kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

Gitea 연동을 위한 Hydra Issuer 및 Oathkeeper 규칙 설정

Browse Source
This commit is contained in:
김용연
2026-01-30 16:05:23 +09:00
parent c6c6bd2092
commit 10b3d93538
8 changed files with 209 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
docker/ory/oathkeeper/rules.json Normal file → Executable file
View File

@@ -1,92 +1,114 @@
[
{
"id": "public-health",
"description": "공개 헬스체크",
"description": "공개 헬스체크 (STAGE 도메인)",
"match": {
"url": "http://<.*>/health",
"url": "<.*>://sso-test.hmac.kr/health",
"methods": ["GET"]
},
"upstream": {
"url": "http://baron_backend:3000"
},
"authenticators": [
{ "handler": "noop" }
],
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [
{ "handler": "noop" }
]
"mutators": [{ "handler": "noop" }]
},
{
"id": "public-preflight",
"description": "CORS preflight",
"description": "CORS preflight (STAGE 도메인)",
"match": {
"url": "http://<.*>/api/v1/<.*>",
"url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
"methods": ["OPTIONS"]
},
"upstream": {
"url": "http://baron_backend:3000"
},
"authenticators": [
{ "handler": "noop" }
],
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [
{ "handler": "noop" }
]
"mutators": [{ "handler": "noop" }]
},
{
"id": "public-auth",
"description": "인증/회원가입 등 공개 엔드포인트",
"description": "인증/회원가입 등 공개 엔드포인트 (STAGE 도메인)",
"match": {
"url": "http://<.*>/api/v1/auth/<.*>",
"url": "<.*>://sso-test.hmac.kr/api/v1/auth/<.*>",
"methods": ["GET", "POST", "OPTIONS"]
},
"upstream": {
"url": "http://baron_backend:3000"
},
"authenticators": [
{ "handler": "noop" }
],
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [
{ "handler": "noop" }
]
"mutators": [{ "handler": "noop" }]
},
{
"id": "backend-command",
"description": "Command 요청은 Backend로 전달 (Audit 강제)",
"match": {
"url": "http://<.*>/api/v1/<.*>",
"url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
"methods": ["POST", "PUT", "PATCH", "DELETE"]
},
"upstream": {
"url": "http://baron_backend:3000"
},
"authenticators": [
{ "handler": "cookie_session" }
],
"authenticators": [{ "handler": "cookie_session" }],
"authorizer": { "handler": "remote_json" },
"mutators": [
{ "handler": "noop" }
]
"mutators": [{ "handler": "noop" }]
},
{
"id": "backend-query",
"description": "Backend Query (admin/dev 포함)",
"match": {
"url": "http://<.*>/api/v1/<.*>",
"url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
"methods": ["GET"]
},
"upstream": {
"url": "http://baron_backend:3000"
},
"authenticators": [
{ "handler": "cookie_session" }
],
"authenticators": [{ "handler": "cookie_session" }],
"authorizer": { "handler": "remote_json" },
"mutators": [
{ "handler": "noop" }
]
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-well-known",
"description": "Hydra OIDC Discovery & JWKS",
"match": {
"url": "<.*>://sso-test.hmac.kr/.well-known/<.*>",
"methods": ["GET", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-oauth2",
"description": "Hydra OAuth2 Endpoints",
"match": {
"url": "<.*>://sso-test.hmac.kr/oauth2/<.*>",
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-userinfo",
"description": "Hydra Userinfo",
"match": {
"url": "<.*>://sso-test.hmac.kr/userinfo",
"methods": ["GET", "POST", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
}
]
]