increase error handling and mutex encapsulation (#12 )

* increase error handling and mutex encapsulation * undo method rename for now * set cant return error --------- Co-authored-by: Chris Clayton <chris.clayton@contino.io>
Release: Improve documentation and number of logs cleaned.
2026-06-11 00:09:37 +00:00 · 2024-06-15 10:21:49 +01:00 · 2024-06-12 12:59:54 +01:00 · 2024-06-12 12:46:13 +01:00 · 2024-06-12 12:27:13 +01:00 · 2024-06-12 12:23:14 +01:00
43 changed files with 2938 additions and 695 deletions
@@ -0,0 +1,89 @@
+name: Run tests on PR
+
+on:
+  pull_request:
+    branches:
+      - "main"
+  push:
+    paths-ignore:
+      - "**/**.md"
+      - "**/**.yaml"
+      - "static/**"
+    branches:
+      - "!main"
+
+env:
+  GO_VERSION: ">=1.21"
+
+jobs:
+  # This job is responsible for preparation of the build
+  # environment variables.
+  prepare:
+    name: Preparing build context
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        id: cache
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Go get dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          go get ./...
+
+  # This job is responsible for running tests and linting the codebase
+  test:
+    name: "Unit testing"
+    # needs: [prepare]
+    runs-on: ubuntu-latest
+    container: golang:1
+    # container: github/super-linter:v4
+    needs: [prepare]
+
+    services:
+      # Label used to access the service container
+      redis:
+        # Docker Hub image
+        image: redis
+        # Set health checks to wait until redis has started
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          # Maps the container port to the host machine
+          - 6379:6379
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{env.GO_VERSION}}
+          cache-dependency-path: "**/*.sum"
+
+      - name: Install dependencies
+        run: |
+          apt-get update
+          apt-get install ca-certificates make -y
+          update-ca-certificates
+          go mod tidy
+
+      - name: Run unit tests
+        env:
+          REDIS_HOST: redis
+          REDIS_PORT: 6379
+          REDIS_SERVER: "redis:6379"
+        run: |
+          export REDIS_SERVER="$REDIS_HOST:$REDIS_PORT"
+          CI_RUN=${CI} make test
@@ -1,9 +1,8 @@
-FROM alpine:latest
-RUN apk add --no-cache ca-certificates
+FROM gcr.io/distroless/base-debian12:nonroot
 WORKDIR /go/src/app
 ARG TARGETARCH
 ARG TARGETOS
+# silly workaround for distroless image as no chmod is available
+COPY --chmod=777 --chown=nonroot:nonroot static/app /go/src/app
 ADD dist/bot-$TARGETOS-$TARGETARCH /go/src/app/graphql-proxy
-ADD static/default-ratelimit.json /app/ratelimit.json
-RUN chmod +x /go/src/app/graphql-proxy
 ENTRYPOINT ["/go/src/app/graphql-proxy"]
@@ -11,7 +11,7 @@ help:  ## display this help

 .PHONY: run
 run: build ## run application
-	@LOG_LEVEL=debug BLOCK_SCHEMA_INTROSPECTION=false JWT_ROLE_RATE_LIMIT=false JWT_ROLE_CLAIM_PATH="Hasura.x-hasura-default-role" JWT_USER_CLAIM_PATH="Hasura.x-hasura-user-id" HOST_GRAPHQL=https://hasura8.lan/ ./graphql-proxy
+	@LOG_LEVEL=debug PURGE_METRICS_ON_CRAWL=true BLOCK_SCHEMA_INTROSPECTION=false CACHE_TTL=10 JWT_ROLE_RATE_LIMIT=false JWT_ROLE_CLAIM_PATH="Hasura.x-hasura-default-role" JWT_USER_CLAIM_PATH="Hasura.x-hasura-user-id" HOST_GRAPHQL=https://hasura8.lan/ HEALTHCHECK_GRAPHQL_URL=https://hasura8.lan/v1/graphql ./graphql-proxy

 .PHONY: build
 build: ## build the binary
@@ -6,17 +6,87 @@ This project is in active use by [telegram-bot.app](https://telegram-bot.app), a

 ![Example of monitoring dashboard](static/monitoring-at-glance.png?raw=true)

-You can find the example of the Kubernetes manifest in the [example deployment](static/kubernetes-deployment.yaml) file.
+- [graphql monitoring proxy](#graphql-monitoring-proxy)
+  - [Why this project exists](#why-this-project-exists)
+  - [How to deploy](#how-to-deploy)
+    - [Note on websocket support](#note-on-websocket-support)
+  - [Endpoints](#endpoints)
+  - [Features](#features)
+  - [Configuration](#configuration)
+  - [Speed](#speed)
+    - [Caching](#caching)
+    - [Read-only endpoint](#read-only-endpoint)
+  - [Maintenance](#maintenance)
+    - [Hasura event cleaner](#hasura-event-cleaner)
+  - [Security](#security)
+    - [Role-based rate limiting](#role-based-rate-limiting)
+    - [Read-only mode](#read-only-mode)
+    - [Allowing access to listed URLs](#allowing-access-to-listed-urls)
+    - [Blocking introspection](#blocking-introspection)
+  - [API endpoints](#api-endpoints)
+    - [Ban or unban the user](#ban-or-unban-the-user)
+    - [Cache operations](#cache-operations)
+  - [General](#general)
+    - [Metrics which matter](#metrics-which-matter)
+    - [Healthcheck](#healthcheck)
+    - [Monitoring endpoint](#monitoring-endpoint)

 ### Why this project exists

 I wanted to monitor the queries and responses of our graphql endpoint. Still, we didn't want to pay the price of the graphql server itself ( and I will not point fingers at a particular well-known project), as monitoring and basic security features should be a standard, free functionality.

+### How to deploy
+
+You can find the example of the Kubernetes manifest in the [example standalone deployment](static/kubernetes-deployment.yaml) or [example combined deployment](static/kubernetes-single-deployment.yaml) files. Observed advantage of multideployment is that it allows the network requests to travel via localhost, without leaving the deployment which brings quite significant network performance boost.
+
+#### Note on websocket support
+
+Proxy in its current version 0.5.30 does not support websockets. If you need to proxy the websocket requests - you can use following trick whilst setting up the proxy. As I'm a big fan of Traefik - there's an example which works with the mentioned above combined deployment.
+
+<details>
+  <summary>Click to show working Traefik Ingress Route example.</summary>
+
+```yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: hasura-internal
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    # NON WEBSOCKET CONNECTION
+    - kind: Rule
+      match: Host(`example.com`) && PathPrefix(`/v1/graphql`) && !HeadersRegexp(`Upgrade`, `websocket`)
+      services:
+      - name: hasura-w-proxy-internal
+        port: proxy
+      middlewares:
+        - name: compression
+          namespace: default
+
+    # WEBSOCKET CONNECTION
+    - kind: Rule
+      match: Host(`example.com`) && PathPrefix(`/v1/graphql`) && HeadersRegexp(`Upgrade`, `websocket`)
+      services:
+      - name: hasura-w-proxy-internal
+        port: hasura
+      middlewares:
+        - name: compression
+          namespace: default
+```
+
+In this case, both proxy and websockets will be available under the `/v1/graphql` path, and the websocket connection will be proxied directly to the hasura service, bypassing the proxy.
+
+</details>
+
 ### Endpoints

 * `:8080/*` - the graphql passthrough endpoint
 * `:9393/metrics` - the prometheus metrics endpoint
 * `:8080/healthz` - the healthcheck endpoint
+* `:8080/livez` - the liveness probe endpoint
+* `:9090/api/*` - the monitoring proxy API endpoint

 ### Features

@@ -27,39 +97,103 @@ I wanted to monitor the queries and responses of our graphql endpoint. Still, we
 | monitor    | Extracting the query name and type and adding it as a label to metrics|
 | monitor    | Calculating the query duration and adding it to the metrics           |
 | speed      | Caching the queries, together with per-query cache and TTL            |
+| speed      | Support for READ ONLY graphql endpoint                                |
 | security   | Blocking schema introspection                                         |
 | security   | Rate limiting queries based on user role                              |
 | security   | Blocking mutations in read-only mode                                  |
+| security   | Allow access only to listed URLs                                      |
+| security   | Ban / unban specific user from accessing the application              |
+| maintenance | Hasura event cleaner                                                 |


 ### Configuration

+All the environment variables **should** be prefixed with `GMP_` to avoid conflicts with other applications.
+If `GMP_` prefixed environment variable is present - it will take precedence over the non-prefixed one.
+You can still use the non-prefixed environment variables in the spirit of the backward compatibility, but it's not recommended.
+
 | Parameter                 | Description                              | Default Value              |
 |---------------------------|------------------------------------------|----------------------------|
 | `MONITORING_PORT`         | The port to expose the metrics endpoint  | `9393`                     |
 | `PORT_GRAPHQL`            | The port to expose the graphql endpoint  | `8080`                     |
 | `HOST_GRAPHQL`            | The host to proxy the graphql endpoint   | `http://localhost/` |
+| `HOST_GRAPHQL_READONLY`   | The host to proxy the read-only graphql endpoint | ``               |
+| `HEALTHCHECK_GRAPHQL_URL` | The URL to check the health of the graphql endpoint | `` |
 | `JWT_USER_CLAIM_PATH`     | Path to the user claim in the JWT token  | ``                         |
 | `JWT_ROLE_CLAIM_PATH`     | Path to the role claim in the JWT token  | ``                         |
-| `JWT_ROLE_FROM_HEADER`    | Header name to extract the role from     | ``                         |
+| `ROLE_FROM_HEADER`        | Header name to extract the role from     | ``                         |
 | `ROLE_RATE_LIMIT`         | Enable request rate limiting based on role| `false`                   |
 | `ENABLE_GLOBAL_CACHE`     | Enable the cache                        | `false`                    |
 | `CACHE_TTL`               | The cache TTL                           | `60`                       |
+| `ENABLE_REDIS_CACHE`      | Enable distributed Redis cache          | `false`                    |
+| `CACHE_REDIS_URL`         | URL to redis server / cluster endpoint  | `localhost:6379`           |
+| `CACHE_REDIS_PASSWORD`    | Redis connection password               | ``                         |
+| `CACHE_REDIS_DB`          | Redis DB id                             | `0`                        |
 | `LOG_LEVEL`               | The log level                           | `info`                     |
 | `BLOCK_SCHEMA_INTROSPECTION`| Blocks the schema introspection       | `false`                    |
+| `ALLOWED_INTROSPECTION`  | Allow only certain queries in introspection | ``                  |
 | `ENABLE_ACCESS_LOG`       | Enable the access log                   | `false`                    |
 | `READ_ONLY_MODE`          | Enable the read only mode               | `false`                    |
+| `ALLOWED_URLS`              | Allow access only to certain URLs       | `/v1/graphql,/v1/version`  |
+| `ENABLE_API`              | Enable the monitoring API               | `false`                    |
+| `API_PORT`                | The port to expose the monitoring API   | `9090`                     |
+| `BANNED_USERS_FILE`       | The path to the file with banned users  | `/go/src/app/banned_users.json`   |
+| `PROXIED_CLIENT_TIMEOUT` | The timeout for the proxied client in seconds     | `120`                      |
+| `PURGE_METRICS_ON_CRAWL` | Purge metrics on each /metrics crawl    | `false`                      |
+| `PURGE_METRICS_ON_TIMER` | Purge metrics every x seconds. `0` - disabled | `0`                      |
+| `HASURA_EVENT_CLEANER`   | Enable the hasura event cleaner          | `false`                    |
+| `HASURA_EVENT_CLEANER_OLDER_THAN` | The interval for the hasura event cleaner (in days) | `1`                  |
+| `HASURA_EVENT_METADATA_DB` | URL to the hasura metadata database    | `postgresql://localhost:5432/hasura` |

+### Speed

-### Caching
+#### Caching

 The cache engine is enabled in the background by default, using no additional resources.
-You can then start using the cache by setting the `ENABLE_GLOBAL_CACHE` environment variable to `true` - which will enable the cache for all queries without introspection. You can leave the global cache disabled and enable the cache for specific queries by adding the `@cached` directive to the query.
+You can then start using the cache by setting the `ENABLE_GLOBAL_CACHE` or `ENABLE_REDIS_CACHE` environment variable to `true` - which will enable the cache for all queries without introspection. You can leave the global cache disabled and enable the cache for specific queries by adding the `@cached` directive to the query.

 In the case of the `@cached` you can add additional parameters to the directive which will set the cache for specific queries to the provided time.
 For example, `query MyCachedQuery @cached(ttl: 90) ....` will set the cache for the query to 90 seconds.

-### Role-based rate limiting
+You can also set cache for specific query by using `X-Cache-Graphql-Query` header, which will set the cache for the query to the provided time, for example `X-Cache-Graphql-Query: 90` will set the cache for the query to 90 seconds.
+
+You can also force refresh of the cache by using `@cached(refresh: true)` directive in the query, for example:
+
+```
+query MyProducts @cached(refresh: true) {
+  products {
+    id
+    name
+  }
+}
+```
+
+Since version `0.5.30` the cache is gzipped in the memory, which should optimise the memory usage quite significantly.
+Since version `0.15.48` the you can also use the distributed Redis cache.
+
+#### Read-only endpoint
+
+You can now specify the read-only GraphQL endpoint by setting the `HOST_GRAPHQL_READONLY` environment variable. The default value is empty, preventing the proxy from using the read-only endpoint for the queries and directing all the requests to the main endpoint specified as `HOST_GRAPHQL`. If the `HOST_GRAPHQL_READONLY` is set, the proxy will use the read-only endpoint for the queries with the `query` type and the main endpoint for the `mutation` type queries. Format of the read-only endpoint is the same as `HOST_GRAPHQL` endpoint, for example `http://localhost:8080/`.
+
+You can check out the [example of combined deployment with RW and read-only hasura](static/kubernetes-single-deployment-with-ro.yaml).
+
+### Maintenance
+
+#### Hasura event cleaner
+
+When enabled via `HASURA_EVENT_CLEANER=true` - proxy needs to have a direct access to the database to execute simple delete queries on schedule. You can specify number of days the logs should be kept for using `HASURA_EVENT_CLEANER_OLDER_THAN`, for example `HASURA_EVENT_CLEANER_OLDER_THAN=14` will keep 14 days of event execution logs. Ticker managing the cleaner routine will be executed every hour.
+
+Following tables are being cleaned:
+- `hdb_catalog.event_invocation_logs`
+- `hdb_catalog.event_log`
+- `hdb_catalog.hdb_action_log`
+- `hdb_catalog.hdb_cron_event_invocation_logs`
+- `hdb_catalog.hdb_scheduled_event_invocation_logs`
+
+
+### Security
+
+#### Role-based rate limiting

 You can rate limit requests using the `ROLE_RATE_LIMIT` environment variable. If enabled, the proxy will rate limit the requests based on the role claim in the JWT token. You can then provide the JSON file in the following format to specify the limits.
 The default interval is `second`, but you can use other values as well. If you want to disable the rate limiting for a specific role, you can set the `req` to `0`.
@@ -97,11 +231,73 @@ Remember to include the `-` role, which is used for unauthenticated users or whe
 If rate limit has been reached - the proxy will return `429 Too Many Requests` error.


-### Read-only mode
+#### Read-only mode

 You can enable the read-only mode by setting the `READ_ONLY_MODE` environment variable to `true` - which will block all the `mutation` queries.

-### Monitoring endpoint
+#### Allowing access to listed URLs
+
+You can allow access only to certain URLs by setting the `ALLOWED_URLS` environment variable to a comma-separated list of URLs. If enabled - other URLs will return `403 Forbidden` error and request will **not** reach the proxied service.
+
+#### Blocking introspection
+
+You can block the schema introspection by setting the `BLOCK_SCHEMA_INTROSPECTION` environment variable to `true` - which will block all the queries with introspection parts, like:
+
+`__schema`, `__type`, `__typename`, `__directive`, `__directivelocation`, `__field`, `__inputvalue`, `__enumvalue`, `__typekind`, `__fieldtype`, `__inputobjecttype`, `__enumtype`, `__uniontype`, `__scalars`, `__objects`, `__interfaces`, `__unions`, `__enums`, `__inputobjects`, `__directives`
+
+If you'd like to keep blocking of the schema introspection on but allow one or more of from the list of above for any reason, you can use the `ALLOWED_INTROSPECTION` environment variable to specify the list of allowed queries.
+
+`ALLOWED_INTROSPECTION="__typename,__type"`
+
+### API endpoints
+
+#### Ban or unban the user
+
+Your monitoring system can detect user misbehaving, for example trying to extract / scrap the data. To prevent user from doing so you can use the simple API to ban the user from accessing the application.
+
+To do so - you need to enable the api by setting env variable `ENABLE_API=true` which will expose the API on the port `API_PORT=9090`. Nedless to say - keep it secure and don't expose it outside of your cluster.
+
+ Then you can use the following endpoints:
+
+* `POST /api/user-ban` - ban the user from accessing the application
+* `POST /api/user-unban` - unban the user from accessing the application
+
+#### Cache operations
+
+* `POST /api/cache-clear` - clear the cache
+* `GET /api/cache-stats` - get the cache statistics ( hits, misses, size )
+
+Both endpoints require the `user_id` parameter to be present in the request body and allow you to provide the reason for the ban.
+
+Example request:
+
+```bash
+curl -X POST \
+  http://localhost:9090/api/user-ban \
+  -H 'Content-Type: application/json' \
+  -d '{
+      "user_id": "1337",
+      "reason": "Scraping data"
+    }'
+```
+
+Ban details will be stored in the `banned_users.json` file, which you can mount as a file or configmap to the `/go/src/app/banned_users.json` path ( or use `BANNED_USERS_FILE` environment variable to specify the path to the file). The file operation is important if you have multiple instances of the proxy running, as it will allow you to ban the user from accessing the application on all instances.
+
+### General
+
+#### Metrics which matter
+
+You can always enable `PURGE_METRICS_ON_CRAWL` environment variable to purge the metrics on each `/metrics` crawl. This will allow you to see only the current metrics, without potential leftovers from the previous crawls. This is useful if you want to monitor the metrics in real-time and / or limit the amount of data ingested into the monitoring system. When enabled you will most likely need to update your monitoring queries.
+
+With the `PURGE_METRICS_ON_CRAWL` enabled, the `graphql_proxy_requests_failed`, `graphql_proxy_requests_skipped` and `graphql_proxy_requests_succesful` metrics will remain between resets.
+
+If you prefer more control over the metrics purging - you can enable `PURGE_METRICS_ON_TIMER` environment variable and set the interval in seconds. This will allow you to purge the metrics on a regular basis, for example every 90 seconds. It could be better solution if you have multiple crawlers checking the metrics endpoints and you want to avoid the situation when metrics are purged by for example healthcheck.
+
+#### Healthcheck
+
+If you'd like the `/healthz` endpoint to perform actual check for the connectivity to the graphql endpoint - set the `HEALTHCHECK_GRAPHQL_URL` environment variable to the exact URL of the graphql endpoint. The query executed will be `query { __typename }` and if the response is not `200 OK` - the healthcheck will fail. Remember that the endpoint is a full URL which you'd like to check, so it should include the protocol, host and path - for example `http://localhost:8080/v1/graphql` and it's NOT the same as value of `HOST_GRAPHQL` environment variable which should provide only the host, without path, ending with slash.
+
+#### Monitoring endpoint

 Example metrics produced by the proxy:

@@ -118,4 +314,7 @@ graphql_proxy_executed_query{user_id="-",op_type="query",op_name="checkIfSpamAIR
 graphql_proxy_requests_failed 324
 graphql_proxy_requests_skipped 0
 graphql_proxy_requests_succesful 454823
-```
+graphql_proxy_cache_hit{microservice="graphql_proxy",pod="hasura-w-proxy-internal-6b5f4b4bbb-9xwfc"} 7
+graphql_proxy_cache_hit{pod="hasura-w-proxy-internal-6b5f4b4bbb-9xwfc",microservice="graphql_proxy"} 1
+graphql_proxy_cache_miss{microservice="graphql_proxy",pod="hasura-w-proxy-internal-6b5f4b4bbb-9xwfc"} 23
+```
@@ -0,0 +1,161 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/goccy/go-json"
+	fiber "github.com/gofiber/fiber/v2"
+	"github.com/gofrs/flock"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+)
+
+var bannedUsersIDs map[string]string = make(map[string]string)
+
+func enableApi() {
+	if cfg.Server.EnableApi {
+		apiserver := fiber.New(fiber.Config{
+			DisableStartupMessage: true,
+			AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
+		})
+
+		api := apiserver.Group("/api")
+		api.Post("/user-ban", apiBanUser)
+		api.Post("/user-unban", apiUnbanUser)
+		api.Post("/cache-clear", apiClearCache)
+		api.Get("/cache-stats", apiCacheStats)
+
+		go periodicallyReloadBannedUsers()
+		err := apiserver.Listen(fmt.Sprintf(":%d", cfg.Server.ApiPort))
+		if err != nil {
+			cfg.Logger.Critical("Can't start the service", map[string]interface{}{"error": err.Error()})
+		}
+	}
+}
+
+func periodicallyReloadBannedUsers() {
+	for {
+		loadBannedUsers()
+		cfg.Logger.Debug("Banned users reloaded", map[string]interface{}{"users": bannedUsersIDs})
+		<-time.After(10 * time.Second)
+	}
+}
+
+func checkIfUserIsBanned(c *fiber.Ctx, userID string) bool {
+	_, found := bannedUsersIDs[userID]
+	cfg.Logger.Debug("Checking if user is banned", map[string]interface{}{"user_id": userID, "found": found})
+	if found {
+		cfg.Logger.Info("User is banned", map[string]interface{}{"user_id": userID})
+		c.Status(403).SendString("User is banned")
+	}
+	return found
+}
+
+func apiClearCache(c *fiber.Ctx) error {
+	cfg.Logger.Debug("Clearing cache via API", nil)
+	cacheClear()
+	cfg.Logger.Info("Cache cleared via API", nil)
+	c.Status(200).SendString("OK: cache cleared")
+	return nil
+}
+
+func apiCacheStats(c *fiber.Ctx) error {
+	stats := getCacheStats()
+	cfg.Logger.Debug("Getting cache stats via API", map[string]interface{}{"stats": stats})
+	err := c.JSON(stats)
+	if err != nil {
+		cfg.Logger.Error("Can't marshal cache stats", map[string]interface{}{"error": err.Error()})
+		return err
+	}
+	return nil
+}
+
+type apiBanUserRequest struct {
+	UserID string `json:"user_id"`
+	Reason string `json:"reason"`
+}
+
+func apiBanUser(c *fiber.Ctx) error {
+	var req apiBanUserRequest
+	err := c.BodyParser(&req)
+	if err != nil {
+		cfg.Logger.Error("Can't parse the ban user request", map[string]interface{}{"error": err.Error()})
+		return err
+	}
+	bannedUsersIDs[req.UserID] = req.Reason
+	cfg.Logger.Info("Banned user", map[string]interface{}{"user_id": req.UserID, "reason": req.Reason})
+	storeBannedUsers()
+	c.Status(200).SendString("OK: user banned")
+	return nil
+}
+
+func apiUnbanUser(c *fiber.Ctx) error {
+	var req apiBanUserRequest
+	err := c.BodyParser(&req)
+	if err != nil {
+		cfg.Logger.Error("Can't parse the unban user request", map[string]interface{}{"error": err.Error()})
+		return err
+	}
+	delete(bannedUsersIDs, req.UserID)
+	cfg.Logger.Info("Unbanned user", map[string]interface{}{"user_id": req.UserID})
+	storeBannedUsers()
+	c.Status(200).SendString("OK: user unbanned")
+	return nil
+}
+
+func storeBannedUsers() {
+	fileLock := flock.New(fmt.Sprintf("%s.lock", cfg.Api.BannedUsersFile))
+	err := fileLock.Lock()
+	if err != nil {
+		cfg.Logger.Error("Can't lock the file", map[string]interface{}{"error": err.Error()})
+		return
+	}
+	defer fileLock.Unlock()
+	data, err := json.Marshal(bannedUsersIDs)
+	if err != nil {
+		cfg.Logger.Error("Can't marshal banned users", map[string]interface{}{"error": err.Error()})
+		return
+	}
+	err = os.WriteFile(cfg.Api.BannedUsersFile, data, 0644)
+	if err != nil {
+		cfg.Logger.Error("Can't write banned users to file", map[string]interface{}{"error": err.Error()})
+		return
+	}
+}
+
+func loadBannedUsers() {
+	if _, err := os.Stat(cfg.Api.BannedUsersFile); os.IsNotExist(err) {
+		cfg.Logger.Info("Banned users file doesn't exist - creating it", map[string]interface{}{"file": cfg.Api.BannedUsersFile})
+		_, err := os.Create(cfg.Api.BannedUsersFile)
+		if err != nil {
+			cfg.Logger.Error("Can't create the file", map[string]interface{}{"error": err.Error()})
+			return
+		}
+		// write empty json to the file
+		err = os.WriteFile(cfg.Api.BannedUsersFile, []byte("{}"), 0644)
+		if err != nil {
+			cfg.Logger.Error("Can't write to the file", map[string]interface{}{"error": err.Error()})
+			return
+		}
+	}
+
+	fileLock := flock.New(fmt.Sprintf("%s.lock", cfg.Api.BannedUsersFile))
+	err := fileLock.RLock() // Use RLock for read lock
+	if err != nil {
+		cfg.Logger.Error("Can't lock the file [load]", map[string]interface{}{"error": err.Error()})
+		return
+	}
+	defer fileLock.Unlock()
+
+	data, err := os.ReadFile(cfg.Api.BannedUsersFile)
+	if err != nil {
+		cfg.Logger.Error("Can't read banned users from file", map[string]interface{}{"error": err.Error()})
+		return
+	}
+	err = json.Unmarshal(data, &bannedUsersIDs)
+	if err != nil {
+		cfg.Logger.Error("Can't unmarshal banned users", map[string]interface{}{"error": err.Error()})
+		return
+	}
+}
@@ -1,33 +1,95 @@
 package main

 import (
-	"fmt"
 	"time"

-	"github.com/akyoto/cache"
 	fiber "github.com/gofiber/fiber/v2"
 	"github.com/gookit/goutil/strutil"
+	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/memory"
+	libpack_redis "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/redis"
+)
+
+type CacheStats struct {
+	CachedQueries int `json:"cached_queries"`
+	CacheHits     int `json:"cache_hits"`
+	CacheMisses   int `json:"cache_misses"`
+}
+
+type CacheClient interface {
+	Set(key string, value []byte, ttl time.Duration)
+	Get(key string) ([]byte, bool)
+	Delete(key string)
+	Clear()
+	CountQueries() int
+}
+
+var (
+	cacheStats *CacheStats
 )

 func calculateHash(c *fiber.Ctx) string {
-	return strutil.Md5(fmt.Sprintf("%s", c.Body()))
+	return strutil.Md5(c.Body())
 }

 func enableCache() {
-	var err error
-	cfg.Cache.CacheClient = cache.New(time.Duration(cfg.Cache.CacheTTL) * time.Second * 2)
-	if err != nil {
-		cfg.Logger.Critical("Can't create cache client", map[string]interface{}{"error": err.Error()})
-		panic(err)
+	cacheStats = &CacheStats{}
+	if shouldUseRedisCache() {
+		cfg.Logger.Info("Using Redis cache", nil)
+		cfg.Cache.Client = libpack_redis.NewClient(&libpack_redis.RedisClientConfig{
+			RedisDB:       cfg.Cache.CacheRedisDB,
+			RedisServer:   cfg.Cache.CacheRedisURL,
+			RedisPassword: cfg.Cache.CacheRedisPassword,
+		})
+	} else {
+		cfg.Logger.Info("Using in-memory cache", nil)
+		cfg.Cache.Client = libpack_cache.New(time.Duration(cfg.Cache.CacheTTL) * time.Second)
 	}
 }

 func cacheLookup(hash string) []byte {
-	if cfg.Cache.CacheClient != nil {
-		obj, found := cfg.Cache.CacheClient.Get(hash)
-		if found {
-			return obj.([]byte)
-		}
+	obj, found := cfg.Cache.Client.Get(hash)
+	if found {
+		cacheStats.CacheHits++
+		return obj
 	}
+	cacheStats.CacheMisses++
 	return nil
 }
+
+func cacheDelete(hash string) {
+	cfg.Logger.Debug("Deleting data from cache", map[string]interface{}{"hash": hash})
+	cacheStats.CachedQueries--
+	cfg.Cache.Client.Delete(hash)
+}
+
+func cacheStore(hash string, data []byte) {
+	cfg.Logger.Debug("Storing data in cache", map[string]interface{}{"hash": hash})
+	cacheStats.CachedQueries++
+	cfg.Cache.Client.Set(hash, data, time.Duration(cfg.Cache.CacheTTL)*time.Second)
+}
+
+func cacheStoreWithTTL(hash string, data []byte, ttl time.Duration) {
+	cfg.Logger.Debug("Storing data in cache with TTL", map[string]interface{}{"hash": hash, "ttl": ttl})
+	cacheStats.CachedQueries++
+	cfg.Cache.Client.Set(hash, data, ttl)
+}
+
+func cacheGetQueries() int {
+	cfg.Logger.Debug("Counting cache queries", nil)
+	return cfg.Cache.Client.CountQueries()
+}
+
+func cacheClear() {
+	cfg.Cache.Client.Clear()
+	cacheStats = &CacheStats{}
+}
+
+func getCacheStats() *CacheStats {
+	cfg.Logger.Debug("Getting cache stats", nil)
+	cacheStats.CachedQueries = cacheGetQueries()
+	return cacheStats
+}
+
+func shouldUseRedisCache() bool {
+	return cfg.Cache.CacheRedisEnable
+}
@@ -0,0 +1,186 @@
+package libpack_cache
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+	"log"
+	"sync"
+	"time"
+)
+
+type CacheEntry struct {
+	ExpiresAt time.Time
+	Value     []byte
+}
+
+type Cache struct {
+	compressPool   sync.Pool
+	decompressPool sync.Pool
+	entries        sync.Map
+	globalTTL      time.Duration
+	mu             sync.RWMutex // Added sync.RWMutex field for locking
+}
+
+func New(globalTTL time.Duration) *Cache {
+	cache := &Cache{
+		globalTTL: globalTTL,
+		compressPool: sync.Pool{
+			New: func() interface{} {
+				return gzip.NewWriter(nil)
+			},
+		},
+		decompressPool: sync.Pool{
+			New: func() interface{} {
+				r, _ := gzip.NewReader(bytes.NewReader([]byte{}))
+				return r
+			},
+		},
+	}
+
+	go cache.cleanupRoutine(globalTTL)
+	return cache
+}
+
+func (c *Cache) cleanupRoutine(globalTTL time.Duration) {
+	ticker := time.NewTicker(globalTTL / 2)
+	defer ticker.Stop()
+
+	for range ticker.C {
+		c.CleanExpiredEntries()
+	}
+}
+
+func (c *Cache) Set(key string, value []byte, ttl time.Duration) {
+	c.lock()
+	defer c.unlock()
+
+	expiresAt := time.Now().Add(ttl)
+
+	compressedValue, err := c.compress(value)
+	if err != nil {
+		log.Printf("Error compressing value for key %s: %v", key, err)
+		return
+	}
+
+	entry := CacheEntry{
+		Value:     compressedValue,
+		ExpiresAt: expiresAt,
+	}
+	c.entries.Store(key, entry)
+}
+
+func (c *Cache) Get(key string) ([]byte, bool) {
+	c.rlock()
+	defer c.runlock()
+
+	entry, ok := c.entries.Load(key)
+	if !ok || entry.(CacheEntry).ExpiresAt.Before(time.Now()) {
+		return nil, false
+	}
+	compressedValue := entry.(CacheEntry).Value
+	value, err := c.decompress(compressedValue)
+	if err != nil {
+		log.Printf("Error decompressing value for key %s: %v", key, err)
+		return nil, false
+	}
+	return value, true
+}
+
+func (c *Cache) Delete(key string) {
+	c.lock()
+	defer c.unlock()
+
+	c.entries.Delete(key)
+}
+
+func (c *Cache) Clear() {
+	c.lock()
+	defer c.unlock()
+
+	c.entries.Range(func(key, value interface{}) bool {
+		c.entries.Delete(key)
+		return true
+	})
+}
+
+func (c *Cache) CountQueries() int {
+	c.rlock()
+	defer c.runlock()
+
+	var count int
+	c.entries.Range(func(_, _ interface{}) bool {
+		count++
+		return true
+	})
+	return count
+}
+
+func (c *Cache) compress(data []byte) ([]byte, error) {
+	w := c.compressPool.Get().(*gzip.Writer)
+	defer c.compressPool.Put(w)
+
+	var buf bytes.Buffer
+	w.Reset(&buf)
+	if _, err := w.Write(data); err != nil {
+		return nil, err
+	}
+	if err := w.Close(); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func (c *Cache) decompress(data []byte) ([]byte, error) {
+	r, ok := c.decompressPool.Get().(*gzip.Reader)
+	if !ok || r == nil {
+		var err error
+		r, err = gzip.NewReader(bytes.NewReader(data))
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		if err := r.Reset(bytes.NewReader(data)); err != nil {
+			return nil, err
+		}
+	}
+	defer func() {
+		r.Close()
+		c.decompressPool.Put(r)
+	}()
+
+	decompressedData, err := io.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+	return decompressedData, nil
+}
+
+func (c *Cache) CleanExpiredEntries() {
+	now := time.Now()
+	c.entries.Range(func(key, value interface{}) bool {
+		entry := value.(CacheEntry)
+		if entry.ExpiresAt.Before(now) {
+			c.entries.Delete(key)
+		}
+		return true
+	})
+}
+
+// Private methods to handle locking
+
+func (c *Cache) lock() {
+	c.mu.Lock()
+}
+
+func (c *Cache) unlock() {
+	c.mu.Unlock()
+}
+
+func (c *Cache) rlock() {
+	c.mu.RLock()
+}
+
+func (c *Cache) runlock() {
+	c.mu.RUnlock()
+}
@@ -0,0 +1,54 @@
+package libpack_cache
+
+import (
+	"testing"
+	"time"
+)
+
+// Assume that New function initializes the cache and it is defined somewhere in the libpack_cache package.
+
+func BenchmarkCacheSet(b *testing.B) {
+	cache := New(30 * time.Second) // Initializing the cache with a TTL of 30 seconds
+	key := "benchmark-key"
+	value := []byte("benchmark-value")
+
+	b.ResetTimer() // Reset the timer to exclude the setup time from the benchmark
+
+	for i := 0; i < b.N; i++ {
+		cache.Set(key, value, 5*time.Second)
+	}
+}
+
+func BenchmarkCacheGet(b *testing.B) {
+	cache := New(30 * time.Second) // Initializing the cache
+	key := "benchmark-key"
+	value := []byte("benchmark-value")
+	cache.Set(key, value, 5*time.Second) // Pre-set a value to retrieve
+
+	b.ResetTimer() // Start timing
+
+	for i := 0; i < b.N; i++ {
+		_, _ = cache.Get(key)
+	}
+}
+
+func BenchmarkCacheExpire(b *testing.B) {
+	key := "benchmark-expire-key"
+	value := []byte("benchmark-value")
+	ttl := 5 * time.Millisecond // Setting a short TTL for quick expiration
+
+	for i := 0; i < b.N; i++ {
+		cache := New(30 * time.Second)
+		cache.Set(key, value, ttl)
+		time.Sleep(ttl) // Wait for the key to expire
+		_, _ = cache.Get(key)
+	}
+}
+
+func BenchmarkCacheStats(b *testing.B) {
+	cache := New(30 * time.Second) // Initializing the cache
+	key := "benchmark-key"
+	value := []byte("benchmark-value")
+	cache.Set(key, value, 5*time.Second) // Pre-set a value to retrieve
+	cache.Get(key)
+}
@@ -0,0 +1,112 @@
+package libpack_cache
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type CacheTestSuite struct {
+	suite.Suite
+}
+
+func (suite *CacheTestSuite) SetupTest() {
+}
+
+func TestCachingTestSuite(t *testing.T) {
+	suite.Run(t, new(CacheTestSuite))
+}
+
+func (suite *CacheTestSuite) Test_New() {
+	suite.T().Run("should return a new cache", func(t *testing.T) {
+		cache := New(2 * time.Second)
+		suite.NotNil(cache)
+	})
+}
+
+func (suite *CacheTestSuite) Test_CacheUse() {
+	cache := New(30 * time.Second)
+	tests := []struct {
+		name        string
+		cache_value string
+	}{
+		{
+			name:        "test1",
+			cache_value: "test1-123",
+		},
+		{
+			name:        "test2",
+			cache_value: "test2-123",
+		},
+	}
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			cache.Set(tt.name, []byte(tt.name), 5*time.Second)
+			c, ok := cache.Get(tt.name)
+			suite.Equal(true, ok)
+			suite.Equal(tt.name, string(c))
+		})
+	}
+}
+
+func (suite *CacheTestSuite) Test_CacheDelete() {
+	cache := New(30 * time.Second)
+	tests := []struct {
+		name        string
+		cache_value string
+	}{
+		{
+			name:        "test1",
+			cache_value: "test1-123",
+		},
+		{
+			name:        "test2",
+			cache_value: "test2-123",
+		},
+	}
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			cache.Set(tt.name, []byte(tt.name), 5*time.Second)
+			c, ok := cache.Get(tt.name)
+			suite.Equal(true, ok)
+			suite.Equal(tt.name, string(c))
+			cache.Delete(tt.name)
+			c, ok = cache.Get(tt.name)
+			suite.Equal(false, ok)
+			suite.Equal("", string(c))
+		})
+	}
+}
+
+func (suite *CacheTestSuite) Test_CacheExpire() {
+	cache := New(30 * time.Second)
+	tests := []struct {
+		name        string
+		cache_value string
+		ttl         time.Duration
+	}{
+		{
+			name:        "test1",
+			cache_value: "test1-123",
+			ttl:         2 * time.Second,
+		},
+		{
+			name:        "test2",
+			cache_value: "test2-123",
+			ttl:         5 * time.Second,
+		},
+	}
+	for _, tt := range tests {
+		suite.T().Run(tt.name, func(t *testing.T) {
+			cache.Set(tt.name, []byte(tt.name), tt.ttl)
+			c, ok := cache.Get(tt.name)
+			suite.Equal(true, ok)
+			suite.Equal(tt.name, string(c))
+			time.Sleep(tt.ttl)
+			c, ok = cache.Get(tt.name)
+			suite.Equal(false, ok)
+			suite.Equal("", string(c))
+		})
+	}
+}
@@ -0,0 +1,77 @@
+package libpack_redis
+
+import (
+	"context"
+	"time"
+
+	redis "github.com/redis/go-redis/v9"
+)
+
+var ()
+
+type RedisConfig struct {
+	client *redis.Client
+	ctx    context.Context
+}
+
+func prependKeyName(key string) string {
+	return "gmp_cache:" + key
+}
+
+type RedisClientConfig struct {
+	RedisServer   string
+	RedisPassword string
+	RedisDB       int
+}
+
+func NewClient(redisClientConfig *RedisClientConfig) *RedisConfig {
+	c := &RedisConfig{
+		client: redis.NewClient(&redis.Options{
+			Addr:     redisClientConfig.RedisServer,
+			Password: redisClientConfig.RedisPassword,
+			DB:       redisClientConfig.RedisDB,
+		}),
+		ctx: context.Background(),
+	}
+	_, err := c.client.Ping(c.ctx).Result()
+	if err != nil {
+		panic(err)
+	}
+	return c
+}
+
+func (c *RedisConfig) Set(key string, value []byte, ttl time.Duration) {
+	c.client.Set(c.ctx, prependKeyName(key), value, ttl)
+}
+
+func (c *RedisConfig) Get(key string) ([]byte, bool) {
+	val, err := c.client.Get(c.ctx, prependKeyName(key)).Result()
+	if err == redis.Nil || err != nil {
+		return nil, false
+	}
+	return []byte(val), true
+}
+
+func (c *RedisConfig) Delete(key string) {
+	c.client.Del(c.ctx, prependKeyName(key))
+}
+
+func (c *RedisConfig) Clear() {
+	c.client.FlushDB(c.ctx)
+}
+
+func (c *RedisConfig) CountQueries() int {
+	keys, err := c.client.Keys(c.ctx, prependKeyName("*")).Result()
+	if err != nil {
+		return 0
+	}
+	return len(keys)
+}
+
+func (c *RedisConfig) CountQueriesWithPattern(pattern string) int {
+	keys, err := c.client.Keys(c.ctx, prependKeyName(pattern)).Result()
+	if err != nil {
+		return 0
+	}
+	return len(keys)
+}
@@ -0,0 +1,125 @@
+package libpack_redis
+
+import (
+	"testing"
+	"time"
+
+	"github.com/gookit/goutil/envutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type RedisConfigSuite struct {
+	suite.Suite
+	redisConfig *RedisConfig
+}
+
+func (suite *RedisConfigSuite) SetupTest() {
+	redis_server := envutil.Getenv("REDIS_SERVER", "localhost:6379")
+	suite.redisConfig = NewClient(&RedisClientConfig{
+		RedisServer:   redis_server,
+		RedisPassword: "",
+		RedisDB:       0,
+	})
+	suite.redisConfig.Delete("testkey")
+}
+
+func TestRedisConfigSuite(t *testing.T) {
+	suite.Run(t, new(RedisConfigSuite))
+}
+
+func (suite *RedisConfigSuite) TestSet() {
+	key := "testkey"
+	value := []byte("testvalue")
+	suite.redisConfig.Delete(key) // Ensure the key is deleted before the test
+
+	// Test writing a new key-value pair
+	suite.redisConfig.Set(key, value, 0)
+	storedValue, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), value, storedValue)
+
+	// Test overwriting an existing key-value pair
+	newValue := []byte("newvalue")
+	suite.redisConfig.Set(key, newValue, 0)
+	storedValue, found = suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), newValue, storedValue)
+
+	suite.redisConfig.Delete(key) // Clean up after the test
+}
+
+func (suite *RedisConfigSuite) TestSetWithExpiry() {
+	key := "testkey"
+	value := []byte("testvalue")
+	expiry := 1 * time.Second
+	suite.redisConfig.Delete(key) // Ensure the key is deleted before the test
+
+	// Test writing a new key-value pair
+	suite.redisConfig.Set(key, value, expiry)
+	storedValue, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), value, storedValue)
+
+	// Test that key expires after the specified time
+	time.Sleep(2 * time.Second)
+	_, found = suite.redisConfig.Get(key)
+	assert.False(suite.T(), found)
+
+	suite.redisConfig.Delete(key) // Clean up after the test
+}
+
+func (suite *RedisConfigSuite) TestGet() {
+	key := "testkey"
+	value := []byte("testvalue")
+	suite.redisConfig.Set(key, value, 0) // Set the key-value pair
+	storedValue, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+	assert.Equal(suite.T(), value, storedValue)
+}
+
+func (suite *RedisConfigSuite) TestDeleteKey() {
+	key := "testkey"
+	value := []byte("testvalue")
+	suite.redisConfig.Set(key, value, 0) // Set the key-value pair
+	suite.redisConfig.Delete(key)
+	_, found := suite.redisConfig.Get(key)
+	assert.False(suite.T(), found)
+}
+
+func (suite *RedisConfigSuite) TestCheckIfKeyExists() {
+	ttl := time.Duration(10) * time.Second
+	key := "testkey"
+	value := []byte("testvalue")
+	suite.redisConfig.Set(key, value, ttl) // Set the key-value pair
+	_, found := suite.redisConfig.Get(key)
+	assert.True(suite.T(), found)
+
+	suite.redisConfig.Delete(key)
+	_, found = suite.redisConfig.Get(key)
+	assert.False(suite.T(), found)
+}
+
+func (suite *RedisConfigSuite) TestGetKeys() {
+	ttl := time.Duration(10) * time.Second
+	suite.redisConfig.Set("testkey1", []byte("testvalue1"), ttl)
+	suite.redisConfig.Set("testkey2", []byte("testvalue2"), ttl)
+	suite.redisConfig.Set("otherkey", []byte("othervalue"), ttl)
+
+	keys, _ := suite.redisConfig.client.Keys(suite.redisConfig.ctx, prependKeyName("testkey*")).Result()
+	expectedKeys := []string{prependKeyName("testkey1"), prependKeyName("testkey2")}
+	assert.ElementsMatch(suite.T(), expectedKeys, keys)
+
+	suite.redisConfig.client.Del(suite.redisConfig.ctx, "testkey1", "testkey2", "otherkey")
+}
+
+func (suite *RedisConfigSuite) TestGetKeysCount() {
+	ttl := time.Duration(10) * time.Second
+	suite.redisConfig.Set("testkey1", []byte("testvalue1"), ttl)
+	suite.redisConfig.Set("testkey2", []byte("testvalue2"), ttl)
+	suite.redisConfig.Set("otherkey", []byte("othervalue"), ttl)
+
+	assert.Equal(suite.T(), 2, suite.redisConfig.CountQueriesWithPattern("testkey*"))
+
+	suite.redisConfig.client.Del(suite.redisConfig.ctx, "testkey1", "testkey2", "otherkey")
+}
@@ -1,11 +1,11 @@
 package main

 import (
-	"testing"
-	"time"
+	"github.com/gookit/goutil/envutil"
+	libpack_redis "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/redis"
 )

-func (suite *Tests) Test_cacheLookup() {
+func (suite *Tests) Test_cacheLookupInmemory() {
 	type args struct {
 		hash string
 	}
@@ -27,7 +27,7 @@ func (suite *Tests) Test_cacheLookup() {
 		{
 			name: "test_existent",
 			args: args{
-				hash: "00000000000000000000000000000000000001",
+				hash: "00000000000000000000000000000000001337",
 			},
 			want: []byte("it's fine."),
 			addCache: struct {
@@ -38,9 +38,59 @@ func (suite *Tests) Test_cacheLookup() {
 		},
 	}
 	for _, tt := range tests {
-		suite.T().Run(tt.name, func(t *testing.T) {
+		suite.Run(tt.name, func() {
 			if tt.addCache.data != nil {
-				cfg.Cache.CacheClient.Set(tt.args.hash, tt.addCache.data, time.Duration(1)*time.Second)
+				cacheStore(tt.args.hash, tt.addCache.data)
+			}
+			got := cacheLookup(tt.args.hash)
+			assert.Equal(tt.want, got, "Unexpected cache lookup result")
+		})
+	}
+}
+
+func (suite *Tests) Test_cacheLookupRedis() {
+	redis_server := envutil.Getenv("REDIS_SERVER", "localhost:6379")
+	cfg.Cache.Client = libpack_redis.NewClient(&libpack_redis.RedisClientConfig{
+		RedisServer:   redis_server,
+		RedisPassword: "",
+		RedisDB:       0,
+	})
+
+	type args struct {
+		hash string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		want     []byte
+		addCache struct {
+			data []byte
+		}
+	}{
+		{
+			name: "test_non_existent",
+			args: args{
+				hash: "00000000000000000000000000000000000000",
+			},
+			want: nil,
+		},
+		{
+			name: "test_existent",
+			args: args{
+				hash: "00000000000000000000000000000000001337",
+			},
+			want: []byte("it's fine."),
+			addCache: struct {
+				data []byte
+			}{
+				data: []byte("it's fine."),
+			},
+		},
+	}
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			if tt.addCache.data != nil {
+				cacheStore(tt.args.hash, tt.addCache.data)
 			}
 			got := cacheLookup(tt.args.hash)
 			assert.Equal(tt.want, got, "Unexpected cache lookup result")
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"

+	"github.com/goccy/go-json"
 	"github.com/lukaszraczylo/ask"
 	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )
@@ -1,7 +1,5 @@
 package main

-import "testing"
-
 func (suite *Tests) Test_extractClaimsFromJWTHeader() {
 	jwt_token_for_tests := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiSGFzdXJhIjp7IngtaGFzdXJhLWFsbG93ZWQtcm9sZXMiOlsiZ3Vlc3QiLCJ1c2VyIiwiZ3JvdXBhZG1pbiIsInBheWFkbWluIl0sIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6Imd1ZXN0IiwieC1oYXN1cmEtdXNlci1pZCI6IjE2NyIsIngtaGFzdXJhLXVzZXItdXVpZCI6ImRkM2U2ZTM1LTA0MDktNDNiMC1iZmYxLWNlZjNjNmVkNWYxMCJ9LCJpc3MiOiJBdXRoU2VydmljZSIsImV4cCI6MTY5NjgwMTcyNiwibmJmIjoxNjk2NTg1NzI2LCJpYXQiOjE2OTY1ODU3MjZ9.dsJ5JKzG5tXOlqeZ_Gfe2XC-vyrcwtYwOGfhvt8q9UY"

@@ -68,7 +66,7 @@ func (suite *Tests) Test_extractClaimsFromJWTHeader() {
 		},
 	}
 	for _, tt := range tests {
-		suite.T().Run(tt.name, func(t *testing.T) {
+		suite.Run(tt.name, func() {
 			if len(tt.jwt_token_path) > 0 {
 				cfg.Client.JWTUserClaimPath = tt.jwt_token_path
 			}
@@ -0,0 +1,58 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/jackc/pgx/v5"
+)
+
+func enableHasuraEventCleaner() {
+	if cfg.HasuraEventCleaner.Enable {
+		if cfg.HasuraEventCleaner.EventMetadataDb == "" {
+			cfg.Logger.Warning("Event metadata db URL not specified, event cleaner not active", nil)
+			return
+		}
+
+		ticker := time.NewTicker(1 * time.Hour)
+		defer ticker.Stop()
+		cfg.Logger.Info("Event cleaner enabled", map[string]interface{}{"interval_in_days": cfg.HasuraEventCleaner.ClearOlderThan})
+
+		time.Sleep(60 * time.Second) // wait for everything to start and settle down
+		cfg.Logger.Info("Initial cleanup of old events", nil)
+		cleanEvents()
+
+		for {
+			select {
+			case <-ticker.C:
+				cfg.Logger.Info("Cleaning up old events", nil)
+				cleanEvents()
+			}
+		}
+	}
+}
+
+func cleanEvents() {
+	conn, err := pgx.Connect(context.Background(), cfg.HasuraEventCleaner.EventMetadataDb)
+	if err != nil {
+		cfg.Logger.Error("Failed to connect to event metadata db", map[string]interface{}{"error": err})
+		return
+	}
+	defer conn.Close(context.Background())
+
+	delQueries := []string{
+		fmt.Sprintf("DELETE FROM hdb_catalog.event_invocation_logs WHERE created_at < now() - interval '%d days';", cfg.HasuraEventCleaner.ClearOlderThan),
+		fmt.Sprintf("DELETE FROM hdb_catalog.event_log WHERE created_at < now() - interval '%d days';", cfg.HasuraEventCleaner.ClearOlderThan),
+		fmt.Sprintf("DELETE FROM hdb_catalog.hdb_action_log WHERE created_at < NOW() - INTERVAL '%d days';", cfg.HasuraEventCleaner.ClearOlderThan),
+		fmt.Sprintf("DELETE FROM hdb_catalog.hdb_cron_event_invocation_logs WHERE created_at < NOW() - INTERVAL '%d days';", cfg.HasuraEventCleaner.ClearOlderThan),
+		fmt.Sprintf("DELETE FROM hdb_catalog.hdb_scheduled_event_invocation_logs WHERE created_at < NOW() - INTERVAL '%d days';", cfg.HasuraEventCleaner.ClearOlderThan),
+	}
+
+	for _, query := range delQueries {
+		_, err := conn.Exec(context.Background(), query)
+		if err != nil {
+			cfg.Logger.Debug("Failed to execute query", map[string]interface{}{"query": query, "error": err})
+		}
+	}
+}
@@ -3,48 +3,51 @@ module github.com/lukaszraczylo/graphql-monitoring-proxy
 go 1.21

 require (
-	github.com/VictoriaMetrics/metrics v1.24.0
-	github.com/akyoto/cache v1.0.6
-	github.com/buger/jsonparser v1.1.1
-	github.com/gofiber/fiber/v2 v2.49.2
-	github.com/gookit/goutil v0.6.12
+	github.com/VictoriaMetrics/metrics v1.33.1
+	github.com/avast/retry-go/v4 v4.6.0
+	github.com/goccy/go-json v0.10.3
+	github.com/gofiber/fiber/v2 v2.52.4
+	github.com/gofrs/flock v0.8.1
+	github.com/google/uuid v1.6.0
+	github.com/gookit/goutil v0.6.15
 	github.com/graphql-go/graphql v0.8.1
-	github.com/json-iterator/go v1.1.12
+	github.com/jackc/pgx/v5 v5.6.0
 	github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415
 	github.com/lukaszraczylo/go-ratecounter v0.1.8
-	github.com/lukaszraczylo/go-simple-graphql v1.1.31
-	github.com/rs/zerolog v1.31.0
-	github.com/stretchr/testify v1.8.4
+	github.com/lukaszraczylo/go-simple-graphql v1.2.14
+	github.com/redis/go-redis/v9 v9.5.3
+	github.com/rs/zerolog v1.33.0
+	github.com/stretchr/testify v1.9.0
+	github.com/valyala/fasthttp v1.54.0
 )

 require (
-	github.com/andybalholm/brotli v1.0.5 // indirect
-	github.com/avast/retry-go/v4 v4.5.0 // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/gookit/color v1.5.4 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fasthttp v1.50.0 // indirect
 	github.com/valyala/fastrand v1.1.0 // indirect
 	github.com/valyala/histogram v1.2.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -1,80 +1,89 @@
-github.com/VictoriaMetrics/metrics v1.24.0 h1:ILavebReOjYctAGY5QU2F9X0MYvkcrG3aEn2RKa1Zkw=
-github.com/VictoriaMetrics/metrics v1.24.0/go.mod h1:eFT25kvsTidQFHb6U0oa0rTrDRdz4xTYjpL8+UPohys=
-github.com/akyoto/cache v1.0.6 h1:5XGVVYoi2i+DZLLPuVIXtsNIJ/qaAM16XT0LaBaXd2k=
-github.com/akyoto/cache v1.0.6/go.mod h1:WfxTRqKhfgAG71Xh6E3WLpjhBtZI37O53G4h5s+3iM4=
-github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
-github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/avast/retry-go/v4 v4.5.0 h1:QoRAZZ90cj5oni2Lsgl2GW8mNTnUCnmpx/iKpwVisHg=
-github.com/avast/retry-go/v4 v4.5.0/go.mod h1:7hLEXp0oku2Nir2xBAsg0PTphp9z71bN5Aq1fboC3+I=
-github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/VictoriaMetrics/metrics v1.33.1 h1:CNV3tfm2Kpv7Y9W3ohmvqgFWPR55tV2c7M2U6OIo+UM=
+github.com/VictoriaMetrics/metrics v1.33.1/go.mod h1:r7hveu6xMdUACXvB8TYdAj8WEsKzWB0EkpJN+RDtOf8=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
+github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA=
+github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE=
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofiber/fiber/v2 v2.49.2 h1:ONEN3/Vc+dUCxxDgZZwpqvhISgHqb+bu+isBiEyKEQs=
-github.com/gofiber/fiber/v2 v2.49.2/go.mod h1:gNsKnyrmfEWFpJxQAV0qvW6l70K1dZGno12oLtukcts=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gofiber/fiber/v2 v2.52.4 h1:P+T+4iK7VaqUsq2PALYEfBBo6bJZ4q3FP8cZ84EggTM=
+github.com/gofiber/fiber/v2 v2.52.4/go.mod h1:KEOE+cXMhXG0zHc9d8+E38hoX+ZN7bhOtgeF2oT6jrQ=
+github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
+github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
 github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
-github.com/gookit/goutil v0.6.12 h1:73vPUcTtVGXbhSzBOFcnSB1aJl7Jq9np3RAE50yIDZc=
-github.com/gookit/goutil v0.6.12/go.mod h1:g6krlFib8xSe3G1h02IETowOtrUGpAmetT8IevDpvpM=
+github.com/gookit/goutil v0.6.15 h1:mMQ0ElojNZoyPD0eVROk5QXJPh2uKR4g06slgPDF5Jo=
+github.com/gookit/goutil v0.6.15/go.mod h1:qdKdYEHQdEtyH+4fNdQNZfJHhI0jUZzHxQVAV3DaMDY=
 github.com/graphql-go/graphql v0.8.1 h1:p7/Ou/WpmulocJeEx7wjQy611rtXGQaAcXGqanuMMgc=
 github.com/graphql-go/graphql v0.8.1/go.mod h1:nKiHzRM0qopJEwCITUuIsxk9PlVlwIiiI8pnJEhordQ=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
-github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.6.0 h1:SWJzexBzPL5jb0GEsrPMLIsi/3jOo7RHlzTjcAeDrPY=
+github.com/jackc/pgx/v5 v5.6.0/go.mod h1:DNZ/vlrUnhWCoFGxHAG8U2ljioxukquj7utPDgtQdTw=
+github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
+github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415 h1:lvI8Wlbg4PxkRcg2f10wgoaRpfN19v+YdRek3+dLtlM=
 github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415/go.mod h1:M+UVdyqZs++xtEPrascaVmZdOMhCnxjZ2SgH+xHpR0c=
 github.com/lukaszraczylo/go-ratecounter v0.1.8 h1:ZYm6Wkn58ZAlFWRmC7PaD4oAYHWcu8/0MUDWGe3PnJQ=
 github.com/lukaszraczylo/go-ratecounter v0.1.8/go.mod h1:TqXEOCtFJStk1i0tkipprv1kiDHGon1MVUisjSTBSKM=
-github.com/lukaszraczylo/go-simple-graphql v1.1.31 h1:UA3f8M1cV+XnO8UZlAqveW0qF/2NN512eB/gRqe+BHs=
-github.com/lukaszraczylo/go-simple-graphql v1.1.31/go.mod h1:MyftQ8jTdtkYImPXJpHoxz6+E53Ydv+7q9+Jr+eT8WU=
+github.com/lukaszraczylo/go-simple-graphql v1.2.14 h1:Dth+yZ+1ialCpnslSb6UgHbXszExjDUu/I95QZbnWVU=
+github.com/lukaszraczylo/go-simple-graphql v1.2.14/go.mod h1:pSKmm9OLGoS9pjmIvhBB/fo0+LganRrL29CN3fdkRPw=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/redis/go-redis/v9 v9.5.3 h1:fOAp1/uJG+ZtcITgZOfYFmTKPE7n4Vclj1wZFgRciUU=
+github.com/redis/go-redis/v9 v9.5.3/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
-github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A=
-github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
+github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.50.0 h1:H7fweIlBm0rXLs2q0XbalvJ6r0CUPFWK3/bB4N13e9M=
-github.com/valyala/fasthttp v1.50.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA=
+github.com/valyala/fasthttp v1.54.0 h1:cCL+ZZR3z3HPLMVfEYVUMtJqVaui0+gu7Lx63unHwS0=
+github.com/valyala/fasthttp v1.54.0/go.mod h1:6dt4/8olwq9QARP/TDuPmWyWcl4byhpvTJ4AAtcz+QM=
 github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G8=
 github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ=
 github.com/valyala/histogram v1.2.0 h1:wyYGAZZt3CpwUiIb9AU/Zbllg1llXyrtApRS815OLoQ=
@@ -83,23 +92,26 @@ github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVS
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -4,13 +4,14 @@ import (
 	"strconv"
 	"strings"

+	"github.com/goccy/go-json"
 	fiber "github.com/gofiber/fiber/v2"
 	"github.com/graphql-go/graphql/language/ast"
 	"github.com/graphql-go/graphql/language/parser"
 	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )

-var retrospection_queries = []string{
+var introspection_queries = []string{
 	"__schema",
 	"__type",
 	"__typename",
@@ -34,80 +35,169 @@ var retrospection_queries = []string{
 }

 // Saving the introspection queries as a map O(1) operation instead of O(n) for a slice.
-var retrospectionQuerySet = make(map[string]struct{}, len(retrospection_queries))

-func parseGraphQLQuery(c *fiber.Ctx) (operationType, operationName string, cacheRequest bool, cache_time int, should_block bool, should_ignore bool) {
-	should_ignore = true
+var introspectionQuerySet = map[string]struct{}{}
+var introspectionAllowedQueries = map[string]struct{}{}
+var allowedUrls = map[string]struct{}{}
+
+// Utility function to convert a slice of strings to a map for O(1) lookups.
+func sliceToMap(slice []string) map[string]struct{} {
+	resultMap := make(map[string]struct{}, len(slice))
+	for _, item := range slice {
+		resultMap[strings.ToLower(item)] = struct{}{}
+	}
+	return resultMap
+}
+
+func prepareQueriesAndExemptions() {
+	introspectionQuerySet = sliceToMap(introspection_queries)
+	introspectionAllowedQueries = sliceToMap(cfg.Security.IntrospectionAllowed)
+	allowedUrls = sliceToMap(cfg.Server.AllowURLs)
+}
+
+type parseGraphQLQueryResult struct {
+	operationType  string
+	operationName  string
+	activeEndpoint string
+	cacheTime      int
+	cacheRequest   bool
+	cacheRefresh   bool
+	shouldBlock    bool
+	shouldIgnore   bool
+}
+
+func parseGraphQLQuery(c *fiber.Ctx) (res *parseGraphQLQueryResult) {
+	res = &parseGraphQLQueryResult{shouldIgnore: true}
 	m := make(map[string]interface{})
 	err := json.Unmarshal(c.Body(), &m)
 	if err != nil {
-		cfg.Logger.Debug("Can't unmarshal the request", map[string]interface{}{"error": err.Error(), "body": string(c.Body())})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		cfg.Logger.Error("Can't unmarshal the request", map[string]interface{}{"error": err.Error(), "body": string(c.Body())})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
 		return
 	}
 	// get the query
 	query, ok := m["query"].(string)
 	if !ok {
 		cfg.Logger.Error("Can't find the query", map[string]interface{}{"query": query, "m_val": m})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
 		return
 	}

 	p, err := parser.Parse(parser.ParseParams{Source: query})
 	if err != nil {
 		cfg.Logger.Error("Can't parse the query", map[string]interface{}{"query": query, "m_val": m})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		}
 		return
 	}

-	should_ignore = false
-	operationName = "undefined"
+	res.shouldIgnore = false
+	res.operationName = "undefined"
+	res.activeEndpoint = cfg.Server.HostGraphQL
+
 	for _, d := range p.Definitions {
 		if oper, ok := d.(*ast.OperationDefinition); ok {
-			operationType = oper.Operation
-			if strings.ToLower(operationType) == "mutation" && cfg.Server.ReadOnlyMode {
+			res.operationType = strings.ToLower(oper.Operation)
+
+			if oper.Name != nil {
+				res.operationName = oper.Name.Value
+			}
+
+			// If the query is a mutation then direct it to the RW endpoint,
+			// otherwise direct it to the RO endpoint if it's set.
+			if cfg.Server.HostGraphQLReadOnly != "" && res.operationType != "mutation" {
+				res.activeEndpoint = cfg.Server.HostGraphQLReadOnly
+			}
+
+			if res.operationType == "mutation" && cfg.Server.ReadOnlyMode {
 				cfg.Logger.Warning("Mutation blocked", m)
-				cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+				if ifNotInTest() {
+					cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+				}
 				c.Status(403).SendString("The server is in read-only mode")
-				should_block = true
+				res.shouldBlock = true
 				return
 			}

-			if oper.Name != nil {
-				operationName = oper.Name.Value
-			} else {
-				operationName = "undefined"
-			}
 			for _, dir := range oper.Directives {
 				if dir.Name.Value == "cached" {
-					cacheRequest = true
+					res.cacheRequest = true
 					for _, arg := range dir.Arguments {
 						if arg.Name.Value == "ttl" {
-							cache_time, err = strconv.Atoi(arg.Value.GetValue().(string))
+							res.cacheTime, err = strconv.Atoi(arg.Value.GetValue().(string))
 							if err != nil {
-								cfg.Logger.Error("Can't parse the ttl", map[string]interface{}{"ttl": arg.Value.GetValue().(string)})
-								cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+								cfg.Logger.Error("Can't parse the ttl, using global", map[string]interface{}{"bad_ttl": arg.Value.GetValue().(string)})
+								if ifNotInTest() {
+									cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+								}
 								return
 							}
 						}
+						if arg.Name.Value == "refresh" {
+							res.cacheRefresh = arg.Value.GetValue().(bool)
+						}
 					}
 				}
 			}
+
 			if cfg.Security.BlockIntrospection {
-				for _, s := range oper.SelectionSet.Selections {
-					for _, s2 := range s.GetSelectionSet().Selections {
-						if _, exists := retrospectionQuerySet[s2.(*ast.Field).Name.Value]; exists {
-							cfg.Logger.Warning("Introspection query blocked", m)
-							cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
-							c.Status(403).SendString("Introspection queries are not allowed")
-							should_block = true
-							return
-						}
-					}
+				res.shouldBlock = checkSelections(c, oper.GetSelectionSet().Selections)
+				if res.shouldBlock {
+					return
 				}
 			}
 		}
 	}
-
+	return
+}
+
+func checkSelections(c *fiber.Ctx, selections []ast.Selection) bool {
+	for _, s := range selections {
+		field, ok := s.(*ast.Field)
+		if !ok {
+			continue // or handle the case where the type assertion fails
+		}
+		shouldBlock := checkIfContainsIntrospection(c, field.Name.Value)
+		if shouldBlock {
+			return true
+		}
+		if field.SelectionSet != nil {
+			if checkSelections(c, field.GetSelectionSet().Selections) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func checkIfContainsIntrospection(c *fiber.Ctx, whatever string) (shouldBlock bool) {
+	whateverLower := strings.ToLower(whatever)
+	got_exemption := false
+
+	// If the query is an introspection query, we need to check if it's allowed.
+	if _, exists := introspectionQuerySet[whateverLower]; exists {
+		if len(cfg.Security.IntrospectionAllowed) > 0 {
+
+			if _, allowed_exists := introspectionAllowedQueries[whateverLower]; allowed_exists {
+				cfg.Logger.Debug("Introspection query allowed, passing through", map[string]interface{}{"query": whatever})
+				got_exemption = true
+				shouldBlock = false
+			}
+		}
+		if !got_exemption {
+			shouldBlock = true
+		}
+	}
+	if shouldBlock {
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
+		c.Status(403).SendString("Introspection queries are not allowed")
+	}
 	return
 }
@@ -0,0 +1,320 @@
+package main
+
+import (
+	"github.com/valyala/fasthttp"
+)
+
+func (suite *Tests) Test_parseGraphQLQuery() {
+
+	type results struct {
+		op_name      string
+		op_type      string
+		cached_ttl   int
+		returnCode   int
+		is_cached    bool
+		shouldBlock  bool
+		shouldIgnore bool
+	}
+
+	type queries struct {
+		headers map[string]string
+		body    string
+	}
+
+	tests := []struct {
+		name             string
+		suppliedSettings *config
+		suppliedQuery    queries
+		wantResults      results
+	}{
+		{
+			name: "test empty body",
+			suppliedQuery: queries{
+				body:    "",
+				headers: map[string]string{},
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+
+		{
+			name: "test empty json",
+			suppliedQuery: queries{
+				body:    "{}",
+				headers: map[string]string{},
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+
+		{
+			name: "test empty with some random garbage",
+			suppliedQuery: queries{
+				body:    "{\"variables\": {\"id\": \"1\"}}",
+				headers: map[string]string{},
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+
+		{
+			name: "test valid query with op name",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, variables and cache",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, cache and ttl",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached(ttl: 60) { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				cached_ttl:   60,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, force refreshed cache",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached(refresh: true) { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				cached_ttl:   0,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test valid query with op name, cache and INVALID ttl",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery @cached(ttl: nope) { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\", \"variables\": {\"id\": \"1\"}}",
+			},
+			wantResults: results{
+				is_cached:    true,
+				cached_ttl:   0,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyQuery",
+				op_type:      "query",
+			},
+		},
+
+		{
+			name: "test mutation query with op name",
+			suppliedQuery: queries{
+				body: "{\"query\":\"mutation MyMutation { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyMutation",
+				op_type:      "mutation",
+			},
+		},
+
+		{
+			name: "test mutation query with config: read only",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Server.ReadOnlyMode = true
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"mutation MyMutation { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  true,
+				shouldIgnore: false,
+				op_name:      "MyMutation",
+				op_type:      "mutation",
+				returnCode:   403,
+			},
+		},
+
+		{
+			name: "test simple query with introspection __schema",
+			suppliedQuery: queries{
+				body: "{\"query\":\"mutation MyMutation { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __schema } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "MyMutation",
+				op_type:      "mutation",
+			},
+		},
+
+		{
+			name: "test simple query with introspection __schema config: block introspection",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Security.BlockIntrospection = true
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyIntroQuery { tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __schema } }\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  true,
+				shouldIgnore: false,
+				op_name:      "MyIntroQuery",
+				op_type:      "query",
+				returnCode:   403,
+			},
+		},
+
+		{
+			name: "test user supplied query with introspection #1 - config: block",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Security.BlockIntrospection = true
+				cfg.Security.IntrospectionAllowed = []string{}
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"{__schema {queryType {fields {name description}}}}\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  true,
+				shouldIgnore: false,
+				op_name:      "undefined",
+				op_type:      "query",
+				returnCode:   403,
+			},
+		},
+
+		{
+			name: "test user supplied query with introspection #1 - config: block & allow __schema",
+			suppliedSettings: func() *config {
+				parseConfig()
+				cfg.Security.BlockIntrospection = true
+				cfg.Security.IntrospectionAllowed = []string{"__schema"}
+				return cfg
+			}(),
+			suppliedQuery: queries{
+				body: "{\"query\":\"{__schema {queryType {fields {name description}}}}\"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: false,
+				op_name:      "undefined",
+				op_type:      "query",
+				returnCode:   200,
+			},
+		},
+
+		{
+			name: "test invalid query",
+			suppliedQuery: queries{
+				body: "{\"query\":\"query MyQuery tg_users(where: {handle: {_eq: \\\"tozuo\\\"}}) { id __typename } \"}",
+			},
+			wantResults: results{
+				is_cached:    false,
+				shouldBlock:  false,
+				shouldIgnore: true,
+				op_name:      "",
+				op_type:      "",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			cfg = &config{}
+			parseConfig()
+			ctx_headers := func() *fasthttp.RequestHeader {
+				h := fasthttp.RequestHeader{}
+				for k, v := range tt.suppliedQuery.headers {
+					h.Add(k, v)
+				}
+				return &h
+			}()
+
+			ctx_request := fasthttp.Request{
+				Header: *ctx_headers,
+			}
+
+			ctx_request.AppendBody([]byte(tt.suppliedQuery.body))
+
+			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{
+				Request: ctx_request,
+			})
+
+			// defer func() {
+			// 	cfg = &config{}
+			// 	parseConfig()
+			// 	suite.app.ReleaseCtx(ctx)
+			// }()
+
+			assert.NotNil(ctx, "Fiber context is nil")
+
+			if tt.suppliedSettings != nil {
+				cfg = tt.suppliedSettings
+			}
+			prepareQueriesAndExemptions()
+			parseResult := parseGraphQLQuery(ctx)
+			assert.Equal(tt.wantResults.op_type, parseResult.operationType, "Unexpected operation type "+tt.name)
+			assert.Equal(tt.wantResults.op_name, parseResult.operationName, "Unexpected operation name "+tt.name)
+			assert.Equal(tt.wantResults.is_cached, parseResult.cacheRequest, "Unexpected cache value "+tt.name)
+			assert.Equal(tt.wantResults.cached_ttl, parseResult.cacheTime, "Unexpected cache TTL value "+tt.name)
+			assert.Equal(tt.wantResults.shouldBlock, parseResult.shouldBlock, "Unexpected block value "+tt.name)
+			assert.Equal(tt.wantResults.shouldIgnore, parseResult.shouldIgnore, "Unexpected ignore value "+tt.name)
+
+			if tt.wantResults.returnCode > 0 {
+				assert.Equal(tt.wantResults.returnCode, ctx.Response().StatusCode(), "Unexpected return code", tt.name)
+			}
+		})
+	}
+}
@@ -3,6 +3,7 @@ package libpack_logging
 import (
 	"io"
 	"os"
+	"sync"
 	"time"

 	"github.com/gookit/goutil/envutil"
@@ -13,7 +14,21 @@ type LogConfig struct {
 	logger zerolog.Logger
 }

-var baseLogger zerolog.Logger
+var (
+	baseLogger zerolog.Logger
+
+	eventPool = sync.Pool{
+		New: func() interface{} {
+			return new(zerolog.Event)
+		},
+	}
+
+	fieldMapPool = sync.Pool{
+		New: func() interface{} {
+			return make(map[string]interface{})
+		},
+	}
+)

 func init() {
 	zerolog.TimeFieldFormat = time.RFC3339
@@ -21,10 +36,9 @@ func init() {
 	zerolog.TimestampFieldName = "timestamp"
 	zerolog.LevelFieldName = "level"
 	zerolog.LevelFatalValue = "critical"
-	baseLogger = zerolog.New(os.Stdout).With().Timestamp().Logger()
-}

-func NewLogger() *LogConfig {
+	baseLogger = zerolog.New(os.Stdout).With().Timestamp().Logger()
+
 	switch logLevel := envutil.Getenv("LOG_LEVEL", "info"); logLevel {
 	case "debug":
 		baseLogger = baseLogger.Level(zerolog.DebugLevel)
@@ -35,56 +49,75 @@ func NewLogger() *LogConfig {
 	default:
 		baseLogger = baseLogger.Level(zerolog.InfoLevel)
 	}
+}

+func NewLogger() *LogConfig {
 	return &LogConfig{logger: baseLogger}
 }

-func (lw *LogConfig) log(w io.Writer, level zerolog.Level, message string, v map[string]interface{}) {
-	e := lw.logger.With().Logger()
-	e = e.Output(w)
-	event := e.WithLevel(level).CallerSkipFrame(3)
-	for k, val := range v {
+func (lw *LogConfig) log(w io.Writer, level zerolog.Level, message string, fields map[string]interface{}) {
+	logger := lw.logger.Output(w)
+	event := logger.WithLevel(level).CallerSkipFrame(3)
+
+	for k, val := range fields {
 		switch v := val.(type) {
 		case string:
-			event.Str(k, v)
+			event = event.Str(k, v)
 		case int:
-			event.Int(k, v)
+			event = event.Int(k, v)
 		case float64:
-			event.Float64(k, v)
+			event = event.Float64(k, v)
 		default:
-			event.Interface(k, val)
+			event = event.Interface(k, val)
 		}
 	}
+
 	event.Msg(message)
 }

-func (lw *LogConfig) Debug(message string, v ...map[string]interface{}) {
-	lw.log(os.Stdout, zerolog.DebugLevel, message, mergeMaps(v))
+func (lw *LogConfig) logWithLevel(level zerolog.Level, message string, fields map[string]interface{}) {
+	if lw.logger.GetLevel() > level {
+		return
+	}
+	if lw.logger.GetLevel() <= level {
+		w := os.Stdout
+		if level >= zerolog.ErrorLevel {
+			w = os.Stderr
+		}
+		lw.log(w, level, message, fields)
+	}
 }

-func (lw *LogConfig) Info(message string, v ...map[string]interface{}) {
-	lw.log(os.Stdout, zerolog.InfoLevel, message, mergeMaps(v))
+func (lw *LogConfig) Debug(message string, fields map[string]interface{}) {
+	lw.logWithLevel(zerolog.DebugLevel, message, fields)
 }

-func (lw *LogConfig) Warning(message string, v ...map[string]interface{}) {
-	lw.log(os.Stdout, zerolog.WarnLevel, message, mergeMaps(v))
+func (lw *LogConfig) Info(message string, fields map[string]interface{}) {
+	lw.logWithLevel(zerolog.InfoLevel, message, fields)
 }

-func (lw *LogConfig) Error(message string, v ...map[string]interface{}) {
-	lw.log(os.Stderr, zerolog.ErrorLevel, message, mergeMaps(v))
+func (lw *LogConfig) Warning(message string, fields map[string]interface{}) {
+	lw.logWithLevel(zerolog.WarnLevel, message, fields)
 }

-func (lw *LogConfig) Critical(message string, v ...map[string]interface{}) {
-	lw.log(os.Stderr, zerolog.FatalLevel, message, mergeMaps(v))
+func (lw *LogConfig) Error(message string, fields map[string]interface{}) {
+	lw.logWithLevel(zerolog.ErrorLevel, message, fields)
+}
+
+func (lw *LogConfig) Critical(message string, fields map[string]interface{}) {
+	lw.logWithLevel(zerolog.FatalLevel, message, fields)
 	os.Exit(1)
 }

-func mergeMaps(maps []map[string]interface{}) map[string]interface{} {
-	result := make(map[string]interface{})
-	for _, m := range maps {
-		for k, v := range m {
-			result[k] = v
-		}
-	}
-	return result
+// Helper function to get a new fields map from the pool
+func getFieldsMap() map[string]interface{} {
+	return fieldMapPool.Get().(map[string]interface{})
+}
+
+// Helper function to put a used fields map back into the pool
+func putFieldsMap(fields map[string]interface{}) {
+	for k := range fields {
+		delete(fields, k)
+	}
+	fieldMapPool.Put(fields)
 }
@@ -25,6 +25,7 @@ func BenchmarkInfoLog(b *testing.B) {
 	}()

 	testsLogger := NewLogger()
+	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		testsLogger.Info("test", map[string]interface{}{"test": "test"})
 	}
@@ -1,373 +0,0 @@
-package libpack_logging
-
-import (
-	"errors"
-	"io"
-	"os"
-	"reflect"
-	"testing"
-
-	"github.com/buger/jsonparser"
-	"github.com/stretchr/testify/suite"
-)
-
-type LoggingTestSuite struct {
-	suite.Suite
-}
-
-var (
-	testsLogger *LogConfig
-)
-
-type stdoutCapture struct {
-	oldStdout *os.File
-	readPipe  *os.File
-}
-
-func (sc *stdoutCapture) StartCapture() {
-	sc.oldStdout = os.Stdout
-	sc.readPipe, os.Stdout, _ = os.Pipe()
-}
-
-func (sc *stdoutCapture) StopCapture() (string, error) {
-	if sc.oldStdout == nil || sc.readPipe == nil {
-		return "", errors.New("StartCapture not called before StopCapture on Stdout")
-	}
-	os.Stdout.Close()
-	os.Stdout = sc.oldStdout
-	bytes, err := io.ReadAll(sc.readPipe)
-	if err != nil {
-		return "", err
-	}
-	return string(bytes), nil
-}
-
-type stderrCapture struct {
-	oldStderr *os.File
-	readPipe  *os.File
-}
-
-func (sc *stderrCapture) StartCapture() {
-	sc.oldStderr = os.Stderr
-	sc.readPipe, os.Stderr, _ = os.Pipe()
-}
-
-func (sc *stderrCapture) StopCapture() (string, error) {
-	if sc.oldStderr == nil || sc.readPipe == nil {
-		return "", errors.New("StartCapture not called before StopCapture on Stderr")
-	}
-	os.Stderr.Close()
-	os.Stderr = sc.oldStderr
-	bytes, err := io.ReadAll(sc.readPipe)
-	if err != nil {
-		return "", err
-	}
-	return string(bytes), nil
-}
-
-func (suite *LoggingTestSuite) SetupTest() {
-}
-
-func TestLoggingTestSuite(t *testing.T) {
-	suite.Run(t, new(LoggingTestSuite))
-}
-
-func (suite *LoggingTestSuite) TestLogConfig_AllHandlers() {
-	type args struct {
-		message string
-	}
-	tests := []struct {
-		name           string
-		args           args
-		wantLevel      string
-		wantMessage    string
-		envMinLogLevel string
-		loggerType     string
-		stdOutExpect   bool
-		stdErrExpect   bool
-	}{
-		{
-			name:       "Test log: Error",
-			loggerType: "Error",
-			args: args{
-				message: "This is a error message",
-			},
-			wantLevel:    "error",
-			wantMessage:  "This is a error message",
-			stdErrExpect: true,
-			stdOutExpect: false,
-		},
-		{
-			name:       "Test log: Warning",
-			loggerType: "Warning",
-			args: args{
-				message: "This is a warning message",
-			},
-			wantLevel:      "warn",
-			wantMessage:    "This is a warning message",
-			stdErrExpect:   false,
-			stdOutExpect:   true,
-			envMinLogLevel: "info",
-		},
-		{
-			name:       "Test log: Warning | Min level: Debug",
-			loggerType: "Warning",
-			args: args{
-				message: "This is a warning message",
-			},
-			wantLevel:      "warn",
-			wantMessage:    "This is a warning message",
-			stdErrExpect:   false,
-			stdOutExpect:   true,
-			envMinLogLevel: "debug",
-		},
-		{
-			name:       "Test log: Info",
-			loggerType: "Info",
-			args: args{
-				message: "This is a info message",
-			},
-			wantLevel:    "info",
-			wantMessage:  "This is a info message",
-			stdErrExpect: false,
-			stdOutExpect: true,
-		},
-		{
-			name:       "Test log: Info | Min level: Warn",
-			loggerType: "Info",
-			args: args{
-				message: "This is a info message",
-			},
-			wantLevel:      "",
-			wantMessage:    "",
-			stdErrExpect:   false,
-			stdOutExpect:   false,
-			envMinLogLevel: "warn",
-		},
-		{
-			name:       "Test log: Warning | Min level: Warn",
-			loggerType: "Warning",
-			args: args{
-				message: "This is a warning message",
-			},
-			wantLevel:      "warn",
-			wantMessage:    "This is a warning message",
-			stdErrExpect:   false,
-			stdOutExpect:   true,
-			envMinLogLevel: "warn",
-		},
-		{
-			name:       "Test log: Warning | Min level: Error",
-			loggerType: "Warning",
-			args: args{
-				message: "This is an error message",
-			},
-			wantLevel:      "",
-			wantMessage:    "",
-			stdErrExpect:   false,
-			stdOutExpect:   false,
-			envMinLogLevel: "error",
-		},
-		{
-			name:       "Test log: Debug | Min level: Debug",
-			loggerType: "Debug",
-			args: args{
-				message: "This is a debug message",
-			},
-			wantLevel:      "debug",
-			wantMessage:    "This is a debug message",
-			stdErrExpect:   false,
-			stdOutExpect:   true,
-			envMinLogLevel: "debug",
-		},
-	}
-
-	for _, tt := range tests {
-		suite.T().Run(tt.name, func(t *testing.T) {
-			if tt.envMinLogLevel != "" {
-				os.Setenv("LOG_LEVEL", tt.envMinLogLevel)
-				defer os.Unsetenv("LOG_LEVEL")
-			}
-			testsLogger = NewLogger()
-
-			captureStdout := stdoutCapture{}
-			captureStdout.StartCapture()
-			captureStderr := stderrCapture{}
-			captureStderr.StartCapture()
-
-			reflect.ValueOf(testsLogger).MethodByName(tt.loggerType).Call([]reflect.Value{reflect.ValueOf(tt.args.message)})
-
-			stdoutOut, err := captureStdout.StopCapture()
-			if err != nil {
-				suite.T().Fatal(err)
-			}
-
-			stderrOut, err := captureStderr.StopCapture()
-			if err != nil {
-				suite.T().Fatal(err)
-			}
-
-			if tt.stdErrExpect && !tt.stdOutExpect {
-				gotLvl, gotMsg, err := getResponseValues(stderrOut, "short_message")
-				suite.NoError(err, "Failed in [STDERR]: "+tt.name)
-				suite.Equal(tt.wantLevel, gotLvl, "Failed in [STDERR]: "+tt.name)
-				suite.Equal(tt.wantMessage, gotMsg, "Failed in [STDERR]: "+tt.name)
-				suite.Equal("", stdoutOut, "Failed in [STDERR]: "+tt.name)
-			}
-			if tt.stdOutExpect && !tt.stdErrExpect {
-				gotLvl, gotMsg, err := getResponseValues(stdoutOut, "short_message")
-				suite.NoError(err, "Failed in [STDOUT]: "+tt.name)
-				suite.Equal(tt.wantLevel, gotLvl, "Failed in [STDOUT]: "+tt.name)
-				suite.Equal(tt.wantMessage, gotMsg, "Failed in [STDOUT]: "+tt.name)
-				suite.Equal("", stderrOut, "Failed in [STDOUT]: "+tt.name)
-			}
-			if !tt.stdErrExpect && !tt.stdOutExpect {
-				suite.Equal("", stderrOut, "Failed in [NEITHER]: "+tt.name)
-				suite.Equal("", stdoutOut, "Failed in [NEITHER]: "+tt.name)
-			}
-			os.Unsetenv("LOG_LEVEL")
-		})
-	}
-}
-
-func (suite *LoggingTestSuite) TestFullMessage() {
-	type args struct {
-		extraFields map[string]interface{}
-		message     string
-	}
-	extraFields := make(map[string]interface{})
-	extraFields["_full_message"] = "full message"
-
-	tests := []struct {
-		args           args
-		name           string
-		wantLevel      string
-		wantMessage    string
-		envMinLogLevel string
-		loggerType     string
-		stdOutExpect   bool
-		stdErrExpect   bool
-	}{
-		{
-			name:       "Test log: Error",
-			loggerType: "Error",
-			args: args{
-				message:     "This is a error message",
-				extraFields: extraFields,
-			},
-			wantLevel:    "error",
-			wantMessage:  extraFields["_full_message"].(string),
-			stdErrExpect: true,
-			stdOutExpect: false,
-		},
-		{
-			name:       "Test log: Info",
-			loggerType: "Info",
-			args: args{
-				message:     "This is a info message",
-				extraFields: extraFields,
-			},
-			wantMessage:  extraFields["_full_message"].(string),
-			stdErrExpect: false,
-			stdOutExpect: true,
-		},
-	}
-
-	for _, tt := range tests {
-		suite.T().Run(tt.name, func(t *testing.T) {
-			if tt.envMinLogLevel != "" {
-				os.Setenv("LOG_LEVEL", tt.envMinLogLevel)
-				defer os.Unsetenv("LOG_LEVEL")
-			}
-			testsLogger = NewLogger()
-
-			captureStdout := stdoutCapture{}
-			captureStdout.StartCapture()
-			captureStderr := stderrCapture{}
-			captureStderr.StartCapture()
-
-			reflect.ValueOf(testsLogger).MethodByName(tt.loggerType).Call([]reflect.Value{
-				reflect.ValueOf(tt.args.message),
-				reflect.ValueOf(tt.args.extraFields),
-			})
-
-			stdoutOut, err := captureStdout.StopCapture()
-			if err != nil {
-				suite.T().Fatal(err)
-			}
-
-			stderrOut, err := captureStderr.StopCapture()
-			if err != nil {
-				suite.T().Fatal(err)
-			}
-
-			if tt.stdErrExpect && !tt.stdOutExpect {
-				_, gotMsg, err := getResponseValues(stderrOut, "_full_message")
-				suite.NoError(err, "Failed in [STDERR]: "+tt.name)
-				suite.Equal(tt.wantMessage, gotMsg, "Failed in [STDERR]: "+tt.name)
-			}
-			if tt.stdOutExpect && !tt.stdErrExpect {
-				_, gotMsg, err := getResponseValues(stdoutOut, "_full_message")
-				suite.NoError(err, "Failed in [STDOUT]: "+tt.name)
-				suite.Equal(tt.wantMessage, gotMsg, "Failed in [STDOUT]: "+tt.name)
-			}
-			os.Unsetenv("LOG_LEVEL")
-		})
-	}
-}
-
-func Test_getResponseValues(t *testing.T) {
-	type args struct {
-		sourceJson string
-	}
-	tests := []struct {
-		name       string
-		args       args
-		wantGotLvl string
-		wantGotMsg string
-		wantErr    bool
-	}{
-		{
-			name: "Test with json",
-			args: args{
-				sourceJson: `{"level": "debug", "short_message": "hello world"`,
-			},
-			wantGotLvl: "debug",
-			wantGotMsg: "hello world",
-			wantErr:    false,
-		},
-		{
-			name: "Test with json, wrong message field",
-			args: args{
-				sourceJson: `{"level": "debug", "message": "hello world"`,
-			},
-			wantGotLvl: "debug",
-			wantGotMsg: "",
-			wantErr:    true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			gotGotLvl, gotGotMsg, err := getResponseValues(tt.args.sourceJson, "short_message")
-			if (err != nil) != tt.wantErr {
-				t.Errorf("getResponseValues() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if gotGotLvl != tt.wantGotLvl {
-				t.Errorf("getResponseValues() gotGotLvl = %v, want %v", gotGotLvl, tt.wantGotLvl)
-			}
-			if gotGotMsg != tt.wantGotMsg {
-				t.Errorf("getResponseValues() gotGotMsg = %v, want %v", gotGotMsg, tt.wantGotMsg)
-			}
-		})
-	}
-}
-
-func getResponseValues(sourceJson string, key string) (gotLvl, gotMsg string, err error) {
-	gotLvl, err = jsonparser.GetString([]byte(sourceJson), "level")
-	if err != nil {
-		return
-	}
-	gotMsg, err = jsonparser.GetString([]byte(sourceJson), key)
-	return
-}
@@ -1,6 +1,12 @@
 package main

 import (
+	"flag"
+	"os"
+	"strings"
+	"sync"
+
+	"github.com/gofiber/fiber/v2/middleware/proxy"
 	"github.com/gookit/goutil/envutil"
 	graphql "github.com/lukaszraczylo/go-simple-graphql"
 	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
@@ -8,34 +14,87 @@ import (
 )

 var cfg *config
+var once sync.Once

-func init() {
-	for _, query := range retrospection_queries {
-		retrospectionQuerySet[query] = struct{}{}
+// function get value from the env where the value can be anything
+func getDetailsFromEnv[T any](key string, defaultValue T) T {
+	var result any
+	if _, ok := os.LookupEnv("GMP_" + key); ok {
+		key = "GMP_" + key
 	}
+	switch v := any(defaultValue).(type) {
+	case string:
+		result = envutil.Getenv(key, v)
+	case int:
+		result = envutil.GetInt(key, v)
+	case bool:
+		result = envutil.GetBool(key, v)
+	default:
+		result = defaultValue
+	}
+	return result.(T)
 }

 func parseConfig() {
 	libpack_config.PKG_NAME = "graphql_proxy"
-	var c config
-	c.Server.PortGraphQL = envutil.GetInt("PORT_GRAPHQL", 8080)
-	c.Server.PortMonitoring = envutil.GetInt("MONITORING_PORT", 9393)
-	c.Server.HostGraphQL = envutil.Getenv("HOST_GRAPHQL", "http://localhost/")
-	c.Client.JWTUserClaimPath = envutil.Getenv("JWT_USER_CLAIM_PATH", "")
-	c.Client.JWTRoleClaimPath = envutil.Getenv("JWT_ROLE_CLAIM_PATH", "")
-	c.Client.RoleFromHeader = envutil.Getenv("ROLE_FROM_HEADER", "")
-	c.Client.RoleRateLimit = envutil.GetBool("ROLE_RATE_LIMIT", false)
-	c.Cache.CacheEnable = envutil.GetBool("ENABLE_GLOBAL_CACHE", false)
-	c.Cache.CacheTTL = envutil.GetInt("CACHE_TTL", 60)
-	c.Security.BlockIntrospection = envutil.GetBool("BLOCK_SCHEMA_INTROSPECTION", false)
+	c := config{}
+	c.Server.PortGraphQL = getDetailsFromEnv("PORT_GRAPHQL", 8080)
+	c.Server.PortMonitoring = getDetailsFromEnv("MONITORING_PORT", 9393)
+	c.Server.HostGraphQL = getDetailsFromEnv("HOST_GRAPHQL", "http://localhost/")
+	c.Server.HostGraphQLReadOnly = getDetailsFromEnv("HOST_GRAPHQL_READONLY", "")
+	c.Client.JWTUserClaimPath = getDetailsFromEnv("JWT_USER_CLAIM_PATH", "")
+	c.Client.JWTRoleClaimPath = getDetailsFromEnv("JWT_ROLE_CLAIM_PATH", "")
+	c.Client.RoleFromHeader = getDetailsFromEnv("ROLE_FROM_HEADER", "")
+	c.Client.RoleRateLimit = getDetailsFromEnv("ROLE_RATE_LIMIT", false)
+	/* in-memory cache */
+	c.Cache.CacheEnable = getDetailsFromEnv("ENABLE_GLOBAL_CACHE", false)
+	c.Cache.CacheTTL = getDetailsFromEnv("CACHE_TTL", 60)
+	/* redis cache */
+	c.Cache.CacheRedisEnable = getDetailsFromEnv("ENABLE_REDIS_CACHE", false)
+	c.Cache.CacheRedisURL = getDetailsFromEnv("CACHE_REDIS_URL", "localhost:6379")
+	c.Cache.CacheRedisPassword = getDetailsFromEnv("CACHE_REDIS_PASSWORD", "")
+	c.Cache.CacheRedisDB = getDetailsFromEnv("CACHE_REDIS_DB", 0)
+	c.Security.BlockIntrospection = getDetailsFromEnv("BLOCK_SCHEMA_INTROSPECTION", false)
+	c.Security.IntrospectionAllowed = func() []string {
+		urls := getDetailsFromEnv("ALLOWED_INTROSPECTION", "")
+		if urls == "" {
+			return nil
+		}
+		return strings.Split(urls, ",")
+	}()
 	c.Logger = libpack_logging.NewLogger()
+	c.Server.HealthcheckGraphQL = getDetailsFromEnv("HEALTHCHECK_GRAPHQL_URL", "")
 	c.Client.GQLClient = graphql.NewConnection()
-	c.Client.GQLClient.SetEndpoint(c.Server.HostGraphQL)
-	c.Server.AccessLog = envutil.GetBool("ENABLE_ACCESS_LOG", false)
-	c.Server.ReadOnlyMode = envutil.GetBool("READ_ONLY_MODE", false)
+	c.Client.GQLClient.SetEndpoint(c.Server.HealthcheckGraphQL)
+	c.Server.AccessLog = getDetailsFromEnv("ENABLE_ACCESS_LOG", false)
+	c.Server.ReadOnlyMode = getDetailsFromEnv("READ_ONLY_MODE", false)
+	c.Server.AllowURLs = func() []string {
+		urls := getDetailsFromEnv("ALLOWED_URLS", "")
+		if urls == "" {
+			return nil
+		}
+		return strings.Split(urls, ",")
+	}()
+	c.Client.ClientTimeout = getDetailsFromEnv("PROXIED_CLIENT_TIMEOUT", 120)
+	c.Client.FastProxyClient = createFasthttpClient(c.Client.ClientTimeout)
+	proxy.WithClient(c.Client.FastProxyClient) // setting the global proxy client here instead of per request
+	c.Server.EnableApi = getDetailsFromEnv("ENABLE_API", false)
+	c.Server.ApiPort = getDetailsFromEnv("API_PORT", 9090)
+	c.Api.BannedUsersFile = getDetailsFromEnv("BANNED_USERS_FILE", "/go/src/app/banned_users.json")
+	c.Server.PurgeOnCrawl = getDetailsFromEnv("PURGE_METRICS_ON_CRAWL", false)
+	c.Server.PurgeEvery = getDetailsFromEnv("PURGE_METRICS_ON_TIMER", 0)
+	c.HasuraEventCleaner.Enable = getDetailsFromEnv("HASURA_EVENT_CLEANER", false)
+	c.HasuraEventCleaner.ClearOlderThan = getDetailsFromEnv("HASURA_EVENT_CLEANER_OLDER_THAN", 1)
+	c.HasuraEventCleaner.EventMetadataDb = getDetailsFromEnv("HASURA_EVENT_METADATA_DB", "")
 	cfg = &c
+
 	enableCache() // takes close to no resources, but can be used with dynamic query cache
 	loadRatelimitConfig()
+	once.Do(func() {
+		go enableApi()
+		go enableHasuraEventCleaner()
+	})
+	prepareQueriesAndExemptions()
 }

 func main() {
@@ -43,3 +102,7 @@ func main() {
 	StartMonitoringServer()
 	StartHTTPProxy()
 }
+
+func ifNotInTest() bool {
+	return flag.Lookup("test.v") == nil
+}
@@ -1,34 +1,115 @@
 package main

 import (
-	"fmt"
+	"os"
 	"testing"
+	"time"

+	"github.com/goccy/go-json"
+	"github.com/gofiber/fiber/v2"
+	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache/memory"
+	libpack_logging "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
 	assertions "github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )

 type Tests struct {
 	suite.Suite
+	app *fiber.App
 }

 var (
 	assert *assertions.Assertions
 )

-func (suite *Tests) SetupTest() {
-	assert = assertions.New(suite.T())
+func (suite *Tests) BeforeTest(suiteName, testName string) {
 }

-func (suite *Tests) BeforeTest(suiteName, testName string) {
-	fmt.Println("BeforeTest")
-	cfg = &config{}
+func (suite *Tests) SetupTest() {
+	assert = assertions.New(suite.T())
+	suite.app = fiber.New(
+		fiber.Config{
+			DisableStartupMessage: true,
+			JSONEncoder:           json.Marshal,
+			JSONDecoder:           json.Unmarshal,
+		},
+	)
+	cacheStats = &CacheStats{}
+
+	// Initialize a simple in-memory cache client for testing purposes
+	cfg.Cache.Client = libpack_cache.New(5 * time.Minute)
 	parseConfig()
+	enableApi()
 	StartMonitoringServer()
+	cfg.Logger = libpack_logging.NewLogger()
+	// Setup environment variables here if needed
+	os.Setenv("GMP_TEST_STRING", "testValue")
+	os.Setenv("GMP_TEST_INT", "123")
+	os.Setenv("GMP_TEST_BOOL", "true")
+	os.Setenv("NON_GMP_TEST_INT", "31337")
+}
+
+// TearDownTest is run after each test to clean up
+func (suite *Tests) TearDownTest() {
+	// Clean up environment variables here if needed
+	os.Unsetenv("GMP_TEST_STRING")
+	os.Unsetenv("GMP_TEST_INT")
+	os.Unsetenv("GMP_TEST_BOOL")
+	os.Unsetenv("NON_GMP_TEST_INT")
 }

 // func (suite *Tests) AfterTest(suiteName, testName string) {)

 func TestSuite(t *testing.T) {
+	cfg = &config{}
+	parseConfig()
+	StartMonitoringServer()
 	suite.Run(t, new(Tests))
 }
+
+func (suite *Tests) Test_envVariableSetting() {
+	tests := []struct {
+		defaultValue any
+		expected     any
+		name         string
+		envKey       string
+	}{
+		{
+			name:         "test_string",
+			envKey:       "TEST_STRING",
+			defaultValue: "default",
+			expected:     "testValue",
+		},
+		{
+			name:         "test_int",
+			envKey:       "TEST_INT",
+			defaultValue: 0,
+			expected:     123,
+		},
+		{
+			name:         "test_bool",
+			envKey:       "TEST_BOOL",
+			defaultValue: false,
+			expected:     true,
+		},
+		{
+			name:         "test_non_prefixed",
+			envKey:       "NON_GMP_TEST_INT",
+			defaultValue: 0,
+			expected:     31337,
+		},
+		{
+			name:         "test_non_existing",
+			envKey:       "NON_EXISTING",
+			defaultValue: "default_val",
+			expected:     "default_val",
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+			result := getDetailsFromEnv(tt.envKey, tt.defaultValue)
+			assert.Equal(tt.expected, result)
+		})
+	}
+}
@@ -5,7 +5,7 @@ import (
 )

 func StartMonitoringServer() {
-	cfg.Monitoring = libpack_monitoring.NewMonitoring()
+	cfg.Monitoring = libpack_monitoring.NewMonitoring(&libpack_monitoring.InitConfig{PurgeOnCrawl: cfg.Server.PurgeOnCrawl, PurgeEvery: cfg.Server.PurgeEvery})
 	cfg.Monitoring.AddMetricsPrefix("graphql_proxy")
 	cfg.Monitoring.RegisterDefaultMetrics()
 }
@@ -5,6 +5,9 @@ func (ms *MetricsSetup) RegisterDefaultMetrics() {
 	ms.RegisterMetricsCounter(MetricsFailed, nil)
 	ms.RegisterMetricsCounter(MetricsSkipped, nil)
 	ms.RegisterMetricsHistogram(MetricsDuration, nil)
+	ms.RegisterMetricsCounter(MetricsCacheHit, nil)
+	ms.RegisterMetricsCounter(MetricsCacheMiss, nil)
+	ms.RegisterMetricsCounter(MetricsQueriesCached, nil)
 }

 func (ms *MetricsSetup) RegisterGoMetrics() {
@@ -2,46 +2,96 @@ package libpack_monitoring

 import (
 	"fmt"
+	"os"
+	"sort"
 	"strings"
+	"unicode"

 	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
 )

 func (ms *MetricsSetup) get_metrics_name(name string, labels map[string]string) (complete_name string) {
-	if labels == nil {
-		labels = make(map[string]string)
-	}
-	labels["microservice"] = libpack_config.PKG_NAME
+	const unknownPodName = "unknown"
+	var sb strings.Builder

-	if ms.metrics_prefix != "" {
-		complete_name = ms.metrics_prefix + "_" + name
-	} else {
-		complete_name = name
+	// Prepare default labels without initializing a new map
+	podName := unknownPodName
+	if hn, err := os.Hostname(); err == nil {
+		podName = hn
 	}
-	if labels != nil {
-		complete_name += "{"
-		for k, v := range labels {
-			complete_name += k + "=\"" + v + "\","
+	if labels == nil {
+		labels = map[string]string{
+			"microservice": libpack_config.PKG_NAME,
+			"pod":          podName,
+		}
+	} else {
+		if _, exists := labels["microservice"]; !exists {
+			labels["microservice"] = libpack_config.PKG_NAME
+		}
+		if _, exists := labels["pod"]; !exists {
+			labels["pod"] = podName
 		}
-		complete_name = strings.TrimSuffix(complete_name, ",")
-		complete_name += "}"
 	}
-	return
+
+	// Prefix handling
+	if ms.metrics_prefix != "" {
+		sb.WriteString(ms.metrics_prefix)
+		sb.WriteString("_")
+	}
+	sb.WriteString(name)
+
+	// Append labels if any
+	if len(labels) > 0 {
+		sb.WriteString("{")
+
+		keys := make([]string, 0, len(labels))
+		for k := range labels {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+
+		for i, k := range keys {
+			if i > 0 {
+				sb.WriteString(",")
+			}
+			sb.WriteString(k)
+			sb.WriteString("=\"")
+			sb.WriteString(labels[k])
+			sb.WriteString("\"")
+		}
+		sb.WriteString("}")
+	}
+
+	return sb.String()
 }

 // validate_metrics_name validates the name of the metric to adhere to the Prometheus naming conventions
 // https://prometheus.io/docs/practices/naming/
 func validate_metrics_name(name string) error {
-	// replace all spaces with underscores and remove all other non-alphanumeric characters
-	name_new := strings.ReplaceAll(name, " ", "_")
-	name_new = strings.Map(func(r rune) rune {
-		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '_' {
-			return r
+	var sb strings.Builder // Use strings.Builder for efficient string concatenation
+
+	// Track if the last character was an underscore to avoid duplicate underscores
+	lastWasUnderscore := false
+
+	for _, r := range name {
+		// Convert spaces to underscores and skip non-alphanumeric characters except underscores
+		if r == ' ' || (unicode.IsLetter(r) || unicode.IsDigit(r) || r == '_') {
+			if r == ' ' || r == '_' {
+				if lastWasUnderscore {
+					continue // Skip if the previous character was also an underscore
+				}
+				r = '_' // Convert spaces to underscores
+				lastWasUnderscore = true
+			} else {
+				lastWasUnderscore = false
+			}
+			sb.WriteRune(r) // Add valid characters to the builder
 		}
-		return -1
-	}, name_new)
-	name_new = strings.ReplaceAll(name_new, "__", "_")
-	name_new = strings.Trim(name_new, "_")
+	}
+	// Trim leading and trailing underscores
+	name_new := strings.Trim(sb.String(), "_")
+
+	// Check if the processed name matches the original input
 	if name_new != name {
 		return fmt.Errorf("Invalid metric name: %s, expected %s", name, name_new)
 	}
@@ -49,9 +99,31 @@ func validate_metrics_name(name string) error {
 }

 func compile_metrics_with_labels(name string, labels map[string]string) string {
-	metric_name := name
+	var totalLength int
+	totalLength += len(name)
 	for k, v := range labels {
-		metric_name += "_" + k + "_" + v
+		totalLength += len(k) + len(v) + 2
 	}
-	return metric_name
+
+	var sb strings.Builder
+	sb.Grow(totalLength + 1)
+
+	sb.WriteString(name)
+
+	// Collect keys and sort them
+	keys := make([]string, 0, len(labels))
+	for k := range labels {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	// Append sorted key-value pairs to the builder
+	for _, k := range keys {
+		sb.WriteString("_")
+		sb.WriteString(k)
+		sb.WriteString("_")
+		sb.WriteString(labels[k])
+	}
+
+	return sb.String()
 }
@@ -0,0 +1,44 @@
+package libpack_monitoring
+
+import (
+	"testing"
+
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+)
+
+func BenchmarkGetMetricsName(b *testing.B) {
+	// Setup environment
+	libpack_config.PKG_NAME = "test_service"
+
+	ms := &MetricsSetup{metrics_prefix: "test_prefix"}
+
+	labels := map[string]string{
+		"env":    "production",
+		"region": "us-west-2",
+	}
+
+	// Run the benchmark
+	for n := 0; n < b.N; n++ {
+		ms.get_metrics_name("request_count", labels)
+	}
+}
+
+func BenchmarkCompileMetricsWithLabels(b *testing.B) {
+	labels := map[string]string{
+		"env":    "production",
+		"region": "us-west-2",
+		"app":    "api-server",
+	}
+
+	for n := 0; n < b.N; n++ {
+		compile_metrics_with_labels("request_count", labels)
+	}
+}
+
+func BenchmarkValidateMetricsName(b *testing.B) {
+	input := "valid metric name with special chars @#! and underscores__"
+
+	for n := 0; n < b.N; n++ {
+		validate_metrics_name(input)
+	}
+}
@@ -0,0 +1,143 @@
+package libpack_monitoring
+
+import (
+	"os"
+	"testing"
+
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetMetricsName(t *testing.T) {
+	ms := &MetricsSetup{metrics_prefix: "prefix"}
+	libpack_config.PKG_NAME = "example_microservice"
+
+	tests := []struct {
+		name           string
+		metricName     string
+		labels         map[string]string
+		expectedOutput string
+	}{
+		{
+			name:           "No labels",
+			metricName:     "test_metric",
+			labels:         nil,
+			expectedOutput: "prefix_test_metric{microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "With labels",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label1": "value1",
+				"label2": "value2",
+			},
+			expectedOutput: "prefix_test_metric{label1=\"value1\",label2=\"value2\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Alphabetical order labels",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label2": "value2",
+				"label1": "value1",
+			},
+			expectedOutput: "prefix_test_metric{label1=\"value1\",label2=\"value2\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:           "Empty metric name",
+			metricName:     "",
+			labels:         nil,
+			expectedOutput: "prefix_{microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:           "Empty labels map",
+			metricName:     "test_metric",
+			labels:         map[string]string{},
+			expectedOutput: "prefix_test_metric{microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Single label",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label1": "value1",
+			},
+			expectedOutput: "prefix_test_metric{label1=\"value1\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Multiple labels with special characters",
+			metricName: "test_metric",
+			labels: map[string]string{
+				"label-2": "value-2",
+				"label_1": "value_1",
+			},
+			expectedOutput: "prefix_test_metric{label-2=\"value-2\",label_1=\"value_1\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+		{
+			name:       "Prefix only",
+			metricName: "",
+			labels: map[string]string{
+				"label1": "value1",
+			},
+			expectedOutput: "prefix_{label1=\"value1\",microservice=\"example_microservice\",pod=\"" + getPodName() + "\"}",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := ms.get_metrics_name(tt.metricName, tt.labels)
+			assert.Equal(t, tt.expectedOutput, result)
+		})
+	}
+}
+
+func TestCompileMetricsWithLabels(t *testing.T) {
+	tests := []struct {
+		name   string
+		labels map[string]string
+		want   string
+	}{
+		{"request_count", map[string]string{"env": "production", "region": "us-west-2"}, "request_count_env_production_region_us-west-2"},
+		{"metric_name", map[string]string{}, "metric_name"},
+		{"metric_name", nil, "metric_name"},
+		{"metric_name", map[string]string{"key1": "value1"}, "metric_name_key1_value1"},
+		{"metric_name", map[string]string{"k": "v", "key2": "value2"}, "metric_name_k_v_key2_value2"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := compile_metrics_with_labels(tt.name, tt.labels); got != tt.want {
+				t.Errorf("compile_metrics_with_labels() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestValidateMetricsName(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		wantErr bool
+	}{
+		{"Valid name", "valid_metric_name", false},
+		{"Name with spaces", "valid metric name", true},
+		{"Name with special chars", "valid@metric#name!", true},
+		{"Name with leading underscore", "_valid_metric_name", true},
+		{"Name with trailing underscore", "valid_metric_name_", true},
+		{"Name with consecutive underscores", "valid__metric__name", true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := validate_metrics_name(tt.input); (err != nil) != tt.wantErr {
+				t.Errorf("validate_metrics_name() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func getPodName() string {
+	podName, err := os.Hostname()
+	if err != nil {
+		return "unknown"
+	}
+	return podName
+}
@@ -4,34 +4,61 @@
 package libpack_monitoring

 import (
+	"flag"
 	"fmt"
 	"time"

 	"github.com/VictoriaMetrics/metrics"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gookit/goutil/envutil"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
 	logging "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
 )

 type MetricsSetup struct {
-	metrics_prefix string
-	metrics_set    *metrics.Set
+	metrics_set        *metrics.Set
+	metrics_set_custom *metrics.Set
+	ic                 *InitConfig
+	metrics_prefix     string
 }

 var (
 	log *logging.LogConfig
 )

-func NewMonitoring() *MetricsSetup {
+type InitConfig struct {
+	PurgeOnCrawl bool
+	PurgeEvery   int
+}
+
+func NewMonitoring(ic *InitConfig) *MetricsSetup {
 	log = logging.NewLogger()
-	ms := &MetricsSetup{}
+	ms := &MetricsSetup{ic: ic}
 	ms.metrics_set = metrics.NewSet()
-	go ms.startPrometheusEndpoint()
+	ms.metrics_set_custom = metrics.NewSet()
+	// if not testing, start the prometheus endpoint
+
+	if flag.Lookup("test.v") == nil {
+		go ms.startPrometheusEndpoint()
+
+		if ic.PurgeEvery > 0 {
+			ticker := time.NewTicker(time.Duration(ic.PurgeEvery) * time.Second)
+			go func() {
+				for range ticker.C {
+					ms.PurgeMetrics()
+				}
+			}()
+		}
+	}
+
 	return ms
 }

 func (ms *MetricsSetup) startPrometheusEndpoint() {
-	app := fiber.New()
+	app := fiber.New(fiber.Config{
+		DisableStartupMessage: true,
+		AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
+	})
 	app.Get("/metrics", ms.metricsEndpoint)
 	err := app.Listen(fmt.Sprintf(":%d", envutil.GetInt("MONITORING_PORT", 9393)))
 	if err != nil {
@@ -41,12 +68,16 @@ func (ms *MetricsSetup) startPrometheusEndpoint() {

 func (ms *MetricsSetup) metricsEndpoint(c *fiber.Ctx) error {
 	ms.metrics_set.WritePrometheus(c.Response().BodyWriter())
+	ms.metrics_set_custom.WritePrometheus(c.Response().BodyWriter())
+
+	if ms.ic.PurgeOnCrawl && ms.ic.PurgeEvery == 0 {
+		ms.PurgeMetrics()
+	}
 	return nil
 }

 func (ms *MetricsSetup) AddMetricsPrefix(prefix string) {
 	ms.metrics_prefix = prefix
-	return
 }

 func (ms *MetricsSetup) ListActiveMetrics() []string {
@@ -58,7 +89,7 @@ func (ms *MetricsSetup) RegisterMetricsGauge(metric_name string, labels map[stri
 		log.Critical("RegisterMetricsGauge() error", map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name})
 		return nil
 	}
-	return ms.metrics_set.GetOrCreateGauge(ms.get_metrics_name(metric_name, labels), func() float64 {
+	return ms.metrics_set_custom.GetOrCreateGauge(ms.get_metrics_name(metric_name, labels), func() float64 {
 		// get current value of the gauge and add val to it
 		return val
 	})
@@ -69,7 +100,10 @@ func (ms *MetricsSetup) RegisterMetricsCounter(metric_name string, labels map[st
 		log.Critical("RegisterMetricsCounter() error", map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name})
 		return nil
 	}
-	return ms.metrics_set.GetOrCreateCounter(ms.get_metrics_name(metric_name, labels))
+	if metric_name == MetricsSucceeded || metric_name == MetricsFailed || metric_name == MetricsSkipped {
+		return ms.metrics_set.GetOrCreateCounter(ms.get_metrics_name(metric_name, labels))
+	}
+	return ms.metrics_set_custom.GetOrCreateCounter(ms.get_metrics_name(metric_name, labels))
 }

 func (ms *MetricsSetup) RegisterFloatCounter(metric_name string, labels map[string]string) *metrics.FloatCounter {
@@ -77,7 +111,7 @@ func (ms *MetricsSetup) RegisterFloatCounter(metric_name string, labels map[stri
 		log.Critical("RegisterFloatCounter() error", map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name})
 		return nil
 	}
-	return ms.metrics_set.GetOrCreateFloatCounter(ms.get_metrics_name(metric_name, labels))
+	return ms.metrics_set_custom.GetOrCreateFloatCounter(ms.get_metrics_name(metric_name, labels))
 }

 func (ms *MetricsSetup) RegisterMetricsSummary(metric_name string, labels map[string]string) *metrics.Summary {
@@ -85,7 +119,7 @@ func (ms *MetricsSetup) RegisterMetricsSummary(metric_name string, labels map[st
 		log.Critical("RegisterMetricsSummary() error", map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name})
 		return nil
 	}
-	return ms.metrics_set.GetOrCreateSummary(ms.get_metrics_name(metric_name, labels))
+	return ms.metrics_set_custom.GetOrCreateSummary(ms.get_metrics_name(metric_name, labels))
 }

 func (ms *MetricsSetup) RegisterMetricsHistogram(metric_name string, labels map[string]string) *metrics.Histogram {
@@ -93,7 +127,7 @@ func (ms *MetricsSetup) RegisterMetricsHistogram(metric_name string, labels map[
 		log.Critical("RegisterMetricsHistogram() error", map[string]interface{}{"_error": "Invalid metric name", "_metric_name": metric_name})
 		return nil
 	}
-	return ms.metrics_set.GetOrCreateHistogram(ms.get_metrics_name(metric_name, labels))
+	return ms.metrics_set_custom.GetOrCreateHistogram(ms.get_metrics_name(metric_name, labels))
 }

 func (ms *MetricsSetup) Increment(metric_name string, labels map[string]string) {
@@ -121,9 +155,9 @@ func (ms *MetricsSetup) UpdateSummary(metric_name string, labels map[string]stri
 }

 func (ms *MetricsSetup) RemoveMetrics(metric_name string, labels map[string]string) {
-	ms.metrics_set.UnregisterMetric(ms.get_metrics_name(metric_name, labels))
+	ms.metrics_set_custom.UnregisterMetric(ms.get_metrics_name(metric_name, labels))
 }

 func (ms *MetricsSetup) PurgeMetrics() {
-	ms.metrics_set.UnregisterAllMetrics()
+	ms.metrics_set_custom.UnregisterAllMetrics()
 }
@@ -1,8 +1,14 @@
 package libpack_monitoring

 const (
-	MetricsSucceeded = "requests_succesful"
-	MetricsFailed    = "requests_failed"
-	MetricsDuration  = "requests_duration"
-	MetricsSkipped   = "requests_skipped"
+	MetricsSucceeded     = "requests_succesful"
+	MetricsFailed        = "requests_failed"
+	MetricsDuration      = "requests_duration"
+	MetricsSkipped       = "requests_skipped"
+	MetricsExecutedQuery = "executed_query"
+	MetricsTimedQuery    = "timed_query"
+
+	MetricsCacheHit      = "cache_hit"
+	MetricsCacheMiss     = "cache_miss"
+	MetricsQueriesCached = "cached_queries"
 )
@@ -2,27 +2,83 @@ package main

 import (
 	"crypto/tls"
+	"fmt"
+	"time"

+	"github.com/avast/retry-go/v4"
 	fiber "github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/proxy"
 	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
+	"github.com/valyala/fasthttp"
 )

-func proxyTheRequest(c *fiber.Ctx) error {
+func createFasthttpClient(timeout int) *fasthttp.Client {
+	return &fasthttp.Client{
+		Name:                     "graphql_proxy",
+		NoDefaultUserAgentHeader: true,
+		TLSConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+		MaxConnsPerHost:               2048,
+		ReadTimeout:                   time.Second * time.Duration(timeout),
+		WriteTimeout:                  time.Second * time.Duration(timeout),
+		MaxIdleConnDuration:           time.Second * time.Duration(timeout),
+		MaxConnDuration:               time.Second * time.Duration(timeout),
+		DisableHeaderNamesNormalizing: true,
+	}
+}
+
+func proxyTheRequest(c *fiber.Ctx, currentEndpoint string) error {
+	if !checkAllowedURLs(c) {
+		cfg.Logger.Error("Request blocked", map[string]interface{}{"path": c.Path()})
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
+		}
+		c.Status(403).SendString("Request blocked - not allowed URL")
+		return nil
+	}
+	c.Request().Header.DisableNormalizing()
 	c.Request().Header.Add("X-Real-IP", c.IP())
-	c.Request().Header.Add("X-Forwarded-For", c.IP())
+	c.Request().Header.Add(fiber.HeaderXForwardedFor, string(c.Request().Header.Peek("X-Forwarded-For")))
+	c.Request().Header.Del(fiber.HeaderAcceptEncoding)

-	proxy.WithTlsConfig(&tls.Config{
-		InsecureSkipVerify: true,
-	})
+	cfg.Logger.Debug("Proxying the request", map[string]interface{}{"path": c.Path(), "body": string(c.Request().Body()), "headers": c.GetReqHeaders(), "request_uuid": c.Locals("request_uuid")})
+
+	err := retry.Do(
+		func() error {
+			errInt := proxy.DoRedirects(c, currentEndpoint+c.Path(), 3, cfg.Client.FastProxyClient)
+			if errInt != nil {
+				cfg.Logger.Error("Can't proxy the request", map[string]interface{}{"error": errInt.Error()})
+				if ifNotInTest() {
+					cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+				}
+				return errInt
+			}
+			return nil
+		},
+		retry.OnRetry(func(n uint, err error) {
+			cfg.Logger.Warning("Retrying the request", map[string]interface{}{"path": c.Path(), "error": err.Error()})
+		}),
+		retry.Attempts(uint(3)),
+		retry.DelayType(retry.BackOffDelay),
+		retry.Delay(time.Duration(250*time.Millisecond)),
+		retry.LastErrorOnly(true),
+	)

-	err := proxy.DoRedirects(c, cfg.Server.HostGraphQL+c.Path(), 3)
 	if err != nil {
-		cfg.Logger.Error("Can't proxy the request", map[string]interface{}{"error": err.Error()})
-		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		cfg.Logger.Warning("Can't proxy the request", map[string]interface{}{"error": err.Error()})
 		return err
 	}

+	cfg.Logger.Debug("Received proxied response", map[string]interface{}{"path": c.Path(), "response_body": string(c.Response().Body()), "response_code": c.Response().StatusCode(), "headers": c.GetRespHeaders(), "request_uuid": c.Locals("request_uuid")})
+
+	if c.Response().StatusCode() != 200 {
+		if ifNotInTest() {
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		}
+		return fmt.Errorf("Received non-200 response from the GraphQL server: %d", c.Response().StatusCode())
+	}
+
 	c.Response().Header.Del(fiber.HeaderServer)
 	return nil
 }
@@ -0,0 +1,97 @@
+package main
+
+import (
+	"github.com/valyala/fasthttp"
+)
+
+func (suite *Tests) Test_proxyTheRequest() {
+
+	supplied_headers := map[string]string{
+		"X-Forwarded-For": "127.0.0.1",
+		"Content-Type":    "application/json",
+	}
+
+	tests := []struct {
+		headers map[string]string
+		name    string
+		body    string
+		host    string
+		hostRO  string
+		path    string
+		wantErr bool
+	}{
+		{
+			name:    "test_empty",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:    "https://telegram-bot.app/",
+			path:    "/v1/graphql",
+			headers: supplied_headers,
+			wantErr: false,
+		},
+		{
+			name:    "test_wrong_url",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:    "https://google.com/",
+			path:    "/v1/wrongURL",
+			headers: supplied_headers,
+			wantErr: true,
+		},
+		{
+			name:    "Test read only mode",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:    "https://google.com/",
+			hostRO:  "https://telegram-bot.app/",
+			path:    "/v1/graphql",
+			headers: supplied_headers,
+			wantErr: false,
+		},
+		{
+			name:    "Test read only mode wrong host",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:    "https://telegram-bot.app/",
+			hostRO:  "https://google.com/",
+			path:    "/v1/graphql",
+			headers: supplied_headers,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		suite.Run(tt.name, func() {
+
+			cfg = &config{}
+			parseConfig()
+			cfg.Server.HostGraphQL = tt.host
+
+			if tt.hostRO != "" {
+				cfg.Server.HostGraphQLReadOnly = tt.hostRO
+			}
+
+			ctx_headers := func() *fasthttp.RequestHeader {
+				h := fasthttp.RequestHeader{}
+				for k, v := range tt.headers {
+					h.Add(k, v)
+				}
+				return &h
+			}()
+
+			ctx_request := fasthttp.Request{
+				Header: *ctx_headers,
+			}
+			ctx_request.SetBody([]byte(tt.body))
+			ctx_request.SetRequestURI(tt.path)
+			ctx_request.Header.SetMethod("POST")
+			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{
+				Request: ctx_request,
+			})
+			res := parseGraphQLQuery(ctx)
+			assert.NotNil(ctx, "Fiber context is nil", tt.name)
+			err := proxyTheRequest(ctx, res.activeEndpoint)
+			if tt.wantErr {
+				assert.NotNil(err, "Error is nil", tt.name)
+			} else {
+				assert.Nil(err, "Error is not nil", tt.name)
+			}
+		})
+	}
+}
@@ -4,13 +4,15 @@ import (
 	"os"
 	"time"

+	"github.com/goccy/go-json"
+
 	goratecounter "github.com/lukaszraczylo/go-ratecounter"
 )

 type RateLimitConfig struct {
-	Req               int    `json:"req"`
-	Interval          string `json:"interval"`
 	RateCounterTicker *goratecounter.RateCounter
+	Interval          string `json:"interval"`
+	Req               int    `json:"req"`
 }

 var rateLimits map[string]RateLimitConfig
@@ -25,7 +27,7 @@ var ratelimit_intervals = map[string]time.Duration{
 }

 func loadRatelimitConfig() error {
-	paths := []string{"/app/ratelimit.json", "./ratelimit.json", "./static/default-ratelimit.json"}
+	paths := []string{"/go/src/app/ratelimit.json", "./ratelimit.json", "./static/app/default-ratelimit.json"}

 	for _, path := range paths {
 		err := loadConfigFromPath(path)
@@ -35,7 +37,7 @@ func loadRatelimitConfig() error {
 		cfg.Logger.Debug("Failed to load config", map[string]interface{}{"path": path, "error": err})
 	}

-	cfg.Logger.Error("Rate limit config not found")
+	cfg.Logger.Error("Rate limit config not found", map[string]interface{}{"paths": paths})
 	return os.ErrNotExist
 }

@@ -9,8 +9,7 @@ wording:
    - initial
    - fix
  minor:
-    - change
    - improve
    - release
  major:
-    - breaking
+    - breaking
@@ -2,44 +2,83 @@ package main

 import (
 	"fmt"
+	"strconv"
 	"time"

+	"github.com/goccy/go-json"
 	fiber "github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
+	"github.com/google/uuid"

-	jsoniter "github.com/json-iterator/go"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
 	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
 )

-var json = jsoniter.ConfigCompatibleWithStandardLibrary
-
 // StartHTTPProxy starts the HTTP and points it to the GraphQL server.
 func StartHTTPProxy() {
-	server := fiber.New()
+	cfg.Logger.Debug("Starting the HTTP proxy", nil)
+	server := fiber.New(fiber.Config{
+		DisableStartupMessage: true,
+		AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
+		IdleTimeout:           time.Duration(cfg.Client.ClientTimeout) * time.Second * 2,
+		ReadTimeout:           time.Duration(cfg.Client.ClientTimeout) * time.Second * 2,
+		WriteTimeout:          time.Duration(cfg.Client.ClientTimeout) * time.Second * 2,
+		JSONEncoder:           json.Marshal,
+		JSONDecoder:           json.Unmarshal,
+	})

 	server.Use(cors.New(cors.Config{
 		AllowOrigins: "*",
 	}))

-	server.Post("/*", processGraphQLRequest)
-	server.Get("/*", proxyTheRequest)
+	// add middleware to check if the request is a GraphQL query
+	server.Use(AddRequestUUID)

 	server.Get("/healthz", healthCheck)
+	server.Get("/livez", healthCheck)
+
+	server.Post("/*", processGraphQLRequest)
+	server.Get("/*", proxyTheRequestToDefault)
+
+	cfg.Logger.Info("GraphQL query proxy started", map[string]interface{}{"port": cfg.Server.PortGraphQL})
 	err := server.Listen(fmt.Sprintf(":%d", cfg.Server.PortGraphQL))
 	if err != nil {
 		cfg.Logger.Critical("Can't start the service", map[string]interface{}{"error": err.Error()})
 	}
 }

+func proxyTheRequestToDefault(c *fiber.Ctx) error {
+	return proxyTheRequest(c, cfg.Server.HostGraphQL)
+}
+
+func AddRequestUUID(c *fiber.Ctx) error {
+	c.Locals("request_uuid", uuid.NewString())
+	return c.Next()
+}
+
+func checkAllowedURLs(c *fiber.Ctx) bool {
+	if len(allowedUrls) == 0 {
+		return true
+	}
+	_, ok := allowedUrls[c.Path()]
+	return ok
+}
+
 func healthCheck(c *fiber.Ctx) error {
-	// query := `{ __typename }`
-	// _, err := cfg.Client.GQLClient.Query(query, nil, nil)
-	// if err != nil {
-	// 	cfg.Logger.Error("Can't reach the GraphQL server", map[string]interface{}{"error": err.Error()})
-	// 	cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
-	// 	return c.SendStatus(500)
-	// }
-	return c.SendStatus(200)
+	if len(cfg.Server.HealthcheckGraphQL) > 0 {
+		cfg.Logger.Debug("Health check enabled", map[string]interface{}{"url": cfg.Server.HealthcheckGraphQL})
+		query := `{ __typename }`
+		_, err := cfg.Client.GQLClient.Query(query, nil, nil)
+		if err != nil {
+			cfg.Logger.Error("Can't reach the GraphQL server", map[string]interface{}{"error": err.Error()})
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+			c.Status(500).SendString("Can't reach the GraphQL server with {__typename} query")
+			return err
+		}
+	}
+	cfg.Logger.Debug("Health check returning OK", nil)
+	c.Status(200).SendString("Health check OK")
+	return nil
 }

 func processGraphQLRequest(c *fiber.Ctx) error {
@@ -55,6 +94,11 @@ func processGraphQLRequest(c *fiber.Ctx) error {
 		extractedUserID, extractedRoleName = extractClaimsFromJWTHeader(string(authorization))
 	}

+	if checkIfUserIsBanned(c, extractedUserID) {
+		c.Status(403).SendString("User is banned")
+		return nil
+	}
+
 	if len(cfg.Client.RoleFromHeader) > 0 {
 		extractedRoleName = string(c.Request().Header.Peek(cfg.Client.RoleFromHeader))
 		if extractedRoleName == "" {
@@ -71,52 +115,89 @@ func processGraphQLRequest(c *fiber.Ctx) error {
 		}
 	}

-	opType, opName, cacheFromQuery, cache_time, shouldBlock, should_ignore := parseGraphQLQuery(c)
-	if shouldBlock {
+	parsedResult := parseGraphQLQuery(c)
+	if parsedResult.shouldBlock {
+		c.Status(403).SendString("Request blocked")
 		return nil
 	}

-	if should_ignore {
-		cfg.Logger.Debug("Request passed as-is - not a GraphQL")
-		return proxyTheRequest(c)
+	if parsedResult.shouldIgnore {
+		cfg.Logger.Debug("Request passed as-is - probably not a GraphQL", nil)
+		return proxyTheRequest(c, parsedResult.activeEndpoint)
 	}

-	if cache_time > 0 {
-		cfg.Logger.Debug("Cache time set via query", map[string]interface{}{"cache_time": cache_time})
-		cache_time = cfg.Cache.CacheTTL
+	calculatedQueryHash := calculateHash(c)
+
+	if parsedResult.cacheTime > 0 {
+		cfg.Logger.Debug("Cache time set via query", map[string]interface{}{"cacheTime": parsedResult.cacheTime})
+	} else {
+		// If not set via query, try setting via header
+		cacheQuery := c.Request().Header.Peek("X-Cache-Graphql-Query")
+		if cacheQuery != nil {
+			parsedResult.cacheTime, _ = strconv.Atoi(string(cacheQuery))
+			cfg.Logger.Debug("Cache time set via header", map[string]interface{}{"cacheTime": parsedResult.cacheTime})
+		} else {
+			parsedResult.cacheTime = cfg.Cache.CacheTTL
+		}
 	}

 	wasCached := false

+	if parsedResult.cacheRefresh {
+		cfg.Logger.Debug("Cache refresh requested via query", map[string]interface{}{"user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")})
+		cacheDelete(calculatedQueryHash)
+	}
+
 	// Handling Cache Logic
-	if cacheFromQuery || cfg.Cache.CacheEnable {
-		cfg.Logger.Debug("Cache enabled", map[string]interface{}{"via_query": cacheFromQuery, "via_env": cfg.Cache.CacheEnable})
-		queryCacheHash = calculateHash(c)
+	if parsedResult.cacheRequest || cfg.Cache.CacheEnable || cfg.Cache.CacheRedisEnable {
+		cfg.Logger.Debug("Cache enabled", map[string]interface{}{"via_query": parsedResult.cacheRequest, "via_env": cfg.Cache.CacheEnable})
+		queryCacheHash = calculatedQueryHash

 		if cachedResponse := cacheLookup(queryCacheHash); cachedResponse != nil {
-			cfg.Logger.Debug("Cache hit", map[string]interface{}{"hash": queryCacheHash, "user_id": extractedUserID})
-			c.Send(cachedResponse)
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsCacheHit, nil)
+			cfg.Logger.Debug("Cache hit", map[string]interface{}{"hash": queryCacheHash, "user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")})
+			c.Request().Header.Add("X-Cache-Hit", "true")
+			err := c.Send(cachedResponse)
+			if err != nil {
+				cfg.Logger.Error("Can't send the cached response", map[string]interface{}{"error": err.Error()})
+				cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+				c.Status(500).SendString("Can't send the cached response - try again later")
+			}
 			wasCached = true
 		} else {
-			cfg.Logger.Debug("Cache miss", map[string]interface{}{"hash": queryCacheHash, "user_id": extractedUserID})
-			proxyAndCacheTheRequest(c, queryCacheHash, cache_time)
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsCacheMiss, nil)
+			cfg.Logger.Debug("Cache miss", map[string]interface{}{"hash": queryCacheHash, "user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")})
+			proxyAndCacheTheRequest(c, queryCacheHash, parsedResult.cacheTime, parsedResult.activeEndpoint)
 		}
 	} else {
-		proxyTheRequest(c)
+		err := proxyTheRequest(c, parsedResult.activeEndpoint)
+		if err != nil {
+			cfg.Logger.Error("Can't proxy the request", map[string]interface{}{"error": err.Error()})
+			cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+			c.Status(500).SendString("Can't proxy the request - try again later")
+			return nil
+		}
 	}

 	timeTaken := time.Since(startTime)

 	// Logging & Monitoring
-	logAndMonitorRequest(c, extractedUserID, opType, opName, wasCached, timeTaken, startTime)
+	logAndMonitorRequest(c, extractedUserID, parsedResult.operationType, parsedResult.operationName, wasCached, timeTaken, startTime)

 	return nil
 }

 // Additional helper function to avoid code repetition
-func proxyAndCacheTheRequest(c *fiber.Ctx, queryCacheHash string, cache_time int) {
-	proxyTheRequest(c)
-	cfg.Cache.CacheClient.Set(queryCacheHash, c.Response().Body(), time.Duration(cache_time)*time.Second)
+func proxyAndCacheTheRequest(c *fiber.Ctx, queryCacheHash string, cacheTime int, currentEndpoint string) {
+	err := proxyTheRequest(c, currentEndpoint)
+	if err != nil {
+		cfg.Logger.Error("Can't proxy the request", map[string]interface{}{"error": err.Error()})
+		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
+		c.Status(500).SendString("Can't proxy the request - try again later")
+		return
+	}
+	cacheStoreWithTTL(queryCacheHash, c.Response().Body(), time.Duration(cacheTime)*time.Second)
+	cfg.Monitoring.Increment(libpack_monitoring.MetricsQueriesCached, nil)
 	c.Send(c.Response().Body())
 }

@@ -130,20 +211,22 @@ func logAndMonitorRequest(c *fiber.Ctx, userID, opType, opName string, wasCached

 	if cfg.Server.AccessLog {
 		cfg.Logger.Info("Request processed", map[string]interface{}{
-			"ip":      c.IP(),
-			"user_id": userID,
-			"op_type": opType,
-			"op_name": opName,
-			"time":    duration,
-			"cache":   wasCached,
+			"ip":           c.IP(),
+			"fwd-ip":       string(c.Request().Header.Peek("X-Forwarded-For")),
+			"user_id":      userID,
+			"op_type":      opType,
+			"op_name":      opName,
+			"time":         duration,
+			"cache":        wasCached,
+			"request_uuid": c.Locals("request_uuid"),
 		})
 	}

 	cfg.Monitoring.Increment(libpack_monitoring.MetricsSucceeded, nil)
-	cfg.Monitoring.Increment("executed_query", labels)
+	cfg.Monitoring.Increment(libpack_monitoring.MetricsExecutedQuery, labels)

 	if !wasCached {
-		cfg.Monitoring.UpdateDuration("timed_query", labels, startTime)
-		cfg.Monitoring.Update("timed_query", labels, float64(duration.Milliseconds()))
+		cfg.Monitoring.UpdateDuration(libpack_monitoring.MetricsTimedQuery, labels, startTime)
+		cfg.Monitoring.Update(libpack_monitoring.MetricsTimedQuery, labels, float64(duration.Milliseconds()))
 	}
 }
@@ -0,0 +1 @@
+{}
@@ -0,0 +1,165 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hasura-w-proxy-internal
+      type: support
+  template:
+    metadata:
+      labels:
+        app: hasura-w-proxy-internal
+        type: support
+    spec:
+      securityContext:
+        runAsUser: 65534 # nobody
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/worker
+                    operator: Exists
+      containers:
+        - name: hasura
+          image: hasura/graphql-engine:v2.33.1-ce
+          ports:
+            - name: hasura-internal
+              containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 30
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "512Mi"
+          env:
+            - name: HASURA_GRAPHQL_DATABASE_URL
+              value: postgres://postgres:xxx@yyy:5432/postgres
+            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+              value: "true"
+            - name: HASURA_GRAPHQL_DEV_MODE
+              value: "true"
+            - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+              value: "false"
+            - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+              value: "inherited_roles"
+            - name: HASURA_GRAPHQL_PG_CONNECTIONS
+              value: "20"
+            - name: HASURA_GRAPHQL_LOG_LEVEL
+              value: "error"
+
+        - name: hasura-ro
+          image: hasura/graphql-engine:v2.33.1-ce
+          ports:
+            - name: hasura-internal-ro
+              containerPort: 8088
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8088
+            initialDelaySeconds: 30
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "512Mi"
+          env:
+            - name: HASURA_GRAPHQL_DATABASE_URL
+              value: postgres://postgres:xxx@yyy.read-only:5432/postgres
+              # POINT METADATA TO THE RW database (!!!)
+            - name: HASURA_GRAPHQL_METADATA_DATABASE_URL
+              value: postgres://postgres:xxx@yyy:5432/postgres
+            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+              value: "true"
+            - name: HASURA_GRAPHQL_DEV_MODE
+              value: "true"
+            - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+              value: "false"
+            - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+              value: "inherited_roles"
+            - name: HASURA_GRAPHQL_PG_CONNECTIONS
+              value: "20"
+            - name: HASURA_GRAPHQL_LOG_LEVEL
+              value: "error"
+            - name: HASURA_GRAPHQL_SERVER_PORT
+              value: "8088"
+
+        - name: graphql-proxy
+          image: ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
+          imagePullPolicy: Always
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "128Mi"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          ports:
+            - name: web
+              containerPort: 8181
+            - name: monitoring
+              containerPort: 9393
+          env:
+            - name: PORT_GRAPHQL
+              value: "8181"
+            - name: MONITORING_PORT
+              value: "9393"
+            - name: HOST_GRAPHQL
+              value: http://localhost:8080/
+            - name: HOST_GRAPHQL_READONLY
+              value: http://localhost:8088/
+            - name: ENABLE_GLOBAL_CACHE
+              value: "true"
+            - name: CACHE_TTL
+              value: "10"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9393"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: hasura
+      port: 8080
+      targetPort: 8080
+    - name: hasura-ro
+      port: 8088
+      targetPort: 8088
+    - name: proxy
+      port: 8181
+      targetPort: 8181
+    - name: monitoring
+      port: 9393
+      targetPort: 9393
+  selector:
+    app: hasura-w-proxy-internal
+    type: support
+  type: ClusterIP
@@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hasura-w-proxy-internal
+      type: support
+  template:
+    metadata:
+      labels:
+        app: hasura-w-proxy-internal
+        type: support
+    spec:
+      securityContext:
+        runAsUser: 65534 # nobody
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/worker
+                operator: Exists
+      containers:
+      - name: hasura
+        image: hasura/graphql-engine:v2.33.1-ce
+        ports:
+          - name: hasura-internal
+            containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 30
+        resources:
+          limits:
+            cpu: "1"
+            memory: "640Mi"
+          requests:
+            cpu: "0.75"
+            memory: "512Mi"
+        env:
+          - name: HASURA_GRAPHQL_DATABASE_URL
+            value: postgres://postgres:xxx@yyy:5432/postgres
+          - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+            value: "true"
+          - name: HASURA_GRAPHQL_DEV_MODE
+            value: "true"
+          - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+            value: "false"
+          - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+            value: "inherited_roles"
+          - name: HASURA_GRAPHQL_PG_CONNECTIONS
+            value: "20"
+          - name: HASURA_GRAPHQL_LOG_LEVEL
+            value: "error"
+      - name: graphql-proxy
+        image: ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: "1"
+            memory: "640Mi"
+          requests:
+            cpu: "0.75"
+            memory: "128Mi"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        ports:
+          - name: web
+            containerPort: 8181
+          - name: monitoring
+            containerPort: 9393
+        env:
+          - name: PORT_GRAPHQL
+            value: "8181"
+          - name: MONITORING_PORT
+            value: "9393"
+          - name: HOST_GRAPHQL
+            value: http://localhost:8080/
+          - name: ENABLE_GLOBAL_CACHE
+            value: "true"
+          - name: CACHE_TTL
+            value: "10"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9393"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+  - name: hasura
+    port: 8080
+    targetPort: 8080
+  - name: proxy
+    port: 8181
+    targetPort: 8181
+  - name: monitoring
+    port: 9393
+    targetPort: 9393
+  selector:
+    app: hasura-w-proxy-internal
+    type: support
+  type: ClusterIP
@@ -1,41 +1,57 @@
 package main

 import (
-	"github.com/akyoto/cache"
 	graphql "github.com/lukaszraczylo/go-simple-graphql"
 	libpack_logging "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
 	libpack_monitoring "github.com/lukaszraczylo/graphql-monitoring-proxy/monitoring"
+	"github.com/valyala/fasthttp"
 )

 // config is a struct that holds the configuration of the application.
 type config struct {
 	Logger     *libpack_logging.LogConfig
 	Monitoring *libpack_monitoring.MetricsSetup
-
-	// Server holds the configuration of the server _ONLY_.
-	Server struct {
-		PortGraphQL    int
-		PortMonitoring int
-		HostGraphQL    string
-		AccessLog      bool
-		ReadOnlyMode   bool
-	}
-
-	Client struct {
+	Api        struct{ BannedUsersFile string }
+	Client     struct {
+		GQLClient        *graphql.BaseClient
+		FastProxyClient  *fasthttp.Client
 		JWTUserClaimPath string
 		JWTRoleClaimPath string
-		RoleRateLimit    bool
 		RoleFromHeader   string
-		GQLClient        *graphql.BaseClient
+		proxy            string
+		ClientTimeout    int
+		RoleRateLimit    bool
 	}
-
-	Cache struct {
-		CacheEnable bool
-		CacheTTL    int
-		CacheClient *cache.Cache
-	}
-
 	Security struct {
-		BlockIntrospection bool
+		IntrospectionAllowed []string
+		BlockIntrospection   bool
+	}
+	HasuraEventCleaner struct {
+		EventMetadataDb string
+		ClearOlderThan  int
+		Enable          bool
+	}
+	Cache struct {
+		Client             CacheClient
+		CacheRedisURL      string
+		CacheRedisPassword string
+		CacheTTL           int
+		CacheRedisDB       int
+		CacheEnable        bool
+		CacheRedisEnable   bool
+	}
+	Server struct {
+		HostGraphQL         string
+		HostGraphQLReadOnly string
+		HealthcheckGraphQL  string
+		AllowURLs           []string
+		PortGraphQL         int
+		PortMonitoring      int
+		ApiPort             int
+		PurgeEvery          int
+		AccessLog           bool
+		ReadOnlyMode        bool
+		EnableApi           bool
+		PurgeOnCrawl        bool
 	}
 }
Author	SHA1	Message	Date
lukaszraczylo	de31912d2f	increase error handling and mutex encapsulation (#12 ) * increase error handling and mutex encapsulation * undo method rename for now * set cant return error --------- Co-authored-by: Chris Clayton <chris.clayton@contino.io>	2024-06-15 10:21:49 +01:00
lukaszraczylo	e0e9b4278f	Release: Improve documentation and number of logs cleaned.	2024-06-12 12:59:54 +01:00
lukaszraczylo	9a7635bd35	fixup! fixup! Add cleaning up action logs as well.	2024-06-12 12:46:13 +01:00
lukaszraczylo	e8b07d2e01	fixup! Add cleaning up action logs as well.	2024-06-12 12:27:13 +01:00
lukaszraczylo	efdd2de035	Add cleaning up action logs as well.	2024-06-12 12:23:14 +01:00
lukaszraczylo	57d2fd8e80	Update documentation.	2024-06-12 12:12:25 +01:00
lukaszraczylo	e5b3eff1cd	Adjust field alignment.	2024-06-12 12:07:22 +01:00
lukaszraczylo	a23f9de262	fixup! Update dependencies.	2024-06-12 12:05:50 +01:00
lukaszraczylo	d98f87f609	Update dependencies.	2024-06-12 11:57:10 +01:00
lukaszraczylo	ceed490680	Additional updates.	2024-06-12 11:54:03 +01:00
lukaszraczylo	b2380c689b	Add cleanup of the event and invocation logs on timer.	2024-06-12 11:47:21 +01:00
lukaszraczylo	2e40ee0c62	Update the helpers to sort labels alpabetically. It will help to avoid the flaky tests and duplicated metrics. As a bonus - added tests and benchmarks for monitoring package.	2024-06-11 19:57:18 +01:00
lukaszraczylo	df9f43718a	fixup! fixup! fixup! fixup! fixup! fixup! Fix: Redis connection for tests.	2024-06-11 12:53:29 +01:00
lukaszraczylo	91d824636d	fixup! fixup! fixup! fixup! fixup! Fix: Redis connection for tests.	2024-06-11 12:12:17 +01:00
lukaszraczylo	cecccc1441	fixup! fixup! fixup! fixup! Fix: Redis connection for tests.	2024-06-11 12:08:44 +01:00
lukaszraczylo	32eef4af37	fixup! fixup! fixup! Fix: Redis connection for tests.	2024-06-11 12:07:30 +01:00
lukaszraczylo	d05172294c	fixup! fixup! Fix: Redis connection for tests.	2024-06-11 11:49:50 +01:00
lukaszraczylo	44cd694086	fixup! Fix: Redis connection for tests.	2024-06-11 11:44:17 +01:00
lukaszraczylo	fe7af0b8ca	Fix: Redis connection for tests.	2024-06-11 11:43:07 +01:00
lukaszraczylo	12e0294945	Add distibuted cache with Redis	2024-06-11 11:35:50 +01:00
lukaszraczylo	a01a4da9b5	Add metrics for cached queries + cache hit/miss	2024-06-11 11:35:49 +01:00
lukaszraczylo	371d51f96f	Update dependencies.	2024-06-11 11:35:49 +01:00
lukaszraczylo	a9fd6b3d0a	Release: Add cache operations via API + support distributed redis cache.	2024-06-11 11:35:46 +01:00
lukaszraczylo	9291ac03db	Improved graphql library.	2024-05-14 11:33:35 +01:00
lukaszraczylo	75944a3a52	Fixup: Update graphql client library.	2024-05-14 09:40:21 +01:00
lukaszraczylo	5a01ec3876	Improve logging and cache sub-packages to decrease the number of allocations and improve performance.	2024-05-14 09:21:16 +01:00
lukaszraczylo	c3e5b85f57	Update dependencies.	2024-05-04 21:22:19 +01:00
lukaszraczylo	bc2dff0185	Update dependencies.	2024-04-12 23:30:18 +01:00
lukaszraczylo	ce344d17eb	Add read only replica (#11 ) * Improve stats gathering.	2024-03-13 23:09:38 +00:00
lukaszraczylo	dc916d36cd	Fix documentation after testing.	2024-03-12 23:12:50 +00:00
lukaszraczylo	e495cf23d9	Read only endpoint support (#10 ) * This change introduces ability to set additional endpoint leading to the instance of the graphql server connected to the read only database. If regular query is detected and endpoint for `HOST_GRAPHQL_READONLY` value is set, the query will be proxied to it. Mutations and non-graphql will be sent to the `HOST_GRAPHQL` endpoint.	2024-03-12 11:16:35 +00:00
lukaszraczylo	ba1fef9b57	Improve stats gathering (#9 )	2024-03-05 22:42:30 +00:00
lukaszraczylo	3a18e0e935	Improve stats gathering and tests improvements. (#8 )	2024-03-05 22:40:06 +00:00
lukaszraczylo	b6c284b66d	Update dependencies.	2024-03-05 14:40:45 +00:00
lukaszraczylo	88ef1aac7f	Reuse http client and add retry to the proxied requests.	2024-03-05 14:38:03 +00:00
lukaszraczylo	6d32278851	Reuse http client.	2024-03-05 14:24:49 +00:00
lukaszraczylo	f2085c8491	Update dependencies.	2024-02-15 10:22:31 +00:00
lukaszraczylo	ebbb1c53f5	Micro fixes.	2024-02-15 10:21:51 +00:00
lukaszraczylo	0bdea741bf	Move results to the struct for ease of management.	2024-02-15 09:50:51 +00:00
lukaszraczylo	4cb0d22874	Return 403 on blocked queries.	2024-02-15 09:34:57 +00:00
lukaszraczylo	9910bb1d45	Update documentation.	2024-02-15 09:31:49 +00:00
lukaszraczylo	756c63c0d1	Add support for 'refresh' in @cached section of the query. Example: ``` query MyProducts @cached(refresh: true) { products { id name } } ```	2024-02-15 09:29:27 +00:00
lukaszraczylo	029e0166c0	Docker to use distroless image.	2024-02-08 20:50:50 +00:00
lukaszraczylo	4cf27e0e3b	Missed on files requiring json encoding.	2024-02-05 15:37:24 +00:00
lukaszraczylo	3149a27466	Update semver config.	2024-02-05 15:31:45 +00:00
lukaszraczylo	bb28f2fcd8	Change the json library to the fully compatible ( and fast ) one.	2024-02-05 15:30:59 +00:00
lukaszraczylo	d3a8da1dcf	Move location of the global proxy client from the per-req to main. There's no need to re-create it every single time.	2024-02-05 14:35:33 +00:00
lukaszraczylo	794cb1ddf4	Add the prefixed environment variables to avoid potential conflicts.	2024-02-05 14:24:17 +00:00
lukaszraczylo	95f2236c96	Dependencies refresh.	2024-02-05 13:31:33 +00:00
lukaszraczylo	1ff568a271	Update dependencies.	2024-01-11 10:39:15 +00:00
lukaszraczylo	b19b17b7c4	Realign the structs to decrease memory footprint. Add the timeout settings to address the connection drops.	2023-12-14 17:16:38 +00:00
lukaszraczylo	cd9c650226	Remove compression from proxied request.	2023-12-13 23:13:34 +00:00
lukaszraczylo	d09940ebc4	Update connection settings.	2023-12-13 22:50:41 +00:00
lukaszraczylo	3596b03953	Update dependencies.	2023-12-13 09:34:37 +00:00
lukaszraczylo	760a168365	Update dependencies.	2023-12-12 21:43:45 +00:00
lukaszraczylo	bc305dd8e9	Improve tests and speed things up a little.	2023-11-20 11:38:02 +00:00
lukaszraczylo	b4c047819f	Update dependencies.	2023-11-18 02:12:59 +00:00
lukaszraczylo	1390e7cdd1	Fix blocking the introspection + add unit tests.	2023-11-18 02:11:38 +00:00
lukaszraczylo	a71b3950db	Load retrospection query set once.	2023-11-17 22:32:58 +00:00
lukaszraczylo	827c26e88d	Fix retrospection query blocking.	2023-11-17 22:29:42 +00:00
lukaszraczylo	30528e4a9a	Sort labels by keys before pushing them to metrics registry. This is needed to ensure that labels are always in the same order and metrics won't produce duplicates.	2023-11-17 14:36:23 +00:00
lukaszraczylo	94657ddff4	fixup! fixup! Add purging metrics on timer.	2023-11-17 14:11:55 +00:00
lukaszraczylo	a29733a52a	fixup! Add purging metrics on timer.	2023-11-17 14:09:26 +00:00
lukaszraczylo	105c624426	Add purging metrics on timer.	2023-11-17 13:47:54 +00:00
lukaszraczylo	1a790ffb52	Make sure that pod name is included in metrics.	2023-11-16 17:18:27 +00:00
lukaszraczylo	0b642f8be1	Add ability to reset metrics between crawl to limit payload absorbed (#5 ) by the prometheus/victoria metric crawlers.	2023-11-16 16:45:48 +00:00
lukaszraczylo	9c9fa94140	Add ability to set cache via query header.	2023-11-14 09:52:51 +00:00
lukaszraczylo	93318df9fe	Update dependencies.	2023-11-14 09:43:33 +00:00
lukaszraczylo	b497ad1d1c	Add generation of query uuid logs and easier debugging.	2023-10-25 14:11:44 +01:00
lukaszraczylo	3e6fa2036e	Remove idle connections setup and allow the client to handle them	2023-10-24 16:56:01 +01:00
lukaszraczylo	4640eb2596	Adjust the timeout settings to prevent forever-hanging connections.	2023-10-24 15:52:40 +01:00
lukaszraczylo	3d70018179	Add configurable timeout for queries.	2023-10-24 10:40:17 +01:00
lukaszraczylo	8fc5782d29	Update documentation with websockets.	2023-10-24 00:22:28 +01:00
lukaszraczylo	4255f87efd	Add cache compression.	2023-10-20 11:21:01 +01:00
lukaszraczylo	1e299c0dc4	Update documentation on healthcheck.	2023-10-19 15:55:08 +01:00
lukaszraczylo	35e6069f5e	Add the healtcheck checks on the end server.	2023-10-19 15:43:49 +01:00
lukaszraczylo	ef8731300c	Fix the tests.	2023-10-19 14:53:49 +01:00
lukaszraczylo	92359c1114	Cleanup pt 1 (#4 ) * Disable startup headers. * Add banning / unbanning of specific user.	2023-10-19 14:36:16 +01:00
lukaszraczylo	2be4f17ea3	Disable header normalisation. It looks like a bug in hasura which makes headers case sensitive.	2023-10-16 15:47:48 +01:00
lukaszraczylo	3cb9088b73	Revert disable headers normalising.	2023-10-16 15:31:45 +01:00
lukaszraczylo	f50f98b3d6	Add printing out the request headers in debug mode.	2023-10-16 15:31:16 +01:00
lukaszraczylo	29f7fec5a3	Update dependencies.	2023-10-16 15:20:28 +01:00
lukaszraczylo	57cf36ba02	Add /livez endpoint.	2023-10-16 09:09:46 +01:00
lukaszraczylo	2a0302ab75	Create allow list for event when intospection is blocked but developers really want to use certain subqueries.	2023-10-15 10:01:23 +01:00
lukaszraczylo	29ffb8a817	Update README.md	2023-10-14 08:58:55 +01:00
lukaszraczylo	6ac3937066	Fix leaky bytes allocation for cache.	2023-10-13 16:29:52 +01:00
lukaszraczylo	089d05b7c3	Improve cache mechanism using sync map	2023-10-13 15:37:57 +01:00
lukaszraczylo	7293583a99	Resources allocation improvement.	2023-10-13 15:26:24 +01:00
lukaszraczylo	dbd005bdcf	Remove external library dependency, use homebrewed cache instead.	2023-10-13 15:22:47 +01:00
lukaszraczylo	bf18f36e45	If proxying of the query fails - return 500.	2023-10-13 14:48:53 +01:00
lukaszraczylo	3c0f9f49fd	Add debugging option for the request / response cycle.	2023-10-13 14:23:05 +01:00
lukaszraczylo	bf9ec2c877	Reuse fasthttp client	2023-10-12 21:16:57 +01:00
lukaszraczylo	815a6841ed	Add ability to set up allowed paths for proxying.	2023-10-12 14:12:03 +01:00