1
0
forked from baron/baron-sso

ory스택 버전업 및 하드코딩URL 제거

This commit is contained in:
2026-05-07 10:27:31 +09:00
parent 13dee9ae9b
commit 45a14163bf
25 changed files with 1583 additions and 779 deletions

View File

@@ -1,16 +1,20 @@
version: v25.4.0
version: v26.2.0
dsn: ${DSN}
serve:
public:
base_url: http://localhost:4433/
base_url: ${KRATOS_BROWSER_URL}
cors:
enabled: true
allowed_origins:
- http://backend:{{BACKEND_PORT}}
- ${USERFRONT_URL}
- ${ADMINFRONT_URL}
- ${DEVFRONT_URL}
- ${ORGFRONT_URL}
admin:
base_url: http://localhost:4434/
base_url: ${KRATOS_ADMIN_URL}
session:
cookie:
@@ -19,30 +23,22 @@ session:
path: /
selfservice:
default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/
default_browser_return_url: ${KRATOS_UI_URL}
allowed_return_urls:
- http://backend:{{BACKEND_PORT}}
- http://backend:{{BACKEND_PORT}}/
- http://localhost:{{USERFRONT_PORT}}
- https://app.brsw.kr
- https://app.brsw.kr/
- https://sss.hmac.kr
- https://sss.hmac.kr/
- https://sso.hmac.kr
- https://sso.hmac.kr/
- https://ssologin.hmac.kr
- https://ssologin.hmac.kr/
- https://sso-test.hmac.kr
- https://sso-test.hmac.kr/
- https://ssob.hmac.kr
- https://ssob.hmac.kr/
- https://ssob.hmac.kr/ko
- https://ssob.hmac.kr/ko/
- https://ssob.hmac.kr/en
- https://ssob.hmac.kr/en/
- https://ssob.hmac.kr/auth/callback
- https://ssob.hmac.kr/ko/auth/callback
- https://ssob.hmac.kr/en/auth/callback
- ${KRATOS_UI_URL}
- ${KRATOS_UI_URL}/
- ${USERFRONT_URL}
- ${USERFRONT_URL}/
- ${USERFRONT_URL}/ko
- ${USERFRONT_URL}/ko/
- ${USERFRONT_URL}/en
- ${USERFRONT_URL}/en/
- ${USERFRONT_URL}/auth/callback
- ${USERFRONT_URL}/ko/auth/callback
- ${USERFRONT_URL}/en/auth/callback
- ${ADMINFRONT_URL}/auth/callback
- ${DEVFRONT_URL}/auth/callback
- ${ORGFRONT_URL}/auth/callback
methods:
password:
@@ -55,24 +51,24 @@ selfservice:
flows:
error:
ui_url: http://localhost:{{USERFRONT_PORT}}/error
ui_url: ${KRATOS_UI_URL}/error
settings:
ui_url: http://localhost:{{USERFRONT_PORT}}/error?error=settings_disabled
ui_url: ${KRATOS_UI_URL}/error?error=settings_disabled
privileged_session_max_age: 15m
recovery:
ui_url: http://localhost:{{USERFRONT_PORT}}/recovery
ui_url: ${KRATOS_UI_URL}/recovery
use: code
verification:
ui_url: http://localhost:{{USERFRONT_PORT}}/verification
ui_url: ${KRATOS_UI_URL}/verification
use: code
logout:
after:
default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/login
default_browser_return_url: ${KRATOS_UI_URL}/login
login:
ui_url: http://localhost:{{USERFRONT_PORT}}/login
ui_url: ${KRATOS_UI_URL}/login
lifespan: 10m
registration:
ui_url: http://localhost:{{USERFRONT_PORT}}/registration
ui_url: ${KRATOS_UI_URL}/registration
lifespan: 10m
log:

View File

@@ -1,9 +1,52 @@
[
{
"id": "backend-api-rule",
"id": "public-health",
"description": "공개 헬스체크",
"match": {
"url": "<.*>://<.*>/api/v1/<.*>",
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH"]
"url": "<.*>://<[^/]+>/health",
"methods": ["GET"]
},
"upstream": {
"url": "http://backend:{{BACKEND_PORT}}"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "public-preflight",
"description": "CORS preflight",
"match": {
"url": "<.*>://<[^/]+>/api/v1/<.*>",
"methods": ["OPTIONS"]
},
"upstream": {
"url": "http://backend:{{BACKEND_PORT}}"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "public-auth",
"description": "인증/회원가입 등 공개 엔드포인트",
"match": {
"url": "<.*>://<[^/]+>/api/v1/auth/<.*>",
"methods": ["GET", "POST", "OPTIONS"]
},
"upstream": {
"url": "http://backend:{{BACKEND_PORT}}"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "backend-command",
"description": "Command 요청은 Backend로 전달 (Audit 강제)",
"match": {
"url": "<.*>://<[^/]+>/api/v1/<.*>",
"methods": ["POST", "PUT", "PATCH", "DELETE"]
},
"upstream": {
"url": "http://backend:{{BACKEND_PORT}}"
@@ -11,5 +54,106 @@
"authenticators": [{ "handler": "cookie_session" }],
"authorizer": { "handler": "remote_json" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "backend-query",
"description": "Backend Query (admin/dev 포함)",
"match": {
"url": "<.*>://<[^/]+>/api/v1/<.*>",
"methods": ["GET"]
},
"upstream": {
"url": "http://backend:{{BACKEND_PORT}}"
},
"authenticators": [{ "handler": "cookie_session" }],
"authorizer": { "handler": "remote_json" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-well-known",
"description": "Hydra OIDC Discovery & JWKS",
"match": {
"url": "<.*>://<[^/]+>/.well-known/<.*>",
"methods": ["GET", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-well-known-oidc",
"description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
"match": {
"url": "<.*>://<[^/]+>/oidc/.well-known/<.*>",
"methods": ["GET", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444",
"strip_path": "/oidc"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-oauth2",
"description": "Hydra OAuth2 Endpoints",
"match": {
"url": "<.*>://<[^/]+>/oauth2/<.*>",
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-oauth2-oidc",
"description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
"match": {
"url": "<.*>://<[^/]+>/oidc/oauth2/<.*>",
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444",
"strip_path": "/oidc"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-userinfo",
"description": "Hydra Userinfo",
"match": {
"url": "<.*>://<[^/]+>/userinfo",
"methods": ["GET", "POST", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
},
{
"id": "hydra-userinfo-oidc",
"description": "Hydra Userinfo (with /oidc prefix)",
"match": {
"url": "<.*>://<[^/]+>/oidc/userinfo",
"methods": ["GET", "POST", "OPTIONS"]
},
"upstream": {
"url": "http://hydra:4444",
"strip_path": "/oidc"
},
"authenticators": [{ "handler": "noop" }],
"authorizer": { "handler": "allow" },
"mutators": [{ "handler": "noop" }]
}
]