skynet-webportal/docker/kratos/oathkeeper/access-rules.yml

- id: "ory:kratos:public"
  upstream:
    preserve_host: true
    url: "http://kratos:4433"
    strip_path: /.ory/kratos/public
  match:
    url: "http://oathkeeper:4455/.ory/kratos/public/<**>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    - handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: noop
    # - handler: hydrator
    #   config:
    #     api:
    #       url: http://dashboard:3000/api/hydrator
    # - handler: cookie
    #   config:
    #     cookies:
    #       user: "{{ print .Subject }}",
    #       some-arbitrary-data: "{{ print .Extra.foo }}"

- id: "dashboard:anonymous"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{error,recovery,verify,auth/*,**.css,**.js}{/,}>"
    methods:
      - GET
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop

- id: "dashboard:protected"
  upstream:
    preserve_host: true
    url: "http://dashboard:3000"
  match:
    url: "http://oathkeeper:4455/<{,uploads,downloads,payments,api,api/*}>"
    methods:
      - GET
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: redirect
      config:
        to: http://127.0.0.1/auth/login

- id: "accounts"
  upstream:
    preserve_host: true
    url: "http://accounts:3000"
  match:
    url: "http://oathkeeper<{,:4455}>/<{user,user/**}>"
    methods:
      - GET
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: id_token
  errors:
    - handler: json