skynet-webportal/docker/kratos/oathkeeper/access-rules.yml

- id: "ory:kratos:public"
  upstream:
    preserve_host: true
    url: "http://kratos:4433"
    strip_path: /.ory/kratos/public
  match:
    url: "http://oathkeeper:4455/.ory/kratos/public/<**>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: noop
    # - handler: hydrator
    #   config:
    #     api:
    #       url: http://dashboard:3000/api/hydrator
    # - handler: cookie
    #   config:
    #     cookies:
    #       user: "{{ print .Subject }}"
    #       some-arbitrary-data: "{{ print .Extra.foo }}"

- id: "dashboard:anonymous"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{_next/*,auth/*,recovery,verify,error}{/,}>"
    methods:
      - GET
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "dashboard:protected"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{,api/*,uploads,downloads,payments}>"
    methods:
      - GET
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login

- id: "accounts"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{user,user/**,login,logout}>"
    methods:
      - GET
      - POST
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login