skynet-webportal/docker/kratos/oathkeeper/access-rules.yml

- id: "ory:kratos:public"
  upstream:
    preserve_host: true
    url: "http://kratos:4433"
    strip_path: /.ory/kratos/public
  match:
    url: "http://oathkeeper:4455/.ory/kratos/public/<**>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "dashboard:anonymous"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{_next/*,auth/*,recovery,verify,error,favicon.ico}{/,}>"
    methods:
      - GET
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "dashboard:protected"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{,api/*,settings,uploads,downloads,payments}>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
    - handler: header
      config:
        headers:
          X-User: "{{ print .Subject }}"
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login

- id: "accounts:anonymous"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{stripe/prices,stripe/webhook}>"
    methods:
      - GET
      - POST
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "accounts:public"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{user/limits}>"
    methods:
      - GET
  authenticators:
    - handler: cookie_session
    - handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: id_token

- id: "accounts:protected"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{login,logout,user,user/uploads,user/downloads,user/stats}>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login
Accounts (#554) * stripe env * stripe env * stripe env * allow post * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * favicon * foo * foo * foo * foo * foo * foo * title * fix dashboard timestamp * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * prices * Revert "prices" This reverts commit 7071ed4ef4641bc7a7247f2b56ba1159c9606112. * Make sure we don't accidentally commit `kratos.yml`. * Add Oathkeeper access rules for Stripe. * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * Add `max_breaches` to Kratos's sample config file. * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * cache .next folder * Use own fork of Kratos's `master` in order to get the fix for the migrations issue. * Don't retry running Kratos migrations. * payments * restart: no * no * no * no * no * no * no * no * no * no * payments * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * limits * limits * nginx depends on accounts and kratos-migrate depends on cockroach. * upload limit rate * upload limit rate - 2 * upload limit rate - 3 * upload limit rate - 4 * upload limit rate - 5 * upload limit rate - 6 * upload limit rate - 7 * upload limit rate - 8 * upload limit rate - 9 * forgotten password link * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * copy to clipboard * fix ratelimit issue * Allow access to the stripe webhook. * enable allow_promotion_codes * Allow POST on webhook. * Add all env vars accounts need to docker-compose. * Don't use custom port for accounts. * print recovery * recovery sign up link * refactor cors header response * refactor cors header response * do not log unauthorized * fix registration link * settings logging * update node and tailwindcss * move webapp from volume * host 0.0.0.0 * refactor dockerfile * enable accounts * cache public * uncache public * remove cache control * no-cache * no cache * Do not use the person's name for registration. * add verify route * add verify route * add verify route * Go back to using the stock kratos image. * add verify route * fix settings link * clean up verify flow * refactor Dockerfile * Remove first and last name from used traits. * Remove account verification via email. * Allow additional properties. * Cookies and tokens last for 30 days now. * Rename secure.siasky.net to account.siasky.net. * redirect secure to account Co-authored-by: Ivaylo Novakov <inovakov@gmail.com> Co-authored-by: Ivaylo Novakov <ro-tex@users.noreply.github.com> 2021-04-01 13:15:37 +00:00			`- id: "ory:kratos:public"`
			`upstream:`
			`preserve_host: true`
			`url: "http://kratos:4433"`
			`strip_path: /.ory/kratos/public`
			`match:`
			`url: "http://oathkeeper:4455/.ory/kratos/public/<**>"`
			`methods:`
			`- GET`
			`- POST`
			`- PUT`
			`- DELETE`
			`- PATCH`
			`authenticators:`
			`- handler: noop`
			`authorizer:`
			`handler: allow`
			`mutators:`
			`- handler: noop`

			`- id: "dashboard:anonymous"`
			`upstream:`
			`preserve_host: true`
			`url: "http://dashboard:3000"`
			`match:`
			`url: "http://oathkeeper:4455/<{_next/,auth/,recovery,verify,error,favicon.ico}{/,}>"`
			`methods:`
			`- GET`
			`authenticators:`
			`- handler: anonymous`
			`authorizer:`
			`handler: allow`
			`mutators:`
			`- handler: noop`

			`- id: "dashboard:protected"`
			`upstream:`
			`preserve_host: true`
			`url: "http://dashboard:3000"`
			`match:`
			`url: "http://oathkeeper:4455/<{,api/*,settings,uploads,downloads,payments}>"`
			`methods:`
			`- GET`
			`- POST`
			`- PUT`
			`- DELETE`
			`- PATCH`
			`authenticators:`
			`- handler: cookie_session`
			`authorizer:`
			`handler: allow`
			`mutators:`
			`- handler: id_token`
			`- handler: header`
			`config:`
			`headers:`
			`X-User: "{{ print .Subject }}"`
			`errors:`
			`- handler: redirect`
			`config:`
			`to: http://127.0.0.1/auth/login`

			`- id: "accounts:anonymous"`
			`upstream:`
			`preserve_host: true`
			`url: "http://accounts:3000"`
			`match:`
			`url: "http://oathkeeper<{,:4455}>/<{stripe/prices,stripe/webhook}>"`
			`methods:`
			`- GET`
			`- POST`
			`authenticators:`
			`- handler: anonymous`
			`authorizer:`
			`handler: allow`
			`mutators:`
			`- handler: noop`

			`- id: "accounts:public"`
			`upstream:`
			`preserve_host: true`
			`url: "http://accounts:3000"`
			`match:`
			`url: "http://oathkeeper<{,:4455}>/<{user/limits}>"`
			`methods:`
			`- GET`
			`authenticators:`
			`- handler: cookie_session`
			`- handler: noop`
			`authorizer:`
			`handler: allow`
			`mutators:`
			`- handler: id_token`

			`- id: "accounts:protected"`
			`upstream:`
			`preserve_host: true`
			`url: "http://accounts:3000"`
			`match:`
			`url: "http://oathkeeper<{,:4455}>/<{login,logout,user,user/uploads,user/downloads,user/stats}>"`
			`methods:`
			`- GET`
			`- POST`
			`- PUT`
			`- DELETE`
			`- PATCH`
			`authenticators:`
			`- handler: cookie_session`
			`authorizer:`
			`handler: allow`
			`mutators:`
			`- handler: id_token`
			`errors:`
			`- handler: redirect`
			`config:`
			`to: http://127.0.0.1/auth/login`