Proxy all API endpoints to the dev container

febus982 · febus982 · commit 2af831fe685d · 2025-01-04T09:53:26.000Z
Signed-off-by: Federico Busetti &lt;729029+febus982@users.noreply.github.com&gt;
diff --git a/auth_volumes/oathkeeper/access-rules.yml b/auth_volumes/oathkeeper/access-rules.yml
@@ -73,13 +73,14 @@
       config:
         to: http://127.0.0.1:8080/login
 
-# Dev container access to protected /hello endpoint
+# Dev container access to protected /api/* endpoints, to the dev container
 - id: "http_app:protected"
   upstream:
     preserve_host: true
     url: "http://dev:8000"
+    strip_path: /api
   match:
-    url: "http://127.0.0.1:8080/hello<{,/,/**}>"
+    url: "http://127.0.0.1:8080/<{,api/,api/**,openapi.json}>"
     methods:
       - GET
   authenticators:
diff --git a/docs/zero_trust.md b/docs/zero_trust.md
@@ -50,7 +50,7 @@ subgraph dn["Internal Docker Network (intranet)"]
     OO-->|"Proxies /auth/login, /auth/registration, /dashboard, ... to"|SA
     SA-->|Talks to|OK
     OO-->|Validates auth sessions using|OK
-    OO-->|"Proxies /hello to"|DEV
+    OO-->|"Proxies /api/* requests (authenticated only)"|DEV
     OK[Ory Kratos]
     OO["Reverse Proxy (Ory Oathkeeper)"]
     SA["SecureApp (Ory Kratos SelfService UI Node Example)"]
