Central Express.js service handling auth, API proxying, billing, monitoring, and admin
The gateway is the single entry point for all authenticated traffic. It runs as a systemd-managed Node.js process on port 3000 (localhost only, fronted by nginx). It handles user authentication, session management, API request proxying to the correct slice, Stripe billing webhooks, health monitoring, and admin endpoints.
| File |
Purpose |
src/index.ts |
Express app, middleware stack, route mounting, WebSocket upgrade handler |
src/auth.ts |
Register, login, logout, session management (/auth/*) |
src/proxy.ts |
Session validation, API request proxying to slice port |
src/admin.ts |
Dashboard API, slice management, telemetry endpoints (/admin/*) |
src/billing.ts |
Stripe checkout, portal, webhook handling (/billing/*) |
src/orchestrator.ts |
Slice provisioning and destruction API (/orchestrator/*) |
src/provisioner.ts |
Core provisioning logic — creates DB, schema, Docker container |
src/monitor.ts |
60-second health monitoring loop, telemetry collection |
src/health.ts |
Gateway health check endpoint (/health) |
src/database.ts |
PostgreSQL connection pool (max 20 connections) |
POST /billing/webhook — Stripe raw body handler (before JSON parser)- Middleware: helmet, morgan, cors, express.json, cookieParser
/auth — Authentication routes/health — Health check (no auth)/admin — Admin dashboard (session or API key)/orchestrator — Provisioning (API key only)/billing — Subscription management (session auth)/api — Proxied to user’s slice (session auth)/socket.io — WebSocket proxy to slice (session auth)
The proxy middleware:
- Reads the
session cookie from the request
- Queries: session → user → slice_id → slice port
- Creates an
http-proxy-middleware instance targeting http://127.0.0.1:{port}
- Forwards the request with the original URL path preserved
WebSocket upgrades use the same session-to-port resolution, handling the HTTP upgrade protocol.
| Variable |
Purpose |
NODE_ENV |
production |
PORT |
3000 |
DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD |
Gateway database connection |
ADMIN_KEY |
API key for admin/orchestrator endpoints |
SLICE_DB_PASSWORD |
Password for per-slice database connections |
STRIPE_SECRET_KEY |
Stripe API (empty = billing disabled) |
STRIPE_WEBHOOK_SECRET |
Stripe webhook verification |
STRIPE_PRICE_ID |
Subscription price ID |
APP_URL |
https://app.ipnoelp.io |
| Endpoint |
Method |
Auth |
Body/Response |
/auth/register |
POST |
None |
{email, password} → Sets session cookie, returns user + sliceAssigned |
/auth/login |
POST |
None |
{email, password} → Sets session cookie, returns user + slice |
/auth/logout |
POST |
Session |
Clears session cookie |
/auth/me |
GET |
Session |
Returns user + slice info, extends session (rolling 30-day) |
| Endpoint |
Method |
Auth |
Purpose |
/admin/dashboard |
GET |
Session/Key |
Full overview: server stats, slices, users, app metrics |
/admin/slice/:id |
GET |
Session/Key |
Slice drill-down: 24h telemetry, app metrics, container |
/admin/telemetry/server |
GET |
Session/Key |
Server telemetry time-series (?hours=N, max 168) |
/admin/telemetry/slices |
GET |
Session/Key |
Per-slice telemetry time-series |
/admin/users |
GET |
Key |
List all users with slice info |
/admin/slices |
POST |
Key |
Create slice. Body: {port} |
/admin/slices/:id |
DELETE |
Key |
Delete slice |
/admin/slices/:id/status |
POST |
Key |
Update status. Body: {status} |
| Endpoint |
Method |
Purpose |
/orchestrator/provision |
POST |
Provision new slice (DB + container + register) |
/orchestrator/destroy/:sliceId |
POST |
Destroy slice (stop + drop DB + delete data) |
/orchestrator/status |
GET |
All slices + containers + memory overview |
| Endpoint |
Method |
Auth |
Purpose |
/billing/create-checkout |
POST |
Session |
Generate Stripe Checkout URL |
/billing/portal |
GET |
Session |
Stripe Customer Portal URL |
/billing/status |
GET |
Session |
Current subscription status |
/billing/webhook |
POST |
Stripe sig |
Webhook events (checkout, payment, cancellation) |
express 4.x, cors, helmet, morgan, cookie-parser, cookie, http-proxy-middleware, pg, bcryptjs, stripe
| From |
To |
Protocol |
Purpose |
| nginx |
Gateway |
HTTP :3000 |
Reverse proxy all API/auth/admin traffic |
| Gateway |
Slice |
HTTP :500X |
Proxy authenticated API requests |
| Gateway |
Slice |
WebSocket :500X |
Proxy Socket.io connections |
| Gateway |
PostgreSQL |
TCP :5432 |
Session/user/slice lookups (wank_saas) |
| Gateway |
Slice DBs |
TCP :5432 |
App metrics queries (wa_slice_N) |
| Gateway |
Docker |
CLI |
Container health, stats, start/stop |
| Stripe |
Gateway |
HTTPS webhook |
Payment events |
Deployed and running as systemd service wank-gateway.service. Auto-restarts on failure.