The source code ought to be modularized further so that the lib.rs may provide useful exports. There are two types to focus on exporting: ProxyServer and Authenticator. The Authenticator validates for the proxy server and ought be injected into the ProxyServer. This way, custom middleware implementations can take advantage of the validation behavior without needing to run the actual ProxyServer.

Currently all the paths defined in endpoints.json have to be explicitly defined. But this doesn't reflect how API's actually operate. Because of this, urls with options need to be mapped. Initially, the following combinations should be considered:

• /* using * as a wildcard
• api/{x} where x is some url variables within the {}
• api/{x}/{y} where x and y are url variables
• api/{x}/foo/{y}
• api/{x}/foo/{y}/bar

Currently the Moria is just using println!. A logger will need to be added if this is to be production ready.

• The endpoints.json file needs to be dynamically reconfigurable
• The config.json file needs to dynamically reconfigurable

Currently the memory footprint is very small at startup, but it appears to grow as the application runs. This is likely due to the usage of config.clone() and auth_map.clone(). There are two ways to immediately improve this that I can think of:

1. Shrink the size of the HashMap<String,AuthObj> called auth_map by restructuring it into a different structure. Currently, it has redundant values, such as the groups, which could be put into a Vec<String> and referenced from a Vec<usize> (or in the case of less than 256 groups, possibly even Vec<u8>).
2. Find a way to share the config and auth_map values between threads.

----- Edit -----

After doing some research, I've found that one way of rearing in this memory growth could be by explicitly defining the number of threads for actix-web to utilize.

• Add the number of threads to config.json
• If the number of threads is in config.json is zero, or some enormous number, print a warning and then use threads = (number of cores) * 2

This discovery doesn't invalidate the above code and in fact both configuration objects should probably be wrapped in Mutex so they can be updated while the service is running.

Reorganize and modularize the /src folder, breaking it apart into smaller .rs files.

SSL needs to be added to incoming requests and forwarding.

Currently there is a mock server that uses expressjs and has some basic throttling. This is perfectly fine for a testing mock, but it will need a wider variety of endpoints. Also, some kind of Javascript framework should be used for sending HTTP requests for the integration tests, rather than curl. Curl is nice and easy to use but bash is insufficient for the scale at which it will be needed. Also, more than one mock server will have to be defined, so that Moria's route inference can be tested more thoroughly.

• Add more endpoints and behavior to existing mocks.
• Add one or two additional mock servers.
• Add a javascript sub-project for sending HTTP requests to Moria.
• Enable ssl on all the above sub-projects.

The source code ought to be modularized further so that the lib.rs may provide useful exports. There are two types to focus on exporting: ProxyServer and Authenticator. The Authenticator validates for the proxy server and ought be injected into the ProxyServer. This way, custom middleware implementations can take advantage of the validation behavior without needing to run the actual ProxyServer.