03AI
← back

project_03

Gatekeeper

multi-tenant auth gateway — OAuth2, RBAC, centralized identity plane

● DeployedGo + gRPCZero-Trust
Overview

A unified identity plane in front of all internal microservices. Instead of each service implementing its own auth, they delegate token verification to Gatekeeper via a lightweight gRPC sidecar. Security policy, RBAC rules, and audit logs all live in one place — enforcing zero-trust defaults with under 2ms overhead per request.

Problem

Auth scattered across 8 services meant every security patch needed 8 coordinated deploys. A permission bug in one service could expose another tenant's data. Each service reinvented token validation slightly differently — impossible to audit uniformly across the platform.

Engineering Challenges
01.Token revocation propagation — pub/sub invalidation pushes to all Redis nodes within 200ms of a revoke call
02.Multi-tenant isolation via row-level security in Postgres so no policy evaluation crosses tenant boundaries
03.Graceful degradation — sidecars cache last valid token locally so a Gatekeeper restart cannot cascade
Key Decisions
Casbin RBAC — policy-as-code with hot reload, zero restarts needed when permission rules change
gRPC sidecar over REST — binary protocol + persistent connections removed ~1.5ms per auth overhead
Redis token cache with 60s sliding TTL — eliminates DB pressure at 12k req/min sustained load
Append-only Postgres audit log with row checksums — tamper-evident, passes SOC2 requirements
← prevVeloxsourcenext →Sunakku
Stack
GogRPCPostgreSQLRedisJWTOAuth2CasbinEnvoyPrometheus
Architecture
ClientAPI / browser / mobileGatekeeper CoreGo · OAuth2 · CasbinTokensRedis 60sPolicy EngineCasbin RBACAudit LogPostgreSQLDownstreamgRPC sidecar · verifiedverifydelegateallow/deny
Key Features
Centralized RBAC Casbin policy-as-code with hot reload — update permissions across all 8 services instantly, zero restarts
gRPC sidecar auth Lightweight sidecar keeps auth overhead under 2ms — services never implement validation themselves
Token cache layer Redis 60s sliding TTL absorbs 12k req/min without touching Postgres on every request
Tamper-evident audit Append-only Postgres table with row-level checksums — every auth decision logged and verifiable
Metrics
<2msAuth Overhead
8Services
12kReq / Min
100%Audit Coverage