Add appropriate labels to the container

Merge remote-tracking branch 'origin/main' into testing
Update go.mod and go.sum
2026-06-05 23:03:48 +00:00 · 2025-02-08 01:27:45 +00:00 · 2025-02-08 00:56:23 +00:00 · 2025-02-07 03:05:38 +00:00 · 2025-02-06 03:04:42 +00:00 · 2025-02-05 03:04:20 +00:00
57 changed files with 6350 additions and 274 deletions
@@ -0,0 +1,2 @@
+github: [ lukaszraczylo ]
+custom: [ monzo.me/lukaszraczylo ]
@@ -0,0 +1,73 @@
+name: Autoupdate go.mod and go.sum
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 3 * * *"
+
+env:
+  GO_VERSION: ">=1.21"
+
+jobs:
+  # This job is responsible for preparation of the build
+  # environment variables.
+  prepare:
+    name: Preparing build context
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        id: cache
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Go get dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          go get ./...
+
+  # This job is responsible for running tests and linting the codebase
+  test:
+    name: "Unit testing"
+    runs-on: ubuntu-latest
+    container: golang:1
+    needs: [prepare]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Ensure full history is checked out
+          token: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Install dependencies
+        run: |
+          apt-get update
+          apt-get install ca-certificates make -y
+          update-ca-certificates
+          go mod tidy
+          go get -u -v ./...
+          go mod tidy -v
+
+      - name: Run unit tests
+        run: |
+          CI_RUN=${CI} make test
+          git config --global --add safe.directory /__w/graphql-monitoring-proxy/graphql-monitoring-proxy
+
+      - name: Commit changes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "Update go.mod and go.sum"
+          commit_options: "--no-verify --signoff"
+          file_pattern: "go.mod go.sum"
@@ -0,0 +1,109 @@
+name: Run tests on PR
+
+on:
+  pull_request:
+    branches:
+      - "main"
+  push:
+    paths-ignore:
+      - "**/**.md"
+      - "**/**.yaml"
+      - "static/**"
+    branches:
+      - "!main"
+
+env:
+  GO_VERSION: ">=1.21"
+
+permissions:
+  # deployments permission to deploy GitHub pages website
+  deployments: write
+  # contents permission to update benchmark contents in gh-pages branch
+  contents: write
+
+jobs:
+  # This job is responsible for preparation of the build
+  # environment variables.
+  prepare:
+    name: Preparing build context
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        id: cache
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Go get dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          go get ./...
+
+  # This job is responsible for running tests and linting the codebase
+  test:
+    name: "Unit testing"
+    # needs: [prepare]
+    runs-on: ubuntu-latest
+    container: golang:1
+    # container: github/super-linter:v4
+    needs: [prepare]
+
+    # services:
+    #   # Label used to access the service container
+    #   redis:
+    #     # Docker Hub image
+    #     image: redis
+    #     # Set health checks to wait until redis has started
+    #     options: >-
+    #       --health-cmd "redis-cli ping"
+    #       --health-interval 10s
+    #       --health-timeout 5s
+    #       --health-retries 5
+    #     ports:
+    #       # Maps the container port to the host machine
+    #       - 6379:6379
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Install dependencies
+        run: |
+          apt-get update
+          apt-get install ca-certificates make -y
+          update-ca-certificates
+          go mod tidy
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Run unit tests
+        run: |
+          CI_RUN=${CI} make test
+
+      - name: Run benchmark
+        run: |
+          go test -bench=. -benchmem ./... -run=^# | tee output.txt
+
+      - name: Store benchmark result
+        uses: benchmark-action/github-action-benchmark@v1
+        with:
+          tool: "go"
+          output-file-path: output.txt
+          fail-on-alert: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          comment-on-alert: true
+          summary-always: true
+          # auto-push only if it's on main branch
+          auto-push: false
+          gh-pages-branch: "gh-pages"
+          benchmark-data-dir-path: "docs"
@@ -4,14 +4,69 @@ on:
  workflow_dispatch:
  push:
    paths-ignore:
-    - '**.md'
+      - "**/**.md"
+      - "**/**.yaml"
+      - "static/**"
    branches:
-      - "*"
+      - "main"
+
+env:
+  GO_VERSION: ">=1.21"
+
+permissions:
+  # deployments permission to deploy GitHub pages website
+  deployments: write
+  # contents permission to update benchmark contents in gh-pages branch
+  contents: write

 jobs:
  shared:
    uses: telegram-bot-app/ci-scripts/.github/workflows/build-test-publish-inject.yaml@main
    with:
      enable-code-scans: false
+      should-deploy: false
    secrets:
      ghcr-token: ${{ secrets.GHCR_TOKEN }}
+
+  test:
+    name: "Benchmarking the results"
+    needs: [shared]
+    runs-on: ubuntu-latest
+    container: golang:1
+    # container: github/super-linter:v4
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Install dependencies
+        run: |
+          apt-get update
+          apt-get install ca-certificates make -y
+          update-ca-certificates
+          go mod tidy
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Run benchmark
+        run: |
+          go test -bench=. -benchmem ./... -run=^# | tee output.txt
+
+      - name: Store benchmark result
+        uses: benchmark-action/github-action-benchmark@v1
+        with:
+          tool: "go"
+          output-file-path: output.txt
+          fail-on-alert: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          comment-on-alert: true
+          summary-always: true
+          # auto-push only if it's on main branch
+          auto-push: true
+          gh-pages-branch: "gh-pages"
+          benchmark-data-dir-path: "docs"
@@ -1,2 +1,4 @@
 graphql-proxy
 test.sh
+banned.json*
+dist/
@@ -1,8 +1,14 @@
-FROM alpine:latest
-RUN apk add --no-cache ca-certificates
+FROM gcr.io/distroless/base-debian12:nonroot
 WORKDIR /go/src/app
 ARG TARGETARCH
 ARG TARGETOS
+# silly workaround for distroless image as no chmod is available
+COPY --chmod=777 --chown=nonroot:nonroot static/app /go/src/app
 ADD dist/bot-$TARGETOS-$TARGETARCH /go/src/app/graphql-proxy
-RUN chmod +x /go/src/app/graphql-proxy
 ENTRYPOINT ["/go/src/app/graphql-proxy"]
+
+LABEL org.opencontainers.image.maintainer="lukasz@raczylo.com" \
+      org.opencontainers.image.authors="lukasz@raczylo.com" \
+      org.opencontainers.image.title="graphql-monitoring-proxy" \
+      org.opencontainers.image.description="GraphQL monitoring proxy" \
+      org.opencontainers.image.url="https://github.com/lukaszraczylo/graphql-monitoring-proxy"
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Lukasz Raczylo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -1,17 +1,19 @@
 CI_RUN?=false
-ADDITIONAL_BUILD_FLAGS=""
+TIMESTAMP := $(shell date +%Y%m%d-%H%M%S)

-ifeq ($(CI_RUN), true)
-	ADDITIONAL_BUILD_FLAGS="-test.short"
-endif
+# ADDITIONAL_BUILD_FLAGS=""
+
+# ifeq ($(CI_RUN), true)
+# 	ADDITIONAL_BUILD_FLAGS="-test.short"
+# endif

 .PHONY: help
 help:  ## display this help
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n\nTargets:\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 }' $(MAKEFILE_LIST)

 .PHONY: run
-run: ## run application
-	@LOG_LEVEL=debug JWT_USER_CLAIM_PATH="Hasura.x-hasura-user-id" HOST_GRAPHQL=https://hasura8.lan/v1/graphql go run *.go
+run: build ## run application
+	@LOG_LEVEL=debug PURGE_METRICS_ON_CRAWL=true BLOCK_SCHEMA_INTROSPECTION=true CACHE_TTL=10 JWT_ROLE_RATE_LIMIT=false JWT_ROLE_CLAIM_PATH="Hasura.x-hasura-default-role" JWT_USER_CLAIM_PATH="Hasura.x-hasura-user-id" HOST_GRAPHQL=https://hasura8.lan/ HEALTHCHECK_GRAPHQL_URL=https://hasura8.lan/v1/graphql PORT_GRAPHQL=8111 ./graphql-proxy

 .PHONY: build
 build: ## build the binary
@@ -19,7 +21,7 @@ build: ## build the binary

 .PHONY: test
 test: ## run tests on library
-	@LOG_LEVEL=debug go test $(ADDITIONAL_BUILD_FLAGS) -v -cover ./... -race
+	@LOG_LEVEL=info go test -v -cover -race ./...

 .PHONY: test-packages
 test-packages: ## run tests on packages
@@ -32,3 +34,25 @@ all: test-packages test
 update: ## update dependencies
 	@go get -u -v ./...
 	@go mod tidy -v
+
+.PHONY: build-amd64
+build-amd64: ## build the Linux AMD64 binary
+	GOOS=linux GOARCH=amd64 go build -o graphql-proxy-amd64 *.go
+
+.PHONY: build-arm64
+build-arm64: ## build the Linux ARM64 binary
+	GOOS=linux GOARCH=arm64 go build -o graphql-proxy-arm64 *.go
+
+.PHONY: build-all
+build-all: build-amd64 build-arm64 ## build both AMD64 and ARM64 binaries
+
+.PHONY: docker
+docker: build-all ## build multi-arch (AMD64 and ARM64) docker image
+	@mkdir -p dist
+	@mv graphql-proxy-amd64 dist/bot-linux-amd64
+	@mv graphql-proxy-arm64 dist/bot-linux-arm64
+	@docker buildx build --push \
+		--platform linux/amd64,linux/arm64 \
+		-t ghcr.io/lukaszraczylo/graphql-monitoring-proxy:local-test-build-$(TIMESTAMP) \
+		.
+
@@ -1,22 +1,355 @@
 ## graphql monitoring proxy

-Creates a passthrough proxy to a graphql endpoint(s), allowing you for analysis of the queries and responses, producing the prometheus metrics at a fraction of the cost - because as we know - $0 is a fair price.
+Creates a passthrough proxy to a graphql endpoint(s), allowing you to analyse the queries and responses, producing the Prometheus metrics at a fraction of the cost - because, as we know - $0 is a fair price.
+
+This project is in active use by [telegram-bot.app](https://telegram-bot.app), and was tested with 30k queries per second on a single instance, consuming 10 MB of RAM and 0.1% CPU. [Benchmarks](https://lukaszraczylo.github.io/graphql-monitoring-proxy/dev/bench/) are available.
+
+![Example of monitoring dashboard](static/monitoring-at-glance.png?raw=true)
+
+- [graphql monitoring proxy](#graphql-monitoring-proxy)
+  - [Why this project exists](#why-this-project-exists)
+  - [Important releases](#important-releases)
+  - [How to deploy](#how-to-deploy)
+    - [Note on websocket support](#note-on-websocket-support)
+  - [Endpoints](#endpoints)
+  - [Features](#features)
+  - [Configuration](#configuration)
+  - [Tracing](#tracing)
+  - [Speed](#speed)
+    - [Caching](#caching)
+    - [Read-only endpoint](#read-only-endpoint)
+  - [Maintenance](#maintenance)
+    - [Hasura event cleaner](#hasura-event-cleaner)
+  - [Security](#security)
+    - [Role-based rate limiting](#role-based-rate-limiting)
+    - [Read-only mode](#read-only-mode)
+    - [Allowing access to listed URLs](#allowing-access-to-listed-urls)
+    - [Blocking introspection](#blocking-introspection)
+  - [API endpoints](#api-endpoints)
+    - [Ban or unban the user](#ban-or-unban-the-user)
+    - [Cache operations](#cache-operations)
+  - [General](#general)
+    - [Metrics which matter](#metrics-which-matter)
+    - [Healthcheck](#healthcheck)
+    - [Monitoring endpoint](#monitoring-endpoint)
+
+### Why this project exists
+
+I wanted to monitor the queries and responses of our graphql endpoint. Still, we didn't want to pay the price of the graphql server itself ( and I will not point fingers at a particular well-known project), as monitoring and basic security features should be a standard, free functionality.
+
+### Important releases
+
+You should always try to stick to the latest and greatest version of the graphql-proxy to ensure that it's as much bug-free as possible. Following list will be kept to the maximum of five "most important" bugs and enhancements included in the latest versions.
+
+* **06/12/2024 - 0.25.12** - Fixes the bug where deeply nested introspection queries were blocked despite of being present on the whitelist. GraphQL proxy will now inspect the queries in depth to find any possible nested introspections.
+
+* **20/08/2024 - 0.23.21+** - Fixes the bug when timeouts were not respected on proxy-graphql line. Affected versions before that were timeouting after 30 seconds which was set as default ( thanks to Jurica Železnjak for reporting ). It also provides a temporary fix for running within kubernetes deployment, when graphql server ( for example - hasura ) took more time to start than the proxy, causing avalanche of errors with "can't proxy the request".
+
+* **19/08/2024 - 0.21.82+** - Fixed the issue when proxy failed to start if global cache was disabled, therefore not initialized and proxy tried to perform the cache operations during normal query operations.
+
+### How to deploy
+
+You can find the example of the Kubernetes manifest in the [example standalone deployment](static/kubernetes-deployment.yaml) or [example combined deployment](static/kubernetes-single-deployment.yaml) files. Observed advantage of multideployment is that it allows the network requests to travel via localhost, without leaving the deployment which brings quite significant network performance boost.
+
+#### Note on websocket support
+
+Proxy in its current version 0.23.3 does not support websockets. If you need to proxy the websocket requests - you can use following trick whilst setting up the proxy. As I'm a big fan of Traefik - there's an example which works with the mentioned above combined deployment.
+
+<details>
+  <summary>Click to show working Traefik Ingress Route example.</summary>
+
+```yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: hasura-internal
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    # NON WEBSOCKET CONNECTION
+    - kind: Rule
+      match: Host(`example.com`) && PathPrefix(`/v1/graphql`) && !HeadersRegexp(`Upgrade`, `websocket`)
+      services:
+      - name: hasura-w-proxy-internal
+        port: proxy
+      middlewares:
+        - name: compression
+          namespace: default
+
+    # WEBSOCKET CONNECTION
+    - kind: Rule
+      match: Host(`example.com`) && PathPrefix(`/v1/graphql`) && HeadersRegexp(`Upgrade`, `websocket`)
+      services:
+      - name: hasura-w-proxy-internal
+        port: hasura
+      middlewares:
+        - name: compression
+          namespace: default
+```
+
+In this case, both proxy and websockets will be available under the `/v1/graphql` path, and the websocket connection will be proxied directly to the hasura service, bypassing the proxy.
+
+</details>

 ### Endpoints

-/v1/graphql - the graphql endpoint
-/metrics - the prometheus metrics endpoint
-/healthz - the healthcheck endpoint
+* `:8080/*` - the graphql passthrough endpoint
+* `:9393/metrics` - the prometheus metrics endpoint
+* `:8080/healthz` - the healthcheck endpoint
+* `:8080/livez` - the liveness probe endpoint
+* `:9090/api/*` - the monitoring proxy API endpoint
+
+### Features
+
+| Category   | Detail                                                                |
+|------------|-----------------------------------------------------------------------|
+| monitor    | Prometheus / VictoriaMetrics metrics                                  |
+| monitor    | Extracting user id from JWT token and adding it as a label to metrics |
+| monitor    | Extracting the query name and type and adding it as a label to metrics|
+| monitor    | Calculating the query duration and adding it to the metrics           |
+| monitor    | OpenTelemetry tracing support with configurable endpoint              |
+| speed      | Caching the queries, together with per-query cache and TTL            |
+| speed      | Support for READ ONLY graphql endpoint                                |
+| security   | Blocking schema introspection                                         |
+| security   | Rate limiting queries based on user role                              |
+| security   | Blocking mutations in read-only mode                                  |
+| security   | Allow access only to listed URLs                                      |
+| security   | Ban / unban specific user from accessing the application              |
+| maintenance | Hasura events cleaner                                                 |
+

 ### Configuration

-`MONITORING_PORT` - the port to expose the metrics endpoint on (default: 9393)
-`PORT_GRAPHQL` - the port to expose the graphql endpoint on (default: 8080)
-`HOST_GRAPHQL` - the host to proxy the graphql endpoint to (default: `localhost/v1/graphql`)
+All the environment variables **should** be prefixed with `GMP_` to avoid conflicts with other applications.
+If `GMP_` prefixed environment variable is present - it will take precedence over the non-prefixed one.
+You can still use the non-prefixed environment variables in the spirit of the backward compatibility, but it's not recommended.

-`JWT_USER_CLAIM_PATH` - the path to the user claim in the JWT token (default: ``)
+| Parameter                 | Description                              | Default Value              |
+|---------------------------|------------------------------------------|----------------------------|
+| `MONITORING_PORT`         | The port to expose the metrics endpoint  | `9393`                     |
+| `PORT_GRAPHQL`            | The port to expose the graphql endpoint  | `8080`                     |
+| `HOST_GRAPHQL`            | The host to proxy the graphql endpoint   | `http://localhost/` |
+| `HOST_GRAPHQL_READONLY`   | The host to proxy the read-only graphql endpoint | ``               |
+| `HEALTHCHECK_GRAPHQL_URL` | The URL to check the health of the graphql endpoint | `` |
+| `JWT_USER_CLAIM_PATH`     | Path to the user claim in the JWT token  | ``                         |
+| `JWT_ROLE_CLAIM_PATH`     | Path to the role claim in the JWT token  | ``                         |
+| `ROLE_FROM_HEADER`        | Header name to extract the role from     | ``                         |
+| `ROLE_RATE_LIMIT`         | Enable request rate limiting based on role| `false`                   |
+| `ENABLE_GLOBAL_CACHE`     | Enable the cache                        | `false`                    |
+| `CACHE_TTL`               | The cache TTL                           | `60`                       |
+| `ENABLE_REDIS_CACHE`      | Enable distributed Redis cache          | `false`                    |
+| `CACHE_REDIS_URL`         | URL to redis server / cluster endpoint  | `localhost:6379`           |
+| `CACHE_REDIS_PASSWORD`    | Redis connection password               | ``                         |
+| `CACHE_REDIS_DB`          | Redis DB id                             | `0`                        |
+| `LOG_LEVEL`               | The log level                           | `info`                     |
+| `BLOCK_SCHEMA_INTROSPECTION`| Blocks the schema introspection       | `false`                    |
+| `ALLOWED_INTROSPECTION`  | Allow only certain queries in introspection | ``                  |
+| `ENABLE_ACCESS_LOG`       | Enable the access log                   | `false`                    |
+| `READ_ONLY_MODE`          | Enable the read only mode               | `false`                    |
+| `ALLOWED_URLS`              | Allow access only to certain URLs       | `/v1/graphql,/v1/version`  |
+| `ENABLE_API`              | Enable the monitoring API               | `false`                    |
+| `API_PORT`                | The port to expose the monitoring API   | `9090`                     |
+| `BANNED_USERS_FILE`       | The path to the file with banned users  | `/go/src/app/banned_users.json`   |
+| `PROXIED_CLIENT_TIMEOUT` | The timeout for the proxied client in seconds     | `120`                      |
+| `PURGE_METRICS_ON_CRAWL` | Purge metrics on each /metrics crawl    | `false`                      |
+| `PURGE_METRICS_ON_TIMER` | Purge metrics every x seconds. `0` - disabled | `0`                      |
+| `HASURA_EVENT_CLEANER`   | Enable the hasura event cleaner          | `false`                    |
+| `HASURA_EVENT_CLEANER_OLDER_THAN` | The interval for the hasura event cleaner (in days) | `1`                  |
+| `HASURA_EVENT_METADATA_DB` | URL to the hasura metadata database    | `postgresql://localhost:5432/hasura` |
+| `ENABLE_TRACE`            | Enable OpenTelemetry tracing           | `false`                    |
+| `TRACE_ENDPOINT`          | OpenTelemetry collector endpoint       | `localhost:4317`           |

-`ENABLE_CACHE` - enable the cache (default: `false`)
-`CACHE_TTL` - the cache TTL (default: `60s`)
+### Tracing

-`LOG_LEVEL` - the log level (default: `info`)
+The proxy supports OpenTelemetry tracing to help monitor and debug requests. When enabled, it will create spans for each proxied request and send them to the configured OpenTelemetry collector.
+
+To use tracing:
+
+1. Enable tracing by setting `ENABLE_TRACE=true`
+2. Configure the OpenTelemetry collector endpoint using `TRACE_ENDPOINT` (defaults to `localhost:4317`)
+3. Include trace context in your requests using the `X-Trace-Span` header with the following format:
+
+```json
+{
+  "traceparent": "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"
+}
+```
+
+The proxy will extract the trace context from the header and create child spans for each request, allowing you to trace requests through your system.
+
+### Speed
+
+#### Caching
+
+The cache engine is enabled in the background by default, using no additional resources.
+You can then start using the cache by setting the `ENABLE_GLOBAL_CACHE` or `ENABLE_REDIS_CACHE` environment variable to `true` - which will enable the cache for all queries without introspection. You can leave the global cache disabled and enable the cache for specific queries by adding the `@cached` directive to the query.
+
+In the case of the `@cached` you can add additional parameters to the directive which will set the cache for specific queries to the provided time.
+For example, `query MyCachedQuery @cached(ttl: 90) ....` will set the cache for the query to 90 seconds.
+
+You can also set cache for specific query by using `X-Cache-Graphql-Query` header, which will set the cache for the query to the provided time, for example `X-Cache-Graphql-Query: 90` will set the cache for the query to 90 seconds.
+
+You can also force refresh of the cache by using `@cached(refresh: true)` directive in the query, for example:
+
+```
+query MyProducts @cached(refresh: true) {
+  products {
+    id
+    name
+  }
+}
+```
+
+Since version `0.5.30` the cache is gzipped in the memory, which should optimise the memory usage quite significantly.
+Since version `0.15.48` the you can also use the distributed Redis cache.
+
+#### Read-only endpoint
+
+You can now specify the read-only GraphQL endpoint by setting the `HOST_GRAPHQL_READONLY` environment variable. The default value is empty, preventing the proxy from using the read-only endpoint for the queries and directing all the requests to the main endpoint specified as `HOST_GRAPHQL`. If the `HOST_GRAPHQL_READONLY` is set, the proxy will use the read-only endpoint for the queries with the `query` type and the main endpoint for the `mutation` type queries. Format of the read-only endpoint is the same as `HOST_GRAPHQL` endpoint, for example `http://localhost:8080/`.
+
+You can check out the [example of combined deployment with RW and read-only hasura](static/kubernetes-single-deployment-with-ro.yaml).
+
+### Maintenance
+
+#### Hasura event cleaner
+
+When enabled via `HASURA_EVENT_CLEANER=true` - proxy needs to have a direct access to the database to execute simple delete queries on schedule. You can specify number of days the logs should be kept for using `HASURA_EVENT_CLEANER_OLDER_THAN`, for example `HASURA_EVENT_CLEANER_OLDER_THAN=14` will keep 14 days of event execution logs. Ticker managing the cleaner routine will be executed every hour.
+
+Following tables are being cleaned:
+- `hdb_catalog.event_invocation_logs`
+- `hdb_catalog.event_log`
+- `hdb_catalog.hdb_action_log`
+- `hdb_catalog.hdb_cron_event_invocation_logs`
+- `hdb_catalog.hdb_scheduled_event_invocation_logs`
+
+
+### Security
+
+#### Role-based rate limiting
+
+You can rate limit requests using the `ROLE_RATE_LIMIT` environment variable. If enabled, the proxy will rate limit the requests based on the role claim in the JWT token. You can then provide the JSON file in the following format to specify the limits.
+The default interval is `second`, but you can use other values as well. If you want to disable the rate limiting for a specific role, you can set the `req` to `0`.
+
+Available values:
+`nano`, `micro`, `milli`, `second`, `minute`, `hour`, `day`
+
+To define path in JWT token where the current user role is present, use the `JWT_ROLE_CLAIM_PATH` environment variable.
+
+You can also set up the `ROLE_FROM_HEADER` environment variable to extract the role from the header instead of the JWT token. This is useful if you want to rate limit the requests for unauthenticated users. It's worth mentioning that `ROLE_FROM_HEADER` takes a priority over the `JWT_ROLE_CLAIM_PATH` environment variable and if its set, the proxy will not try to extract the role from the JWT token.
+
+*Default/sample configuration:*
+
+```json
+{
+  "ratelimit": {
+      "admin": {
+          "req": 100,
+          "interval": "second"
+      },
+      "guest": {
+          "req": 50,
+          "interval": "minute"
+      },
+      "-": {
+          "req": 100,
+          "interval": "day"
+      }
+  }
+}
+```
+
+If you'd like to change it - mount your configmap as `/app/ratelimit.json` file.
+Remember to include the `-` role, which is used for unauthenticated users or when claim can't be found for any reason.
+If rate limit has been reached - the proxy will return `429 Too Many Requests` error.
+
+
+#### Read-only mode
+
+You can enable the read-only mode by setting the `READ_ONLY_MODE` environment variable to `true` - which will block all the `mutation` queries.
+
+#### Allowing access to listed URLs
+
+You can allow access only to certain URLs by setting the `ALLOWED_URLS` environment variable to a comma-separated list of URLs. If enabled - other URLs will return `403 Forbidden` error and request will **not** reach the proxied service.
+
+#### Blocking introspection
+
+You can block the schema introspection by setting the `BLOCK_SCHEMA_INTROSPECTION` environment variable to `true` - which will block all the queries with introspection parts, like:
+
+`__schema`, `__type`, `__typename`, `__directive`, `__directivelocation`, `__field`, `__inputvalue`, `__enumvalue`, `__typekind`, `__fieldtype`, `__inputobjecttype`, `__enumtype`, `__uniontype`, `__scalars`, `__objects`, `__interfaces`, `__unions`, `__enums`, `__inputobjects`, `__directives`
+
+If you'd like to keep blocking of the schema introspection on but allow one or more of from the list of above for any reason, you can use the `ALLOWED_INTROSPECTION` environment variable to specify the list of allowed queries.
+
+`ALLOWED_INTROSPECTION="__typename,__type"`
+
+### API endpoints
+
+#### Ban or unban the user
+
+Your monitoring system can detect user misbehaving, for example trying to extract / scrap the data. To prevent user from doing so you can use the simple API to ban the user from accessing the application.
+
+To do so - you need to enable the api by setting env variable `ENABLE_API=true` which will expose the API on the port `API_PORT=9090`. Nedless to say - keep it secure and don't expose it outside of your cluster.
+
+ Then you can use the following endpoints:
+
+* `POST /api/user-ban` - ban the user from accessing the application
+* `POST /api/user-unban` - unban the user from accessing the application
+
+#### Cache operations
+
+* `POST /api/cache-clear` - clear the cache
+* `GET /api/cache-stats` - get the cache statistics ( hits, misses, size )
+
+Both endpoints require the `user_id` parameter to be present in the request body and allow you to provide the reason for the ban.
+
+Example request:
+
+```bash
+curl -X POST \
+  http://localhost:9090/api/user-ban \
+  -H 'Content-Type: application/json' \
+  -d '{
+      "user_id": "1337",
+      "reason": "Scraping data"
+    }'
+```
+
+Ban details will be stored in the `banned_users.json` file, which you can mount as a file or configmap to the `/go/src/app/banned_users.json` path ( or use `BANNED_USERS_FILE` environment variable to specify the path to the file). The file operation is important if you have multiple instances of the proxy running, as it will allow you to ban the user from accessing the application on all instances.
+
+### General
+
+#### Metrics which matter
+
+You can always enable `PURGE_METRICS_ON_CRAWL` environment variable to purge the metrics on each `/metrics` crawl. This will allow you to see only the current metrics, without potential leftovers from the previous crawls. This is useful if you want to monitor the metrics in real-time and / or limit the amount of data ingested into the monitoring system. When enabled you will most likely need to update your monitoring queries.
+
+With the `PURGE_METRICS_ON_CRAWL` enabled, the `graphql_proxy_requests_failed`, `graphql_proxy_requests_skipped` and `graphql_proxy_requests_succesful` metrics will remain between resets.
+
+If you prefer more control over the metrics purging - you can enable `PURGE_METRICS_ON_TIMER` environment variable and set the interval in seconds. This will allow you to purge the metrics on a regular basis, for example every 90 seconds. It could be better solution if you have multiple crawlers checking the metrics endpoints and you want to avoid the situation when metrics are purged by for example healthcheck.
+
+#### Healthcheck
+
+If you'd like the `/healthz` endpoint to perform actual check for the connectivity to the graphql endpoint - set the `HEALTHCHECK_GRAPHQL_URL` environment variable to the exact URL of the graphql endpoint. The query executed will be `query { __typename }` and if the response is not `200 OK` - the healthcheck will fail. Remember that the endpoint is a full URL which you'd like to check, so it should include the protocol, host and path - for example `http://localhost:8080/v1/graphql` and it's NOT the same as value of `HOST_GRAPHQL` environment variable which should provide only the host, without path, ending with slash.
+
+#### Monitoring endpoint
+
+Example metrics produced by the proxy:
+
+```
+graphql_proxy_timed_query_bucket{cached="false",user_id="-",op_type="mutation",op_name="updateUserDetails",vmrange="1.000e-02...1.136e-02"} 6
+graphql_proxy_timed_query_count{op_name="",cached="false",user_id="-",op_type=""} 78
+graphql_proxy_timed_query_bucket{op_name="MyQuery",cached="false",user_id="-",op_type="query",vmrange="5.995e+00...6.813e+00"} 1
+graphql_proxy_timed_query_sum{op_name="MyQuery",cached="false",user_id="-",op_type="query"} 6
+graphql_proxy_timed_query_count{op_name="MyQuery",cached="false",user_id="-",op_type="query"} 1
+graphql_proxy_executed_query{user_id="-",op_type="mutation",op_name="updateKnownSpammer",cached="false"} 1486
+graphql_proxy_executed_query{user_id="-",op_type="query",op_name="checkIfAdminsNeedRefreshing",cached="false"} 13167
+graphql_proxy_executed_query{user_id="1337",op_type="query",op_name="checkIfKnownMedia",cached="false"} 429
+graphql_proxy_executed_query{user_id="-",op_type="query",op_name="checkIfSpamAIRequiresUpdate",cached="false"} 8891
+graphql_proxy_requests_failed 324
+graphql_proxy_requests_skipped 0
+graphql_proxy_requests_succesful 454823
+graphql_proxy_cache_hit{microservice="graphql_proxy",pod="hasura-w-proxy-internal-6b5f4b4bbb-9xwfc"} 7
+graphql_proxy_cache_hit{pod="hasura-w-proxy-internal-6b5f4b4bbb-9xwfc",microservice="graphql_proxy"} 1
+graphql_proxy_cache_miss{microservice="graphql_proxy",pod="hasura-w-proxy-internal-6b5f4b4bbb-9xwfc"} 23
+```
+
+.
@@ -0,0 +1,259 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/goccy/go-json"
+	fiber "github.com/gofiber/fiber/v2"
+	"github.com/gofrs/flock"
+	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+var (
+	bannedUsersIDs      = make(map[string]string)
+	bannedUsersIDsMutex sync.RWMutex
+)
+
+func enableApi() {
+	if !cfg.Server.EnableApi {
+		return
+	}
+
+	apiserver := fiber.New(fiber.Config{
+		DisableStartupMessage: true,
+		AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
+	})
+
+	api := apiserver.Group("/api")
+	api.Post("/user-ban", apiBanUser)
+	api.Post("/user-unban", apiUnbanUser)
+	api.Post("/cache-clear", apiClearCache)
+	api.Get("/cache-stats", apiCacheStats)
+
+	go periodicallyReloadBannedUsers()
+
+	if err := apiserver.Listen(fmt.Sprintf(":%d", cfg.Server.ApiPort)); err != nil {
+		cfg.Logger.Critical(&libpack_logger.LogMessage{
+			Message: "Can't start the service",
+			Pairs:   map[string]interface{}{"port": cfg.Server.ApiPort},
+		})
+	}
+}
+
+func periodicallyReloadBannedUsers() {
+	ticker := time.NewTicker(10 * time.Second)
+	defer ticker.Stop()
+
+	for range ticker.C {
+		loadBannedUsers()
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Banned users reloaded",
+			Pairs:   map[string]interface{}{"users": bannedUsersIDs},
+		})
+	}
+}
+
+func checkIfUserIsBanned(c *fiber.Ctx, userID string) bool {
+	bannedUsersIDsMutex.RLock()
+	_, found := bannedUsersIDs[userID]
+	bannedUsersIDsMutex.RUnlock()
+
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Checking if user is banned",
+		Pairs:   map[string]interface{}{"user_id": userID, "banned": found},
+	})
+
+	if found {
+		cfg.Logger.Info(&libpack_logger.LogMessage{
+			Message: "User is banned",
+			Pairs:   map[string]interface{}{"user_id": userID},
+		})
+		c.Status(fiber.StatusForbidden).SendString("User is banned")
+	}
+	return found
+}
+
+func apiClearCache(c *fiber.Ctx) error {
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Clearing cache via API",
+	})
+	libpack_cache.CacheClear()
+	cfg.Logger.Info(&libpack_logger.LogMessage{
+		Message: "Cache cleared via API",
+	})
+	return c.SendString("OK: cache cleared")
+}
+
+func apiCacheStats(c *fiber.Ctx) error {
+	return c.JSON(libpack_cache.GetCacheStats())
+}
+
+type apiBanUserRequest struct {
+	UserID string `json:"user_id"`
+	Reason string `json:"reason"`
+}
+
+func apiBanUser(c *fiber.Ctx) error {
+	var req apiBanUserRequest
+	if err := c.BodyParser(&req); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't parse the ban user request",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return c.Status(fiber.StatusBadRequest).SendString("Invalid request payload")
+	}
+
+	if req.UserID == "" || req.Reason == "" {
+		return c.Status(fiber.StatusBadRequest).SendString("user_id and reason are required")
+	}
+
+	bannedUsersIDsMutex.Lock()
+	bannedUsersIDs[req.UserID] = req.Reason
+	bannedUsersIDsMutex.Unlock()
+
+	cfg.Logger.Info(&libpack_logger.LogMessage{
+		Message: "Banned user",
+		Pairs:   map[string]interface{}{"user_id": req.UserID, "reason": req.Reason},
+	})
+
+	if err := storeBannedUsers(); err != nil {
+		return c.Status(fiber.StatusInternalServerError).SendString("Failed to store banned users")
+	}
+
+	return c.SendString("OK: user banned")
+}
+
+func apiUnbanUser(c *fiber.Ctx) error {
+	var req apiBanUserRequest
+	if err := c.BodyParser(&req); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't parse the unban user request",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return c.Status(fiber.StatusBadRequest).SendString("Invalid request payload")
+	}
+
+	if req.UserID == "" {
+		return c.Status(fiber.StatusBadRequest).SendString("user_id is required")
+	}
+
+	bannedUsersIDsMutex.Lock()
+	delete(bannedUsersIDs, req.UserID)
+	bannedUsersIDsMutex.Unlock()
+
+	cfg.Logger.Info(&libpack_logger.LogMessage{
+		Message: "Unbanned user",
+		Pairs:   map[string]interface{}{"user_id": req.UserID},
+	})
+
+	if err := storeBannedUsers(); err != nil {
+		return c.Status(fiber.StatusInternalServerError).SendString("Failed to store banned users")
+	}
+
+	return c.SendString("OK: user unbanned")
+}
+
+func storeBannedUsers() error {
+	fileLock := flock.New(fmt.Sprintf("%s.lock", cfg.Api.BannedUsersFile))
+	if err := lockFile(fileLock); err != nil {
+		return err
+	}
+	defer fileLock.Unlock()
+
+	bannedUsersIDsMutex.RLock()
+	data, err := json.Marshal(bannedUsersIDs)
+	bannedUsersIDsMutex.RUnlock()
+
+	if err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't marshal banned users",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return err
+	}
+
+	if err := os.WriteFile(cfg.Api.BannedUsersFile, data, 0644); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't write banned users to file",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return err
+	}
+
+	return nil
+}
+
+func loadBannedUsers() {
+	if _, err := os.Stat(cfg.Api.BannedUsersFile); os.IsNotExist(err) {
+		cfg.Logger.Info(&libpack_logger.LogMessage{
+			Message: "Banned users file doesn't exist - creating it",
+			Pairs:   map[string]interface{}{"file": cfg.Api.BannedUsersFile},
+		})
+		if err := os.WriteFile(cfg.Api.BannedUsersFile, []byte("{}"), 0644); err != nil {
+			cfg.Logger.Error(&libpack_logger.LogMessage{
+				Message: "Can't create and write to the file",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+			return
+		}
+	}
+
+	fileLock := flock.New(fmt.Sprintf("%s.lock", cfg.Api.BannedUsersFile))
+	if err := lockFileRead(fileLock); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't lock the file [load]",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return
+	}
+	defer fileLock.Unlock()
+
+	data, err := os.ReadFile(cfg.Api.BannedUsersFile)
+	if err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't read banned users from file",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return
+	}
+
+	var newBannedUsers map[string]string
+	if err := json.Unmarshal(data, &newBannedUsers); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't unmarshal banned users",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return
+	}
+
+	bannedUsersIDsMutex.Lock()
+	bannedUsersIDs = newBannedUsers
+	bannedUsersIDsMutex.Unlock()
+}
+
+func lockFile(fileLock *flock.Flock) error {
+	if err := fileLock.Lock(); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't lock the file",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return err
+	}
+	return nil
+}
+
+func lockFileRead(fileLock *flock.Flock) error {
+	if err := fileLock.RLock(); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't lock the file for reading",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		return err
+	}
+	return nil
+}
@@ -1,33 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/akyoto/cache"
-	fiber "github.com/gofiber/fiber/v2"
-	"github.com/gookit/goutil/strutil"
-)
-
-func calculateHash(c *fiber.Ctx) string {
-	return strutil.Md5(fmt.Sprintf("%s", c.Body()))
-}
-
-func enableCache() {
-	var err error
-	cfg.Cache.CacheClient = cache.New(time.Duration(cfg.Cache.CacheTTL) * time.Second * 2)
-	if err != nil {
-		fmt.Println(">> Error while creating cache client;", "error", err.Error())
-		panic(err)
-	}
-}
-
-func cacheLookup(hash string) []byte {
-	if cfg.Cache.CacheClient != nil {
-		obj, found := cfg.Cache.CacheClient.Get(hash)
-		if found {
-			return obj.([]byte)
-		}
-	}
-	return nil
-}
@@ -0,0 +1,185 @@
+package libpack_cache
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+	"sync/atomic"
+	"time"
+
+	fiber "github.com/gofiber/fiber/v2"
+	"github.com/gookit/goutil/strutil"
+	libpack_cache_memory "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/memory"
+	libpack_cache_redis "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/redis"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+type CacheConfig struct {
+	Logger *libpack_logger.Logger
+	Client CacheClient
+	Redis  struct {
+		URL      string `json:"url"`
+		Password string `json:"password"`
+		DB       int    `json:"db"`
+		Enable   bool   `json:"enable"`
+	}
+	TTL int `json:"ttl"`
+}
+
+type CacheStats struct {
+	CachedQueries int64 `json:"cached_queries"`
+	CacheHits     int64 `json:"cache_hits"`
+	CacheMisses   int64 `json:"cache_misses"`
+}
+
+type CacheClient interface {
+	Set(key string, value []byte, ttl time.Duration)
+	Get(key string) ([]byte, bool)
+	Delete(key string)
+	Clear()
+	CountQueries() int64
+}
+
+var (
+	cacheStats *CacheStats
+	config     *CacheConfig
+)
+
+func CalculateHash(c *fiber.Ctx) string {
+	return strutil.Md5(c.Body())
+}
+
+func EnableCache(cfg *CacheConfig) {
+	if cfg.Logger == nil {
+		cfg.Logger = libpack_logger.New()
+		cfg.Logger.Info(&libpack_logger.LogMessage{
+			Message: "Initializing in-module logger",
+		})
+	}
+	cacheStats = &CacheStats{}
+	if ShouldUseRedisCache(cfg) {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Using Redis cache",
+		})
+		cfg.Client = libpack_cache_redis.New(&libpack_cache_redis.RedisClientConfig{
+			RedisDB:       cfg.Redis.DB,
+			RedisServer:   cfg.Redis.URL,
+			RedisPassword: cfg.Redis.Password,
+		})
+	} else {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Using in-memory cache",
+		})
+		cfg.Client = libpack_cache_memory.New(time.Duration(cfg.TTL) * time.Second)
+	}
+	config = cfg
+}
+
+func CacheLookup(hash string) []byte {
+	if !IsCacheInitialized() {
+		return nil
+	}
+
+	obj, found := config.Client.Get(hash)
+	if found {
+		atomic.AddInt64(&cacheStats.CacheHits, 1)
+		// If the cached data is compressed, decompress it
+		if len(obj) > 2 && obj[0] == 0x1f && obj[1] == 0x8b {
+			reader, err := gzip.NewReader(bytes.NewReader(obj))
+			if err != nil {
+				config.Logger.Error(&libpack_logger.LogMessage{
+					Message: "Failed to create gzip reader for cached data",
+					Pairs:   map[string]interface{}{"error": err.Error(), "hash": hash},
+				})
+				return nil
+			}
+			defer reader.Close()
+
+			decompressed, err := io.ReadAll(reader)
+			if err != nil {
+				config.Logger.Error(&libpack_logger.LogMessage{
+					Message: "Failed to decompress cached data",
+					Pairs:   map[string]interface{}{"error": err.Error(), "hash": hash},
+				})
+				return nil
+			}
+			return decompressed
+		}
+		return obj
+	}
+	atomic.AddInt64(&cacheStats.CacheMisses, 1)
+	return nil
+}
+
+func CacheDelete(hash string) {
+	if !IsCacheInitialized() {
+		return
+	}
+	config.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Deleting data from cache",
+		Pairs:   map[string]interface{}{"hash": hash},
+	})
+	atomic.AddInt64(&cacheStats.CachedQueries, -1)
+	config.Client.Delete(hash)
+}
+
+func CacheStore(hash string, data []byte) {
+	if !IsCacheInitialized() {
+		config.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Cache not initialized",
+		})
+		return
+	}
+	config.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Storing data in cache",
+		Pairs:   map[string]interface{}{"hash": hash},
+	})
+	atomic.AddInt64(&cacheStats.CachedQueries, 1)
+	config.Client.Set(hash, data, time.Duration(config.TTL)*time.Second)
+}
+
+func CacheStoreWithTTL(hash string, data []byte, ttl time.Duration) {
+	if !IsCacheInitialized() {
+		return
+	}
+	config.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Storing data in cache with TTL",
+		Pairs:   map[string]interface{}{"hash": hash, "ttl": ttl},
+	})
+	atomic.AddInt64(&cacheStats.CachedQueries, 1)
+	config.Client.Set(hash, data, ttl)
+}
+
+func CacheGetQueries() int64 {
+	if !IsCacheInitialized() {
+		return 0
+	}
+	config.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Counting cache queries",
+	})
+	return config.Client.CountQueries()
+}
+
+func CacheClear() {
+	config.Client.Clear()
+	cacheStats = &CacheStats{}
+}
+
+func GetCacheStats() *CacheStats {
+	if !IsCacheInitialized() {
+		return &CacheStats{}
+	}
+	config.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Getting cache stats",
+	})
+	cacheStats.CachedQueries = CacheGetQueries()
+	return cacheStats
+}
+
+func ShouldUseRedisCache(cfg *CacheConfig) bool {
+	return cfg.Redis.Enable
+}
+
+func IsCacheInitialized() bool {
+	return config != nil && config.Client != nil
+}
@@ -0,0 +1,114 @@
+package libpack_cache
+
+import (
+	"testing"
+	"time"
+
+	"github.com/alicebob/miniredis/v2"
+	libpack_cache_memory "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/memory"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+const (
+	Parallelism   = 4
+	RequestPerSec = 10000
+)
+
+func BenchmarkCacheLookupInMemory(b *testing.B) {
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		Client: libpack_cache_memory.New(5 * time.Minute),
+		TTL:    5,
+	}
+	EnableCache(config)
+
+	hash := "00000000000000000000000000000000001337"
+	data := []byte("it's fine.")
+	CacheStore(hash, data)
+
+	b.SetParallelism(Parallelism)
+	b.ResetTimer()
+
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			CacheLookup(hash)
+		}
+	})
+}
+
+func BenchmarkCacheLookupRedis(b *testing.B) {
+	redis_server, err := miniredis.Run()
+	if err != nil {
+		panic(err)
+	}
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		TTL:    5,
+	}
+	config.Redis.DB = 0
+	config.Redis.URL = redis_server.Addr()
+	config.Redis.Enable = true
+	EnableCache(config)
+
+	hash := "00000000000000000000000000000000001337"
+	data := []byte("it's fine.")
+	CacheStore(hash, data)
+
+	b.SetParallelism(Parallelism)
+	b.ResetTimer()
+
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			CacheLookup(hash)
+		}
+	})
+}
+
+func BenchmarkCacheStoreInMemory(b *testing.B) {
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		Client: libpack_cache_memory.New(5 * time.Minute),
+		TTL:    5,
+	}
+	EnableCache(config)
+
+	hash := "00000000000000000000000000000000001337"
+	data := []byte("it's fine.")
+
+	b.SetParallelism(Parallelism)
+	b.ResetTimer()
+
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			CacheStore(hash, data)
+		}
+	})
+}
+
+func BenchmarkCacheStoreRedis(b *testing.B) {
+	redis_server, err := miniredis.Run()
+	if err != nil {
+		panic(err)
+	}
+
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		TTL:    5,
+	}
+	config.Redis.DB = 0
+	config.Redis.URL = redis_server.Addr()
+	config.Redis.Enable = true
+	EnableCache(config)
+
+	hash := "00000000000000000000000000000000001337"
+	data := []byte("it's fine.")
+
+	b.SetParallelism(Parallelism)
+	b.ResetTimer()
+
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			CacheStore(hash, data)
+		}
+	})
+}
@@ -0,0 +1,34 @@
+package libpack_cache
+
+import (
+	"testing"
+
+	"github.com/alicebob/miniredis/v2"
+	assertions "github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type Tests struct {
+	suite.Suite
+}
+
+var (
+	assert             *assertions.Assertions
+	redisMockServer, _ = miniredis.Run()
+)
+
+func (suite *Tests) BeforeTest(suiteName, testName string) {
+}
+
+func (suite *Tests) SetupTest() {
+	cacheStats = &CacheStats{}
+	assert = assertions.New(suite.T())
+}
+
+// TearDownTest is run after each test to clean up
+func (suite *Tests) TearDownTest() {
+}
+
+func TestSuite(t *testing.T) {
+	suite.Run(t, new(Tests))
+}
@@ -0,0 +1,206 @@
+package libpack_cache
+
+import (
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/alicebob/miniredis/v2"
+	libpack_cache_memory "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/memory"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+func (suite *Tests) Test_cacheLookupInmemory() {
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		Client: libpack_cache_memory.New(5 * time.Minute),
+		TTL:    5,
+	}
+
+	type args struct {
+		hash string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		want     []byte
+		addCache struct {
+			data []byte
+		}
+	}{
+		{
+			name: "test_non_existent",
+			args: args{
+				hash: "00000000000000000000000000000000000000",
+			},
+			want: nil,
+		},
+		{
+			name: "test_existent",
+			args: args{
+				hash: "00000000000000000000000000000000001337",
+			},
+			want: []byte("it's fine."),
+			addCache: struct {
+				data []byte
+			}{
+				data: []byte("it's fine."),
+			},
+		},
+	}
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			if tt.addCache.data != nil {
+				CacheStore(tt.args.hash, tt.addCache.data)
+			}
+			got := CacheLookup(tt.args.hash)
+			assert.Equal(tt.want, got, "Unexpected cache lookup result")
+		})
+	}
+}
+
+func (suite *Tests) Test_cacheLookupRedis() {
+
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		TTL:    5,
+	}
+	config.Redis.DB = 0
+	config.Redis.URL = redisMockServer.Addr()
+	config.Redis.Enable = true
+	EnableCache(config)
+
+	type args struct {
+		hash string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		want     []byte
+		addCache struct {
+			data []byte
+		}
+	}{
+		{
+			name: "test_non_existent",
+			args: args{
+				hash: "00000000000000000000000000000000000000",
+			},
+			want: nil,
+		},
+		{
+			name: "test_existent",
+			args: args{
+				hash: "00000000000000000000000000000000001337",
+			},
+			want: []byte("it's fine."),
+			addCache: struct {
+				data []byte
+			}{
+				data: []byte("it's fine."),
+			},
+		},
+	}
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			if tt.addCache.data != nil {
+				CacheStore(tt.args.hash, tt.addCache.data)
+			}
+			got := CacheLookup(tt.args.hash)
+			assert.Equal(tt.want, got, "Unexpected cache lookup result")
+		})
+	}
+}
+
+func (suite *Tests) Test_cacheConcurrency() {
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		Client: libpack_cache_memory.New(5 * time.Second),
+		TTL:    5,
+	}
+
+	const numGoroutines = 10
+	const numOperations = 1000
+
+	var wg sync.WaitGroup
+	wg.Add(numGoroutines)
+
+	for i := 0; i < numGoroutines; i++ {
+		go func(id int) {
+			defer wg.Done()
+			for j := 0; j < numOperations; j++ {
+				key := fmt.Sprintf("key-%d-%d", id, j)
+				value := []byte(fmt.Sprintf("value-%d-%d", id, j))
+				CacheStore(key, value)
+				retrieved := CacheLookup(key)
+				assert.Equal(string(value), string(retrieved), "Concurrent cache operation failed")
+			}
+		}(i)
+	}
+
+	wg.Wait()
+}
+
+// func (suite *Tests) Test_cacheEviction() {
+// 	config = &CacheConfig{
+// 		Logger: libpack_logger.New(),
+// 		Client: libpack_cache_memory.New(3 * time.Second), // 3 seconds TTL
+// 		TTL:    3,
+// 	}
+
+// 	// Fill the cache
+// 	for i := 0; i < 20; i++ {
+// 		key := fmt.Sprintf("key-%d", i)
+// 		value := []byte(fmt.Sprintf("value-%d", i))
+// 		CacheStore(key, value)
+// 		time.Sleep(100 * time.Millisecond) // Ensure different creation times
+// 	}
+
+// 	// Wait for the TTL to expire for the first half of the items
+// 	time.Sleep(3100 * time.Millisecond)
+
+// 	// Check that the oldest items have been evicted
+// 	for i := 0; i < 10; i++ {
+// 		key := fmt.Sprintf("key-%d", i)
+// 		retrieved := CacheLookup(key)
+// 		assert.Nil(retrieved, fmt.Sprintf("Old item %s should have been evicted", key))
+// 	}
+
+// 	// Check that the newer items are still in the cache
+// 	for i := 10; i < 20; i++ {
+// 		key := fmt.Sprintf("key-%d", i)
+// 		expected := []byte(fmt.Sprintf("value-%d", i))
+// 		retrieved := CacheLookup(key)
+// 		assert.Equal(expected, retrieved, fmt.Sprintf("Recent item %s should be in cache", key))
+// 	}
+// }
+
+func (suite *Tests) Test_cacheRedisFailure() {
+	mr, err := miniredis.Run()
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+	defer mr.Close()
+
+	config = &CacheConfig{
+		Logger: libpack_logger.New(),
+		TTL:    5,
+	}
+	config.Redis.DB = 0
+	config.Redis.URL = mr.Addr()
+	config.Redis.Enable = true
+	EnableCache(config)
+
+	// Test normal operation
+	CacheStore("test-key", []byte("test-value"))
+	retrieved := CacheLookup("test-key")
+	assert.Equal([]byte("test-value"), retrieved)
+
+	// Simulate Redis failure
+	mr.Close()
+
+	// Operations should not panic, but should return errors or nil values
+	CacheStore("another-key", []byte("another-value"))
+	retrieved = CacheLookup("another-key")
+	assert.Nil(retrieved, "Lookup should return nil when Redis is down")
+}
@@ -0,0 +1,157 @@
+package libpack_cache_memory
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+	"log"
+	"sync"
+	"time"
+)
+
+type CacheEntry struct {
+	ExpiresAt time.Time
+	Value     []byte
+}
+
+type Cache struct {
+	compressPool   sync.Pool
+	decompressPool sync.Pool
+	entries        sync.Map
+	globalTTL      time.Duration
+	sync.RWMutex
+}
+
+func New(globalTTL time.Duration) *Cache {
+	cache := &Cache{
+		globalTTL: globalTTL,
+		compressPool: sync.Pool{
+			New: func() interface{} {
+				return gzip.NewWriter(nil)
+			},
+		},
+		decompressPool: sync.Pool{
+			New: func() interface{} {
+				r, _ := gzip.NewReader(bytes.NewReader([]byte{}))
+				return r
+			},
+		},
+	}
+
+	go cache.cleanupRoutine(globalTTL)
+	return cache
+}
+
+func (c *Cache) cleanupRoutine(globalTTL time.Duration) {
+	ticker := time.NewTicker(globalTTL / 2)
+	defer ticker.Stop()
+
+	for range ticker.C {
+		c.CleanExpiredEntries()
+	}
+}
+
+func (c *Cache) Set(key string, value []byte, ttl time.Duration) {
+	expiresAt := time.Now().Add(ttl)
+
+	compressedValue, err := c.compress(value)
+	if err != nil {
+		log.Printf("Error compressing value for key %s: %v", key, err)
+		return
+	}
+
+	entry := CacheEntry{
+		Value:     compressedValue,
+		ExpiresAt: expiresAt,
+	}
+	c.entries.Store(key, entry)
+}
+
+func (c *Cache) Get(key string) ([]byte, bool) {
+	entry, ok := c.entries.Load(key)
+	if !ok {
+		return nil, false
+	}
+
+	cacheEntry := entry.(CacheEntry)
+	if cacheEntry.ExpiresAt.Before(time.Now()) {
+		c.entries.Delete(key)
+		return nil, false
+	}
+
+	value, err := c.decompress(cacheEntry.Value)
+	if err != nil {
+		log.Printf("Error decompressing value for key %s: %v", key, err)
+		return nil, false
+	}
+	return value, true
+}
+
+func (c *Cache) Delete(key string) {
+	c.entries.Delete(key)
+}
+
+func (c *Cache) Clear() {
+	c.entries.Range(func(key, value interface{}) bool {
+		c.entries.Delete(key)
+		return true
+	})
+}
+
+func (c *Cache) CountQueries() int64 {
+	var count int
+	c.entries.Range(func(_, _ interface{}) bool {
+		count++
+		return true
+	})
+	return int64(count)
+}
+
+func (c *Cache) compress(data []byte) ([]byte, error) {
+	var buf bytes.Buffer
+	w := c.compressPool.Get().(*gzip.Writer)
+	defer func() {
+		w.Close()
+		c.compressPool.Put(w)
+	}()
+	w.Reset(&buf)
+	if _, err := w.Write(data); err != nil {
+		return nil, err
+	}
+	if err := w.Close(); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func (c *Cache) decompress(data []byte) ([]byte, error) {
+	r, ok := c.decompressPool.Get().(*gzip.Reader)
+	if !ok || r == nil {
+		var err error
+		r, err = gzip.NewReader(bytes.NewReader(data))
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		if err := r.Reset(bytes.NewReader(data)); err != nil {
+			return nil, err
+		}
+	}
+	defer func() {
+		r.Close()
+		c.decompressPool.Put(r)
+	}()
+
+	return io.ReadAll(r)
+}
+
+func (c *Cache) CleanExpiredEntries() {
+	now := time.Now()
+	c.entries.Range(func(key, value interface{}) bool {
+		entry := value.(CacheEntry)
+		if entry.ExpiresAt.Before(now) {
+			c.entries.Delete(key)
+		}
+		return true
+	})
+}
@@ -0,0 +1,82 @@
+package libpack_cache_memory
+
+import (
+	"fmt"
+	"testing"
+	"time"
+)
+
+// Assume that New function initializes the cache and it is defined somewhere in the libpack_cache package.
+
+func BenchmarkMemCacheSet(b *testing.B) {
+	cache := New(30 * time.Second) // Initializing the cache with a TTL of 30 seconds
+	key := "benchmark-key"
+	value := []byte("benchmark-value")
+
+	b.ResetTimer() // Reset the timer to exclude the setup time from the benchmark
+
+	for i := 0; i < b.N; i++ {
+		cache.Set(key, value, 5*time.Second)
+	}
+}
+
+func BenchmarkMemCacheGet(b *testing.B) {
+	cache := New(30 * time.Second) // Initializing the cache
+	key := "benchmark-key"
+	value := []byte("benchmark-value")
+	cache.Set(key, value, 5*time.Second) // Pre-set a value to retrieve
+
+	b.ResetTimer() // Start timing
+
+	for i := 0; i < b.N; i++ {
+		_, _ = cache.Get(key)
+	}
+}
+
+func BenchmarkMemCacheExpire(b *testing.B) {
+	key := "benchmark-expire-key"
+	value := []byte("benchmark-value")
+	ttl := 5 * time.Millisecond // Setting a short TTL for quick expiration
+
+	for i := 0; i < b.N; i++ {
+		cache := New(30 * time.Second)
+		cache.Set(key, value, ttl)
+		time.Sleep(ttl) // Wait for the key to expire
+		_, _ = cache.Get(key)
+	}
+}
+
+func BenchmarkMemCacheStats(b *testing.B) {
+	cache := New(30 * time.Second) // Initializing the cache
+	key := "benchmark-key"
+	value := []byte("benchmark-value")
+	cache.Set(key, value, 5*time.Second) // Pre-set a value to retrieve
+	cache.Get(key)
+}
+
+func BenchmarkCacheSet(b *testing.B) {
+	cache := New(5 * time.Second)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		cache.Set(fmt.Sprintf("key-%d", i), []byte("value"), 5*time.Second)
+	}
+}
+
+func BenchmarkCacheGet(b *testing.B) {
+	cache := New(5 * time.Second)
+	cache.Set("test-key", []byte("test-value"), 5*time.Second)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		cache.Get("test-key")
+	}
+}
+
+func BenchmarkCacheDelete(b *testing.B) {
+	cache := New(5 * time.Second)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		key := fmt.Sprintf("key-%d", i)
+		cache.Set(key, []byte("value"), 5*time.Second)
+		cache.Delete(key)
+	}
+}
@@ -0,0 +1,168 @@
+package libpack_cache_memory
+
+import (
+	"fmt"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type MemoryTestSuite struct {
+	suite.Suite
+}
+
+func (suite *MemoryTestSuite) SetupTest() {
+}
+
+func TestCachingTestSuite(t *testing.T) {
+	suite.Run(t, new(MemoryTestSuite))
+}
+
+func (suite *MemoryTestSuite) Test_New() {
+	suite.T().Run("should return a new cache", func(t *testing.T) {
+		cache := New(2 * time.Second)
+		suite.NotNil(cache)
+	})
+}
+
+func (suite *MemoryTestSuite) Test_CacheUse() {
+	cache := New(30 * time.Second)
+	tests := []struct {
+		name        string
+		cache_value string
+	}{
+		{
+			name:        "test1",
+			cache_value: "test1-123",
+		},
+		{
+			name:        "test2",
+			cache_value: "test2-123",
+		},
+	}
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			cache.Set(tt.name, []byte(tt.name), 5*time.Second)
+			c, ok := cache.Get(tt.name)
+			suite.Equal(true, ok)
+			suite.Equal(tt.name, string(c))
+		})
+	}
+}
+
+func (suite *MemoryTestSuite) Test_CacheDelete() {
+	cache := New(30 * time.Second)
+	tests := []struct {
+		name        string
+		cache_value string
+	}{
+		{
+			name:        "test1",
+			cache_value: "test1-123",
+		},
+		{
+			name:        "test2",
+			cache_value: "test2-123",
+		},
+	}
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			cache.Set(tt.name, []byte(tt.name), 5*time.Second)
+			c, ok := cache.Get(tt.name)
+			suite.Equal(true, ok)
+			suite.Equal(tt.name, string(c))
+			cache.Delete(tt.name)
+			c, ok = cache.Get(tt.name)
+			suite.Equal(false, ok)
+			suite.Equal("", string(c))
+		})
+	}
+}
+
+func (suite *MemoryTestSuite) Test_CacheExpire() {
+	cache := New(30 * time.Second)
+	tests := []struct {
+		name        string
+		cache_value string
+		ttl         time.Duration
+	}{
+		{
+			name:        "test1",
+			cache_value: "test1-123",
+			ttl:         2 * time.Second,
+		},
+		{
+			name:        "test2",
+			cache_value: "test2-123",
+			ttl:         5 * time.Second,
+		},
+	}
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			cache.Set(tt.name, []byte(tt.name), tt.ttl)
+			c, ok := cache.Get(tt.name)
+			suite.Equal(true, ok)
+			suite.Equal(tt.name, string(c))
+			time.Sleep(tt.ttl)
+			c, ok = cache.Get(tt.name)
+			suite.Equal(false, ok)
+			suite.Equal("", string(c))
+		})
+	}
+}
+
+func (suite *MemoryTestSuite) Test_ConcurrentReadWrite() {
+	cache := New(5 * time.Second)
+	const numGoroutines = 100
+	const numOperations = 1000
+
+	var wg sync.WaitGroup
+	wg.Add(numGoroutines)
+
+	for i := 0; i < numGoroutines; i++ {
+		go func(id int) {
+			defer wg.Done()
+			for j := 0; j < numOperations; j++ {
+				key := fmt.Sprintf("key-%d-%d", id, j)
+				value := []byte(fmt.Sprintf("value-%d-%d", id, j))
+
+				if j%2 == 0 {
+					cache.Set(key, value, 5*time.Second)
+				} else {
+					_, _ = cache.Get(key)
+				}
+			}
+		}(i)
+	}
+
+	wg.Wait()
+}
+
+func (suite *MemoryTestSuite) Test_LargeItems() {
+	cache := New(5 * time.Second)
+	largeValue := make([]byte, 10*1024*1024) // 10MB
+	cache.Set("large-key", largeValue, 5*time.Second)
+
+	retrieved, found := cache.Get("large-key")
+	suite.Assert().True(found)
+	suite.Assert().Equal(largeValue, retrieved)
+}
+
+func (suite *MemoryTestSuite) Test_ZeroTTL() {
+	cache := New(5 * time.Second)
+	cache.Set("zero-ttl", []byte("value"), 0)
+
+	_, found := cache.Get("zero-ttl")
+	suite.Assert().False(found, "Item with zero TTL should not be stored")
+}
+
+func (suite *MemoryTestSuite) Test_LongTTL() {
+	cache := New(5 * time.Second)
+	cache.Set("long-ttl", []byte("value"), 24*365*time.Hour) // 1 year
+
+	retrieved, found := cache.Get("long-ttl")
+	suite.Assert().True(found)
+	suite.Assert().Equal([]byte("value"), retrieved)
+}
@@ -0,0 +1,96 @@
+package libpack_cache_redis
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"sync"
+
+	redis "github.com/redis/go-redis/v9"
+)
+
+type RedisConfig struct {
+	ctx         context.Context
+	client      *redis.Client
+	builderPool *sync.Pool
+	prefix      string
+}
+
+func (c *RedisConfig) prependKeyName(key string) string {
+	builder := c.builderPool.Get().(*strings.Builder)
+	defer c.builderPool.Put(builder)
+	builder.Reset()
+	builder.WriteString(c.prefix)
+	builder.WriteString(key)
+	return builder.String()
+}
+
+type RedisClientConfig struct {
+	RedisServer   string
+	RedisPassword string
+	Prefix        string
+	RedisDB       int
+}
+
+func New(redisClientConfig *RedisClientConfig) *RedisConfig {
+	c := &RedisConfig{
+		client: redis.NewClient(&redis.Options{
+			Addr:     redisClientConfig.RedisServer,
+			Password: redisClientConfig.RedisPassword,
+			DB:       redisClientConfig.RedisDB,
+		}),
+		ctx:    context.Background(),
+		prefix: redisClientConfig.Prefix,
+		builderPool: &sync.Pool{
+			New: func() interface{} {
+				return &strings.Builder{}
+			},
+		},
+	}
+
+	_, err := c.client.Ping(c.ctx).Result()
+	if err != nil {
+		panic(err)
+	}
+	return c
+}
+
+func (c *RedisConfig) Set(key string, value []byte, ttl time.Duration) {
+	c.client.Set(c.ctx, c.prependKeyName(key), value, ttl)
+}
+
+func (c *RedisConfig) Get(key string) ([]byte, bool) {
+	val, err := c.client.Get(c.ctx, c.prependKeyName(key)).Result()
+	if err == redis.Nil {
+		return nil, false
+	}
+	if err != nil {
+		return nil, false
+	}
+	return []byte(val), true
+}
+
+func (c *RedisConfig) Delete(key string) {
+	c.client.Del(c.ctx, c.prependKeyName(key))
+}
+
+func (c *RedisConfig) Clear() {
+	c.client.FlushDB(c.ctx)
+}
+
+func (c *RedisConfig) CountQueries() int64 {
+	keys, err := c.client.Keys(c.ctx, c.prependKeyName("*")).Result()
+	if err != nil {
+		return 0
+	}
+	return int64(len(keys))
+}
+
+func (c *RedisConfig) CountQueriesWithPattern(pattern string) int {
+	keys, err := c.client.Keys(c.ctx, c.prependKeyName(pattern)).Result()
+	if err != nil {
+		return 0
+	}
+	return len(keys)
+}
@@ -0,0 +1,130 @@
+package libpack_cache_redis
+
+import (
+	"testing"
+	"time"
+
+	"github.com/alicebob/miniredis/v2"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type RedisConfigSuite struct {
+	suite.Suite
+	redisConfig  *RedisConfig
+	redis_server *miniredis.Miniredis
+}
+
+func (suite *RedisConfigSuite) SetupTest() {
+	suite.redis_server, _ = miniredis.Run()
+	suite.redisConfig = New(&RedisClientConfig{
+		RedisServer:   suite.redis_server.Addr(),
+		RedisPassword: "",
+		RedisDB:       0,
+	})
+	suite.redisConfig.Delete("testkey")
+}
+
+func TestRedisConfigSuite(t *testing.T) {
+	suite.Run(t, new(RedisConfigSuite))
+}
+
+func (suite *RedisConfigSuite) TestSet() {
+	key := "testkeyset"
+	value := []byte("testvalue")
+	suite.redisConfig.Delete(key) // Ensure the key is deleted before the test
+
+	// Test writing a new key-value pair
+	suite.redisConfig.Set(key, value, 0)
+	storedValue, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), value, storedValue)
+
+	// Test overwriting an existing key-value pair
+	newValue := []byte("newvalue")
+	suite.redisConfig.Set(key, newValue, 0)
+	storedValue, found = suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), newValue, storedValue)
+
+	suite.redisConfig.Delete(key) // Clean up after the test
+}
+
+func (suite *RedisConfigSuite) TestSetWithExpiry() {
+	key := "testkey_with_expiry"
+	value := []byte("testvaluewithexpiry")
+	expiry := 2 * time.Second
+	suite.redisConfig.Delete(key) // Ensure the key is deleted before the test
+
+	// Test writing a new key-value pair
+	suite.redisConfig.Set(key, value, expiry)
+	storedValue, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), value, storedValue)
+	_, found = suite.redisConfig.Get(key)
+	assert.True(suite.T(), found, "Key should exist")
+
+	// Test that key expires after the specified time
+	suite.redis_server.FastForward(3 * time.Second)
+	_, found = suite.redisConfig.Get(key)
+	assert.False(suite.T(), found, "Key should have expired after 2 seconds")
+
+	suite.redisConfig.Delete(key) // Clean up after the test
+}
+
+func (suite *RedisConfigSuite) TestGet() {
+	key := "testkeyget"
+	value := []byte("testvalue")
+	suite.redisConfig.Set(key, value, 0) // Set the key-value pair
+	storedValue, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), value, storedValue)
+}
+
+func (suite *RedisConfigSuite) TestDeleteKey() {
+	key := "testkeydelete"
+	value := []byte("testvalue")
+	suite.redisConfig.Set(key, value, 0) // Set the key-value pair
+	suite.redisConfig.Delete(key)
+	_, found := suite.redisConfig.Get(key)
+	assert.False(suite.T(), found)
+}
+
+func (suite *RedisConfigSuite) TestCheckIfKeyExists() {
+	ttl := time.Duration(10) * time.Second
+	key := "testkeyifexists"
+	value := []byte("testvalue")
+	suite.redisConfig.Set(key, value, ttl) // Set the key-value pair
+	_, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+
+	suite.redisConfig.Delete(key)
+	_, found = suite.redisConfig.Get(key)
+	assert.False(suite.T(), found)
+}
+
+func (suite *RedisConfigSuite) TestGetKeys() {
+	ttl := time.Duration(10) * time.Second
+	suite.redisConfig.Set("testkey1", []byte("testvalue1"), ttl)
+	suite.redisConfig.Set("testkey2", []byte("testvalue2"), ttl)
+	suite.redisConfig.Set("otherkey", []byte("othervalue"), ttl)
+
+	keys, _ := suite.redisConfig.client.Keys(suite.redisConfig.ctx, "testkey*").Result()
+	expectedKeys := []string{"testkey1", "testkey2"}
+	assert.ElementsMatch(suite.T(), expectedKeys, keys)
+
+	suite.redisConfig.client.Del(suite.redisConfig.ctx, "testkey1", "testkey2", "otherkey")
+}
+
+func (suite *RedisConfigSuite) TestGetKeysCount() {
+	ttl := time.Duration(10) * time.Second
+	suite.redisConfig.Set("testkey1", []byte("testvalue1"), ttl)
+	suite.redisConfig.Set("testkey2", []byte("testvalue2"), ttl)
+	suite.redisConfig.Set("otherkey", []byte("othervalue"), ttl)
+
+	assert.Equal(suite.T(), 2, suite.redisConfig.CountQueriesWithPattern("testkey*"))
+	assert.Equal(suite.T(), 1, suite.redisConfig.CountQueriesWithPattern("otherkey*"))
+	assert.Equal(suite.T(), int64(3), suite.redisConfig.CountQueries())
+
+	suite.redisConfig.client.Del(suite.redisConfig.ctx, "testkey1", "testkey2", "otherkey")
+}
@@ -0,0 +1,6 @@
+package libpack_config
+
+var (
+	PKG_NAME    string = "not-specified"
+	PKG_VERSION string = "0.0.0-dev"
+)
@@ -2,37 +2,64 @@ package main

 import (
 	"encoding/base64"
+	"fmt"
 	"strings"

+	"github.com/goccy/go-json"
 	"github.com/lukaszraczylo/ask"
-	libpack_monitoring "github.com/telegram-bot-app/libpack/monitoring"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )

-func extractClaimsFromJWTHeader(authorization string) (usr string) {
-	tokenParts := strings.Split(authorization, ".")
+const defaultValue = "-"
+
+var emptyMetrics = map[string]string{}
+
+func extractClaimsFromJWTHeader(authorization string) (usr, role string) {
+	usr, role = defaultValue, defaultValue
+
+	tokenParts := strings.SplitN(authorization, ".", 3)
 	if len(tokenParts) != 3 {
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		cfg.Logger.Error("Can't split the token", map[string]interface{}{"token": authorization})
+		handleError("Can't split the token", map[string]interface{}{"token": authorization})
 		return
 	}
+
 	claim, err := base64.RawURLEncoding.DecodeString(tokenParts[1])
 	if err != nil {
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		cfg.Logger.Error("Can't decode the token", map[string]interface{}{"token": authorization})
+		handleError("Can't decode the token", map[string]interface{}{"token": authorization})
 		return
 	}
+
 	var claimMap map[string]interface{}
-	err = json.Unmarshal(claim, &claimMap)
-	if err != nil {
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		cfg.Logger.Error("Can't unmarshal the claim", map[string]interface{}{"token": authorization})
+	if err = json.Unmarshal(claim, &claimMap); err != nil {
+		handleError("Can't unmarshal the claim", map[string]interface{}{"token": authorization})
 		return
 	}
-	usr, ok := ask.For(claimMap, cfg.Client.JWTUserClaimPath).String("-")
-	if !ok {
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		cfg.Logger.Error("Can't find the user id", map[string]interface{}{"claim_map": claimMap, "path": cfg.Client.JWTUserClaimPath})
-		return
-	}
-	return usr
+
+	usr = extractClaim(claimMap, cfg.Client.JWTUserClaimPath, "user id")
+	role = extractClaim(claimMap, cfg.Client.JWTRoleClaimPath, "role")
+
+	return
+}
+
+func extractClaim(claimMap map[string]interface{}, claimPath, name string) string {
+	if claimPath == "" {
+		return defaultValue
+	}
+
+	value, ok := ask.For(claimMap, claimPath).String(defaultValue)
+	if !ok {
+		handleError(fmt.Sprintf("Can't find the %s", name), map[string]interface{}{"claim_map": claimMap, "path": claimPath})
+		return defaultValue
+	}
+
+	return value
+}
+
+func handleError(msg string, details map[string]interface{}) {
+	cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, emptyMetrics)
+	cfg.Logger.Error(&libpack_logger.LogMessage{
+		Message: msg,
+		Pairs:   details,
+	})
 }
@@ -0,0 +1,81 @@
+package main
+
+func (suite *Tests) Test_extractClaimsFromJWTHeader() {
+	jwt_token_for_tests := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiSGFzdXJhIjp7IngtaGFzdXJhLWFsbG93ZWQtcm9sZXMiOlsiZ3Vlc3QiLCJ1c2VyIiwiZ3JvdXBhZG1pbiIsInBheWFkbWluIl0sIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6Imd1ZXN0IiwieC1oYXN1cmEtdXNlci1pZCI6IjE2NyIsIngtaGFzdXJhLXVzZXItdXVpZCI6ImRkM2U2ZTM1LTA0MDktNDNiMC1iZmYxLWNlZjNjNmVkNWYxMCJ9LCJpc3MiOiJBdXRoU2VydmljZSIsImV4cCI6MTY5NjgwMTcyNiwibmJmIjoxNjk2NTg1NzI2LCJpYXQiOjE2OTY1ODU3MjZ9.dsJ5JKzG5tXOlqeZ_Gfe2XC-vyrcwtYwOGfhvt8q9UY"
+
+	type args struct {
+		authorization string
+	}
+
+	tests := []struct {
+		name           string
+		args           args
+		wantUsr        string
+		wantRole       string
+		jwt_token_path string
+		jwt_role_path  string
+	}{
+		{
+			name:     "test_empty",
+			wantUsr:  "-",
+			wantRole: "-",
+		},
+		{
+			name: "test_invalid_path",
+			args: args{
+				authorization: jwt_token_for_tests,
+			},
+			wantUsr:        "-",
+			wantRole:       "-",
+			jwt_token_path: "invalid",
+		},
+		{
+			name: "test_invalid_role_path",
+			args: args{
+				authorization: jwt_token_for_tests,
+			},
+			wantUsr:       "-",
+			wantRole:      "-",
+			jwt_role_path: "invalid",
+		},
+		{
+			name: "test_valid",
+			args: args{
+				authorization: jwt_token_for_tests,
+			},
+			wantUsr:        "167",
+			wantRole:       "guest",
+			jwt_token_path: "Hasura.x-hasura-user-id",
+			jwt_role_path:  "Hasura.x-hasura-default-role",
+		},
+		{
+			name: "test_invalid_token",
+			args: args{
+				authorization: "invalid",
+			},
+			wantUsr:  "-",
+			wantRole: "-",
+		},
+		{
+			name: "test_invalid_three_part_token",
+			args: args{
+				authorization: "invalid.threepart.token",
+			},
+			wantUsr:  "-",
+			wantRole: "-",
+		},
+	}
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			if len(tt.jwt_token_path) > 0 {
+				cfg.Client.JWTUserClaimPath = tt.jwt_token_path
+			}
+			if len(tt.jwt_role_path) > 0 {
+				cfg.Client.JWTRoleClaimPath = tt.jwt_role_path
+			}
+			gotUsr, gotRole := extractClaimsFromJWTHeader(tt.args.authorization)
+			assert.Equal(tt.wantUsr, gotUsr, "Unexpected user ID")
+			assert.Equal(tt.wantRole, gotRole, "Unexpected role")
+		})
+	}
+}
@@ -0,0 +1,103 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/jackc/pgx/v5/pgxpool"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+const (
+	initialDelay    = 60 * time.Second
+	cleanupInterval = 1 * time.Hour
+)
+
+var delQueries = [...]string{
+	"DELETE FROM hdb_catalog.event_invocation_logs WHERE created_at < NOW() - interval '%d days';",
+	"DELETE FROM hdb_catalog.event_log WHERE created_at < NOW() - interval '%d days';",
+	"DELETE FROM hdb_catalog.hdb_action_log WHERE created_at < NOW() - INTERVAL '%d days';",
+	"DELETE FROM hdb_catalog.hdb_cron_event_invocation_logs WHERE created_at < NOW() - INTERVAL '%d days';",
+	"DELETE FROM hdb_catalog.hdb_scheduled_event_invocation_logs WHERE created_at < NOW() - INTERVAL '%d days';",
+}
+
+func enableHasuraEventCleaner() {
+	if !cfg.HasuraEventCleaner.Enable {
+		return
+	}
+
+	if cfg.HasuraEventCleaner.EventMetadataDb == "" {
+		cfg.Logger.Warning(&libpack_logger.LogMessage{
+			Message: "Event metadata db URL not specified, event cleaner not active",
+		})
+		return
+	}
+
+	cfg.Logger.Info(&libpack_logger.LogMessage{
+		Message: "Event cleaner enabled",
+		Pairs:   map[string]interface{}{"interval_in_days": cfg.HasuraEventCleaner.ClearOlderThan},
+	})
+
+	go func() {
+		pool, err := pgxpool.New(context.Background(), cfg.HasuraEventCleaner.EventMetadataDb)
+		if err != nil {
+			cfg.Logger.Error(&libpack_logger.LogMessage{
+				Message: "Failed to create connection pool",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+			return
+		}
+		defer pool.Close()
+
+		time.Sleep(initialDelay)
+
+		cfg.Logger.Info(&libpack_logger.LogMessage{
+			Message: "Initial cleanup of old events",
+		})
+		cleanEvents(pool)
+
+		ticker := time.NewTicker(cleanupInterval)
+		defer ticker.Stop()
+
+		for range ticker.C {
+			cfg.Logger.Info(&libpack_logger.LogMessage{
+				Message: "Cleaning up old events",
+			})
+			cleanEvents(pool)
+		}
+	}()
+}
+
+func cleanEvents(pool *pgxpool.Pool) {
+	ctx := context.Background()
+	var errors []error
+	var failedQueries []string
+
+	for _, query := range delQueries {
+		_, err := pool.Exec(ctx, fmt.Sprintf(query, cfg.HasuraEventCleaner.ClearOlderThan))
+		if err != nil {
+			errors = append(errors, err)
+			failedQueries = append(failedQueries, query)
+		} else {
+			cfg.Logger.Debug(&libpack_logger.LogMessage{
+				Message: "Successfully executed query",
+				Pairs:   map[string]interface{}{"query": query},
+			})
+		}
+	}
+
+	if len(errors) > 0 {
+		var errMsgs []string
+		for _, err := range errors {
+			errMsgs = append(errMsgs, err.Error())
+		}
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Failed to execute some queries",
+			Pairs: map[string]interface{}{
+				"failed_queries": failedQueries,
+				"errors":         errMsgs,
+			},
+		})
+	}
+}
@@ -1,42 +1,71 @@
 module github.com/lukaszraczylo/graphql-monitoring-proxy

-go 1.21
+go 1.22.7
+
+toolchain go1.23.4

 require (
-	github.com/akyoto/cache v1.0.6
-	github.com/gofiber/fiber/v2 v2.49.2
-	github.com/gookit/goutil v0.6.12
+	github.com/VictoriaMetrics/metrics v1.35.2
+	github.com/alicebob/miniredis/v2 v2.33.0
+	github.com/avast/retry-go/v4 v4.6.0
+	github.com/goccy/go-json v0.10.5
+	github.com/gofiber/fiber/v2 v2.52.6
+	github.com/gofrs/flock v0.12.1
+	github.com/google/uuid v1.6.0
+	github.com/gookit/goutil v0.6.18
 	github.com/graphql-go/graphql v0.8.1
-	github.com/json-iterator/go v1.1.12
-	github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415
-	github.com/telegram-bot-app/libpack v0.0.0-20231007021518-909ce2741a36
+	github.com/jackc/pgx/v5 v5.7.2
+	github.com/lukaszraczylo/ask v0.0.0-20240916204100-6e9ef53a62d9
+	github.com/lukaszraczylo/go-ratecounter v0.1.12
+	github.com/lukaszraczylo/go-simple-graphql v1.2.41
+	github.com/redis/go-redis/v9 v9.7.0
+	github.com/stretchr/testify v1.10.0
+	github.com/valyala/fasthttp v1.58.0
+	go.opentelemetry.io/otel v1.34.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0
+	go.opentelemetry.io/otel/sdk v1.34.0
+	go.opentelemetry.io/otel/trace v1.34.0
+	google.golang.org/grpc v1.70.0
 )

 require (
-	dario.cat/mergo v1.0.0 // indirect
-	github.com/VictoriaMetrics/metrics v1.24.0 // indirect
-	github.com/andybalholm/brotli v1.0.5 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
+	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gookit/color v1.5.4 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
-	github.com/lukaszraczylo/pandati v0.0.29 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/rs/zerolog v1.31.0 // indirect
-	github.com/telegram-bot-app/lib-logging v0.0.19 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.0 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
+	github.com/jackc/puddle/v2 v2.2.2 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fasthttp v1.50.0 // indirect
 	github.com/valyala/fastrand v1.1.0 // indirect
 	github.com/valyala/histogram v1.2.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
-	github.com/wI2L/jsondiff v0.4.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	github.com/yuin/gopher-lua v1.1.1 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -1,93 +1,155 @@
-dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
-dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-github.com/VictoriaMetrics/metrics v1.24.0 h1:ILavebReOjYctAGY5QU2F9X0MYvkcrG3aEn2RKa1Zkw=
-github.com/VictoriaMetrics/metrics v1.24.0/go.mod h1:eFT25kvsTidQFHb6U0oa0rTrDRdz4xTYjpL8+UPohys=
-github.com/akyoto/cache v1.0.6 h1:5XGVVYoi2i+DZLLPuVIXtsNIJ/qaAM16XT0LaBaXd2k=
-github.com/akyoto/cache v1.0.6/go.mod h1:WfxTRqKhfgAG71Xh6E3WLpjhBtZI37O53G4h5s+3iM4=
-github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
-github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/VictoriaMetrics/metrics v1.35.2 h1:Bj6L6ExfnakZKYPpi7mGUnkJP4NGQz2v5wiChhXNyWQ=
+github.com/VictoriaMetrics/metrics v1.35.2/go.mod h1:r7hveu6xMdUACXvB8TYdAj8WEsKzWB0EkpJN+RDtOf8=
+github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk=
+github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
+github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA=
+github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0=
+github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
+github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA=
+github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE=
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofiber/fiber/v2 v2.49.2 h1:ONEN3/Vc+dUCxxDgZZwpqvhISgHqb+bu+isBiEyKEQs=
-github.com/gofiber/fiber/v2 v2.49.2/go.mod h1:gNsKnyrmfEWFpJxQAV0qvW6l70K1dZGno12oLtukcts=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-reflect v1.2.0 h1:O0T8rZCuNmGXewnATuKYnkL0xm6o8UNOJZd/gOkb9ms=
+github.com/goccy/go-reflect v1.2.0/go.mod h1:n0oYZn8VcV2CkWTxi8B9QjkCoq6GTtCEdfmR66YhFtE=
+github.com/gofiber/fiber/v2 v2.52.6 h1:Rfp+ILPiYSvvVuIPvxrBns+HJp8qGLDnLJawAu27XVI=
+github.com/gofiber/fiber/v2 v2.52.6/go.mod h1:YEcBbO/FB+5M1IZNBP9FO3J9281zgPAreiI1oqg8nDw=
+github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
+github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
 github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
-github.com/gookit/goutil v0.6.12 h1:73vPUcTtVGXbhSzBOFcnSB1aJl7Jq9np3RAE50yIDZc=
-github.com/gookit/goutil v0.6.12/go.mod h1:g6krlFib8xSe3G1h02IETowOtrUGpAmetT8IevDpvpM=
+github.com/gookit/goutil v0.6.18 h1:MUVj0G16flubWT8zYVicIuisUiHdgirPAkmnfD2kKgw=
+github.com/gookit/goutil v0.6.18/go.mod h1:AY/5sAwKe7Xck+mEbuxj0n/bc3qwrGNe3Oeulln7zBA=
 github.com/graphql-go/graphql v0.8.1 h1:p7/Ou/WpmulocJeEx7wjQy611rtXGQaAcXGqanuMMgc=
 github.com/graphql-go/graphql v0.8.1/go.mod h1:nKiHzRM0qopJEwCITUuIsxk9PlVlwIiiI8pnJEhordQ=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
-github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415 h1:lvI8Wlbg4PxkRcg2f10wgoaRpfN19v+YdRek3+dLtlM=
-github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415/go.mod h1:M+UVdyqZs++xtEPrascaVmZdOMhCnxjZ2SgH+xHpR0c=
-github.com/lukaszraczylo/pandati v0.0.29 h1:WUEWm1+hWjE5KJbIL8OctG00x2dk4XKGJSlrjhxZ55k=
-github.com/lukaszraczylo/pandati v0.0.29/go.mod h1:+DyTWKFaXd+jIfe7GW5w2S5PyTko/RXxMyOa+Vl713A=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
-github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.0 h1:VD1gqscl4nYs1YxVuSdemTrSgTKrwOWDK0FVFMqm+Cg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.0/go.mod h1:4EgsQoS4TOhJizV+JTFg40qx1Ofh3XmXEQNBpgvNT40=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.7.2 h1:mLoDLV6sonKlvjIEsV56SkWNCnuNv531l94GaIzO+XI=
+github.com/jackc/pgx/v5 v5.7.2/go.mod h1:ncY89UGWxg82EykZUwSpUKEfccBGGYq1xjrOpsbsfGQ=
+github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
+github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lukaszraczylo/ask v0.0.0-20240916204100-6e9ef53a62d9 h1:pL8B9mjv6RPUfKYYGm/uJ7QL6Ndf+z+OEl0qJE6KmEc=
+github.com/lukaszraczylo/ask v0.0.0-20240916204100-6e9ef53a62d9/go.mod h1:M+UVdyqZs++xtEPrascaVmZdOMhCnxjZ2SgH+xHpR0c=
+github.com/lukaszraczylo/go-ratecounter v0.1.12 h1:VO6hHYGw/Jy9JUizXf/bS0AI2QX1ueWWAWckMFVJ/w4=
+github.com/lukaszraczylo/go-ratecounter v0.1.12/go.mod h1:TqXEOCtFJStk1i0tkipprv1kiDHGon1MVUisjSTBSKM=
+github.com/lukaszraczylo/go-simple-graphql v1.2.41 h1:RNFEjntCsjvKA5VADdio3zid3nH0+rO9qdKJvXmRpfQ=
+github.com/lukaszraczylo/go-simple-graphql v1.2.41/go.mod h1:i0R9B7tR025qduN4/t6ujolMBdWyiMlAppqczrnPfLc=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E=
+github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
-github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A=
-github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/telegram-bot-app/lib-logging v0.0.19 h1:zbyFr2ygeBY+yuaB9moXyOGk8dIBCn0jPJQjvx7YvLE=
-github.com/telegram-bot-app/lib-logging v0.0.19/go.mod h1:n8d29fRUTdgJhC4RZ8s4lP2RHiGCCRYEj2ENEClUGc8=
-github.com/telegram-bot-app/libpack v0.0.0-20231007021518-909ce2741a36 h1:DqXg0y57Q7BziHDu85OXgo/b8OlP7/+gDZvASQCkaW0=
-github.com/telegram-bot-app/libpack v0.0.0-20231007021518-909ce2741a36/go.mod h1:W2kWHcfNNS0r++dJ1T2XX/C4cTSxI3MsoiMbOtyqu+I=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.50.0 h1:H7fweIlBm0rXLs2q0XbalvJ6r0CUPFWK3/bB4N13e9M=
-github.com/valyala/fasthttp v1.50.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
+github.com/valyala/fasthttp v1.58.0 h1:GGB2dWxSbEprU9j0iMJHgdKYJVDyjrOwF9RE59PbRuE=
+github.com/valyala/fasthttp v1.58.0/go.mod h1:SYXvHHaFp7QZHGKSHmoMipInhrI5StHrhDTYVEjK/Kw=
 github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8=
 github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ=
 github.com/valyala/histogram v1.2.0 h1:wyYGAZZt3CpwUiIb9AU/Zbllg1llXyrtApRS815OLoQ=
 github.com/valyala/histogram v1.2.0/go.mod h1:Hb4kBwb4UxsaNbbbh+RRz8ZR6pdodR57tzWUS3BUzXY=
 github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
-github.com/wI2L/jsondiff v0.4.0 h1:iP56F9tK83eiLttg3YdmEENtZnwlYd3ezEpNNnfZVyM=
-github.com/wI2L/jsondiff v0.4.0/go.mod h1:nR/vyy1efuDeAtMwc3AF6nZf/2LD1ID8GTyyJ+K8YB0=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
+github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
+github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
+github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
+go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 h1:tgJ0uaNS4c98WRNUEx5U3aDlrDOI5Rs+1Vifcw4DJ8U=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0/go.mod h1:U7HYyW0zt/a9x5J1Kjs+r1f/d4ZHnYFclhYY2+YbeoE=
+go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
+go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
+go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
+go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
+go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
+go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561 h1:MDc5xs78ZrZr3HMQugiXOAkSZtfTpbJLDr/lwfgO53E=
+golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489 h1:fCuMM4fowGzigT89NCIsW57Pk9k2D12MMi2ODn+Nk+o=
+google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489/go.mod h1:iYONQfRdizDB8JJBybql13nArx91jcUk7zCXEsOofM4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 h1:5bKytslY8ViY0Cj/ewmRtrWHW64bNF03cAatUUFCdFI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk=
+google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ=
+google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1,46 +1,246 @@
 package main

 import (
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/goccy/go-json"
 	fiber "github.com/gofiber/fiber/v2"
 	"github.com/graphql-go/graphql/language/ast"
 	"github.com/graphql-go/graphql/language/parser"
-	libpack_monitoring "github.com/telegram-bot-app/libpack/monitoring"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )

-func parseGraphQLQuery(c *fiber.Ctx) (operationType, operationName string, cacheRequest bool) {
-	m := make(map[string]interface{})
-	err := json.Unmarshal(c.Body(), &m)
-	if err != nil {
-		cfg.Logger.Error("Can't unmarshal the request", map[string]interface{}{"error": err.Error(), "body": string(c.Body())})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		return
+var (
+	introspectionQueries = map[string]struct{}{
+		"__schema": {}, "__type": {}, "__typename": {}, "__directive": {},
+		"__directivelocation": {}, "__field": {}, "__inputvalue": {},
+		"__enumvalue": {}, "__typekind": {}, "__fieldtype": {},
+		"__inputobjecttype": {}, "__enumtype": {}, "__uniontype": {},
+		"__scalars": {}, "__objects": {}, "__interfaces": {},
+		"__unions": {}, "__enums": {}, "__inputobjects": {}, "__directives": {},
 	}
-	// get the query
+	introspectionAllowedQueries = make(map[string]struct{})
+	allowedUrls                 = make(map[string]struct{})
+)
+
+func prepareQueriesAndExemptions() {
+	introspectionAllowedQueries = make(map[string]struct{})
+	allowedUrls = make(map[string]struct{})
+
+	// Process allowed introspection queries
+	for _, q := range cfg.Security.IntrospectionAllowed {
+		cleanQuery := strings.Trim(strings.TrimSpace(q), `"`)
+		introspectionAllowedQueries[strings.ToLower(cleanQuery)] = struct{}{}
+	}
+
+	// Process allowed URLs
+	for _, u := range cfg.Server.AllowURLs {
+		allowedUrls[u] = struct{}{}
+	}
+}
+
+type parseGraphQLQueryResult struct {
+	operationType  string
+	operationName  string
+	activeEndpoint string
+	cacheTime      int
+	cacheRequest   bool
+	cacheRefresh   bool
+	shouldBlock    bool
+	shouldIgnore   bool
+}
+
+var (
+	queryPool = sync.Pool{
+		New: func() interface{} {
+			return make(map[string]interface{}, 48)
+		},
+	}
+	resultPool = sync.Pool{
+		New: func() interface{} {
+			return &parseGraphQLQueryResult{}
+		},
+	}
+)
+
+func parseGraphQLQuery(c *fiber.Ctx) *parseGraphQLQueryResult {
+	res := resultPool.Get().(*parseGraphQLQueryResult)
+	*res = parseGraphQLQueryResult{shouldIgnore: true, activeEndpoint: cfg.Server.HostGraphQL}
+
+	m := queryPool.Get().(map[string]interface{})
+	defer func() {
+		for k := range m {
+			delete(m, k)
+		}
+		queryPool.Put(m)
+	}()
+
+	if err := json.Unmarshal(c.Body(), &m); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't unmarshal the request",
+			Pairs:   map[string]interface{}{"error": err.Error(), "body": string(c.Body())},
+		})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
+		return res
+	}
+
 	query, ok := m["query"].(string)
 	if !ok {
-		cfg.Logger.Error("Can't find the query", map[string]interface{}{"query": query, "m_val": m})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
-		return
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't find the query",
+			Pairs:   map[string]interface{}{"m_val": m},
+		})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
+		return res
 	}

 	p, err := parser.Parse(parser.ParseParams{Source: query})
 	if err != nil {
-		cfg.Logger.Error("Can't parse the query", map[string]interface{}{"query": query, "m_val": m})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		return
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't parse the query",
+			Pairs:   map[string]interface{}{"query": query, "m_val": m},
+		})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		}
+		return res
 	}

-	operationName = "undefined"
+	res.shouldIgnore = false
+	res.operationName = "undefined"
+
 	for _, d := range p.Definitions {
 		if oper, ok := d.(*ast.OperationDefinition); ok {
-			operationType = oper.Operation
-			operationName = oper.Name.Value
+			if res.operationType == "" {
+				res.operationType = strings.ToLower(oper.Operation)
+				if oper.Name != nil {
+					res.operationName = oper.Name.Value
+				}
+			}
+
+			if cfg.Server.HostGraphQLReadOnly != "" {
+				if res.operationType == "" || res.operationType != "mutation" {
+					res.activeEndpoint = cfg.Server.HostGraphQLReadOnly
+				}
+			}
+
+			if res.operationType == "mutation" && cfg.Server.ReadOnlyMode {
+				cfg.Logger.Warning(&libpack_logger.LogMessage{
+					Message: "Mutation blocked - server in read-only mode",
+					Pairs:   map[string]interface{}{"query": query},
+				})
+				if ifNotInTest() {
+					cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+				}
+				_ = c.Status(403).SendString("The server is in read-only mode")
+				res.shouldBlock = true
+				resultPool.Put(res)
+				return res
+			}
+
 			for _, dir := range oper.Directives {
 				if dir.Name.Value == "cached" {
-					cacheRequest = true
+					res.cacheRequest = true
+					for _, arg := range dir.Arguments {
+						switch arg.Name.Value {
+						case "ttl":
+							if v, ok := arg.Value.GetValue().(string); ok {
+								res.cacheTime, _ = strconv.Atoi(v)
+							}
+						case "refresh":
+							if v, ok := arg.Value.GetValue().(bool); ok {
+								res.cacheRefresh = v
+							}
+						}
+					}
+				}
+			}
+
+			if cfg.Security.BlockIntrospection {
+				if checkSelections(c, oper.GetSelectionSet().Selections) {
+					_ = c.Status(403).SendString("Introspection queries are not allowed")
+					res.shouldBlock = true
+					resultPool.Put(res)
+					return res
 				}
 			}
 		}
 	}
-	return
+	return res
+}
+
+func checkSelections(c *fiber.Ctx, selections []ast.Selection) bool {
+	for _, s := range selections {
+		switch sel := s.(type) {
+		case *ast.Field:
+			fieldName := strings.ToLower(sel.Name.Value)
+			if _, exists := introspectionQueries[fieldName]; exists {
+				if len(cfg.Security.IntrospectionAllowed) > 0 {
+					_, allowed := introspectionAllowedQueries[fieldName]
+					if !allowed {
+						return true // Block if this field isn't allowed
+					}
+					// Even if this field is allowed, we need to check its nested selections
+				} else {
+					return true // Block if no allowlist exists
+				}
+			}
+			// Always check nested selections
+			if sel.SelectionSet != nil {
+				if checkSelections(c, sel.GetSelectionSet().Selections) {
+					return true
+				}
+			}
+		case *ast.InlineFragment:
+			if sel.SelectionSet != nil {
+				if checkSelections(c, sel.GetSelectionSet().Selections) {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}
+
+func checkIfContainsIntrospection(c *fiber.Ctx, query string) bool {
+	blocked := false
+	// Try parsing as a complete query first
+	p, err := parser.Parse(parser.ParseParams{Source: query})
+	if err == nil {
+		// It's a complete query, check all selections
+		for _, def := range p.Definitions {
+			if op, ok := def.(*ast.OperationDefinition); ok {
+				if op.SelectionSet != nil {
+					blocked = checkSelections(c, op.GetSelectionSet().Selections)
+				}
+			}
+		}
+	} else {
+		// Not a complete query, check as a field name
+		whateverLower := strings.ToLower(query)
+		if _, exists := introspectionQueries[whateverLower]; exists {
+			if len(cfg.Security.IntrospectionAllowed) > 0 {
+				if _, allowed := introspectionAllowedQueries[whateverLower]; !allowed {
+					blocked = true
+				}
+			} else {
+				blocked = true
+			}
+		}
+	}
+
+	if blocked {
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
+		_ = c.Status(403).SendString("Introspection queries are not allowed")
+	}
+	return blocked
 }
@@ -0,0 +1,603 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/goccy/go-json"
+	fiber "github.com/gofiber/fiber/v2"
+	"github.com/graphql-go/graphql/language/ast"
+	"github.com/graphql-go/graphql/language/parser"
+	"github.com/valyala/fasthttp"
+)
+
+func (suite *Tests) Test_parseGraphQLQuery() {
+
+	type results struct {
+		op_name      string
+		op_type      string
+		cached_ttl   int
+		returnCode   int
+		is_cached    bool
+		shouldBlock  bool
+		shouldIgnore bool
+	}
+
+	type queries struct {
+		headers map[string]string
+		body    string
+	}
+
+	tests := []struct {
+		name             string
+		suppliedSettings *config
+		suppliedQuery    queries
+		wantResults      results
+	}{
+		{
+			name: "test empty body",
+			suppliedQuery: queries{
+				body:    "",
+				headers: map[string]string{},
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+
+		{
+			name: "test empty json",
+			suppliedQuery: queries{
+				body:    "{}",
+				headers: map[string]string{},
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+
+		{
+			name: "test empty with some random garbage",
+			suppliedQuery: queries{
+				body:    "{\"variables\": {\"id\": \"1\"}}",
+				headers: map[string]string{},
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+
+		{
+			name: "test valid query with op name",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, variables and cache",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, cache and ttl",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached(ttl: 60) { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				cached_ttl:   60,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, force refreshed cache",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached(refresh: true) { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				cached_ttl:   0,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, cache and INVALID ttl",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached(ttl: nope) { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				cached_ttl:   0,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test mutation query with op name",
+			suppliedQuery: queries{
+				body: "{\"query\":\"mutation MyMutation { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyMutation",
+				op_type:      "mutation",
+			},
+		},
+
+		{
+			name: "test mutation query with config: read only",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Server.ReadOnlyMode = true
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"mutation MyMutation { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  true,
+				shouldIgnore: false,
+				op_name:      "MyMutation",
+				op_type:      "mutation",
+				returnCode:   403,
+			},
+		},
+
+		{
+			name: "test simple query with introspection __schema",
+			suppliedQuery: queries{
+				body: "{\"query\":\"mutation MyMutation { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __schema } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyMutation",
+				op_type:      "mutation",
+			},
+		},
+
+		{
+			name: "test simple query with introspection __schema config: block introspection",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Security.BlockIntrospection = true
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyIntroQuery { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __schema } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  true,
+				shouldIgnore: false,
+				op_name:      "MyIntroQuery",
+				op_type:      "query",
+				returnCode:   403,
+			},
+		},
+
+		{
+			name: "test user supplied query with introspection #1 - config: block",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Security.BlockIntrospection = true
+				cfg.Security.IntrospectionAllowed = []string{}
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"{__schema {queryType {fields {name description}}}}\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  true,
+				shouldIgnore: false,
+				op_name:      "undefined",
+				op_type:      "query",
+				returnCode:   403,
+			},
+		},
+
+		{
+			name: "test user supplied query with introspection #1 - config: block & allow __schema",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Security.BlockIntrospection = true
+				cfg.Security.IntrospectionAllowed = []string{"__schema"}
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"{__schema {queryType {fields {name description}}}}\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "undefined",
+				op_type:      "query",
+				returnCode:   200,
+			},
+		},
+
+		{
+			name: "test invalid query",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } \"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			cfg = &config{}
+			parseConfig()
+			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{})
+			
+			// Set headers
+			for k, v := range tt.suppliedQuery.headers {
+				ctx.Request().Header.Add(k, v)
+			}
+
+			// Set body
+			ctx.Request().AppendBody([]byte(tt.suppliedQuery.body))
+
+			// defer func() {
+			// 	cfg = &config{}
+			// 	parseConfig()
+			// 	suite.app.ReleaseCtx(ctx)
+			// }()
+
+			assert.NotNil(ctx, "Fiber context is nil")
+
+			if tt.suppliedSettings != nil {
+				cfg = tt.suppliedSettings
+			}
+			prepareQueriesAndExemptions()
+			parseResult := parseGraphQLQuery(ctx)
+			assert.Equal(tt.wantResults.op_type, parseResult.operationType, "Unexpected operation type "+tt.name)
+			assert.Equal(tt.wantResults.op_name, parseResult.operationName, "Unexpected operation name "+tt.name)
+			assert.Equal(tt.wantResults.is_cached, parseResult.cacheRequest, "Unexpected cache value "+tt.name)
+			assert.Equal(tt.wantResults.cached_ttl, parseResult.cacheTime, "Unexpected cache TTL value "+tt.name)
+			assert.Equal(tt.wantResults.shouldBlock, parseResult.shouldBlock, "Unexpected block value "+tt.name)
+			assert.Equal(tt.wantResults.shouldIgnore, parseResult.shouldIgnore, "Unexpected ignore value "+tt.name)
+
+			if tt.wantResults.returnCode > 0 {
+				assert.Equal(tt.wantResults.returnCode, ctx.Response().StatusCode(), "Unexpected return code", tt.name)
+			}
+		})
+	}
+}
+
+func (suite *Tests) Test_parseGraphQLQuery_complex() {
+	// ... existing tests ...
+
+	// Add these new test cases
+	suite.Run("test complex query with multiple operations", func() {
+		query := `
+			query GetUser($id: ID!) {
+					user(id: $id) {
+							name
+							email
+					}
+			}
+			mutation UpdateUser($id: ID!, $name: String!) {
+					updateUser(id: $id, name: $name) {
+							id
+							name
+					}
+			}
+			`
+		body := fmt.Sprintf(`{"query": %q}`, query)
+		ctx := createTestContext(body)
+		result := parseGraphQLQuery(ctx)
+		assert.Equal("query", result.operationType)
+		assert.Equal("GetUser", result.operationName)
+		assert.False(result.shouldBlock)
+	})
+
+	suite.Run("test query with custom directives", func() {
+		query := `
+			query GetUser($id: ID!) @custom(directive: "value") {
+					user(id: $id) {
+							name
+							email
+					}
+			}
+			`
+		body := fmt.Sprintf(`{"query": %q}`, query)
+		ctx := createTestContext(body)
+		result := parseGraphQLQuery(ctx)
+		assert.Equal("query", result.operationType)
+		assert.Equal("GetUser", result.operationName)
+		assert.False(result.shouldBlock)
+		assert.False(result.shouldBlock)
+	})
+}
+
+func (suite *Tests) Test_checkAllowedURLs() {
+	tests := []struct {
+		name     string
+		path     string
+		allowed  []string
+		expected bool
+	}{
+		{"allowed path", "/v1/graphql", []string{"/v1/graphql"}, true},
+		{"disallowed path", "/v2/graphql", []string{"/v1/graphql"}, false},
+		{"empty allowed list", "/v1/graphql", []string{}, true},
+		{"multiple allowed paths", "/v2/graphql", []string{"/v1/graphql", "/v2/graphql"}, true},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			allowedUrls = make(map[string]struct{})
+			for _, url := range tt.allowed {
+				allowedUrls[url] = struct{}{}
+			}
+			app := fiber.New()
+			ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+			ctx.Request().SetRequestURI(tt.path)
+			ctx.Request().URI().SetPath(tt.path)
+			result := checkAllowedURLs(ctx)
+			assert.Equal(tt.expected, result, "Unexpected result in test case: "+tt.name)
+		})
+	}
+}
+
+func (suite *Tests) Test_checkIfContainsIntrospection() {
+	tests := []struct {
+		name     string
+		query    string
+		allowed  []string
+		expected bool
+	}{
+		{"allowed introspection", "__schema", []string{"__schema"}, false},
+		{"disallowed introspection", "__type", []string{"__schema"}, true},
+		{"non-introspection query", "normalQuery", []string{}, false},
+		{"allowed introspection with deep nesting of __typename", "{__schema {queryType {fields {name description __typename}}}}", []string{"__schema", "__typename"}, false},
+		{"disallowed introspection with deep nesting of __typename", "{__type {queryType {fields {name description __typename}}}}", []string{"__type"}, true},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			cfg.Security.IntrospectionAllowed = tt.allowed
+			introspectionAllowedQueries = make(map[string]struct{})
+			for _, q := range tt.allowed {
+				introspectionAllowedQueries[strings.ToLower(q)] = struct{}{}
+			}
+			ctx := createTestContext("")
+			result := checkIfContainsIntrospection(ctx, tt.query)
+			assert.Equal(tt.expected, result)
+		})
+	}
+}
+
+func createTestContext(body string) *fiber.Ctx {
+	app := fiber.New()
+	ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+	ctx.Request().SetBody([]byte(body))
+	return ctx
+}
+
+func (suite *Tests) Test_DeepIntrospectionQueries() {
+	tests := []struct {
+		name     string
+		query    string
+		allowed  []string
+		expected bool
+	}{
+		{
+			name:     "deeply nested single introspection",
+			query:    "query { users { profiles { settings { preferences { __typename } } } } }",
+			allowed:  []string{},
+			expected: true,
+		},
+		{
+			name:     "multiple nested introspections",
+			query:    "query { users { __typename profiles { __schema settings { __type } } } }",
+			allowed:  []string{},
+			expected: true,
+		},
+		{
+			name:     "nested with selective allowlist",
+			query:    "query { users { __typename profiles { __schema settings { __type } } } }",
+			allowed:  []string{"__typename"},
+			expected: true,
+		},
+		{
+			name:     "deeply nested with full allowlist",
+			query:    "query { users { __typename profiles { __schema settings { __type } } } }",
+			allowed:  []string{"__typename", "__schema", "__type"},
+			expected: false,
+		},
+		{
+			name:     "deeply nested with repeated item from allowlist",
+			query:    "query PreloadStaticData {\n  scenario {\n    id\n    name\n    __typename\n  }\n  impact {\n    id\n    description\n    __typename\n  }\n  likelihood {\n    id\n    description\n    __typename\n  }\n  consequence {\n    name\n    __typename\n  }\n  risk_categories {\n    name\n    abbreviation\n    __typename\n  }\n  mitigation {\n    name\n    __typename\n  }\n}",
+			allowed:  []string{"__type", "__typename"},
+			expected: false,
+		},
+		{
+			name:     "deeply nested with repeated item denied",
+			query:    "query PreloadStaticData {\n  scenario {\n    id\n    name\n    __typename\n  }\n  impact {\n    id\n    description\n    __typename\n  }\n  likelihood {\n    id\n    description\n    __typename\n  }\n  consequence {\n    name\n    __typename\n  }\n  risk_categories {\n    name\n    abbreviation\n    __typename\n  }\n  mitigation {\n    name\n    __typename\n  }\n}",
+			allowed:  []string{},
+			expected: true,
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			cfg.Security.BlockIntrospection = true
+			cfg.Security.IntrospectionAllowed = tt.allowed
+			introspectionAllowedQueries = make(map[string]struct{})
+			for _, q := range tt.allowed {
+				introspectionAllowedQueries[strings.ToLower(q)] = struct{}{}
+			}
+			body := map[string]interface{}{
+				"query": tt.query,
+			}
+			bodyBytes, _ := json.Marshal(body)
+			ctx := fiber.New().AcquireCtx(&fasthttp.RequestCtx{})
+			ctx.Request().SetBody(bodyBytes)
+			parseGraphQLQuery(ctx)
+			if tt.expected {
+				suite.Equal(403, ctx.Response().StatusCode())
+			} else {
+				suite.Equal(200, ctx.Response().StatusCode())
+			}
+		})
+	}
+}
+
+func TestIntrospectionQueryHandling(t *testing.T) {
+	tests := []struct {
+		name               string
+		blockIntrospection bool
+		allowedQueries     []string
+		query              string
+		wantBlocked        bool
+	}{
+		{
+			name:               "allows __typename when in allowed list",
+			blockIntrospection: true,
+			allowedQueries:     []string{"__typename"},
+			query: `{
+							users {
+									id
+									name
+									__typename
+							}
+					}`,
+			wantBlocked: false,
+		},
+		{
+			name:               "case insensitive matching for allowed queries",
+			blockIntrospection: true,
+			allowedQueries:     []string{"__TYPENAME"},
+			query: `{
+							users {
+									__typename
+							}
+					}`,
+			wantBlocked: false,
+		},
+		{
+			name:               "blocks other introspection queries",
+			blockIntrospection: true,
+			allowedQueries:     []string{"__typename"},
+			query: `{
+							__schema {
+									types {
+											name
+									}
+							}
+					}`,
+			wantBlocked: true,
+		},
+		{
+			name:               "allows multiple __typename occurrences",
+			blockIntrospection: true,
+			allowedQueries:     []string{"__typename"},
+			query: `{
+							users {
+									__typename
+									posts {
+											__typename
+									}
+							}
+					}`,
+			wantBlocked: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Setup config
+			cfg = &config{
+				Security: struct {
+					IntrospectionAllowed []string
+					BlockIntrospection   bool
+				}{
+					IntrospectionAllowed: tt.allowedQueries,
+					BlockIntrospection:   tt.blockIntrospection,
+				},
+			}
+
+			// Initialize allowed queries
+			prepareQueriesAndExemptions()
+
+			// Parse query
+			p, err := parser.Parse(parser.ParseParams{Source: tt.query})
+			if err != nil {
+				t.Fatalf("failed to parse query: %v", err)
+			}
+
+			// Create mock fiber context
+			app := fiber.New()
+			ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+			defer app.ReleaseCtx(ctx)
+
+			// Check selections
+			var blocked bool
+			for _, def := range p.Definitions {
+				if op, ok := def.(*ast.OperationDefinition); ok {
+					blocked = checkSelections(ctx, op.GetSelectionSet().Selections)
+					break
+				}
+			}
+
+			if blocked != tt.wantBlocked {
+				t.Errorf("checkSelections() blocked = %v, want %v", blocked, tt.wantBlocked)
+			}
+		})
+	}
+}
@@ -0,0 +1,210 @@
+package libpack_logger
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+const (
+	LEVEL_DEBUG = iota
+	LEVEL_INFO
+	LEVEL_WARN
+	LEVEL_ERROR
+	LEVEL_FATAL
+)
+
+var levelNames = []string{
+	"debug",
+	"info",
+	"warn",
+	"error",
+	"fatal",
+}
+
+const (
+	defaultTimeFormat = time.RFC3339
+	defaultMinLevel   = LEVEL_INFO
+	defaultShowCaller = false
+)
+
+// Logger represents the logging object with configurations.
+type Logger struct {
+	output      io.Writer
+	timeFormat  string
+	minLogLevel int
+	showCaller  bool
+}
+
+// LogMessage represents a log message with optional pairs.
+type LogMessage struct {
+	Pairs   map[string]interface{}
+	Message string
+}
+
+// bufferPool is used to reuse bytes.Buffer for efficiency.
+var bufferPool = sync.Pool{
+	New: func() interface{} {
+		return new(bytes.Buffer)
+	},
+}
+
+// fieldNames allows customization of output field names.
+var fieldNames = map[string]string{
+	"timestamp": "timestamp",
+	"level":     "level",
+	"message":   "message",
+}
+
+// New creates a new Logger with default settings.
+func New() *Logger {
+	return &Logger{
+		timeFormat:  defaultTimeFormat,
+		minLogLevel: defaultMinLevel,
+		output:      os.Stdout,
+		showCaller:  defaultShowCaller,
+	}
+}
+
+// SetOutput sets the output destination for the logger.
+func (l *Logger) SetOutput(output io.Writer) *Logger {
+	l.output = output
+	return l
+}
+
+// GetLogLevel returns the log level integer corresponding to the given level name.
+func GetLogLevel(level string) int {
+	level = strings.ToLower(level)
+	for i, name := range levelNames {
+		if name == level {
+			return i
+		}
+	}
+	return defaultMinLevel
+}
+
+// SetTimeFormat sets the time format for the logger's timestamp field.
+func (l *Logger) SetTimeFormat(format string) *Logger {
+	l.timeFormat = format
+	return l
+}
+
+// SetMinLogLevel sets the minimum log level for the logger.
+func (l *Logger) SetMinLogLevel(level int) *Logger {
+	l.minLogLevel = level
+	return l
+}
+
+// SetFieldName allows customizing the field names in log output.
+func (l *Logger) SetFieldName(field, name string) *Logger {
+	fieldNames[field] = name
+	return l
+}
+
+// SetShowCaller enables or disables including the caller information in log output.
+func (l *Logger) SetShowCaller(show bool) *Logger {
+	l.showCaller = show
+	return l
+}
+
+// shouldLog determines if the message should be logged based on the logger's minimum log level.
+func (l *Logger) shouldLog(level int) bool {
+	return level >= l.minLogLevel
+}
+
+// log writes the log message with the given level.
+func (l *Logger) log(level int, m *LogMessage) {
+	if m.Pairs == nil {
+		m.Pairs = make(map[string]interface{})
+	}
+
+	m.Pairs[fieldNames["timestamp"]] = time.Now().Format(l.timeFormat)
+	m.Pairs[fieldNames["level"]] = levelNames[level]
+	m.Pairs[fieldNames["message"]] = m.Message
+
+	if l.showCaller {
+		m.Pairs["caller"] = getCaller()
+	}
+
+	buffer := bufferPool.Get().(*bytes.Buffer)
+	buffer.Reset()
+	defer bufferPool.Put(buffer)
+
+	encoder := json.NewEncoder(buffer)
+	err := encoder.Encode(m.Pairs)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error marshalling log message:", err)
+		return
+	}
+
+	_, err = l.output.Write(buffer.Bytes())
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error writing log message:", err)
+	}
+}
+
+// Debug logs a debug-level message.
+func (l *Logger) Debug(m *LogMessage) {
+	if l.shouldLog(LEVEL_DEBUG) {
+		l.log(LEVEL_DEBUG, m)
+	}
+}
+
+// Info logs an info-level message.
+func (l *Logger) Info(m *LogMessage) {
+	if l.shouldLog(LEVEL_INFO) {
+		l.log(LEVEL_INFO, m)
+	}
+}
+
+// Warn logs a warning-level message.
+func (l *Logger) Warn(m *LogMessage) {
+	if l.shouldLog(LEVEL_WARN) {
+		l.log(LEVEL_WARN, m)
+	}
+}
+
+// Warning is an alias for Warn.
+func (l *Logger) Warning(m *LogMessage) {
+	l.Warn(m)
+}
+
+// Error logs an error-level message.
+func (l *Logger) Error(m *LogMessage) {
+	if l.shouldLog(LEVEL_ERROR) {
+		l.log(LEVEL_ERROR, m)
+	}
+}
+
+// Fatal logs a fatal-level message.
+func (l *Logger) Fatal(m *LogMessage) {
+	if l.shouldLog(LEVEL_FATAL) {
+		l.log(LEVEL_FATAL, m)
+	}
+}
+
+// Critical logs a critical-level message and exits the application.
+func (l *Logger) Critical(m *LogMessage) {
+	l.Fatal(m)
+	os.Exit(1)
+}
+
+// getCaller retrieves the file and line number of the caller.
+func getCaller() string {
+	// Skip 3 stack frames: getCaller -> log -> [Debug|Info|...]
+	const depth = 3
+	_, file, line, ok := runtime.Caller(depth)
+	if !ok {
+		return "unknown:0"
+	}
+	file = filepath.Base(file)
+	return fmt.Sprintf("%s:%d", file, line)
+}
@@ -0,0 +1,135 @@
+package libpack_logger
+
+import (
+	"bytes"
+	"testing"
+	"time"
+)
+
+func Benchmark_NewLogger(b *testing.B) {
+	type triggers struct {
+		ModFormat struct {
+			Format string
+		}
+		ModLevel struct {
+			Level int
+		}
+	}
+
+	tests := []struct {
+		name     string
+		triggers triggers
+	}{
+		{
+			name: "BenchmarkNew",
+		},
+		{
+			name: "BenchmarkNewChangeTimeFormat",
+			triggers: triggers{
+				ModFormat: struct{ Format string }{
+					Format: time.RFC3339Nano,
+				},
+			},
+		},
+		{
+			name: "BenchmarkNewChangeLogLevel",
+			triggers: triggers{
+				ModLevel: struct{ Level int }{
+					Level: LEVEL_DEBUG,
+				},
+			},
+		},
+		{
+			name: "BenchmarkNewChangeTimeFormatAndLogLevel",
+			triggers: triggers{
+				ModFormat: struct{ Format string }{
+					Format: time.RFC3339Nano,
+				},
+				ModLevel: struct{ Level int }{
+					Level: LEVEL_DEBUG,
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		b.Run(tt.name, func(b *testing.B) {
+			for i := 0; i < b.N; i++ {
+				logger := New()
+				if tt.triggers.ModLevel.Level != 0 {
+					logger.SetMinLogLevel(tt.triggers.ModLevel.Level)
+				}
+			}
+		})
+	}
+}
+
+func Benchmark_Log_Debug(b *testing.B) {
+	output := &bytes.Buffer{}
+	logger := New().SetMinLogLevel(LEVEL_DEBUG).SetOutput(output)
+	msg := &LogMessage{
+		Message: "debug message",
+		Pairs:   make(map[string]any),
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		logger.Debug(msg)
+	}
+}
+
+func Benchmark_Log_Info(b *testing.B) {
+	output := &bytes.Buffer{}
+	logger := New().SetMinLogLevel(LEVEL_INFO).SetOutput(output)
+	msg := &LogMessage{
+		Message: "info message",
+		Pairs:   make(map[string]any),
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		logger.Info(msg)
+	}
+}
+
+func Benchmark_Log_Warn(b *testing.B) {
+	output := &bytes.Buffer{}
+	logger := New().SetMinLogLevel(LEVEL_WARN).SetOutput(output)
+	msg := &LogMessage{
+		Message: "warn message",
+		Pairs:   make(map[string]any),
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		logger.Warn(msg)
+	}
+}
+
+func Benchmark_Log_Error(b *testing.B) {
+	output := &bytes.Buffer{}
+	logger := New().SetMinLogLevel(LEVEL_ERROR).SetOutput(output)
+	msg := &LogMessage{
+		Message: "error message",
+		Pairs:   map[string]any{"key": "value"},
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		logger.Error(msg)
+	}
+}
+
+func Benchmark_Log_Fatal(b *testing.B) {
+	output := &bytes.Buffer{}
+	logger := New().SetMinLogLevel(LEVEL_FATAL).SetOutput(output)
+	msg := &LogMessage{
+		Message: "fatal message",
+		Pairs:   make(map[string]any),
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		logger.Fatal(msg)
+	}
+}
@@ -0,0 +1,31 @@
+package libpack_logger
+
+import (
+	"testing"
+
+	assertions "github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type LoggerTestSuite struct {
+	suite.Suite
+}
+
+var (
+	assert *assertions.Assertions
+)
+
+func (suite *LoggerTestSuite) BeforeTest(suiteName, testName string) {
+}
+
+func (suite *LoggerTestSuite) SetupTest() {
+	assert = assertions.New(suite.T())
+}
+
+// TearDownTest is run after each test to clean up
+func (suite *LoggerTestSuite) TearDownTest() {
+}
+
+func TestSuite(t *testing.T) {
+	suite.Run(t, new(LoggerTestSuite))
+}
@@ -0,0 +1,157 @@
+package libpack_logger
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+func (suite *LoggerTestSuite) Test_LogMessageString() {
+	msg := &LogMessage{
+		Message: "test message",
+	}
+
+	assert.Equal("test message", msg.Message)
+}
+
+func callLoggerMethod(logger *Logger, methodName string, message *LogMessage) {
+	// Get the method by name using reflection
+	method := reflect.ValueOf(logger).MethodByName(methodName)
+	if method.IsValid() {
+		// Call the method with the message as an argument
+		method.Call([]reflect.Value{reflect.ValueOf(message)})
+	} else {
+		fmt.Printf("Method %s does not exist on Logger\n", methodName)
+	}
+}
+
+func (suite *LoggerTestSuite) Test_LogsLevelsPrint() {
+	output := &bytes.Buffer{}
+	logger := New().SetOutput(output)
+
+	tests := []struct {
+		pairs           map[string]any
+		name            string
+		method          string
+		message         string
+		loggerMinLevel  int
+		messageLogLevel int
+		wantOutput      bool
+	}{
+		{
+			name:            "Log: Debug, Level: Debug - no pairs",
+			method:          "Debug",
+			loggerMinLevel:  LEVEL_DEBUG,
+			messageLogLevel: LEVEL_DEBUG,
+			message:         "debug message",
+			wantOutput:      true,
+		},
+		{
+			name:            "Log: Info, Level: Info - one pair",
+			method:          "Info",
+			loggerMinLevel:  LEVEL_INFO,
+			messageLogLevel: LEVEL_INFO,
+			message:         "info message",
+			pairs: map[string]any{
+				"key": "value",
+			},
+			wantOutput: true,
+		},
+		{
+			name:            "Log: Info, Level: Warn - with pairs",
+			method:          "Info",
+			loggerMinLevel:  LEVEL_WARN,
+			messageLogLevel: LEVEL_INFO,
+			message:         "warn message",
+			pairs: map[string]any{
+				"key1": "value1",
+				"key2": "value2",
+			},
+			wantOutput: false,
+		},
+		{
+			name:            "Log: Warn, Level: Info - with 500 pairs",
+			method:          "Warn",
+			loggerMinLevel:  LEVEL_INFO,
+			messageLogLevel: LEVEL_WARN,
+			message:         "warn message with 500 pairs",
+			pairs: func() map[string]any {
+				pairs := make(map[string]any)
+				for i := 0; i < 500; i++ {
+					pairs[fmt.Sprintf("key%d", i)] = fmt.Sprintf("value%d", i)
+				}
+				return pairs
+			}(),
+			wantOutput: true,
+		},
+	}
+
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			msg := &LogMessage{
+				Message: tt.message,
+				Pairs:   tt.pairs,
+			}
+			output.Reset()
+
+			// Set logger's minimum log level
+			logger.SetMinLogLevel(tt.loggerMinLevel)
+			fmt.Println("Logger min log level:", levelNames[logger.minLogLevel])
+
+			// Call the logging method
+			callLoggerMethod(logger, tt.method, msg)
+
+			logOutput := output.String()
+			fmt.Println("Output:", logOutput)
+
+			if tt.wantOutput {
+				var loggedMessage map[string]any
+				err := json.Unmarshal([]byte(logOutput), &loggedMessage)
+				if err != nil {
+					t.Fatalf("Error unmarshalling log message: %v\nLog output: %s", err, logOutput)
+				}
+
+				if !containsLogMessage(logOutput, tt.message) {
+					t.Errorf("Expected log message %q, but got %q", tt.message, logOutput)
+				}
+				assert.Equal(levelNames[tt.messageLogLevel], loggedMessage["level"])
+				if tt.pairs != nil {
+					for k, v := range tt.pairs {
+						assert.Equal(v, loggedMessage[k])
+					}
+				}
+			} else {
+				assert.Equal("", logOutput)
+			}
+		})
+	}
+}
+
+func containsLogMessage(logOutput, expectedMessage string) bool {
+	return bytes.Contains([]byte(logOutput), []byte(expectedMessage))
+}
+
+func (suite *LoggerTestSuite) Test_SetFormat() {
+	logger := New().SetTimeFormat(time.RFC3339Nano)
+
+	assert.Equal(time.RFC3339Nano, logger.timeFormat)
+}
+
+func (suite *LoggerTestSuite) Test_SetMinLogLevel() {
+	logger := New().SetMinLogLevel(LEVEL_DEBUG)
+
+	assert.Equal(LEVEL_DEBUG, logger.minLogLevel)
+}
+
+func (suite *LoggerTestSuite) Test_ShouldLog() {
+	logger := New().SetMinLogLevel(LEVEL_WARN)
+
+	assert.True(logger.shouldLog(LEVEL_WARN))
+	assert.True(logger.shouldLog(LEVEL_ERROR))
+	assert.False(logger.shouldLog(LEVEL_INFO))
+	assert.False(logger.shouldLog(LEVEL_DEBUG))
+}
@@ -1,29 +1,184 @@
 package main

 import (
+	"context"
+	"flag"
+	"os"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gofiber/fiber/v2/middleware/proxy"
 	"github.com/gookit/goutil/envutil"
-	libpack_config "github.com/telegram-bot-app/libpack/config"
-	libpack_logging "github.com/telegram-bot-app/libpack/logging"
+	graphql "github.com/lukaszraczylo/go-simple-graphql"
+	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+	libpack_logging "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	libpack_tracing "github.com/lukaszraczylo/graphql-monitoring-proxy/tracing"
 )

-var cfg *config
+var (
+	cfg    *config
+	once   sync.Once
+	tracer *libpack_tracing.TracingSetup
+)

+// getDetailsFromEnv retrieves the value from the environment or returns the default.
+func getDetailsFromEnv[T any](key string, defaultValue T) T {
+	var result any
+	envKey := "GMP_" + key
+	if _, ok := os.LookupEnv(envKey); !ok {
+		envKey = key
+	}
+	switch v := any(defaultValue).(type) {
+	case string:
+		result = envutil.Getenv(envKey, v)
+	case int:
+		result = envutil.GetInt(envKey, v)
+	case bool:
+		result = envutil.GetBool(envKey, v)
+	default:
+		result = defaultValue
+	}
+	return result.(T)
+}
+
+// parseConfig loads and parses the configuration.
 func parseConfig() {
 	libpack_config.PKG_NAME = "graphql_proxy"
-	var c config
-	c.Server.PortGraphQL = envutil.GetInt("PORT_GRAPHQL", 8080)
-	c.Server.PortMonitoring = envutil.GetInt("MONITORING_PORT", 9393)
-	c.Server.HostGraphQL = envutil.Getenv("HOST_GRAPHQL", "localhost/v1/graphql")
-	c.Client.JWTUserClaimPath = envutil.Getenv("JWT_USER_CLAIM_PATH", "")
-	c.Cache.CacheEnable = envutil.GetBool("CACHE_ENABLE", false)
-	c.Cache.CacheTTL = envutil.GetInt("CACHE_TTL", 60)
-	c.Logger = libpack_logging.NewLogger()
+	c := config{}
+	// Server configurations
+	c.Server.PortGraphQL = getDetailsFromEnv("PORT_GRAPHQL", 8080)
+	c.Server.PortMonitoring = getDetailsFromEnv("MONITORING_PORT", 9393)
+	c.Server.HostGraphQL = getDetailsFromEnv("HOST_GRAPHQL", "http://localhost/")
+	c.Server.HostGraphQLReadOnly = getDetailsFromEnv("HOST_GRAPHQL_READONLY", "")
+	// Client configurations
+	c.Client.JWTUserClaimPath = getDetailsFromEnv("JWT_USER_CLAIM_PATH", "")
+	c.Client.JWTRoleClaimPath = getDetailsFromEnv("JWT_ROLE_CLAIM_PATH", "")
+	c.Client.RoleFromHeader = getDetailsFromEnv("ROLE_FROM_HEADER", "")
+	c.Client.RoleRateLimit = getDetailsFromEnv("ROLE_RATE_LIMIT", false)
+	// In-memory cache
+	c.Cache.CacheEnable = getDetailsFromEnv("ENABLE_GLOBAL_CACHE", false)
+	c.Cache.CacheTTL = getDetailsFromEnv("CACHE_TTL", 60)
+	// Redis cache
+	c.Cache.CacheRedisEnable = getDetailsFromEnv("ENABLE_REDIS_CACHE", false)
+	c.Cache.CacheRedisURL = getDetailsFromEnv("CACHE_REDIS_URL", "localhost:6379")
+	c.Cache.CacheRedisPassword = getDetailsFromEnv("CACHE_REDIS_PASSWORD", "")
+	c.Cache.CacheRedisDB = getDetailsFromEnv("CACHE_REDIS_DB", 0)
+	// Security configurations
+	c.Security.BlockIntrospection = getDetailsFromEnv("BLOCK_SCHEMA_INTROSPECTION", false)
+	c.Security.IntrospectionAllowed = func() []string {
+		urls := getDetailsFromEnv("ALLOWED_INTROSPECTION", "")
+		if urls == "" {
+			return nil
+		}
+		return strings.Split(urls, ",")
+	}()
+	c.LogLevel = strings.ToUpper(getDetailsFromEnv("LOG_LEVEL", "info"))
+	// Logger setup
+	c.Logger = libpack_logging.New().SetMinLogLevel(libpack_logging.GetLogLevel(c.LogLevel)).
+		SetFieldName("timestamp", "ts").SetFieldName("message", "msg").SetShowCaller(false)
+	// Health check
+	c.Server.HealthcheckGraphQL = getDetailsFromEnv("HEALTHCHECK_GRAPHQL_URL", "")
+	c.Client.GQLClient = graphql.NewConnection()
+	c.Client.GQLClient.SetEndpoint(c.Server.HealthcheckGraphQL)
+	// Server modes
+	c.Server.AccessLog = getDetailsFromEnv("ENABLE_ACCESS_LOG", false)
+	c.Server.ReadOnlyMode = getDetailsFromEnv("READ_ONLY_MODE", false)
+	c.Server.AllowURLs = func() []string {
+		urls := getDetailsFromEnv("ALLOWED_URLS", "")
+		if urls == "" {
+			return nil
+		}
+		return strings.Split(urls, ",")
+	}()
+	c.Client.ClientTimeout = getDetailsFromEnv("PROXIED_CLIENT_TIMEOUT", 120)
+	c.Client.FastProxyClient = createFasthttpClient(c.Client.ClientTimeout)
+	proxy.WithClient(c.Client.FastProxyClient) // Setting the global proxy client
+	// API configurations
+	c.Server.EnableApi = getDetailsFromEnv("ENABLE_API", false)
+	c.Server.ApiPort = getDetailsFromEnv("API_PORT", 9090)
+	c.Api.BannedUsersFile = getDetailsFromEnv("BANNED_USERS_FILE", "/go/src/app/banned_users.json")
+	c.Server.PurgeOnCrawl = getDetailsFromEnv("PURGE_METRICS_ON_CRAWL", false)
+	c.Server.PurgeEvery = getDetailsFromEnv("PURGE_METRICS_ON_TIMER", 0)
+	// Hasura event cleaner
+	c.HasuraEventCleaner.Enable = getDetailsFromEnv("HASURA_EVENT_CLEANER", false)
+	c.HasuraEventCleaner.ClearOlderThan = getDetailsFromEnv("HASURA_EVENT_CLEANER_OLDER_THAN", 1)
+	c.HasuraEventCleaner.EventMetadataDb = getDetailsFromEnv("HASURA_EVENT_METADATA_DB", "")
+	// Tracing configuration
+	c.Tracing.Enable = getDetailsFromEnv("ENABLE_TRACE", false)
+	c.Tracing.Endpoint = getDetailsFromEnv("TRACE_ENDPOINT", "localhost:4317")
 	cfg = &c
-	enableCache() // takes close to no resources, but can be used with dynamic query cache
+
+	// Initialize tracing if enabled
+	if cfg.Tracing.Enable {
+		if cfg.Tracing.Endpoint == "" {
+			cfg.Logger.Warning(&libpack_logging.LogMessage{
+				Message: "Tracing endpoint not configured, using default localhost:4317",
+			})
+			cfg.Tracing.Endpoint = "localhost:4317"
+		}
+
+		var err error
+		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+
+		tracer, err = libpack_tracing.NewTracing(ctx, cfg.Tracing.Endpoint)
+		if err != nil {
+			cfg.Logger.Error(&libpack_logging.LogMessage{
+				Message: "Failed to initialize tracing",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+		} else {
+			cfg.Logger.Info(&libpack_logging.LogMessage{
+				Message: "Tracing initialized",
+				Pairs:   map[string]interface{}{"endpoint": cfg.Tracing.Endpoint},
+			})
+		}
+	}
+
+	// Initialize cache if enabled
+	if cfg.Cache.CacheEnable || cfg.Cache.CacheRedisEnable {
+		cacheConfig := &libpack_cache.CacheConfig{
+			Logger: cfg.Logger,
+			TTL:    cfg.Cache.CacheTTL,
+		}
+		// Redis cache configurations
+		if cfg.Cache.CacheRedisEnable {
+			cacheConfig.Redis.Enable = true
+			cacheConfig.Redis.URL = cfg.Cache.CacheRedisURL
+			cacheConfig.Redis.Password = cfg.Cache.CacheRedisPassword
+			cacheConfig.Redis.DB = cfg.Cache.CacheRedisDB
+		}
+		libpack_cache.EnableCache(cacheConfig)
+	}
+
+	loadRatelimitConfig()
+	once.Do(func() {
+		go enableApi()
+		go enableHasuraEventCleaner()
+	})
+	prepareQueriesAndExemptions()
 }

 func main() {
 	parseConfig()
 	StartMonitoringServer()
+	time.Sleep(5 * time.Second)
 	StartHTTPProxy()
+
+	// Cleanup tracing on exit
+	if tracer != nil {
+		if err := tracer.Shutdown(context.Background()); err != nil {
+			cfg.Logger.Error(&libpack_logging.LogMessage{
+				Message: "Error shutting down tracer",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+		}
+	}
+}
+
+// ifNotInTest checks if the program is not running in a test environment.
+func ifNotInTest() bool {
+	return flag.Lookup("test.v") == nil
 }
@@ -0,0 +1,261 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/gofiber/fiber/v2"
+	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/memory"
+	libpack_logging "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	assertions "github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	"github.com/valyala/fasthttp"
+)
+
+type Tests struct {
+	suite.Suite
+	app *fiber.App
+}
+
+var (
+	assert *assertions.Assertions
+)
+
+func (suite *Tests) BeforeTest(suiteName, testName string) {
+}
+
+func (suite *Tests) SetupTest() {
+	assert = assertions.New(suite.T())
+	suite.app = fiber.New(
+		fiber.Config{
+			DisableStartupMessage: true,
+			JSONEncoder:           json.Marshal,
+			JSONDecoder:           json.Unmarshal,
+		},
+	)
+
+	// Initialize a simple in-memory cache client for testing purposes
+	libpack_cache.New(5 * time.Minute)
+	parseConfig()
+	enableApi()
+	StartMonitoringServer()
+	cfg.Logger = libpack_logging.New().SetMinLogLevel(libpack_logging.GetLogLevel(getDetailsFromEnv("LOG_LEVEL", "info")))
+	// Setup environment variables here if needed
+	os.Setenv("GMP_TEST_STRING", "testValue")
+	os.Setenv("GMP_TEST_INT", "123")
+	os.Setenv("GMP_TEST_BOOL", "true")
+	os.Setenv("NON_GMP_TEST_INT", "31337")
+}
+
+// TearDownTest is run after each test to clean up
+func (suite *Tests) TearDownTest() {
+	// Clean up environment variables here if needed
+	os.Unsetenv("GMP_TEST_STRING")
+	os.Unsetenv("GMP_TEST_INT")
+	os.Unsetenv("GMP_TEST_BOOL")
+	os.Unsetenv("NON_GMP_TEST_INT")
+}
+
+// func (suite *Tests) AfterTest(suiteName, testName string) {)
+
+func TestSuite(t *testing.T) {
+	cfg = &config{}
+	parseConfig()
+	StartMonitoringServer()
+	suite.Run(t, new(Tests))
+}
+
+func (suite *Tests) Test_envVariableSetting() {
+	tests := []struct {
+		defaultValue any
+		expected     any
+		name         string
+		envKey       string
+	}{
+		{
+			name:         "test_string",
+			envKey:       "TEST_STRING",
+			defaultValue: "default",
+			expected:     "testValue",
+		},
+		{
+			name:         "test_int",
+			envKey:       "TEST_INT",
+			defaultValue: 0,
+			expected:     123,
+		},
+		{
+			name:         "test_bool",
+			envKey:       "TEST_BOOL",
+			defaultValue: false,
+			expected:     true,
+		},
+		{
+			name:         "test_non_prefixed",
+			envKey:       "NON_GMP_TEST_INT",
+			defaultValue: 0,
+			expected:     31337,
+		},
+		{
+			name:         "test_non_existing",
+			envKey:       "NON_EXISTING",
+			defaultValue: "default_val",
+			expected:     "default_val",
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			result := getDetailsFromEnv(tt.envKey, tt.defaultValue)
+			assert.Equal(tt.expected, result)
+		})
+	}
+}
+
+func (suite *Tests) Test_getDetailsFromEnv() {
+	tests := []struct {
+		name         string
+		key          string
+		defaultValue interface{}
+		envValue     string
+		expected     interface{}
+	}{
+		{"string value", "TEST_STRING", "default", "envValue", "envValue"},
+		{"int value", "TEST_INT", 0, "123", 123},
+		{"bool value", "TEST_BOOL", false, "true", true},
+		{"default value", "NON_EXISTENT", "default", "", "default"},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			if tt.envValue != "" {
+				os.Setenv("GMP_"+tt.key, tt.envValue)
+				defer os.Unsetenv("GMP_" + tt.key)
+			}
+			result := getDetailsFromEnv(tt.key, tt.defaultValue)
+			assert.Equal(tt.expected, result)
+		})
+	}
+}
+
+func (suite *Tests) TestIntrospectionEnvironmentConfig() {
+	// Save original env vars
+	oldEnv := make(map[string]string)
+	varsToSave := []string{
+		"BLOCK_SCHEMA_INTROSPECTION",
+		"ALLOWED_INTROSPECTION",
+		"GMP_BLOCK_SCHEMA_INTROSPECTION",
+		"GMP_ALLOWED_INTROSPECTION",
+	}
+	for _, env := range varsToSave {
+		if val, exists := os.LookupEnv(env); exists {
+			oldEnv[env] = val
+			os.Unsetenv(env)
+		}
+	}
+	defer func() {
+		// Restore original env vars
+		for k, v := range oldEnv {
+			os.Setenv(k, v)
+		}
+	}()
+
+	tests := []struct {
+		name         string
+		envVars      map[string]string
+		query        string
+		wantBlocked  bool
+		wantEndpoint string
+	}{
+		{
+			name: "basic typename allowed",
+			envVars: map[string]string{
+				"BLOCK_SCHEMA_INTROSPECTION": "true",
+				"ALLOWED_INTROSPECTION":      "__typename",
+			},
+			query: `{
+							users {
+									id
+									__typename
+							}
+					}`,
+			wantBlocked: false,
+		},
+		{
+			name: "GMP prefix takes precedence",
+			envVars: map[string]string{
+				"BLOCK_SCHEMA_INTROSPECTION":     "false",
+				"GMP_BLOCK_SCHEMA_INTROSPECTION": "true",
+				"ALLOWED_INTROSPECTION":          "__type",
+				"GMP_ALLOWED_INTROSPECTION":      "__typename",
+			},
+			query: `{
+							users {
+									__typename
+							}
+					}`,
+			wantBlocked: false,
+		},
+		{
+			name: "multiple allowed queries",
+			envVars: map[string]string{
+				"BLOCK_SCHEMA_INTROSPECTION": "true",
+				"ALLOWED_INTROSPECTION":      "__typename,__schema",
+			},
+			query: `{
+							__schema {
+									types {
+											name
+											__typename
+									}
+							}
+					}`,
+			wantBlocked: false,
+		},
+		{
+			name: "multiple allowed queries with one of them blocked",
+			envVars: map[string]string{
+				"BLOCK_SCHEMA_INTROSPECTION": "true",
+				"ALLOWED_INTROSPECTION":      "__schema",
+			},
+			query: `{
+							__schema {
+									types {
+											name
+											__typename
+									}
+							}
+					}`,
+			wantBlocked: true,
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			// Set test env vars
+			for k, v := range tt.envVars {
+				os.Setenv(k, v)
+			}
+
+			// Reset global config
+			cfg = nil
+			parseConfig()
+
+			// Create test request
+			app := fiber.New()
+			ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+			defer app.ReleaseCtx(ctx)
+			ctx.Request().Header.SetMethod("POST")
+			ctx.Request().SetBody([]byte(fmt.Sprintf(`{"query": %q}`, tt.query)))
+
+			result := parseGraphQLQuery(ctx)
+			assert.Equal(tt.wantBlocked, result.shouldBlock)
+			for k := range tt.envVars {
+				os.Unsetenv(k)
+			}
+		})
+	}
+}
@@ -1,11 +1,15 @@
 package main

 import (
-	libpack_monitoring "github.com/telegram-bot-app/libpack/monitoring"
+	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )

+// StartMonitoringServer initializes and starts the monitoring server.
 func StartMonitoringServer() {
-	cfg.Monitoring = libpack_monitoring.NewMonitoring()
+	cfg.Monitoring = libpack_monitoring.NewMonitoring(&libpack_monitoring.InitConfig{
+		PurgeOnCrawl: cfg.Server.PurgeOnCrawl,
+		PurgeEvery:   cfg.Server.PurgeEvery,
+	})
 	cfg.Monitoring.AddMetricsPrefix("graphql_proxy")
 	cfg.Monitoring.RegisterDefaultMetrics()
 }
@@ -0,0 +1,15 @@
+package libpack_monitoring
+
+func (ms *MetricsSetup) RegisterDefaultMetrics() {
+	ms.RegisterMetricsCounter(MetricsSucceeded, nil)
+	ms.RegisterMetricsCounter(MetricsFailed, nil)
+	ms.RegisterMetricsCounter(MetricsSkipped, nil)
+	ms.RegisterMetricsHistogram(MetricsDuration, nil)
+	ms.RegisterMetricsCounter(MetricsCacheHit, nil)
+	ms.RegisterMetricsCounter(MetricsCacheMiss, nil)
+	ms.RegisterMetricsCounter(MetricsQueriesCached, nil)
+}
+
+func (ms *MetricsSetup) RegisterGoMetrics() {
+	// TODO: metrics.WriteProcessMetrics(ms.metrics_set)
+}
@@ -0,0 +1,181 @@
+package libpack_monitoring
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"sort"
+	"strings"
+	"sync"
+	"unicode"
+
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+)
+
+var sortedLabelKeysCache = struct {
+	m sync.Map
+}{}
+
+func (ms *MetricsSetup) get_metrics_name(name string, labels map[string]string) string {
+	var buf bytes.Buffer
+
+	podName := getPodName()
+	if labels == nil {
+		labels = defaultLabels(podName)
+	} else {
+		ensureDefaultLabels(&labels, podName)
+	}
+
+	if ms.metrics_prefix != "" {
+		buf.WriteString(ms.metrics_prefix)
+		buf.WriteByte('_')
+	}
+	buf.WriteString(name)
+
+	if len(labels) > 0 {
+		buf.WriteByte('{')
+		appendSortedLabels(&buf, labels)
+		buf.WriteByte('}')
+	}
+
+	return buf.String()
+}
+
+func getPodName() string {
+	const unknownPodName = "unknown"
+	if hn, err := os.Hostname(); err == nil {
+		return hn
+	}
+	return unknownPodName
+}
+
+func defaultLabels(podName string) map[string]string {
+	return map[string]string{
+		"microservice": libpack_config.PKG_NAME,
+		"pod":          podName,
+	}
+}
+
+func ensureDefaultLabels(labels *map[string]string, podName string) {
+	if *labels == nil {
+		*labels = make(map[string]string)
+	}
+	if _, exists := (*labels)["microservice"]; !exists {
+		(*labels)["microservice"] = libpack_config.PKG_NAME
+	}
+	if _, exists := (*labels)["pod"]; !exists {
+		(*labels)["pod"] = podName
+	}
+}
+
+func appendSortedLabels(buf *bytes.Buffer, labels map[string]string) {
+	keys := getSortedKeys(labels)
+	for i, k := range keys {
+		if i > 0 {
+			buf.WriteByte(',')
+		}
+		buf.WriteString(k)
+		buf.WriteString(`="`)
+		buf.WriteString(labels[k])
+		buf.WriteByte('"')
+	}
+}
+
+func getSortedKeys(labels map[string]string) []string {
+	labelsKey := labelsToString(labels)
+
+	// Check if the sorted keys are already cached
+	if keys, ok := sortedLabelKeysCache.m.Load(labelsKey); ok {
+		return keys.([]string)
+	}
+
+	// Compute the sorted keys
+	keys := make([]string, 0, len(labels))
+	for k := range labels {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	// Store the sorted keys in the cache
+	sortedLabelKeysCache.m.Store(labelsKey, keys)
+
+	return keys
+}
+
+func labelsToString(labels map[string]string) string {
+	keys := make([]string, 0, len(labels))
+	for k := range labels {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	var sb strings.Builder
+	for _, k := range keys {
+		sb.WriteString(k)
+		sb.WriteByte('=')
+		sb.WriteString(labels[k])
+		sb.WriteByte(';')
+	}
+	return sb.String()
+}
+
+func validate_metrics_name(name string) error {
+	cleanedName := clean_metric_name(name)
+
+	finalName := strings.Trim(cleanedName, "_")
+
+	if finalName != name {
+		return fmt.Errorf("invalid metric name: %s, expected %s", name, finalName)
+	}
+	return nil
+}
+
+func clean_metric_name(name string) string {
+	var buf bytes.Buffer
+	lastWasUnderscore := false
+
+	for _, r := range name {
+		if is_allowed_rune(r) {
+			if is_special_rune(r) {
+				if lastWasUnderscore {
+					continue
+				}
+				r = '_'
+				lastWasUnderscore = true
+			} else {
+				lastWasUnderscore = false
+			}
+			buf.WriteRune(r)
+		} else if !lastWasUnderscore {
+			buf.WriteByte('_')
+			lastWasUnderscore = true
+		}
+	}
+
+	return strings.Trim(buf.String(), "_")
+}
+
+func is_allowed_rune(r rune) bool {
+	return unicode.IsLetter(r) || unicode.IsDigit(r) || r == ' ' || r == '_'
+}
+
+func is_special_rune(r rune) bool {
+	return r == ' ' || r == '_'
+}
+
+func compile_metrics_with_labels(name string, labels map[string]string) string {
+	var buf bytes.Buffer
+
+	buf.WriteString(name)
+
+	keys := getSortedKeys(labels)
+
+	for _, k := range keys {
+		buf.WriteByte('_')
+		buf.WriteString(k)
+		buf.WriteByte('_')
+		buf.WriteString(labels[k])
+	}
+
+	return buf.String()
+}
@@ -0,0 +1,44 @@
+package libpack_monitoring
+
+import (
+	"testing"
+
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+)
+
+func BenchmarkGetMetricsName(b *testing.B) {
+	// Setup environment
+	libpack_config.PKG_NAME = "test_service"
+
+	ms := &MetricsSetup{metrics_prefix: "test_prefix"}
+
+	labels := map[string]string{
+		"env":    "production",
+		"region": "us-west-2",
+	}
+
+	// Run the benchmark
+	for n := 0; n < b.N; n++ {
+		ms.get_metrics_name("request_count", labels)
+	}
+}
+
+func BenchmarkCompileMetricsWithLabels(b *testing.B) {
+	labels := map[string]string{
+		"env":    "production",
+		"region": "us-west-2",
+		"app":    "api-server",
+	}
+
+	for n := 0; n < b.N; n++ {
+		compile_metrics_with_labels("request_count", labels)
+	}
+}
+
+func BenchmarkValidateMetricsName(b *testing.B) {
+	input := "valid metric name with special chars @#! and underscores__"
+
+	for n := 0; n < b.N; n++ {
+		validate_metrics_name(input)
+	}
+}
@@ -0,0 +1,228 @@
+package libpack_monitoring
+
+import (
+	"testing"
+
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetMetricsName(t *testing.T) {
+	ms := &MetricsSetup{metrics_prefix: "prefix"}
+	libpack_config.PKG_NAME = "example_microservice"
+
+	tests := []struct {
+		name           string
+		metricName     string
+		labels         map[string]string
+		expectedOutput string
+	}{
+		{
+			name:           "No labels",
+			metricName:     "test_metric",
+			labels:         nil,
+			expectedOutput: "prefix_test_metric{microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "With labels",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label1": "value1",
+				"label2": "value2",
+			},
+			expectedOutput: "prefix_test_metric{label1=\"value1\",label2=\"value2\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Alphabetical order labels",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label2": "value2",
+				"label1": "value1",
+			},
+			expectedOutput: "prefix_test_metric{label1=\"value1\",label2=\"value2\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:           "Empty metric name",
+			metricName:     "",
+			labels:         nil,
+			expectedOutput: "prefix_{microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:           "Empty labels map",
+			metricName:     "test_metric",
+			labels:         map[string]string{},
+			expectedOutput: "prefix_test_metric{microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Single label",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label1": "value1",
+			},
+			expectedOutput: "prefix_test_metric{label1=\"value1\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Multiple labels with special characters",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label-2": "value-2",
+				"label_1": "value_1",
+			},
+			expectedOutput: "prefix_test_metric{label-2=\"value-2\",label_1=\"value_1\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Prefix only",
+			metricName: "",
+			labels: map[string]string{
+				"label1": "value1",
+			},
+			expectedOutput: "prefix_{label1=\"value1\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := ms.get_metrics_name(tt.metricName, tt.labels)
+			assert.Equal(t, tt.expectedOutput, result)
+		})
+	}
+}
+
+func TestCompileMetricsWithLabels(t *testing.T) {
+	tests := []struct {
+		name   string
+		labels map[string]string
+		want   string
+	}{
+		{"request_count", map[string]string{"env": "production", "region": "us-west-2"}, "request_count_env_production_region_us-west-2"},
+		{"metric_name", map[string]string{}, "metric_name"},
+		{"metric_name", nil, "metric_name"},
+		{"metric_name", map[string]string{"key1": "value1"}, "metric_name_key1_value1"},
+		{"metric_name", map[string]string{"k": "v", "key2": "value2"}, "metric_name_k_v_key2_value2"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := compile_metrics_with_labels(tt.name, tt.labels); got != tt.want {
+				t.Errorf("compile_metrics_with_labels() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestValidateMetricsName(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		wantErr bool
+	}{
+		{"Valid name", "valid_metric_name", false},
+		{"Name with spaces", "valid metric name", true},
+		{"Name with special chars", "valid@metric#name!", true},
+		{"Name with leading underscore", "_valid_metric_name", true},
+		{"Name with trailing underscore", "valid_metric_name_", true},
+		{"Name with consecutive underscores", "valid__metric__name", true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := validate_metrics_name(tt.input); (err != nil) != tt.wantErr {
+				t.Errorf("validate_metrics_name() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestCleanMetricName(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected string
+	}{
+		{"valid metric name", "valid_metric_name"},
+		{"valid@metric#name!", "valid_metric_name"},
+		{"__valid__metric__name__", "valid_metric_name"},
+		{" valid metric name ", "valid_metric_name"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.input, func(t *testing.T) {
+			assert.Equal(t, tt.expected, clean_metric_name(tt.input))
+		})
+	}
+}
+
+func TestDefaultLabels(t *testing.T) {
+	podName := "test-pod"
+	libpack_config.PKG_NAME = "example_microservice"
+	expected := map[string]string{
+		"microservice": "example_microservice",
+		"pod":          podName,
+	}
+
+	assert.Equal(t, expected, defaultLabels(podName))
+}
+
+func TestEnsureDefaultLabels(t *testing.T) {
+	podName := "test-pod"
+	libpack_config.PKG_NAME = "example_microservice"
+
+	tests := []struct {
+		inputLabels    map[string]string
+		expectedLabels map[string]string
+		name           string
+	}{
+		{
+			name:           "Nil labels",
+			inputLabels:    nil,
+			expectedLabels: map[string]string{"microservice": "example_microservice", "pod": podName},
+		},
+		{
+			name:           "Empty labels",
+			inputLabels:    map[string]string{},
+			expectedLabels: map[string]string{"microservice": "example_microservice", "pod": podName},
+		},
+		{
+			name:           "Partial labels",
+			inputLabels:    map[string]string{"microservice": "test_service"},
+			expectedLabels: map[string]string{"microservice": "test_service", "pod": podName},
+		},
+		{
+			name:           "Complete labels",
+			inputLabels:    map[string]string{"microservice": "test_service", "pod": "custom_pod"},
+			expectedLabels: map[string]string{"microservice": "test_service", "pod": "custom_pod"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ensureDefaultLabels(&tt.inputLabels, podName)
+			assert.Equal(t, tt.expectedLabels, tt.inputLabels)
+		})
+	}
+}
+
+func TestLabelsToString(t *testing.T) {
+	tests := []struct {
+		labels   map[string]string
+		expected string
+	}{
+		{
+			labels:   map[string]string{"key1": "value1", "key2": "value2"},
+			expected: "key1=value1;key2=value2;",
+		},
+		{
+			labels:   map[string]string{"a": "1", "b": "2"},
+			expected: "a=1;b=2;",
+		},
+		{
+			labels:   map[string]string{},
+			expected: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.expected, func(t *testing.T) {
+			assert.Equal(t, tt.expected, labelsToString(tt.labels))
+		})
+	}
+}
@@ -0,0 +1,174 @@
+package libpack_monitoring
+
+import (
+	"flag"
+	"fmt"
+	"time"
+
+	"github.com/VictoriaMetrics/metrics"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gookit/goutil/envutil"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+type MetricsSetup struct {
+	metrics_set        *metrics.Set
+	metrics_set_custom *metrics.Set
+	ic                 *InitConfig
+	metrics_prefix     string
+}
+
+var log = libpack_logger.New().SetMinLogLevel(libpack_logger.LEVEL_INFO)
+
+type InitConfig struct {
+	PurgeOnCrawl bool
+	PurgeEvery   int
+}
+
+func NewMonitoring(ic *InitConfig) *MetricsSetup {
+	ms := &MetricsSetup{
+		ic:                 ic,
+		metrics_set:        metrics.NewSet(),
+		metrics_set_custom: metrics.NewSet(),
+	}
+
+	if flag.Lookup("test.v") == nil {
+		go ms.startPrometheusEndpoint()
+
+		if ic.PurgeEvery > 0 {
+			ticker := time.NewTicker(time.Duration(ic.PurgeEvery) * time.Second)
+			go func() {
+				for range ticker.C {
+					ms.PurgeMetrics()
+				}
+			}()
+		}
+	}
+
+	return ms
+}
+
+func (ms *MetricsSetup) startPrometheusEndpoint() {
+	app := fiber.New(fiber.Config{
+		DisableStartupMessage: true,
+		AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
+	})
+	app.Get("/metrics", ms.metricsEndpoint)
+	if err := app.Listen(fmt.Sprintf(":%d", envutil.GetInt("MONITORING_PORT", 9393))); err != nil {
+		log.Critical(&libpack_logger.LogMessage{
+			Message: "Can't start the service",
+			Pairs:   map[string]interface{}{"error": err},
+		})
+	}
+}
+
+func (ms *MetricsSetup) metricsEndpoint(c *fiber.Ctx) error {
+	ms.metrics_set.WritePrometheus(c.Response().BodyWriter())
+	ms.metrics_set_custom.WritePrometheus(c.Response().BodyWriter())
+
+	if ms.ic.PurgeOnCrawl && ms.ic.PurgeEvery == 0 {
+		ms.PurgeMetrics()
+	}
+	return nil
+}
+
+func (ms *MetricsSetup) AddMetricsPrefix(prefix string) {
+	ms.metrics_prefix = prefix
+}
+
+func (ms *MetricsSetup) ListActiveMetrics() []string {
+	return ms.metrics_set.ListMetricNames()
+}
+
+func (ms *MetricsSetup) RegisterMetricsGauge(metric_name string, labels map[string]string, val float64) *metrics.Gauge {
+	if err := validate_metrics_name(metric_name); err != nil {
+		log.Critical(&libpack_logger.LogMessage{
+			Message: "RegisterMetricsGauge() error",
+			Pairs:   map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name},
+		})
+		return nil
+	}
+	return ms.metrics_set_custom.GetOrCreateGauge(ms.get_metrics_name(metric_name, labels), func() float64 {
+		return val
+	})
+}
+
+func (ms *MetricsSetup) RegisterMetricsCounter(metric_name string, labels map[string]string) *metrics.Counter {
+	if err := validate_metrics_name(metric_name); err != nil {
+		log.Critical(&libpack_logger.LogMessage{
+			Message: "RegisterMetricsCounter() error",
+			Pairs:   map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name},
+		})
+		return nil
+	}
+	if metric_name == MetricsSucceeded || metric_name == MetricsFailed || metric_name == MetricsSkipped {
+		return ms.metrics_set.GetOrCreateCounter(ms.get_metrics_name(metric_name, labels))
+	}
+	return ms.metrics_set_custom.GetOrCreateCounter(ms.get_metrics_name(metric_name, labels))
+}
+
+func (ms *MetricsSetup) RegisterFloatCounter(metric_name string, labels map[string]string) *metrics.FloatCounter {
+	if err := validate_metrics_name(metric_name); err != nil {
+		log.Critical(&libpack_logger.LogMessage{
+			Message: "RegisterFloatCounter() error",
+			Pairs:   map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name},
+		})
+		return nil
+	}
+	return ms.metrics_set_custom.GetOrCreateFloatCounter(ms.get_metrics_name(metric_name, labels))
+}
+
+func (ms *MetricsSetup) RegisterMetricsSummary(metric_name string, labels map[string]string) *metrics.Summary {
+	if err := validate_metrics_name(metric_name); err != nil {
+		log.Critical(&libpack_logger.LogMessage{
+			Message: "RegisterMetricsSummary() error",
+			Pairs:   map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name},
+		})
+		return nil
+	}
+	return ms.metrics_set_custom.GetOrCreateSummary(ms.get_metrics_name(metric_name, labels))
+}
+
+func (ms *MetricsSetup) RegisterMetricsHistogram(metric_name string, labels map[string]string) *metrics.Histogram {
+	if err := validate_metrics_name(metric_name); err != nil {
+		log.Critical(&libpack_logger.LogMessage{
+			Message: "RegisterMetricsHistogram() error",
+			Pairs:   map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name},
+		})
+		return nil
+	}
+	return ms.metrics_set_custom.GetOrCreateHistogram(ms.get_metrics_name(metric_name, labels))
+}
+
+func (ms *MetricsSetup) Increment(metric_name string, labels map[string]string) {
+	ms.RegisterMetricsCounter(metric_name, labels).Inc()
+}
+
+func (ms *MetricsSetup) IncrementFloat(metric_name string, labels map[string]string, value float64) {
+	ms.RegisterFloatCounter(metric_name, labels).Add(value)
+}
+
+func (ms *MetricsSetup) Set(metric_name string, labels map[string]string, value uint64) {
+	ms.RegisterMetricsCounter(metric_name, labels).Set(value)
+}
+
+func (ms *MetricsSetup) Update(metric_name string, labels map[string]string, value float64) {
+	ms.RegisterMetricsHistogram(metric_name, labels).Update(value)
+}
+
+func (ms *MetricsSetup) UpdateDuration(metric_name string, labels map[string]string, value time.Time) {
+	ms.RegisterMetricsHistogram(metric_name, labels).UpdateDuration(value)
+}
+
+func (ms *MetricsSetup) UpdateSummary(metric_name string, labels map[string]string, value float64) {
+	ms.RegisterMetricsSummary(metric_name, labels).Update(value)
+}
+
+func (ms *MetricsSetup) RemoveMetrics(metric_name string, labels map[string]string) {
+	ms.metrics_set_custom.UnregisterMetric(ms.get_metrics_name(metric_name, labels))
+}
+
+func (ms *MetricsSetup) PurgeMetrics() {
+	ms.metrics_set_custom.UnregisterAllMetrics()
+}
@@ -0,0 +1,14 @@
+package libpack_monitoring
+
+const (
+	MetricsSucceeded     = "requests_succesful"
+	MetricsFailed        = "requests_failed"
+	MetricsDuration      = "requests_duration"
+	MetricsSkipped       = "requests_skipped"
+	MetricsExecutedQuery = "executed_query"
+	MetricsTimedQuery    = "timed_query"
+
+	MetricsCacheHit      = "cache_hit"
+	MetricsCacheMiss     = "cache_miss"
+	MetricsQueriesCached = "cached_queries"
+)
@@ -1,29 +1,191 @@
 package main

 import (
+	"bytes"
+	"compress/gzip"
+	"context"
 	"crypto/tls"
 	"fmt"
+	"io"
+	"net/url"
+	"time"

-	fiber "github.com/gofiber/fiber/v2"
+	"go.opentelemetry.io/otel/trace"
+
+	"github.com/avast/retry-go/v4"
+	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/proxy"
-	libpack_monitoring "github.com/telegram-bot-app/libpack/monitoring"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
+	libpack_tracing "github.com/lukaszraczylo/graphql-monitoring-proxy/tracing"
+	"github.com/valyala/fasthttp"
 )

-func proxyTheRequest(c *fiber.Ctx) error {
-	c.Request().Header.Add("X-Real-IP", c.IP())
-	c.Request().Header.Add("X-Forwarded-For", c.IP())
+// createFasthttpClient creates and configures a fasthttp client.
+func createFasthttpClient(timeout int) *fasthttp.Client {
+	return &fasthttp.Client{
+		Name:                     "graphql_proxy",
+		NoDefaultUserAgentHeader: true,
+		TLSConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+		MaxConnsPerHost:               2048,
+		ReadTimeout:                   time.Duration(timeout) * time.Second,
+		WriteTimeout:                  time.Duration(timeout) * time.Second,
+		MaxIdleConnDuration:           time.Duration(timeout) * time.Second,
+		MaxConnDuration:               time.Duration(timeout) * time.Second,
+		DisableHeaderNamesNormalizing: false,
+	}
+}

-	proxy.WithTlsConfig(&tls.Config{
-		InsecureSkipVerify: true,
-	})
+// proxyTheRequest handles the request proxying logic.
+func proxyTheRequest(c *fiber.Ctx, currentEndpoint string) error {
+	if cfg.Tracing.Enable && tracer != nil {
+		var span trace.Span
+		spanCtx := context.Background()
+		// Extract trace information from header
+		if traceHeader := c.Get("X-Trace-Span"); traceHeader != "" {
+			spanInfo, err := libpack_tracing.ParseTraceHeader(traceHeader)
+			if err != nil {
+				cfg.Logger.Warning(&libpack_logger.LogMessage{
+					Message: "Failed to parse trace header",
+					Pairs:   map[string]interface{}{"error": err.Error()},
+				})
+			} else {
+				if extractedSpanCtx, err := tracer.ExtractSpanContext(spanInfo); err == nil {
+					spanCtx = trace.ContextWithSpanContext(spanCtx, extractedSpanCtx)
+				}
+			}
+		}

-	err := proxy.DoRedirects(c, cfg.Server.HostGraphQL, 3)
+		// Start a new span
+		span, _ = tracer.StartSpan(spanCtx, "proxy_request")
+		defer span.End()
+	}
+
+	if !checkAllowedURLs(c) {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Request blocked",
+			Pairs:   map[string]interface{}{"path": c.Path()},
+		})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
+		return fmt.Errorf("request blocked - not allowed URL: %s", c.Path())
+	}
+
+	proxyURL := currentEndpoint + c.Path()
+	_, err := url.Parse(proxyURL)
 	if err != nil {
-		fmt.Println("Can't proxy the request: ", err)
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-		return err
+		return fmt.Errorf("invalid URL: %v", err)
+	}
+
+	if cfg.LogLevel == "DEBUG" {
+		logDebugRequest(c)
+	}
+
+	err = retry.Do(
+		func() error {
+			proxyErr := proxy.DoRedirects(c, proxyURL, 3, cfg.Client.FastProxyClient)
+			if proxyErr != nil {
+				return proxyErr
+			}
+			if c.Response().StatusCode() != fiber.StatusOK {
+				return fmt.Errorf("received non-200 response from the GraphQL server: %d", c.Response().StatusCode())
+			}
+			return nil
+		},
+		retry.Attempts(5),
+		retry.DelayType(retry.BackOffDelay),
+		retry.Delay(250*time.Millisecond),
+		retry.MaxDelay(5*time.Second),
+		retry.OnRetry(func(n uint, err error) {
+			cfg.Logger.Warning(&libpack_logger.LogMessage{
+				Message: "Retrying the request",
+				Pairs: map[string]interface{}{
+					"path":    c.Path(),
+					"attempt": n + 1,
+					"error":   err.Error(),
+				},
+			})
+		}),
+		retry.LastErrorOnly(true),
+	)
+
+	if err != nil {
+		cfg.Logger.Warning(&libpack_logger.LogMessage{
+			Message: "Can't proxy the request",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		}
+		return fmt.Errorf("failed to proxy request: %v", err)
+	}
+
+	if cfg.LogLevel == "DEBUG" {
+		logDebugResponse(c)
+	}
+
+	if bytes.EqualFold(c.Response().Header.Peek("Content-Encoding"), []byte("gzip")) {
+		// Decompress gzip response
+		reader, err := gzip.NewReader(bytes.NewReader(c.Response().Body()))
+		if err != nil {
+			cfg.Logger.Error(&libpack_logger.LogMessage{
+				Message: "Failed to create gzip reader",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+			return err
+		}
+		defer reader.Close()
+
+		decompressed, err := io.ReadAll(reader)
+		if err != nil {
+			cfg.Logger.Error(&libpack_logger.LogMessage{
+				Message: "Failed to decompress response",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+			return err
+		}
+
+		c.Response().SetBody(decompressed)
+		c.Response().Header.Del("Content-Encoding")
+	}
+
+	if c.Response().StatusCode() != fiber.StatusOK {
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		}
+		return fmt.Errorf("received non-200 response from the GraphQL server: %d", c.Response().StatusCode())
 	}

 	c.Response().Header.Del(fiber.HeaderServer)
 	return nil
 }
+
+// logDebugRequest logs the request details when in debug mode.
+func logDebugRequest(c *fiber.Ctx) {
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Proxying the request",
+		Pairs: map[string]interface{}{
+			"path":         c.Path(),
+			"body":         string(c.Body()),
+			"headers":      c.GetReqHeaders(),
+			"request_uuid": c.Locals("request_uuid"),
+		},
+	})
+}
+
+// logDebugResponse logs the response details when in debug mode.
+func logDebugResponse(c *fiber.Ctx) {
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Received proxied response",
+		Pairs: map[string]interface{}{
+			"path":          c.Path(),
+			"response_body": string(c.Response().Body()),
+			"response_code": c.Response().StatusCode(),
+			"headers":       c.GetRespHeaders(),
+			"request_uuid":  c.Locals("request_uuid"),
+		},
+	})
+}
@@ -0,0 +1,231 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"time"
+
+	"github.com/valyala/fasthttp"
+)
+
+func (suite *Tests) Test_proxyTheRequest() {
+
+	supplied_headers := map[string]string{
+		"X-Forwarded-For": "127.0.0.1",
+		"Content-Type":    "application/json",
+	}
+
+	tests := []struct {
+		headers      map[string]string
+		name         string
+		body         string
+		host         string
+		hostRO       string
+		path         string
+		wantErr      bool
+		wantEndpoint string
+	}{
+		{
+			name:         "test_empty",
+			body:         `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:         "https://telegram-bot.app/",
+			path:         "/v1/graphql",
+			headers:      supplied_headers,
+			wantErr:      false,
+			wantEndpoint: "https://telegram-bot.app/",
+		},
+		{
+			name:         "test_wrong_url",
+			body:         `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:         "https://google.com/",
+			path:         "/v1/wrongURL",
+			headers:      supplied_headers,
+			wantErr:      true,
+			wantEndpoint: "https://google.com/",
+		},
+		{
+			name:         "Test read only mode",
+			body:         `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:         "https://google.com/",
+			hostRO:       "https://telegram-bot.app/",
+			path:         "/v1/graphql",
+			headers:      supplied_headers,
+			wantErr:      false,
+			wantEndpoint: "https://telegram-bot.app/",
+		},
+		{
+			name:   "Test read only mode wrong host",
+			body:   `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:   "https://telegram-bot.app/",
+			hostRO: "https://google.com/",
+
+			path:         "/v1/graphql",
+			headers:      supplied_headers,
+			wantErr:      true,
+			wantEndpoint: "https://google.com/",
+		},
+		{
+			name:         "Test mutation with endpoint flip",
+			body:         `{"query":"mutation {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:         "https://telegram-bot.app/",
+			hostRO:       "https://google.com/",
+			path:         "/v1/graphql",
+			headers:      supplied_headers,
+			wantErr:      false,
+			wantEndpoint: "https://telegram-bot.app/",
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+
+			cfg = &config{}
+			parseConfig()
+			cfg.Server.HostGraphQL = tt.host
+
+			if tt.hostRO != "" {
+				cfg.Server.HostGraphQLReadOnly = tt.hostRO
+			}
+
+			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{})
+			
+			// Set headers
+			for k, v := range tt.headers {
+				ctx.Request().Header.Add(k, v)
+			}
+
+			// Set body and other request properties
+			ctx.Request().SetBody([]byte(tt.body))
+			ctx.Request().SetRequestURI(tt.path)
+			ctx.Request().Header.SetMethod("POST")
+			res := parseGraphQLQuery(ctx)
+			assert.NotNil(ctx, "Fiber context is nil", tt.name)
+			err := proxyTheRequest(ctx, res.activeEndpoint)
+			if tt.wantErr {
+				assert.NotNil(err, "Error is nil", tt.name)
+			} else {
+				assert.Nil(err, "Error is not nil", tt.name)
+			}
+			assert.Equal(tt.wantEndpoint, res.activeEndpoint, "Unexpected endpoint", tt.name)
+		})
+	}
+}
+
+func (suite *Tests) Test_proxyTheRequestWithPayloads() {
+
+	tests := []struct {
+		name    string
+		payload string
+		url     string
+		wantErr bool
+	}{
+		{
+			name:    "Test with invalid URL",
+			payload: `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			url:     "://invalid-url",
+			wantErr: true,
+		},
+		{
+			name:    "Test with network error",
+			payload: `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			url:     "http://non-existent-host.invalid",
+			wantErr: true,
+		},
+		// {
+		// 	name:    "Test with large payload",
+		// 	payload: strings.Repeat("a", 10*1024*1024), // 10MB payload
+		// 	url:     "https://google.com/",
+		// 	wantErr: false,
+		// },
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			cfg.Server.HostGraphQL = tt.url
+			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{})
+			err := proxyTheRequest(ctx, cfg.Server.HostGraphQL)
+			if tt.wantErr {
+				assert.NotNil(err)
+			} else {
+				assert.Nil(err)
+			}
+		})
+	}
+}
+
+func (suite *Tests) Test_proxyTheRequestWithTimeouts() {
+	originalTimeout := cfg.Client.ClientTimeout
+	defer func() {
+		cfg.Client.ClientTimeout = originalTimeout
+		cfg.Client.FastProxyClient = createFasthttpClient(cfg.Client.ClientTimeout)
+	}()
+
+	// Create a mock server
+	mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		sleepDuration, _ := time.ParseDuration(r.Header.Get("X-Sleep-Duration"))
+		time.Sleep(sleepDuration)
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"data":{"test":"response"}}`))
+	}))
+	defer mockServer.Close()
+
+	tests := []struct {
+		name          string
+		clientTimeout int
+		sleepDuration string
+		body          string
+		wantErr       bool
+	}{
+		{
+			name:          "Short timeout, long wait for response",
+			clientTimeout: 1,
+			sleepDuration: "2s",
+			body:          `{"query":"query { test }"}`,
+			wantErr:       true,
+		},
+		{
+			name:          "Short timeout, short wait for response",
+			clientTimeout: 2,
+			sleepDuration: "500ms",
+			body:          `{"query":"query { test }"}`,
+			wantErr:       false,
+		},
+		{
+			name:          "Long timeout, short wait for response",
+			clientTimeout: 10,
+			sleepDuration: "1s",
+			body:          `{"query":"query { test }"}`,
+			wantErr:       false,
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			cfg.Client.ClientTimeout = tt.clientTimeout
+			cfg.Client.FastProxyClient = createFasthttpClient(cfg.Client.ClientTimeout)
+			cfg.Server.HostGraphQL = mockServer.URL
+
+			req := &fasthttp.Request{}
+			req.SetBody([]byte(tt.body))
+			req.SetRequestURI("/v1/graphql")
+			req.Header.SetMethod("POST")
+			req.Header.Set("Content-Type", "application/json")
+			req.Header.Set("X-Sleep-Duration", tt.sleepDuration)
+
+			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{})
+			ctx.Request().Header.SetMethod("POST")
+			ctx.Request().SetBody(req.Body())
+			ctx.Request().SetRequestURI(string(req.RequestURI())) // Convert []byte to string
+			ctx.Request().Header.SetContentType("application/json")
+			ctx.Request().Header.Set("X-Sleep-Duration", tt.sleepDuration)
+
+			err := proxyTheRequest(ctx, cfg.Server.HostGraphQL)
+
+			if tt.wantErr {
+				assert.NotNil(err, "Expected an error for test: %s", tt.name)
+			} else {
+				assert.Nil(err, "Expected no error for test: %s", tt.name)
+			}
+		})
+	}
+}
@@ -0,0 +1,127 @@
+package main
+
+import (
+	"os"
+	"sync"
+	"time"
+
+	"github.com/goccy/go-json"
+	goratecounter "github.com/lukaszraczylo/go-ratecounter"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+)
+
+// RateLimitConfig holds the rate limit configuration for a role
+type RateLimitConfig struct {
+	RateCounterTicker *goratecounter.RateCounter
+	Interval          time.Duration `json:"interval"`
+	Req               int           `json:"req"`
+}
+
+var (
+	rateLimits  = make(map[string]RateLimitConfig)
+	rateLimitMu sync.RWMutex
+)
+
+// loadRatelimitConfig loads the rate limit configurations from file
+func loadRatelimitConfig() error {
+	paths := []string{"/go/src/app/ratelimit.json", "./ratelimit.json", "./static/app/default-ratelimit.json"}
+	for _, path := range paths {
+		if err := loadConfigFromPath(path); err == nil {
+			return nil
+		}
+	}
+	cfg.Logger.Error(&libpack_logger.LogMessage{
+		Message: "Rate limit config not found",
+		Pairs:   map[string]interface{}{"paths": paths},
+	})
+	return os.ErrNotExist
+}
+
+func loadConfigFromPath(path string) error {
+	file, err := os.ReadFile(path)
+	if err != nil {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Failed to load config",
+			Pairs:   map[string]interface{}{"path": path, "error": err},
+		})
+		return err
+	}
+
+	var config struct {
+		RateLimit map[string]RateLimitConfig `json:"ratelimit"`
+	}
+
+	if err := json.Unmarshal(file, &config); err != nil {
+		return err
+	}
+
+	newRateLimits := make(map[string]RateLimitConfig, len(config.RateLimit))
+	for key, value := range config.RateLimit {
+		value.RateCounterTicker = goratecounter.NewRateCounter().WithConfig(goratecounter.RateCounterConfig{
+			Interval: value.Interval,
+		})
+
+		if cfg.LogLevel == "DEBUG" {
+			cfg.Logger.Debug(&libpack_logger.LogMessage{
+				Message: "Setting ratelimit config for role",
+				Pairs: map[string]interface{}{
+					"role":          key,
+					"interval_used": value.Interval,
+					"ratelimit":     value.Req,
+				},
+			})
+		}
+		newRateLimits[key] = value
+	}
+
+	rateLimitMu.Lock()
+	rateLimits = newRateLimits
+	rateLimitMu.Unlock()
+
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Rate limit config loaded",
+		Pairs:   map[string]interface{}{"ratelimit": rateLimits},
+	})
+	return nil
+}
+
+// rateLimitedRequest checks if a request should be rate-limited
+func rateLimitedRequest(userID, userRole string) bool {
+	rateLimitMu.RLock()
+	roleConfig, ok := rateLimits[userRole]
+	rateLimitMu.RUnlock()
+
+	if !ok || roleConfig.RateCounterTicker == nil {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Rate limit role not found or ticker not initialized",
+			Pairs:   map[string]interface{}{"user_role": userRole},
+		})
+		return true
+	}
+
+	roleConfig.RateCounterTicker.Incr(1)
+	tickerRate := roleConfig.RateCounterTicker.GetRate()
+
+	logDetails := map[string]interface{}{
+		"user_role":   userRole,
+		"user_id":     userID,
+		"rate":        tickerRate,
+		"config_rate": roleConfig.Req,
+		"interval":    roleConfig.Interval,
+	}
+
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Rate limit ticker",
+		Pairs:   map[string]interface{}{"log_details": logDetails},
+	})
+
+	if tickerRate > float64(roleConfig.Req) {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Rate limit exceeded",
+			Pairs:   map[string]interface{}{"log_details": logDetails},
+		})
+		return false
+	}
+
+	return true
+}
@@ -2,13 +2,14 @@ version: 1
 force:
  existing: true
  strict: false
+  minor: 1
 wording:
  patch:
    - update
    - initial
    - fix
  minor:
-    - change
    - improve
+    - release
  major:
-    - breaking
+    - breaking
@@ -2,86 +2,264 @@ package main

 import (
 	"fmt"
+	"strconv"
 	"time"

+	"github.com/goccy/go-json"
 	fiber "github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
-	jsoniter "github.com/json-iterator/go"
-	libpack_monitoring "github.com/telegram-bot-app/libpack/monitoring"
+	"github.com/google/uuid"
+
+	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )

-var json = jsoniter.ConfigCompatibleWithStandardLibrary
+const (
+	healthCheckQueryStr = `{ __typename }`
+)

-// StartHTTPProxy starts the HTTP and points it to the GraphQL server.
+// StartHTTPProxy initializes and starts the HTTP proxy server.
 func StartHTTPProxy() {
-	server := fiber.New()
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Starting the HTTP proxy",
+	})
+
+	serverConfig := fiber.Config{
+		DisableStartupMessage: true,
+		AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
+		IdleTimeout:           time.Duration(cfg.Client.ClientTimeout) * time.Second,
+		ReadTimeout:           time.Duration(cfg.Client.ClientTimeout) * time.Second,
+		WriteTimeout:          time.Duration(cfg.Client.ClientTimeout) * time.Second,
+		JSONEncoder:           json.Marshal,
+		JSONDecoder:           json.Unmarshal,
+	}
+
+	server := fiber.New(serverConfig)

 	server.Use(cors.New(cors.Config{
 		AllowOrigins: "*",
 	}))

-	server.Post("/v1/graphql", processGraphQLRequest)
+	server.Use(AddRequestUUID)

 	server.Get("/healthz", healthCheck)
-	err := server.Listen(fmt.Sprintf(":%d", cfg.Server.PortGraphQL))
-	if err != nil {
-		fmt.Println("Can't start the service: ", err)
+	server.Get("/livez", healthCheck)
+
+	server.Post("/*", processGraphQLRequest)
+	server.Get("/*", proxyTheRequestToDefault)
+
+	cfg.Logger.Info(&libpack_logger.LogMessage{
+		Message: "GraphQL proxy started",
+		Pairs:   map[string]interface{}{"port": cfg.Server.PortGraphQL},
+	})
+
+	if err := server.Listen(fmt.Sprintf(":%d", cfg.Server.PortGraphQL)); err != nil {
+		cfg.Logger.Critical(&libpack_logger.LogMessage{
+			Message: "Can't start the service",
+			Pairs:   map[string]interface{}{"port": cfg.Server.PortGraphQL, "error": err.Error()},
+		})
 	}
 }

+// proxyTheRequestToDefault proxies the request to the default GraphQL endpoint.
+func proxyTheRequestToDefault(c *fiber.Ctx) error {
+	return proxyTheRequest(c, cfg.Server.HostGraphQL)
+}
+
+// AddRequestUUID adds a unique request UUID to the context.
+func AddRequestUUID(c *fiber.Ctx) error {
+	c.Locals("request_uuid", uuid.NewString())
+	return c.Next()
+}
+
+// checkAllowedURLs checks if the requested URL is allowed.
+func checkAllowedURLs(c *fiber.Ctx) bool {
+	if len(allowedUrls) == 0 {
+		return true
+	}
+	path := c.OriginalURL()
+	_, ok := allowedUrls[path]
+	return ok
+}
+
+// healthCheck performs a health check on the GraphQL server.
 func healthCheck(c *fiber.Ctx) error {
-	return c.SendString("OK")
+	if len(cfg.Server.HealthcheckGraphQL) > 0 {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Health check enabled",
+			Pairs:   map[string]interface{}{"url": cfg.Server.HealthcheckGraphQL},
+		})
+
+		_, err := cfg.Client.GQLClient.Query(healthCheckQueryStr, nil, nil)
+		if err != nil {
+			cfg.Logger.Error(&libpack_logger.LogMessage{
+				Message: "Can't reach the GraphQL server",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+			return c.Status(fiber.StatusInternalServerError).SendString("Can't reach the GraphQL server with {__typename} query")
+		}
+	}
+
+	cfg.Logger.Debug(&libpack_logger.LogMessage{
+		Message: "Health check returning OK",
+	})
+	return c.Status(fiber.StatusOK).SendString("Health check OK")
 }

+// processGraphQLRequest handles the incoming GraphQL requests.
 func processGraphQLRequest(c *fiber.Ctx) error {
-	t := time.Now()
+	startTime := time.Now()

-	var extracted_user_id string = "-"
-	var query_cache_hash string = ""
+	extractedUserID := "-"
+	extractedRoleName := "-"

-	authorization := c.Request().Header.Peek("Authorization")
-	if authorization != nil && len(cfg.Client.JWTUserClaimPath) > 0 {
-		extracted_user_id = extractClaimsFromJWTHeader(string(authorization))
+	if authorization := c.Get("Authorization"); authorization != "" && (len(cfg.Client.JWTUserClaimPath) > 0 || len(cfg.Client.JWTRoleClaimPath) > 0) {
+		extractedUserID, extractedRoleName = extractClaimsFromJWTHeader(authorization)
 	}
-	opType, opName, cache_from_query := parseGraphQLQuery(c)

-	was_cached := false
+	if checkIfUserIsBanned(c, extractedUserID) {
+		return c.Status(fiber.StatusForbidden).SendString("User is banned")
+	}

-	if cache_from_query || cfg.Cache.CacheEnable {
-		cfg.Logger.Debug("Cache enabled", map[string]interface{}{"via_query": cache_from_query, "via_env": cfg.Cache.CacheEnable})
-		query_cache_hash = calculateHash(c)
-		cachedResponse := cacheLookup(query_cache_hash)
-		if cachedResponse != nil {
-			cfg.Logger.Debug("Cache hit", map[string]interface{}{"hash": query_cache_hash, "user_id": extracted_user_id})
-			c.Send(cachedResponse)
-			was_cached = true
+	if cfg.Client.RoleFromHeader != "" {
+		if role := c.Get(cfg.Client.RoleFromHeader); role != "" {
+			extractedRoleName = role
+		}
+	}
+
+	if cfg.Client.RoleRateLimit {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Rate limiting enabled",
+			Pairs:   map[string]interface{}{"user_id": extractedUserID, "role_name": extractedRoleName},
+		})
+		if !rateLimitedRequest(extractedUserID, extractedRoleName) {
+			return c.Status(fiber.StatusTooManyRequests).SendString("Rate limit exceeded, try again later")
+		}
+	}
+
+	parsedResult := parseGraphQLQuery(c) // Ensure this function is defined elsewhere
+	if parsedResult.shouldBlock {
+		return c.Status(fiber.StatusForbidden).SendString("Request blocked")
+	}
+
+	if parsedResult.shouldIgnore {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Request passed as-is - probably not a GraphQL",
+		})
+		return proxyTheRequest(c, parsedResult.activeEndpoint)
+	}
+
+	calculatedQueryHash := libpack_cache.CalculateHash(c)
+
+	if parsedResult.cacheTime == 0 {
+		if cacheQuery := c.Get("X-Cache-Graphql-Query"); cacheQuery != "" {
+			parsedResult.cacheTime, _ = strconv.Atoi(cacheQuery)
 		} else {
-			cfg.Logger.Debug("Cache miss", map[string]interface{}{"hash": query_cache_hash, "user_id": extracted_user_id})
-			proxyTheRequest(c)
-			cfg.Cache.CacheClient.Set(query_cache_hash, c.Response().Body(), time.Duration(cfg.Cache.CacheTTL)*time.Second)
-			c.Send(c.Response().Body())
+			parsedResult.cacheTime = cfg.Cache.CacheTTL
+		}
+	}
+
+	wasCached := false //nolint:ineffassign
+
+	if parsedResult.cacheRefresh {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Cache refresh requested via query",
+			Pairs:   map[string]interface{}{"user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")},
+		})
+		libpack_cache.CacheDelete(calculatedQueryHash)
+	}
+
+	if parsedResult.cacheRequest || cfg.Cache.CacheEnable || cfg.Cache.CacheRedisEnable {
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Cache enabled",
+			Pairs:   map[string]interface{}{"via_query": parsedResult.cacheRequest, "via_env": cfg.Cache.CacheEnable},
+		})
+
+		if cachedResponse := libpack_cache.CacheLookup(calculatedQueryHash); cachedResponse != nil {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsCacheHit, nil)
+			cfg.Logger.Debug(&libpack_logger.LogMessage{
+				Message: "Cache hit",
+				Pairs:   map[string]interface{}{"hash": calculatedQueryHash, "user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")},
+			})
+			c.Set("X-Cache-Hit", "true")
+			wasCached = true
+			c.Set("Content-Type", "application/json")
+			return c.Send(cachedResponse)
+		}
+
+		cfg.Monitoring.Increment(libpack_monitoring.MetricsCacheMiss, nil)
+		cfg.Logger.Debug(&libpack_logger.LogMessage{
+			Message: "Cache miss",
+			Pairs:   map[string]interface{}{"hash": calculatedQueryHash, "user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")},
+		})
+		if err := proxyAndCacheTheRequest(c, calculatedQueryHash, parsedResult.cacheTime, parsedResult.activeEndpoint); err != nil {
+			return err
 		}
 	} else {
-		proxyTheRequest(c)
+		if err := proxyTheRequest(c, parsedResult.activeEndpoint); err != nil {
+			cfg.Logger.Error(&libpack_logger.LogMessage{
+				Message: "Can't proxy the request",
+				Pairs:   map[string]interface{}{"error": err.Error()},
+			})
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+			return c.Status(fiber.StatusInternalServerError).SendString("Can't proxy the request - try again later")
+		}
 	}
-	time_taken := time.Since(t)

-	cfg.Logger.Info("Request processed", map[string]interface{}{"ip": c.IP(), "user_id": extracted_user_id, "op_type": opType, "op_name": opName, "time": time_taken, "cache": was_cached})
-	cfg.Monitoring.Increment(libpack_monitoring.MetricsSucceeded, nil)
+	logAndMonitorRequest(c, extractedUserID, parsedResult.operationType, parsedResult.operationName, wasCached, time.Since(startTime), startTime)

+	return nil
+}
+
+// proxyAndCacheTheRequest proxies and caches the request if needed.
+func proxyAndCacheTheRequest(c *fiber.Ctx, queryCacheHash string, cacheTime int, currentEndpoint string) error {
+	if err := proxyTheRequest(c, currentEndpoint); err != nil {
+		cfg.Logger.Error(&libpack_logger.LogMessage{
+			Message: "Can't proxy the request",
+			Pairs:   map[string]interface{}{"error": err.Error()},
+		})
+		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		return c.Status(fiber.StatusInternalServerError).SendString("Can't proxy the request - try again later")
+	}
+
+	libpack_cache.CacheStoreWithTTL(queryCacheHash, c.Response().Body(), time.Duration(cacheTime)*time.Second)
+	cfg.Monitoring.Increment(libpack_monitoring.MetricsQueriesCached, nil)
+	return c.Send(c.Response().Body())
+}
+
+// logAndMonitorRequest logs and monitors the request processing.
+func logAndMonitorRequest(c *fiber.Ctx, userID, opType, opName string, wasCached bool, duration time.Duration, startTime time.Time) {
 	labels := map[string]string{
 		"op_type": opType,
 		"op_name": opName,
-		"cached":  fmt.Sprintf("%t", was_cached),
-		"user_id": extracted_user_id,
+		"cached":  strconv.FormatBool(wasCached),
+		"user_id": userID,
 	}

-	cfg.Monitoring.Increment("executed_query", labels)
-
-	if !was_cached {
-		cfg.Monitoring.UpdateDuration("timed_query", labels, t)
-		cfg.Monitoring.Update("timed_query", labels, float64(time_taken.Milliseconds()))
+	if cfg.Server.AccessLog {
+		cfg.Logger.Info(&libpack_logger.LogMessage{
+			Message: "Request processed",
+			Pairs: map[string]interface{}{
+				"ip":           c.IP(),
+				"fwd-ip":       c.Get("X-Forwarded-For"),
+				"user_id":      userID,
+				"op_type":      opType,
+				"op_name":      opName,
+				"time":         duration,
+				"cache":        wasCached,
+				"request_uuid": c.Locals("request_uuid"),
+			},
+		})
+	}
+
+	cfg.Monitoring.Increment(libpack_monitoring.MetricsSucceeded, nil)
+	cfg.Monitoring.Increment(libpack_monitoring.MetricsExecutedQuery, labels)
+
+	if !wasCached {
+		cfg.Monitoring.UpdateDuration(libpack_monitoring.MetricsTimedQuery, labels, startTime)
+		cfg.Monitoring.Update(libpack_monitoring.MetricsTimedQuery, labels, float64(duration.Milliseconds()))
 	}
-	// // cfg.Monitoring.Set("timed_query", time_taken.Milliseconds())
-	return nil
 }
@@ -0,0 +1 @@
+{}
@@ -0,0 +1,16 @@
+{
+  "ratelimit": {
+      "admin": {
+          "req": 100,
+          "interval": "second"
+      },
+      "guest": {
+          "req": 3,
+          "interval": "second"
+      },
+      "-": {
+          "req": 100,
+          "interval": "hour"
+      }
+  }
+}
@@ -0,0 +1,92 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hasura-proxy-internal
+  labels:
+    app: hasura-proxy-internal
+    type: support
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hasura-proxy-internal
+      type: support
+  template:
+    metadata:
+      labels:
+        app: hasura-proxy-internal
+        type: support
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9393"
+        prometheus.io/path: "/metrics"
+    spec:
+      securityContext:
+        runAsUser: 65534 # nobody
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/worker
+                operator: Exists
+      containers:
+      - name: graphql-proxy
+        image: ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: "1"
+            memory: "640Mi"
+          requests:
+            cpu: "0.75"
+            memory: "512Mi"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+        ports:
+          - name: web
+            containerPort: 8080
+          - name: monitoring
+            containerPort: 9393
+        env:
+          - name: PORT_GRAPHQL
+            value: "8080"
+          - name: MONITORING_PORT
+            value: "9393"
+          - name: HOST_GRAPHQL
+            value: http://hasura-internal:8080/v1/graphql
+          - name: ENABLE_GLOBAL_CACHE
+            value: "true"
+          - name: CACHE_TTL
+            value: "10"
+          - name: BLOCK_SCHEMA_INTROSPECTION
+            value: "true"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hasura-proxy-internal
+  labels:
+    app: hasura-proxy-internal
+    type: support
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9393"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+  - name: web
+    port: 8080
+    targetPort: 8080
+  - name: monitoring
+    port: 9393
+    targetPort: 9393
+  selector:
+    app: hasura-proxy-internal
+    type: support
+  type: ClusterIP
@@ -0,0 +1,165 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hasura-w-proxy-internal
+      type: support
+  template:
+    metadata:
+      labels:
+        app: hasura-w-proxy-internal
+        type: support
+    spec:
+      securityContext:
+        runAsUser: 65534 # nobody
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/worker
+                    operator: Exists
+      containers:
+        - name: hasura
+          image: hasura/graphql-engine:v2.33.1-ce
+          ports:
+            - name: hasura-internal
+              containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 30
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "512Mi"
+          env:
+            - name: HASURA_GRAPHQL_DATABASE_URL
+              value: postgres://postgres:xxx@yyy:5432/postgres
+            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+              value: "true"
+            - name: HASURA_GRAPHQL_DEV_MODE
+              value: "true"
+            - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+              value: "false"
+            - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+              value: "inherited_roles"
+            - name: HASURA_GRAPHQL_PG_CONNECTIONS
+              value: "20"
+            - name: HASURA_GRAPHQL_LOG_LEVEL
+              value: "error"
+
+        - name: hasura-ro
+          image: hasura/graphql-engine:v2.33.1-ce
+          ports:
+            - name: hasura-internal-ro
+              containerPort: 8088
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8088
+            initialDelaySeconds: 30
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "512Mi"
+          env:
+            - name: HASURA_GRAPHQL_DATABASE_URL
+              value: postgres://postgres:xxx@yyy.read-only:5432/postgres
+              # POINT METADATA TO THE RW database (!!!)
+            - name: HASURA_GRAPHQL_METADATA_DATABASE_URL
+              value: postgres://postgres:xxx@yyy:5432/postgres
+            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+              value: "true"
+            - name: HASURA_GRAPHQL_DEV_MODE
+              value: "true"
+            - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+              value: "false"
+            - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+              value: "inherited_roles"
+            - name: HASURA_GRAPHQL_PG_CONNECTIONS
+              value: "20"
+            - name: HASURA_GRAPHQL_LOG_LEVEL
+              value: "error"
+            - name: HASURA_GRAPHQL_SERVER_PORT
+              value: "8088"
+
+        - name: graphql-proxy
+          image: ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
+          imagePullPolicy: Always
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "128Mi"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          ports:
+            - name: web
+              containerPort: 8181
+            - name: monitoring
+              containerPort: 9393
+          env:
+            - name: PORT_GRAPHQL
+              value: "8181"
+            - name: MONITORING_PORT
+              value: "9393"
+            - name: HOST_GRAPHQL
+              value: http://localhost:8080/
+            - name: HOST_GRAPHQL_READONLY
+              value: http://localhost:8088/
+            - name: ENABLE_GLOBAL_CACHE
+              value: "true"
+            - name: CACHE_TTL
+              value: "10"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9393"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: hasura
+      port: 8080
+      targetPort: 8080
+    - name: hasura-ro
+      port: 8088
+      targetPort: 8088
+    - name: proxy
+      port: 8181
+      targetPort: 8181
+    - name: monitoring
+      port: 9393
+      targetPort: 9393
+  selector:
+    app: hasura-w-proxy-internal
+    type: support
+  type: ClusterIP
@@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hasura-w-proxy-internal
+      type: support
+  template:
+    metadata:
+      labels:
+        app: hasura-w-proxy-internal
+        type: support
+    spec:
+      securityContext:
+        runAsUser: 65534 # nobody
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/worker
+                operator: Exists
+      containers:
+      - name: hasura
+        image: hasura/graphql-engine:v2.33.1-ce
+        ports:
+          - name: hasura-internal
+            containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 30
+        resources:
+          limits:
+            cpu: "1"
+            memory: "640Mi"
+          requests:
+            cpu: "0.75"
+            memory: "512Mi"
+        env:
+          - name: HASURA_GRAPHQL_DATABASE_URL
+            value: postgres://postgres:xxx@yyy:5432/postgres
+          - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+            value: "true"
+          - name: HASURA_GRAPHQL_DEV_MODE
+            value: "true"
+          - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+            value: "false"
+          - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+            value: "inherited_roles"
+          - name: HASURA_GRAPHQL_PG_CONNECTIONS
+            value: "20"
+          - name: HASURA_GRAPHQL_LOG_LEVEL
+            value: "error"
+      - name: graphql-proxy
+        image: ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: "1"
+            memory: "640Mi"
+          requests:
+            cpu: "0.75"
+            memory: "128Mi"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        ports:
+          - name: web
+            containerPort: 8181
+          - name: monitoring
+            containerPort: 9393
+        env:
+          - name: PORT_GRAPHQL
+            value: "8181"
+          - name: MONITORING_PORT
+            value: "9393"
+          - name: HOST_GRAPHQL
+            value: http://localhost:8080/
+          - name: ENABLE_GLOBAL_CACHE
+            value: "true"
+          - name: CACHE_TTL
+            value: "10"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9393"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+  - name: hasura
+    port: 8080
+    targetPort: 8080
+  - name: proxy
+    port: 8181
+    targetPort: 8181
+  - name: monitoring
+    port: 9393
+    targetPort: 9393
+  selector:
+    app: hasura-w-proxy-internal
+    type: support
+  type: ClusterIP
@@ -1,30 +1,61 @@
 package main

 import (
-	"github.com/akyoto/cache"
-	libpack_logging "github.com/telegram-bot-app/libpack/logging"
-	libpack_monitoring "github.com/telegram-bot-app/libpack/monitoring"
+	graphql "github.com/lukaszraczylo/go-simple-graphql"
+	libpack_logging "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
+	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
+	"github.com/valyala/fasthttp"
 )

 // config is a struct that holds the configuration of the application.
 type config struct {
-	Logger     *libpack_logging.LogConfig
+	Logger     *libpack_logging.Logger
+	LogLevel   string
 	Monitoring *libpack_monitoring.MetricsSetup
-
-	// Server holds the configuration of the server _ONLY_.
-	Server struct {
-		PortGraphQL    int
-		PortMonitoring int
-		HostGraphQL    string
+	Tracing    struct {
+		Enable   bool
+		Endpoint string
 	}
-
+	Api    struct{ BannedUsersFile string }
 	Client struct {
+		GQLClient        *graphql.BaseClient
+		FastProxyClient  *fasthttp.Client
 		JWTUserClaimPath string
+		JWTRoleClaimPath string
+		RoleFromHeader   string
+		proxy            string
+		ClientTimeout    int
+		RoleRateLimit    bool
+	}
+	Security struct {
+		IntrospectionAllowed []string
+		BlockIntrospection   bool
+	}
+	HasuraEventCleaner struct {
+		EventMetadataDb string
+		ClearOlderThan  int
+		Enable          bool
 	}
-
 	Cache struct {
-		CacheEnable bool
-		CacheTTL    int
-		CacheClient *cache.Cache
+		CacheRedisURL      string
+		CacheRedisPassword string
+		CacheTTL           int
+		CacheRedisDB       int
+		CacheEnable        bool
+		CacheRedisEnable   bool
+	}
+	Server struct {
+		HostGraphQL         string
+		HostGraphQLReadOnly string
+		HealthcheckGraphQL  string
+		AllowURLs           []string
+		PortGraphQL         int
+		PortMonitoring      int
+		ApiPort             int
+		PurgeEvery          int
+		AccessLog           bool
+		ReadOnlyMode        bool
+		EnableApi           bool
+		PurgeOnCrawl        bool
 	}
 }
@@ -0,0 +1,105 @@
+package tracing
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
+	"go.opentelemetry.io/otel/propagation"
+	"go.opentelemetry.io/otel/sdk/resource"
+	sdktrace "go.opentelemetry.io/otel/sdk/trace"
+	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
+	"go.opentelemetry.io/otel/trace"
+)
+
+type TracingSetup struct {
+	tracerProvider *sdktrace.TracerProvider
+	tracer         trace.Tracer
+}
+
+type TraceSpanInfo struct {
+	TraceParent string `json:"traceparent"`
+}
+
+// NewTracing creates a new tracing setup with OTLP exporter
+func NewTracing(ctx context.Context, endpoint string) (*TracingSetup, error) {
+	if ctx.Err() != nil {
+		return nil, fmt.Errorf("invalid context: %v", ctx.Err())
+	}
+	if endpoint == "" {
+		return nil, fmt.Errorf("endpoint cannot be empty")
+	}
+
+	exporter, err := otlptracegrpc.New(ctx,
+		otlptracegrpc.WithEndpoint(endpoint),
+		otlptracegrpc.WithInsecure(),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create trace exporter: %w", err)
+	}
+
+	res, err := resource.New(ctx,
+		resource.WithAttributes(
+			semconv.ServiceName("graphql-monitoring-proxy"),
+		),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create resource: %w", err)
+	}
+
+	tracerProvider := sdktrace.NewTracerProvider(
+		sdktrace.WithBatcher(exporter),
+		sdktrace.WithResource(res),
+	)
+	otel.SetTracerProvider(tracerProvider)
+	otel.SetTextMapPropagator(propagation.TraceContext{})
+
+	tracer := tracerProvider.Tracer("graphql-monitoring-proxy")
+
+	return &TracingSetup{
+		tracerProvider: tracerProvider,
+		tracer:         tracer,
+	}, nil
+}
+
+// ExtractSpanContext extracts span context from TraceSpanInfo
+func (ts *TracingSetup) ExtractSpanContext(spanInfo *TraceSpanInfo) (trace.SpanContext, error) {
+	carrier := propagation.MapCarrier{
+		"traceparent": spanInfo.TraceParent,
+	}
+	ctx := context.Background()
+	ctx = otel.GetTextMapPropagator().Extract(ctx, carrier)
+	spanCtx := trace.SpanContextFromContext(ctx)
+	if !spanCtx.IsValid() {
+		return trace.SpanContext{}, fmt.Errorf("invalid span context")
+	}
+	return spanCtx, nil
+}
+
+// ParseTraceHeader parses X-Trace-Span header content
+func ParseTraceHeader(headerContent string) (*TraceSpanInfo, error) {
+	var spanInfo TraceSpanInfo
+	if err := json.Unmarshal([]byte(headerContent), &spanInfo); err != nil {
+		return nil, fmt.Errorf("failed to parse trace header: %w", err)
+	}
+	return &spanInfo, nil
+}
+
+// Shutdown cleanly shuts down the tracer provider
+func (ts *TracingSetup) Shutdown(ctx context.Context) error {
+	if ts.tracerProvider == nil {
+		return nil
+	}
+	return ts.tracerProvider.Shutdown(ctx)
+}
+
+// StartSpan starts a new span with the given name and parent context
+func (ts *TracingSetup) StartSpan(ctx context.Context, name string) (trace.Span, context.Context) {
+	if ts.tracer == nil {
+		return trace.SpanFromContext(ctx), ctx
+	}
+	ctx, span := ts.tracer.Start(ctx, name)
+	return span, ctx
+}
@@ -0,0 +1,103 @@
+package tracing
+
+import (
+	"context"
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"go.opentelemetry.io/otel/trace"
+)
+
+func TestParseTraceHeader(t *testing.T) {
+	tests := []struct {
+		name    string
+		header  string
+		want    *TraceSpanInfo
+		wantErr bool
+	}{
+		{
+			name:   "valid trace header",
+			header: `{"traceparent": "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"}`,
+			want: &TraceSpanInfo{
+				TraceParent: "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01",
+			},
+			wantErr: false,
+		},
+		{
+			name:    "invalid json",
+			header:  `{"traceparent": invalid}`,
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name:    "empty header",
+			header:  "",
+			want:    nil,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ParseTraceHeader(tt.header)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ParseTraceHeader() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !tt.wantErr {
+				gotJSON, _ := json.Marshal(got)
+				wantJSON, _ := json.Marshal(tt.want)
+				if string(gotJSON) != string(wantJSON) {
+					t.Errorf("ParseTraceHeader() = %v, want %v", string(gotJSON), string(wantJSON))
+				}
+			}
+		})
+	}
+}
+
+func TestNewTracing(t *testing.T) {
+	// Skip actual connection tests since they require a running collector
+	t.Run("empty endpoint", func(t *testing.T) {
+		ctx := context.Background()
+		_, err := NewTracing(ctx, "")
+		assert.Error(t, err, "Expected error for empty endpoint")
+		assert.Contains(t, err.Error(), "endpoint cannot be empty")
+	})
+
+	t.Run("invalid context", func(t *testing.T) {
+		ctx, cancel := context.WithCancel(context.Background())
+		cancel() // Cancel the context immediately
+		_, err := NewTracing(ctx, "localhost:4317")
+		assert.Error(t, err, "Expected error for invalid context")
+	})
+}
+
+func TestTracingSetup_ExtractSpanContext(t *testing.T) {
+	ts := &TracingSetup{}
+	spanInfo := &TraceSpanInfo{
+		TraceParent: "invalid-traceparent",
+	}
+
+	_, err := ts.ExtractSpanContext(spanInfo)
+	assert.Error(t, err, "Expected error for invalid traceparent")
+	assert.Contains(t, err.Error(), "invalid span context")
+}
+
+func TestTracingSetup_StartSpan(t *testing.T) {
+	ts := &TracingSetup{}
+	ctx := context.Background()
+
+	span, newCtx := ts.StartSpan(ctx, "test-span")
+	assert.NotNil(t, span, "Expected non-nil span even when tracer is nil")
+	assert.NotNil(t, newCtx, "Expected non-nil context")
+	assert.Equal(t, trace.SpanFromContext(ctx), span, "Expected span from context when tracer is nil")
+}
+
+func TestTracingSetup_Shutdown(t *testing.T) {
+	ts := &TracingSetup{}
+	ctx := context.Background()
+
+	err := ts.Shutdown(ctx)
+	assert.NoError(t, err, "Expected no error when shutting down nil tracer provider")
+}