A secure, lightweight proxy server for the RAWG API, built with Node.js, Express, and TypeScript. Optimised with Redis-based caching for fast response times and per-IP rate limiting.
Note: This proxy is designed for use with Gamely.
Why use it? It keeps your RAWG API key secure by handling all API requests server-side, preventing exposure in client-side code.
git clone https://github.com/Coookei/Gamely-Proxy.git
cd Gamely-ProxyThis project uses pnpm. If you don't have it installed yet, you can follow the pnpm install guide.
pnpm installCreate a .env file in the root directory.
Required:
API_URL=https://api.rawg.io/api/
API_KEY=your_rawg_api_key_here
WHITELISTED_ORIGINS=https://your-gamely-url.com/,http://localhost:5173/
UPSTASH_REDIS_REST_URL=your_upstash_redis_rest_url
UPSTASH_REDIS_REST_TOKEN=your_upstash_redis_rest_token- API_URL: The base URL for the RAWG API.
- API_KEY: Your personal RAWG API key. Get one here.
- WHITELISTED_ORIGINS: Comma-separated list of allowed frontend origins (e.g., your local or deployed Gamely app URLs).
- UPSTASH_REDIS_REST_URL / UPSTASH_REDIS_REST_TOKEN: Required for Redis-based caching and rate limiting. Get credentials here.
Optional (with defaults):
API_TIMEOUT=4000 # Timeout for RAWG API requests in ms (default: 4000)
MAX_EXTERNAL_CALLS=1000 # Max RAWG API calls per 24h (default: 1000)
RATE_LIMIT_PER_IP=200 # Max proxy requests per IP per hour (default: 200)
CACHE_DURATION=86400 # Redis cache duration in seconds (default: 86400)
PORT=3000 # Server port (default: 3000)
⚠️ Never commit your.envfile or API key to version control.
pnpm devOr for production:
pnpm build
pnpm startYou can deploy Gamely-Proxy in two main ways:
-
Standalone Node.js App:
Host on your own server, or use hosting platforms. Just make sure to set your environment variables on your hosting platform. -
Vercel (Serverless):
This project includes avercel.jsonfile for easy deployment to Vercel.- Push your code to a GitHub/GitLab/Bitbucket repo.
- Import the repo into Vercel.
- Set your environment variables (
API_KEY, etc.) in the Vercel dashboard. - Deploy!
All endpoints required for Gamely
-
GET /games
List games. Supports query params:genres,parent_platforms,ordering,search,page. -
GET /games/:slug
Get details for a specific game by slug. -
GET /games/:gameId/screenshots
Get screenshots for a specific game by numeric ID. -
GET /games/:gameId/movies
Get movies for a specific game by numeric ID.
GET /genres
List all genres.
GET /platforms/lists/parents
List parent platforms.
GET /health
Health check endpoint.
To use the proxy with your Gamely frontend app, update your frontend configuration to point to the proxy server's URL.
For detailed setup instructions, see the Gamely frontend setup guide.
This ensures all RAWG API requests from your frontend are securely routed through the proxy.
- Your RAWG API key is never exposed to the client or frontend code. All requests are proxied server-side.
- Supports CORS for safe cross-origin requests.
- Per-IP rate limiting and a global call budget are enforced using Upstash Redis to prevent abuse and accidental overuse.
- The proxy uses Helmet to set HTTP headers for enhanced security and disables the
x-powered-byheader. - All endpoints validate and sanitise incoming parameters to prevent misuse and ensure only safe, expected requests reach the RAWG API.
Keeping an external uptime monitor, such as Uptime Kuma, with alerting (email, Slack, Discord, etc.) helps you detect outages before users do and gives you time to intervene.
It is recommended to pair this proxy with automated alerts to ensure your infrastructure remains healthy and responsive.
Contributions, suggestions, and feedback are welcome!
Feel free to fork the repo and submit a pull request.
- Fork the project
- Create a new branch (
git checkout -b feature/your-feature) - Commit your changes (
git commit -m 'Add new feature') - Push to the branch (
git push origin feature/your-feature) - Open a Pull Request
This project is licensed under the MIT License.