diff --git a/config/oathkeeper/oathkeeper.yaml b/config/oathkeeper/oathkeeper.yaml index f5c41bf..cdbedb5 100644 --- a/config/oathkeeper/oathkeeper.yaml +++ b/config/oathkeeper/oathkeeper.yaml @@ -61,6 +61,7 @@ access_rules: - file:///etc/config/oathkeeper/rules/auth.yaml - file:///etc/config/oathkeeper/rules/kratos.yaml - file:///etc/config/oathkeeper/rules/dev.yaml + - file:///etc/config/oathkeeper/rules/api-notes.yaml authenticators: anonymous: diff --git a/config/oathkeeper/rules/api-notes.yaml b/config/oathkeeper/rules/api-notes.yaml new file mode 100644 index 0000000..01a0b7c --- /dev/null +++ b/config/oathkeeper/rules/api-notes.yaml @@ -0,0 +1,63 @@ +####################################### +# Notes Access Rules # +####################################### +- id: "api:create-note:protected" + upstream: + preserve_host: true + url: "http://api:3100" + match: + url: http://api.nx-next-nest-prisma-ory-template.<127\.0\.0\.1\.sslip\.io|com>/notes + methods: + - POST + authenticators: + - handler: cookie_session + authorizer: + handler: allow + mutators: + - handler: id_token + errors: + - handler: redirect + +- id: "api:note:protected" + upstream: + preserve_host: true + url: "http://api:3100" + match: + url: http://api.nx-next-nest-prisma-ory-template.<127\.0\.0\.1\.sslip\.io|com>/notes/<([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})> + methods: + - GET + - PATCH + - DELETE + authenticators: + - handler: cookie_session + authorizer: + handler: remote_json + config: + payload: | + { + "namespace": "notes", + "object": "{{ printIndex .MatchContext.RegexpCaptureGroups 1 }}", + "relation": "owner", + "subject_id": "{{ print .Subject }}" + } + mutators: + - handler: id_token + errors: + - handler: redirect + +- id: "api:list-note:protected" + upstream: + preserve_host: true + url: "http://api:3100" + match: + url: http://api.nx-next-nest-prisma-ory-template.<127\.0\.0\.1\.sslip\.io|com>/notes + methods: + - GET + authenticators: + - handler: cookie_session + authorizer: + handler: allow + mutators: + - handler: id_token + errors: + - handler: redirect diff --git a/docker-compose.base.yaml b/docker-compose.base.yaml index eebdf59..4acfa20 100644 --- a/docker-compose.base.yaml +++ b/docker-compose.base.yaml @@ -18,6 +18,7 @@ services: - ./config/oathkeeper/id_token.jwks.json:/etc/config/oathkeeper/id_token.jwks.json - ./config/oathkeeper/rules/auth.yaml:/etc/config/oathkeeper/rules/auth.yaml - ./config/oathkeeper/rules/kratos.yaml:/etc/config/oathkeeper/rules/kratos.yaml + - ./config/oathkeeper/rules/api-notes.yaml:/etc/config/oathkeeper/rules/api-notes.yaml depends_on: - kratos