feat(oathkeeper): add api notes rules

Signed-off-by: iverly <github@iverly.net>

config/oathkeeper/oathkeeper.yaml

@@ -61,6 +61,7 @@ access_rules:
     - file:///etc/config/oathkeeper/rules/auth.yaml
     - file:///etc/config/oathkeeper/rules/kratos.yaml
     - file:///etc/config/oathkeeper/rules/dev.yaml
+    - file:///etc/config/oathkeeper/rules/api-notes.yaml
 
 authenticators:
   anonymous:

config/oathkeeper/rules/api-notes.yaml

@@ -0,0 +1,63 @@
+#######################################
+#         Notes Access Rules          #
+#######################################
+- id: "api:create-note:protected"
+  upstream:
+    preserve_host: true
+    url: "http://api:3100"
+  match:
+    url: http://api.nx-next-nest-prisma-ory-template.<127\.0\.0\.1\.sslip\.io|com>/notes
+    methods:
+      - POST
+  authenticators:
+    - handler: cookie_session
+  authorizer:
+    handler: allow
+  mutators:
+    - handler: id_token
+  errors:
+    - handler: redirect
+
+- id: "api:note:protected"
+  upstream:
+    preserve_host: true
+    url: "http://api:3100"
+  match:
+    url: http://api.nx-next-nest-prisma-ory-template.<127\.0\.0\.1\.sslip\.io|com>/notes/<([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})>
+    methods:
+      - GET
+      - PATCH
+      - DELETE
+  authenticators:
+    - handler: cookie_session
+  authorizer:
+    handler: remote_json
+    config:
+      payload: |
+        {
+          "namespace": "notes",
+          "object": "{{ printIndex .MatchContext.RegexpCaptureGroups 1 }}",
+          "relation": "owner",
+          "subject_id": "{{ print .Subject }}"
+        }
+  mutators:
+    - handler: id_token
+  errors:
+    - handler: redirect
+
+- id: "api:list-note:protected"
+  upstream:
+    preserve_host: true
+    url: "http://api:3100"
+  match:
+    url: http://api.nx-next-nest-prisma-ory-template.<127\.0\.0\.1\.sslip\.io|com>/notes
+    methods:
+      - GET
+  authenticators:
+    - handler: cookie_session
+  authorizer:
+    handler: allow
+  mutators:
+    - handler: id_token
+  errors:
+    - handler: redirect

docker-compose.base.yaml

@@ -18,6 +18,7 @@ services:
       - ./config/oathkeeper/id_token.jwks.json:/etc/config/oathkeeper/id_token.jwks.json
       - ./config/oathkeeper/rules/auth.yaml:/etc/config/oathkeeper/rules/auth.yaml
       - ./config/oathkeeper/rules/kratos.yaml:/etc/config/oathkeeper/rules/kratos.yaml
+      - ./config/oathkeeper/rules/api-notes.yaml:/etc/config/oathkeeper/rules/api-notes.yaml
     depends_on:
       - kratos