- id: "ory:kratos:public"
  upstream:
    preserve_host: true
    url: "http://kratos:4433"
    strip_path: /.ory/kratos/public
  match:
    url: "http://oathkeeper:4455/.ory/kratos/public/<**>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "dashboard:anonymous"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{_next/**,auth/**,recovery,verify,error,favicon.ico}{/,}>"
    methods:
      - GET
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "dashboard:protected"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{,api/**,settings,uploads,downloads,payments}>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
    - handler: header
      config:
        headers:
          X-User: "{{ print .Subject }}"
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login

- id: "accounts:anonymous"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{health,stripe/prices,stripe/webhook}>"
    methods:
      - GET
      - POST
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "accounts:public"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{user/limits}>"
    methods:
      - GET
  authenticators:
    - handler: cookie_session
    - handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: id_token

- id: "accounts:protected"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{login,logout,user,user/uploads,user/downloads,user/stats}>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login