첫 커밋: 로컬 프로젝트 업로드

2026-06-10 15:51:34 +09:00
commit 6a8dbeb2e9
1211 changed files with 312864 additions and 0 deletions
--- a/baron-sso/docker/ory/oathkeeper/rules.active.json
+++ b/baron-sso/docker/ory/oathkeeper/rules.active.json
@@ -0,0 +1,159 @@
+[
+  {
+    "id": "public-health",
+    "description": "공개 헬스체크",
+    "match": {
+      "url": "<.*>://<[^/]+>/health",
+      "methods": ["GET"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "public-preflight",
+    "description": "CORS preflight",
+    "match": {
+      "url": "<.*>://<[^/]+>/api/v1/<.*>",
+      "methods": ["OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "public-auth",
+    "description": "인증/회원가입 등 공개 엔드포인트",
+    "match": {
+      "url": "<.*>://<[^/]+>/api/v1/auth/<.*>",
+      "methods": ["GET", "POST", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "backend-command",
+    "description": "Command 요청은 Backend로 전달 (Audit 강제)",
+    "match": {
+      "url": "<.*>://<[^/]+>/api/v1/<.*>",
+      "methods": ["POST", "PUT", "PATCH", "DELETE"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [{ "handler": "cookie_session" }],
+    "authorizer": { "handler": "remote_json" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "backend-query",
+    "description": "Backend Query (admin/dev 포함)",
+    "match": {
+      "url": "<.*>://<[^/]+>/api/v1/<.*>",
+      "methods": ["GET"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [{ "handler": "cookie_session" }],
+    "authorizer": { "handler": "remote_json" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "hydra-well-known",
+    "description": "Hydra OIDC Discovery & JWKS",
+    "match": {
+      "url": "<.*>://<[^/]+>/.well-known/<.*>",
+      "methods": ["GET", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "hydra-well-known-oidc",
+    "description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
+    "match": {
+      "url": "<.*>://<[^/]+>/oidc/.well-known/<.*>",
+      "methods": ["GET", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444",
+      "strip_path": "/oidc"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "hydra-oauth2",
+    "description": "Hydra OAuth2 Endpoints",
+    "match": {
+      "url": "<.*>://<[^/]+>/oauth2/<.*>",
+      "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "hydra-oauth2-oidc",
+    "description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
+    "match": {
+      "url": "<.*>://<[^/]+>/oidc/oauth2/<.*>",
+      "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444",
+      "strip_path": "/oidc"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "hydra-userinfo",
+    "description": "Hydra Userinfo",
+    "match": {
+      "url": "<.*>://<[^/]+>/userinfo",
+      "methods": ["GET", "POST", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  },
+  {
+    "id": "hydra-userinfo-oidc",
+    "description": "Hydra Userinfo (with /oidc prefix)",
+    "match": {
+      "url": "<.*>://<[^/]+>/oidc/userinfo",
+      "methods": ["GET", "POST", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444",
+      "strip_path": "/oidc"
+    },
+    "authenticators": [{ "handler": "noop" }],
+    "authorizer": { "handler": "allow" },
+    "mutators": [{ "handler": "noop" }]
+  }
+]