Platform

aether-gateway

API gateway with auth, rate limiting, and geo routing

The aether-gateway crate provides the edge API gateway for Aether's backend services. It handles authentication middleware, rate limiting, geographic routing, health checks, request dispatching, and voice relay for real-time communication.

Overview

The gateway sits between clients and backend services, providing a unified entry point with cross-cutting concerns:

  • Auth middleware that validates JWT tokens and enforces authorization policies.
  • Rate limiting with configurable per-route and per-user limits.
  • Geographic routing that directs requests to the nearest regional backend.
  • Health checking that monitors downstream service availability.
  • Request dispatching with service discovery and load balancing.
  • Voice relay for NAT traversal and low-latency audio routing.

Key Types

Router

The HTTP request router with route matching, rate limiting, and service target resolution.

use aether_gateway::{Router, Route, HttpMethod, ServiceTarget, RateLimitRule};

let mut router = Router::new();
router.add_route(Route {
    method: HttpMethod::Post,
    path: "/api/v1/worlds".into(),
    target: ServiceTarget::WorldService,
    rate_limit: Some(RateLimitRule {
        requests_per_minute: 60,
    }),
});

AuthMiddleware

Validates authentication tokens on incoming requests.

use aether_gateway::{AuthMiddleware, AuthValidationPolicy, Token};

let auth = AuthMiddleware::new(AuthValidationPolicy {
    issuer: "aether-auth".into(),
    required_claims: vec!["sub".into(), "role".into()],
});
let result = auth.validate(&token)?;

RateLimiter

Enforces request rate limits per client or per route.

use aether_gateway::{RateLimiter, RateLimitPolicy, RateLimitStatus};

let limiter = RateLimiter::new(RateLimitPolicy {
    window_seconds: 60,
    max_requests: 100,
});
let status: RateLimitStatus = limiter.check(client_id);

GeoRoutingPolicy

Routes requests to the nearest regional backend based on client location.

use aether_gateway::{GeoRoutingPolicy, RegionLatencyProfile, RoutedRequest};

let policy = GeoRoutingPolicy::new(vec![
    RegionLatencyProfile { region: "us-east".into(), latency_ms: 20 },
    RegionLatencyProfile { region: "eu-west".into(), latency_ms: 80 },
]);
let routed = policy.route(&request);

HealthChecker

Periodically probes downstream services and reports their health status.

use aether_gateway::{HealthChecker, HealthCheckConfig, ServiceHealth};

let checker = HealthChecker::new(HealthCheckConfig {
    interval_seconds: 10,
    timeout_ms: 3000,
    unhealthy_threshold: 3,
});

RelaySession

Manages a voice relay session for NAT traversal between VR clients.

use aether_gateway::{RelaySession, RelayProfile, NatMode, RelayRegion};

let session = RelaySession::new(RelayProfile {
    nat_mode: NatMode::SymmetricNat,
    region: RelayRegion::Closest,
    max_bitrate_kbps: 64,
});

Usage Examples

Gateway Setup

use aether_gateway::{
    BackendRuntime, BackendRuntimeConfig, Router, AuthMiddleware,
    RateLimiter,
};

let config = BackendRuntimeConfig {
    listen_port: 8080,
    max_connections: 10000,
};

let mut router = Router::new();
// Register routes...

let runtime = BackendRuntime::new(config);

Request Flow

use aether_gateway::{Dispatcher, DispatchContext};

let dispatcher = Dispatcher::new();
let ctx = DispatchContext {
    route: matched_route,
    token: validated_token,
    client_region: "us-east".into(),
};
let response = dispatcher.dispatch(ctx, request).await?;