This repository has been archived on 2022-10-07. You can view files and clone it, but cannot push or open issues or pull requests.
skynet-webportal/docker/kratos/oathkeeper/access-rules.yml

88 lines
1.9 KiB
YAML
Raw Normal View History

2020-12-15 16:22:31 +00:00
- id: "ory:kratos:public"
2020-12-09 12:50:17 +00:00
upstream:
preserve_host: true
2021-02-09 10:22:23 +00:00
url: "http://kratos:4433"
2020-12-09 12:50:17 +00:00
strip_path: /.ory/kratos/public
match:
url: "http://oathkeeper:4455/.ory/kratos/public/<**>"
methods:
- GET
- POST
- PUT
- DELETE
- PATCH
authenticators:
2020-12-15 16:22:31 +00:00
- handler: noop
2020-12-09 12:50:17 +00:00
authorizer:
handler: allow
mutators:
2021-02-09 10:43:23 +00:00
- handler: noop
2021-02-11 22:06:00 +00:00
# - handler: hydrator
# config:
# api:
# url: http://dashboard:3000/api/hydrator
# - handler: cookie
# config:
# cookies:
# user: "{{ print .Subject }}"
# some-arbitrary-data: "{{ print .Extra.foo }}"
2020-12-09 12:50:17 +00:00
2021-02-03 14:06:44 +00:00
- id: "dashboard:anonymous"
2020-12-09 12:50:17 +00:00
upstream:
preserve_host: true
2021-02-03 14:06:44 +00:00
url: "http://dashboard:3000"
2020-12-09 12:50:17 +00:00
match:
2021-02-16 11:29:27 +00:00
url: "http://oathkeeper:4455/<{_next/*,auth/*,recovery,verify,error}{/,}>"
2020-12-09 12:50:17 +00:00
methods:
- GET
authenticators:
2020-12-15 16:22:31 +00:00
- handler: anonymous
2020-12-09 12:50:17 +00:00
authorizer:
handler: allow
mutators:
2020-12-15 16:22:31 +00:00
- handler: noop
2020-12-09 12:50:17 +00:00
2021-02-03 14:06:44 +00:00
- id: "dashboard:protected"
2020-12-09 12:50:17 +00:00
upstream:
preserve_host: true
2021-02-03 14:06:44 +00:00
url: "http://dashboard:3000"
2020-12-09 12:50:17 +00:00
match:
2021-02-17 11:17:52 +00:00
url: "http://oathkeeper:4455/<{,api/*,settings,uploads,downloads,payments}>"
2020-12-09 12:50:17 +00:00
methods:
- GET
2021-02-24 14:24:22 +00:00
- POST
2020-12-09 12:50:17 +00:00
authenticators:
2020-12-15 16:22:31 +00:00
- handler: cookie_session
2020-12-09 12:50:17 +00:00
authorizer:
handler: allow
mutators:
- handler: id_token
2021-02-22 16:14:35 +00:00
- handler: header
config:
headers:
X-User: "{{ print .Subject }}"
2020-12-09 12:50:17 +00:00
errors:
- handler: redirect
config:
2020-12-16 12:08:51 +00:00
to: http://127.0.0.1/auth/login
2020-12-15 16:22:31 +00:00
- id: "accounts"
upstream:
preserve_host: true
url: "http://accounts:3000"
match:
2021-02-22 16:14:35 +00:00
url: "http://oathkeeper<{,:4455}>/<{user,user/**,login,logout}>"
2020-12-15 16:34:07 +00:00
methods:
- GET
2021-02-15 00:12:38 +00:00
- POST
2020-12-15 16:22:31 +00:00
authenticators:
- handler: cookie_session
authorizer:
handler: allow
mutators:
- handler: id_token
errors:
2021-02-11 17:54:13 +00:00
- handler: redirect
config:
to: http://127.0.0.1/auth/login