Update dependencies.

* Improve stats gathering.

README.md

@@ -15,6 +15,7 @@ This project is in active use by [telegram-bot.app](https://telegram-bot.app), a
   - [Configuration](#configuration)
   - [Speed](#speed)
     - [Caching](#caching)
+    - [Read-only endpoint](#read-only-endpoint)
   - [Security](#security)
     - [Role-based rate limiting](#role-based-rate-limiting)
     - [Read-only mode](#read-only-mode)
@@ -93,6 +94,7 @@ In this case, both proxy and websockets will be available under the `/v1/graphql
 | monitor    | Extracting the query name and type and adding it as a label to metrics|
 | monitor    | Calculating the query duration and adding it to the metrics           |
 | speed      | Caching the queries, together with per-query cache and TTL            |
+| speed      | Support for READ ONLY graphql endpoint                                |
 | security   | Blocking schema introspection                                         |
 | security   | Rate limiting queries based on user role                              |
 | security   | Blocking mutations in read-only mode                                  |
@@ -111,6 +113,7 @@ You can still use the non-prefixed environment variables in the spirit of the ba
 | `MONITORING_PORT`         | The port to expose the metrics endpoint  | `9393`                     |
 | `PORT_GRAPHQL`            | The port to expose the graphql endpoint  | `8080`                     |
 | `HOST_GRAPHQL`            | The host to proxy the graphql endpoint   | `http://localhost/` |
+| `HOST_GRAPHQL_READONLY`   | The host to proxy the read-only graphql endpoint | ``               |
 | `HEALTHCHECK_GRAPHQL_URL` | The URL to check the health of the graphql endpoint | `` |
 | `JWT_USER_CLAIM_PATH`     | Path to the user claim in the JWT token  | ``                         |
 | `JWT_ROLE_CLAIM_PATH`     | Path to the role claim in the JWT token  | ``                         |
@@ -156,6 +159,12 @@ query MyProducts @cached(refresh: true) {
 
 Since version `0.5.30` the cache is gzipped in the memory, which should optimise the memory usage quite significantly.
 
+#### Read-only endpoint
+
+You can now specify the read-only GraphQL endpoint by setting the `HOST_GRAPHQL_READONLY` environment variable. The default value is empty, preventing the proxy from using the read-only endpoint for the queries and directing all the requests to the main endpoint specified as `HOST_GRAPHQL`. If the `HOST_GRAPHQL_READONLY` is set, the proxy will use the read-only endpoint for the queries with the `query` type and the main endpoint for the `mutation` type queries. Format of the read-only endpoint is the same as `HOST_GRAPHQL` endpoint, for example `http://localhost:8080/`.
+
+You can check out the [example of combined deployment with RW and read-only hasura](static/kubernetes-single-deployment-with-ro.yaml).
+
 ### Security
 
 #### Role-based rate limiting

go.mod

@@ -3,20 +3,20 @@ module github.com/lukaszraczylo/graphql-monitoring-proxy
 go 1.21
 
 require (
-	github.com/VictoriaMetrics/metrics v1.33.0
-	github.com/avast/retry-go/v4 v4.5.1
+	github.com/VictoriaMetrics/metrics v1.33.1
+	github.com/avast/retry-go/v4 v4.6.0
 	github.com/buger/jsonparser v1.1.1
 	github.com/goccy/go-json v0.10.2
-	github.com/gofiber/fiber/v2 v2.52.2
+	github.com/gofiber/fiber/v2 v2.52.4
 	github.com/gofrs/flock v0.8.1
 	github.com/google/uuid v1.6.0
 	github.com/gookit/goutil v0.6.15
 	github.com/graphql-go/graphql v0.8.1
 	github.com/lukaszraczylo/ask v0.0.0-20230927103145-2ff1123b4415
 	github.com/lukaszraczylo/go-ratecounter v0.1.8
-	github.com/lukaszraczylo/go-simple-graphql v1.2.9
+	github.com/lukaszraczylo/go-simple-graphql v1.2.11
 	github.com/rs/zerolog v1.32.0
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/valyala/fasthttp v1.52.0
 )
 
@@ -24,7 +24,7 @@ require (
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gookit/color v1.5.4 // indirect
-	github.com/klauspost/compress v1.17.7 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -38,11 +38,11 @@ require (
 	github.com/valyala/tcplisten v1.0.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
-	golang.org/x/net v0.22.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,9 +1,9 @@
-github.com/VictoriaMetrics/metrics v1.33.0 h1:EnkDEaGiL2u95t+W76GfecC/LMYpy+tFrexYzBWQIAc=
-github.com/VictoriaMetrics/metrics v1.33.0/go.mod h1:r7hveu6xMdUACXvB8TYdAj8WEsKzWB0EkpJN+RDtOf8=
+github.com/VictoriaMetrics/metrics v1.33.1 h1:CNV3tfm2Kpv7Y9W3ohmvqgFWPR55tV2c7M2U6OIo+UM=
+github.com/VictoriaMetrics/metrics v1.33.1/go.mod h1:r7hveu6xMdUACXvB8TYdAj8WEsKzWB0EkpJN+RDtOf8=
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
-github.com/avast/retry-go/v4 v4.5.1 h1:AxIx0HGi4VZ3I02jr78j5lZ3M6x1E0Ivxa6b0pUUh7o=
-github.com/avast/retry-go/v4 v4.5.1/go.mod h1:/sipNsvNB3RRuT5iNcb6h73nw3IBmXJ/H3XrCQYSOpc=
+github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA=
+github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -13,8 +13,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofiber/fiber/v2 v2.52.2 h1:b0rYH6b06Df+4NyrbdptQL8ifuxw/Tf2DgfkZkDaxEo=
-github.com/gofiber/fiber/v2 v2.52.2/go.mod h1:KEOE+cXMhXG0zHc9d8+E38hoX+ZN7bhOtgeF2oT6jrQ=
+github.com/gofiber/fiber/v2 v2.52.4 h1:P+T+4iK7VaqUsq2PALYEfBBo6bJZ4q3FP8cZ84EggTM=
+github.com/gofiber/fiber/v2 v2.52.4/go.mod h1:KEOE+cXMhXG0zHc9d8+E38hoX+ZN7bhOtgeF2oT6jrQ=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -25,8 +25,8 @@ github.com/gookit/goutil v0.6.15 h1:mMQ0ElojNZoyPD0eVROk5QXJPh2uKR4g06slgPDF5Jo=
 github.com/gookit/goutil v0.6.15/go.mod h1:qdKdYEHQdEtyH+4fNdQNZfJHhI0jUZzHxQVAV3DaMDY=
 github.com/graphql-go/graphql v0.8.1 h1:p7/Ou/WpmulocJeEx7wjQy611rtXGQaAcXGqanuMMgc=
 github.com/graphql-go/graphql v0.8.1/go.mod h1:nKiHzRM0qopJEwCITUuIsxk9PlVlwIiiI8pnJEhordQ=
-github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
-github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -40,6 +40,8 @@ github.com/lukaszraczylo/go-ratecounter v0.1.8 h1:ZYm6Wkn58ZAlFWRmC7PaD4oAYHWcu8
 github.com/lukaszraczylo/go-ratecounter v0.1.8/go.mod h1:TqXEOCtFJStk1i0tkipprv1kiDHGon1MVUisjSTBSKM=
 github.com/lukaszraczylo/go-simple-graphql v1.2.9 h1:JKIvAw+4O8vwTv2rZKKRtn0DjLbM8XdKXZHns31Ntvc=
 github.com/lukaszraczylo/go-simple-graphql v1.2.9/go.mod h1:YOX06PIgxUyFDJZu5FFFo/9FyGTFSh9Zuld2bU8DywU=
+github.com/lukaszraczylo/go-simple-graphql v1.2.11 h1:8CizBy+V3JHIGD606Ht9P9oQV/JBEmVGhRH9H1YjtGk=
+github.com/lukaszraczylo/go-simple-graphql v1.2.11/go.mod h1:qmPOf+qPtWTB0Vc0jJGs85hTvFNdIQfIHcS2cIXbCW4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -61,8 +63,8 @@ github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUz
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0=
 github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0=
@@ -77,19 +79,19 @@ github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavM
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

graphql.go

@@ -56,13 +56,14 @@ func prepareQueriesAndExemptions() {
 }
 
 type parseGraphQLQueryResult struct {
-	operationType string
-	operationName string
-	cacheTime     int
-	cacheRequest  bool
-	cacheRefresh  bool
-	shouldBlock   bool
-	shouldIgnore  bool
+	operationType  string
+	operationName  string
+	activeEndpoint string
+	cacheTime      int
+	cacheRequest   bool
+	cacheRefresh   bool
+	shouldBlock    bool
+	shouldIgnore   bool
 }
 
 func parseGraphQLQuery(c *fiber.Ctx) (res *parseGraphQLQueryResult) {
@@ -70,7 +71,7 @@ func parseGraphQLQuery(c *fiber.Ctx) (res *parseGraphQLQueryResult) {
 	m := make(map[string]interface{})
 	err := json.Unmarshal(c.Body(), &m)
 	if err != nil {
-		cfg.Logger.Debug("Can't unmarshal the request", map[string]interface{}{"error": err.Error(), "body": string(c.Body())})
+		cfg.Logger.Error("Can't unmarshal the request", map[string]interface{}{"error": err.Error(), "body": string(c.Body())})
 		if ifNotInTest() {
 			cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)
 		}
@@ -97,15 +98,23 @@ func parseGraphQLQuery(c *fiber.Ctx) (res *parseGraphQLQueryResult) {
 
 	res.shouldIgnore = false
 	res.operationName = "undefined"
+	res.activeEndpoint = cfg.Server.HostGraphQL
+
 	for _, d := range p.Definitions {
 		if oper, ok := d.(*ast.OperationDefinition); ok {
-			res.operationType = oper.Operation
+			res.operationType = strings.ToLower(oper.Operation)
 
 			if oper.Name != nil {
 				res.operationName = oper.Name.Value
 			}
 
-			if strings.ToLower(res.operationType) == "mutation" && cfg.Server.ReadOnlyMode {
+			// If the query is a mutation then direct it to the RW endpoint,
+			// otherwise direct it to the RO endpoint if it's set.
+			if cfg.Server.HostGraphQLReadOnly != "" && res.operationType != "mutation" {
+				res.activeEndpoint = cfg.Server.HostGraphQLReadOnly
+			}
+
+			if res.operationType == "mutation" && cfg.Server.ReadOnlyMode {
 				cfg.Logger.Warning("Mutation blocked", m)
 				if ifNotInTest() {
 					cfg.Monitoring.Increment(libpack_monitoring.MetricsSkipped, nil)

main.go

@@ -39,6 +39,7 @@ func parseConfig() {
 	c.Server.PortGraphQL = getDetailsFromEnv("PORT_GRAPHQL", 8080)
 	c.Server.PortMonitoring = getDetailsFromEnv("MONITORING_PORT", 9393)
 	c.Server.HostGraphQL = getDetailsFromEnv("HOST_GRAPHQL", "http://localhost/")
+	c.Server.HostGraphQLReadOnly = getDetailsFromEnv("HOST_GRAPHQL_READONLY", "")
 	c.Client.JWTUserClaimPath = getDetailsFromEnv("JWT_USER_CLAIM_PATH", "")
 	c.Client.JWTRoleClaimPath = getDetailsFromEnv("JWT_ROLE_CLAIM_PATH", "")
 	c.Client.RoleFromHeader = getDetailsFromEnv("ROLE_FROM_HEADER", "")

monitoring/helpers.go

@@ -3,57 +3,78 @@ package libpack_monitoring
 import (
 	"fmt"
 	"os"
-	"sort"
 	"strings"
+	"unicode"
 
 	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
 )
 
 func (ms *MetricsSetup) get_metrics_name(name string, labels map[string]string) (complete_name string) {
-	var err error
 	if labels == nil {
 		labels = make(map[string]string)
 	}
+
+	// Adding default labels
 	labels["microservice"] = libpack_config.PKG_NAME
-	labels["pod"], err = os.Hostname()
-	if err != nil {
+	if podName, err := os.Hostname(); err == nil {
+		labels["pod"] = podName
+	} else {
 		labels["pod"] = "unknown"
 	}
 
+	var sb strings.Builder
 	if ms.metrics_prefix != "" {
-		complete_name = ms.metrics_prefix + "_" + name
-	} else {
-		complete_name = name
+		sb.WriteString(ms.metrics_prefix)
+		sb.WriteString("_")
 	}
-	if labels != nil {
-		keys := make([]string, 0, len(labels))
-		for k := range labels {
-			keys = append(keys, k)
+	sb.WriteString(name)
+
+	if len(labels) > 0 {
+		sb.WriteString("{")
+		first := true
+		for k, v := range labels {
+			if !first {
+				sb.WriteString(",")
+			}
+			sb.WriteString(k)
+			sb.WriteString("=\"")
+			sb.WriteString(v)
+			sb.WriteString("\"")
+			first = false
 		}
-		sort.Strings(keys)
-		complete_name += "{"
-		for _, k := range keys {
-			complete_name += k + "=\"" + labels[k] + "\","
-		}
-		complete_name = strings.TrimSuffix(complete_name, ",")
-		complete_name += "}"
+		sb.WriteString("}")
 	}
-	return
+
+	return sb.String()
 }
 
 // validate_metrics_name validates the name of the metric to adhere to the Prometheus naming conventions
 // https://prometheus.io/docs/practices/naming/
 func validate_metrics_name(name string) error {
-	// replace all spaces with underscores and remove all other non-alphanumeric characters
-	name_new := strings.ReplaceAll(name, " ", "_")
-	name_new = strings.Map(func(r rune) rune {
-		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '_' {
-			return r
+	var sb strings.Builder // Use strings.Builder for efficient string concatenation
+
+	// Track if the last character was an underscore to avoid duplicate underscores
+	lastWasUnderscore := false
+
+	for _, r := range name {
+		// Convert spaces to underscores and skip non-alphanumeric characters except underscores
+		if r == ' ' || (unicode.IsLetter(r) || unicode.IsDigit(r) || r == '_') {
+			if r == ' ' || r == '_' {
+				if lastWasUnderscore {
+					continue // Skip if the previous character was also an underscore
+				}
+				r = '_' // Convert spaces to underscores
+				lastWasUnderscore = true
+			} else {
+				lastWasUnderscore = false
+			}
+			sb.WriteRune(r) // Add valid characters to the builder
 		}
-		return -1
-	}, name_new)
-	name_new = strings.ReplaceAll(name_new, "__", "_")
-	name_new = strings.Trim(name_new, "_")
+	}
+	// Trim leading and trailing underscores
+	name_new := strings.Trim(sb.String(), "_")
+
+	// Check if the processed name matches the original input
 	if name_new != name {
 		return fmt.Errorf("Invalid metric name: %s, expected %s", name, name_new)
 	}

proxy.go

@@ -28,7 +28,7 @@ func createFasthttpClient(timeout int) *fasthttp.Client {
 	}
 }
 
-func proxyTheRequest(c *fiber.Ctx) error {
+func proxyTheRequest(c *fiber.Ctx, currentEndpoint string) error {
 	if !checkAllowedURLs(c) {
 		cfg.Logger.Error("Request blocked", map[string]interface{}{"path": c.Path()})
 		if ifNotInTest() {
@@ -46,7 +46,7 @@ func proxyTheRequest(c *fiber.Ctx) error {
 
 	err := retry.Do(
 		func() error {
-			errInt := proxy.DoRedirects(c, cfg.Server.HostGraphQL+c.Path(), 3, cfg.Client.FastProxyClient)
+			errInt := proxy.DoRedirects(c, currentEndpoint+c.Path(), 3, cfg.Client.FastProxyClient)
 			if errInt != nil {
 				cfg.Logger.Error("Can't proxy the request", map[string]interface{}{"error": errInt.Error()})
 				if ifNotInTest() {

proxy_test.go

@@ -12,37 +12,48 @@ func (suite *Tests) Test_proxyTheRequest() {
 	}
 
 	tests := []struct {
-		name    string
-		query   string
-		host    string
-		path    string
 		headers map[string]string
+		name    string
+		body    string
+		host    string
+		hostRO  string
+		path    string
 		wantErr bool
 	}{
 		{
-			name: "test_empty",
-			query: `query {
-				__type(name: "Query") {
-					name
-				}
-			}`,
+			name:    "test_empty",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
 			host:    "https://telegram-bot.app/",
 			path:    "/v1/graphql",
 			headers: supplied_headers,
 			wantErr: false,
 		},
 		{
-			name: "test_wrong_url",
-			query: `query {
-				__type(name: "Query") {
-					name
-				}
-			}`,
+			name:    "test_wrong_url",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
 			host:    "https://google.com/",
 			path:    "/v1/wrongURL",
 			headers: supplied_headers,
 			wantErr: true,
 		},
+		{
+			name:    "Test read only mode",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:    "https://google.com/",
+			hostRO:  "https://telegram-bot.app/",
+			path:    "/v1/graphql",
+			headers: supplied_headers,
+			wantErr: false,
+		},
+		{
+			name:    "Test read only mode wrong host",
+			body:    `{"query":"query {\n            __type(name: \"Query\") {\n              name\n            }\n          }"}`,
+			host:    "https://telegram-bot.app/",
+			hostRO:  "https://google.com/",
+			path:    "/v1/graphql",
+			headers: supplied_headers,
+			wantErr: true,
+		},
 	}
 
 	for _, tt := range tests {
@@ -52,6 +63,10 @@ func (suite *Tests) Test_proxyTheRequest() {
 			parseConfig()
 			cfg.Server.HostGraphQL = tt.host
 
+			if tt.hostRO != "" {
+				cfg.Server.HostGraphQLReadOnly = tt.hostRO
+			}
+
 			ctx_headers := func() *fasthttp.RequestHeader {
 				h := fasthttp.RequestHeader{}
 				for k, v := range tt.headers {
@@ -63,15 +78,15 @@ func (suite *Tests) Test_proxyTheRequest() {
 			ctx_request := fasthttp.Request{
 				Header: *ctx_headers,
 			}
+			ctx_request.SetBody([]byte(tt.body))
 			ctx_request.SetRequestURI(tt.path)
 			ctx_request.Header.SetMethod("POST")
-
 			ctx := suite.app.AcquireCtx(&fasthttp.RequestCtx{
 				Request: ctx_request,
 			})
-
+			res := parseGraphQLQuery(ctx)
 			assert.NotNil(ctx, "Fiber context is nil", tt.name)
-			err := proxyTheRequest(ctx)
+			err := proxyTheRequest(ctx, res.activeEndpoint)
 			if tt.wantErr {
 				assert.NotNil(err, "Error is nil", tt.name)
 			} else {

server.go

@@ -37,7 +37,7 @@ func StartHTTPProxy() {
 	server.Get("/livez", healthCheck)
 
 	server.Post("/*", processGraphQLRequest)
-	server.Get("/*", proxyTheRequest)
+	server.Get("/*", proxyTheRequestToDefault)
 
 	cfg.Logger.Info("GraphQL query proxy started", map[string]interface{}{"port": cfg.Server.PortGraphQL})
 	err := server.Listen(fmt.Sprintf(":%d", cfg.Server.PortGraphQL))
@@ -46,6 +46,10 @@ func StartHTTPProxy() {
 	}
 }
 
+func proxyTheRequestToDefault(c *fiber.Ctx) error {
+	return proxyTheRequest(c, cfg.Server.HostGraphQL)
+}
+
 func AddRequestUUID(c *fiber.Ctx) error {
 	c.Locals("request_uuid", uuid.NewString())
 	return c.Next()
@@ -118,7 +122,7 @@ func processGraphQLRequest(c *fiber.Ctx) error {
 
 	if parsedResult.shouldIgnore {
 		cfg.Logger.Debug("Request passed as-is - probably not a GraphQL")
-		return proxyTheRequest(c)
+		return proxyTheRequest(c, parsedResult.activeEndpoint)
 	}
 
 	if parsedResult.cacheTime > 0 {
@@ -153,10 +157,10 @@ func processGraphQLRequest(c *fiber.Ctx) error {
 			wasCached = true
 		} else {
 			cfg.Logger.Debug("Cache miss", map[string]interface{}{"hash": queryCacheHash, "user_id": extractedUserID, "request_uuid": c.Locals("request_uuid")})
-			proxyAndCacheTheRequest(c, queryCacheHash, parsedResult.cacheTime)
+			proxyAndCacheTheRequest(c, queryCacheHash, parsedResult.cacheTime, parsedResult.activeEndpoint)
 		}
 	} else {
-		proxyTheRequest(c)
+		proxyTheRequest(c, parsedResult.activeEndpoint)
 	}
 
 	timeTaken := time.Since(startTime)
@@ -168,8 +172,8 @@ func processGraphQLRequest(c *fiber.Ctx) error {
 }
 
 // Additional helper function to avoid code repetition
-func proxyAndCacheTheRequest(c *fiber.Ctx, queryCacheHash string, cacheTime int) {
-	err := proxyTheRequest(c)
+func proxyAndCacheTheRequest(c *fiber.Ctx, queryCacheHash string, cacheTime int, currentEndpoint string) {
+	err := proxyTheRequest(c, currentEndpoint)
 	if err != nil {
 		cfg.Logger.Error("Can't proxy the request", map[string]interface{}{"error": err.Error()})
 		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)

static/kubernetes-single-deployment-with-ro.yaml

@@ -0,0 +1,165 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hasura-w-proxy-internal
+      type: support
+  template:
+    metadata:
+      labels:
+        app: hasura-w-proxy-internal
+        type: support
+    spec:
+      securityContext:
+        runAsUser: 65534 # nobody
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/worker
+                    operator: Exists
+      containers:
+        - name: hasura
+          image: hasura/graphql-engine:v2.33.1-ce
+          ports:
+            - name: hasura-internal
+              containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 30
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "512Mi"
+          env:
+            - name: HASURA_GRAPHQL_DATABASE_URL
+              value: postgres://postgres:xxx@yyy:5432/postgres
+            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+              value: "true"
+            - name: HASURA_GRAPHQL_DEV_MODE
+              value: "true"
+            - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+              value: "false"
+            - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+              value: "inherited_roles"
+            - name: HASURA_GRAPHQL_PG_CONNECTIONS
+              value: "20"
+            - name: HASURA_GRAPHQL_LOG_LEVEL
+              value: "error"
+
+        - name: hasura-ro
+          image: hasura/graphql-engine:v2.33.1-ce
+          ports:
+            - name: hasura-internal-ro
+              containerPort: 8088
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8088
+            initialDelaySeconds: 30
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "512Mi"
+          env:
+            - name: HASURA_GRAPHQL_DATABASE_URL
+              value: postgres://postgres:xxx@yyy.read-only:5432/postgres
+              # POINT METADATA TO THE RW database (!!!)
+            - name: HASURA_GRAPHQL_METADATA_DATABASE_URL
+              value: postgres://postgres:xxx@yyy:5432/postgres
+            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
+              value: "true"
+            - name: HASURA_GRAPHQL_DEV_MODE
+              value: "true"
+            - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
+              value: "false"
+            - name: HASURA_GRAPHQL_EXPERIMENTAL_FEATURES
+              value: "inherited_roles"
+            - name: HASURA_GRAPHQL_PG_CONNECTIONS
+              value: "20"
+            - name: HASURA_GRAPHQL_LOG_LEVEL
+              value: "error"
+            - name: HASURA_GRAPHQL_SERVER_PORT
+              value: "8088"
+
+        - name: graphql-proxy
+          image: ghcr.io/lukaszraczylo/graphql-monitoring-proxy:latest
+          imagePullPolicy: Always
+          resources:
+            limits:
+              cpu: "1"
+              memory: "640Mi"
+            requests:
+              cpu: "0.75"
+              memory: "128Mi"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          ports:
+            - name: web
+              containerPort: 8181
+            - name: monitoring
+              containerPort: 9393
+          env:
+            - name: PORT_GRAPHQL
+              value: "8181"
+            - name: MONITORING_PORT
+              value: "9393"
+            - name: HOST_GRAPHQL
+              value: http://localhost:8080/
+            - name: HOST_GRAPHQL_READONLY
+              value: http://localhost:8088/
+            - name: ENABLE_GLOBAL_CACHE
+              value: "true"
+            - name: CACHE_TTL
+              value: "10"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hasura-w-proxy-internal
+  labels:
+    app: hasura-w-proxy-internal
+    type: support
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9393"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: hasura
+      port: 8080
+      targetPort: 8080
+    - name: hasura-ro
+      port: 8088
+      targetPort: 8088
+    - name: proxy
+      port: 8181
+      targetPort: 8181
+    - name: monitoring
+      port: 9393
+      targetPort: 9393
+  selector:
+    app: hasura-w-proxy-internal
+    type: support
+  type: ClusterIP

struct_config.go

@@ -33,16 +33,17 @@ type config struct {
 		BlockIntrospection   bool
 	}
 	Server struct {
-		HostGraphQL        string
-		HealthcheckGraphQL string
-		AllowURLs          []string
-		PortGraphQL        int
-		PortMonitoring     int
-		ApiPort            int
-		PurgeEvery         int
-		AccessLog          bool
-		ReadOnlyMode       bool
-		EnableApi          bool
-		PurgeOnCrawl       bool
+		HostGraphQL         string
+		HostGraphQLReadOnly string
+		HealthcheckGraphQL  string
+		AllowURLs           []string
+		PortGraphQL         int
+		PortMonitoring      int
+		ApiPort             int
+		PurgeEvery          int
+		AccessLog           bool
+		ReadOnlyMode        bool
+		EnableApi           bool
+		PurgeOnCrawl        bool
 	}
 }