fix: gateway oidc rewrite and abstract rules

docker-compose.yaml

@@ -31,12 +31,7 @@ services:
         ports:
             - "${BACKEND_PORT:-3000}:3000"
         depends_on:
-            postgres:
-                condition: service_healthy
-            redis:
-                condition: service_started
-            clickhouse:
-                condition: service_started
+            - infra_check
         networks:
             - baron_net
             - ory-net

docker/ory/oathkeeper/rules.json

@@ -1,9 +1,9 @@
 [
   {
     "id": "public-health",
-    "description": "공개 헬스체크 (STAGE 도메인)",
+    "description": "공개 헬스체크",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/health",
+      "url": "<.*>://<.*>/health",
       "methods": ["GET"]
     },
     "upstream": {
@@ -15,9 +15,9 @@
   },
   {
     "id": "public-preflight",
-    "description": "CORS preflight (STAGE 도메인)",
+    "description": "CORS preflight",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
+      "url": "<.*>://<.*>/api/v1/<.*>",
       "methods": ["OPTIONS"]
     },
     "upstream": {
@@ -29,9 +29,9 @@
   },
   {
     "id": "public-auth",
-    "description": "인증/회원가입 등 공개 엔드포인트 (STAGE 도메인)",
+    "description": "인증/회원가입 등 공개 엔드포인트",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/api/v1/auth/<.*>",
+      "url": "<.*>://<.*>/api/v1/auth/<.*>",
       "methods": ["GET", "POST", "OPTIONS"]
     },
     "upstream": {
@@ -45,7 +45,7 @@
     "id": "backend-command",
     "description": "Command 요청은 Backend로 전달 (Audit 강제)",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
+      "url": "<.*>://<.*>/api/v1/<.*>",
       "methods": ["POST", "PUT", "PATCH", "DELETE"]
     },
     "upstream": {
@@ -59,7 +59,7 @@
     "id": "backend-query",
     "description": "Backend Query (admin/dev 포함)",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
+      "url": "<.*>://<.*>/api/v1/<.*>",
       "methods": ["GET"]
     },
     "upstream": {
@@ -73,7 +73,7 @@
     "id": "hydra-well-known",
     "description": "Hydra OIDC Discovery & JWKS",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/.well-known/<.*>",
+      "url": "<.*>://<.*>/.well-known/<.*>",
       "methods": ["GET", "OPTIONS"]
     },
     "upstream": {
@@ -87,7 +87,7 @@
     "id": "hydra-oauth2",
     "description": "Hydra OAuth2 Endpoints",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/oauth2/<.*>",
+      "url": "<.*>://<.*>/oauth2/<.*>",
       "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
     },
     "upstream": {
@@ -101,7 +101,7 @@
     "id": "hydra-userinfo",
     "description": "Hydra Userinfo",
     "match": {
-      "url": "<.*>://sso-test.hmac.kr/userinfo",
+      "url": "<.*>://<.*>/userinfo",
       "methods": ["GET", "POST", "OPTIONS"]
     },
     "upstream": {
@@ -111,4 +111,4 @@
     "authorizer": { "handler": "allow" },
     "mutators": [{ "handler": "noop" }]
   }
-]
+]

gateway/nginx.conf

@@ -56,6 +56,7 @@ server {
 
     # Hydra Public API
     location /oidc {
+        rewrite ^/oidc/(.*)$ /$1 break;
         proxy_pass $oathkeeper_upstream;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;