxy?branch=main )
5+ [ ![ Go Report Card] ( https://goreportcard.com/badge/github.com/m-lab/speed-proxy )] ( https://goreportcard.com/report/github.com/m-lab/speed-proxy )
6+ [ ![ Go Version] ( https://img.shields.io/github/go-mod/go-version/m-lab/speed-proxy )] ( https://go.dev/ )
7+ [ ![ Go Reference] ( https://pkg.go.dev/badge/github.com/m-lab/speed-proxy.svg )] ( https://pkg.go.dev/github.com/m-lab/speed-proxy )
8+ [ ![ Ask DeepWiki] ( https://deepwiki.com/badge.svg )] ( https://deepwiki.com/m-lab/speed-proxy )
9+
310Integrator backend service for speed.measurementlab.net. This service acts as a
411security boundary between the frontend client and M-Lab's token exchange
512service.
@@ -8,9 +15,8 @@ service.
815
916The service provides a single endpoint that:
1017
11- 1 . Retrieves the M-Lab API key from Google Secret Manager
12- 2 . Exchanges the API key for a short-lived JWT token via M-Lab's token exchange service
13- 3 . Returns the JWT to the frontend client
18+ 1 . Exchanges the M-Lab API key for a short-lived JWT token via M-Lab's token exchange service
19+ 2 . Returns the JWT to the frontend client
1420
1521The frontend then uses this JWT to access M-Lab's Locate API at
1622` /v2/priority/nearest ` .
@@ -20,8 +26,7 @@ The frontend then uses this JWT to access M-Lab's Locate API at
2026| Flag | Environment Variable | Default | Description |
2127| ------| ---------------------| ---------| -------------|
2228| ` -listen-addr ` | ` LISTEN_ADDR ` | ` :8080 ` | Address to listen on |
23- | ` -project-id ` | ` PROJECT_ID ` | (required) | GCP project ID for Secret Manager |
24- | ` -secret-name ` | ` SECRET_NAME ` | (required) | Name of the secret containing the API key |
29+ | ` -api-key ` | ` API_KEY ` | (required) | M-Lab API key for token exchange |
2530| ` -token-exchange-url ` | ` TOKEN_EXCHANGE_URL ` | ` https://auth.mlab-sandbox.measurementlab.net/v0/token/integration ` | URL of the token exchange service |
2631| ` -allowed-origin ` | ` ALLOWED_ORIGIN ` | ` https://speed.measurementlab.net ` | Allowed CORS origin |
2732
@@ -44,42 +49,29 @@ Health check endpoint. Returns `200 OK` with body `ok`.
4449
4550## Deployment
4651
47- ### Prerequisites
48-
49- 1 . Create a secret in Secret Manager containing the M-Lab API key:
50- ``` bash
51- echo -n " mlabk.ki_xxx.secret" | gcloud secrets create mlab-api-key \
52- --data-file=- \
53- --project=YOUR_PROJECT_ID
54- ```
55-
56- 2 . Grant the Cloud Run service account access to the secret:
57- ``` bash
58- gcloud secrets add-iam-policy-binding mlab-api-key \
59- --member=" serviceAccount:YOUR_SERVICE_ACCOUNT"
60- --role=" roles/secretmanager.secretAccessor"
61- --project=YOUR_PROJECT_ID
62- ```
63-
6452### Deploy to Cloud Run
6553
6654``` bash
6755gcloud run deploy speed-proxy \
6856 --source . \
6957 --region us-central1 \
70- --set-env-vars " PROJECT_ID=YOUR_PROJECT_ID,SECRET_NAME=mlab-api-key "
58+ --set-env-vars " API_KEY=mlabk.ki_xxx.secret "
7159 --allow-unauthenticated
7260```
7361
7462## Local Development
7563
7664``` bash
77- # Set up Application Default Credentials
78- gcloud auth application-default login
79-
80- # Run locally
81- go run . \
82- -project-id=YOUR_PROJECT_ID \
83- -secret-name=mlab-api-key \
84- -allowed-origin=" http://localhost:3000"
65+ API_KEY=" mlabk.ki_xxx.secret" . -allowed-origin=" http://localhost:3000"
66+ ```
67+
68+ ## Docker
69+
70+ ``` bash
71+ # Build
72+ docker build -t speed-proxy .
73+
74+ # Run
75+ export API_KEY=" mlabk.ki_xxx.secret"
76+ docker run -p 8080:8080 -e API_KEY speed-proxy
8577```
0 commit comments