- id: "ory:kratos:public" upstream: preserve_host: true url: "http://kratos:4433" strip_path: /.ory/kratos/public match: url: "http://oathkeeper:4455/.ory/kratos/public/<**>" methods: - GET - POST - PUT - DELETE - PATCH authenticators: - handler: noop authorizer: handler: allow mutators: - handler: noop - id: "dashboard:anonymous" upstream: preserve_host: true url: "http://dashboard:3000" match: url: "http://oathkeeper:4455/<{_next/*,auth/*,recovery,verify,error,favicon.ico}{/,}>" methods: - GET authenticators: - handler: anonymous authorizer: handler: allow mutators: - handler: noop - id: "dashboard:protected" upstream: preserve_host: true url: "http://dashboard:3000" match: url: "http://oathkeeper:4455/<{,api/*,settings,uploads,downloads,payments}>" methods: - GET - POST - PUT - DELETE - PATCH authenticators: - handler: cookie_session authorizer: handler: allow mutators: - handler: id_token - handler: header config: headers: X-User: "{{ print .Subject }}" errors: - handler: redirect config: to: http://127.0.0.1/auth/login - id: "accounts:anonymous" upstream: preserve_host: true url: "http://accounts:3000" match: url: "http://oathkeeper<{,:4455}>/<{stripe/prices,stripe/webhook}>" methods: - GET - POST authenticators: - handler: anonymous authorizer: handler: allow mutators: - handler: noop - id: "accounts:public" upstream: preserve_host: true url: "http://accounts:3000" match: url: "http://oathkeeper<{,:4455}>/<{user/limits}>" methods: - GET authenticators: - handler: cookie_session - handler: noop authorizer: handler: allow mutators: - handler: id_token - id: "accounts:protected" upstream: preserve_host: true url: "http://accounts:3000" match: url: "http://oathkeeper<{,:4455}>/<{login,logout,user,user/uploads,user/downloads,user/stats}>" methods: - GET - POST - PUT - DELETE - PATCH authenticators: - handler: cookie_session authorizer: handler: allow mutators: - handler: id_token errors: - handler: redirect config: to: http://127.0.0.1/auth/login