README update

2026-01-28 17:30:23 +09:00
parent 3e95650024
commit 39594f8e21
11 changed files with 1127 additions and 445 deletions
--- a/docker/ory/oathkeeper/rules.draft.json
+++ b/docker/ory/oathkeeper/rules.draft.json
@@ -0,0 +1,112 @@
+[
+  {
+    "id": "public-health",
+    "description": "공개 헬스체크 (TODO: 도메인 제한)",
+    "match": {
+      "url": "http://<.*>/health",
+      "methods": ["GET"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [
+      { "handler": "noop" }
+    ],
+    "authorizer": { "handler": "allow" },
+    "mutators": [
+      { "handler": "noop" }
+    ]
+  },
+  {
+    "id": "public-auth",
+    "description": "인증/회원가입 등 공개 엔드포인트",
+    "match": {
+      "url": "http://<.*>/api/v1/auth/<.*>",
+      "methods": ["GET", "POST", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [
+      { "handler": "noop" }
+    ],
+    "authorizer": { "handler": "allow" },
+    "mutators": [
+      { "handler": "noop" }
+    ]
+  },
+  {
+    "id": "backend-command",
+    "description": "Command 요청은 Backend로 전달 (Audit 강제)",
+    "match": {
+      "url": "http://<.*>/api/v1/<.*>",
+      "methods": ["POST", "PUT", "PATCH", "DELETE"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [
+      { "handler": "cookie_session" }
+    ],
+    "authorizer": { "handler": "remote_json" },
+    "mutators": [
+      { "handler": "noop" }
+    ]
+  },
+  {
+    "id": "backend-query",
+    "description": "Backend Query (admin/dev 포함)",
+    "match": {
+      "url": "http://<.*>/api/v1/<.*>",
+      "methods": ["GET"]
+    },
+    "upstream": {
+      "url": "http://baron_backend:3000"
+    },
+    "authenticators": [
+      { "handler": "cookie_session" }
+    ],
+    "authorizer": { "handler": "remote_json" },
+    "mutators": [
+      { "handler": "noop" }
+    ]
+  },
+  {
+    "id": "kratos-public",
+    "description": "Kratos Public API를 /kratos로 노출",
+    "match": {
+      "url": "http://<.*>/kratos/<.*>",
+      "methods": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://kratos:4433",
+      "strip_path": "/kratos"
+    },
+    "authenticators": [
+      { "handler": "noop" }
+    ],
+    "authorizer": { "handler": "allow" },
+    "mutators": [
+      { "handler": "noop" }
+    ]
+  },
+  {
+    "id": "hydra-public",
+    "description": "Hydra Public API를 /hydra로 노출",
+    "match": {
+      "url": "http://<.*>/hydra/<.*>",
+      "methods": ["GET", "POST", "OPTIONS"]
+    },
+    "upstream": {
+      "url": "http://hydra:4444",
+      "strip_path": "/hydra"
+    },
+    "authenticators": [
+      { "handler": "noop" }
+    ],
+    "authorizer": { "handler": "allow" },
+    "mutators": [
+      { "handler": "noop" }
+    ]
+  }
+]