197 lines
4.2 KiB
YAML
197 lines
4.2 KiB
YAML
_format_version: "2.1"
|
|
_transform: true
|
|
|
|
###
|
|
### Consumers / Users
|
|
###
|
|
consumers:
|
|
- username: ANON
|
|
keyauth_credentials:
|
|
- key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.b_lMH2mc5km7S9Lw_sRGGqE9IeiahYu-caevDcacKiY
|
|
- username: SERVICE_ROLE
|
|
keyauth_credentials:
|
|
- key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.kcyKZAiwnnBG9t6IVGO17bcVw574pVynTHYVdF4q-p0
|
|
|
|
###
|
|
### Access Control Lists
|
|
###
|
|
acls:
|
|
- consumer: ANON
|
|
group: anon
|
|
- consumer: SERVICE_ROLE
|
|
group: admin
|
|
|
|
###
|
|
### API Routes
|
|
###
|
|
services:
|
|
## Redirect /auth/verify to SvelteKit app for email links
|
|
- name: auth-verify-redirect
|
|
url: http://portal:3000/auth/verify
|
|
routes:
|
|
- name: auth-verify-redirect
|
|
strip_path: false
|
|
paths:
|
|
- /auth/verify
|
|
preserve_host: false
|
|
plugins:
|
|
- name: cors
|
|
|
|
## Auth Service (GoTrue)
|
|
- name: auth-v1-open
|
|
url: http://auth:9999/verify
|
|
routes:
|
|
- name: auth-v1-open
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/verify
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: auth-v1-open-callback
|
|
url: http://auth:9999/callback
|
|
routes:
|
|
- name: auth-v1-open-callback
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/callback
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: auth-v1-open-authorize
|
|
url: http://auth:9999/authorize
|
|
routes:
|
|
- name: auth-v1-open-authorize
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/authorize
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: auth-v1
|
|
url: http://auth:9999/
|
|
routes:
|
|
- name: auth-v1
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
|
|
## REST Service (PostgREST)
|
|
- name: rest-v1
|
|
url: http://rest:3000/
|
|
routes:
|
|
- name: rest-v1
|
|
strip_path: true
|
|
paths:
|
|
- /rest/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
|
|
## Realtime Service
|
|
- name: realtime-v1-ws
|
|
url: http://realtime:4000/socket
|
|
routes:
|
|
- name: realtime-v1-ws
|
|
strip_path: true
|
|
paths:
|
|
- /realtime/v1/websocket
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
|
|
- name: realtime-v1
|
|
url: http://realtime:4000/
|
|
routes:
|
|
- name: realtime-v1
|
|
strip_path: true
|
|
paths:
|
|
- /realtime/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
|
|
## Storage Service - Public objects (no auth required)
|
|
- name: storage-v1-public
|
|
url: http://storage:5000/object/public
|
|
routes:
|
|
- name: storage-v1-public
|
|
strip_path: true
|
|
paths:
|
|
- /storage/v1/object/public
|
|
plugins:
|
|
- name: cors
|
|
|
|
## Storage Service - All other operations (auth required)
|
|
- name: storage-v1
|
|
url: http://storage:5000/
|
|
routes:
|
|
- name: storage-v1
|
|
strip_path: true
|
|
paths:
|
|
- /storage/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
|
|
## PostgreSQL Meta (for Studio)
|
|
- name: meta
|
|
url: http://meta:8080/
|
|
routes:
|
|
- name: meta
|
|
strip_path: true
|
|
paths:
|
|
- /pg/
|
|
plugins:
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|