I am creating an application based on microservice-architecture.
The application is for freelance related activities, so I have created a :
- Authentication Microservice which handles authentication (with Laravel) which also has the database for users
- And another Microservice build in Lumen(Microframework) which basically handles a freelancer posting its gigs and managing with them
Basically my architecture looks like this so far:
We don't have API Gateway implemented so far. For authentication in authentication microservice, we are using Passport which in the background uses Oauth2 and JWT.
The problem in my case is since I make a direct request to microservices from the front-end (REACT) the routes are not protected, for example in the gigs microservice everyone can make requests.
So my question is how can I protect these routes, I am thinking of making a middleware, that whenever we have a request that is headed to that microservice, checks if the user is authenticated (decode the token and verify that the user is authenticated).
When I had all the code in the same environment basically with laravel it was easy through a middleware that laravel provides, but since the microservice that is only for authentication and other microservices that need services from it are not bounded directly, it is causing me problems.
So if you guys have any examples, advice, or anything on this, any help would be appreciated.