Security & Resilience

Out-of-the-box infrastructure protecting your core microservices.

1. Identity & Access Management (OIDC)

GO-DUCK generated apps utilize strict Keycloak JWT Authorization. No entity router functions without traversing the jwtAuthMiddleware and extracting structural properties of the connected user from the signed payload utilizing the pre-configured realm secret.

Golden Rule: In application-dev.yml, ensure your Keycloak Realm, ClientID, and Secret are accurately synced with the local running Docker Keycloak image.

2. Burst Protection (Rate Limiting)

Using the standard x/time/rate package, a Token Bucket rate limiter is attached to the Gin Engine globally to mitigate DDOS vectors and abusive scripting.

# Inside your application-prod.yml
go-duck:
  security:
    rate-limit:
      rps: 150.0  # Allow up to 150 Req/Sec
      burst: 300  # Burstable tokens

3. Sony/go-breaker (Circuit Breakers)

When a Microservice starts rejecting requests globally due to a failing dependent macro-service (e.g. Redis node goes down / DB locks / MQTT broker drops), your application handles this gracefully by "tripping" an open Circuit Breaker to prevent Request Queue Pile-ups.

resilience.Execute(func() (interface{}, error) {
    // Risky Network / DB Operations wrapped automatically!
    return s.repo.DB.First(&entity, req.Id).Error
})