qzl
ad06fe7de4
Consolidate backend modules/tests under the backend package while syncing Supabase compose/env config and related plans.
239 lines
4.8 KiB
YAML
239 lines
4.8 KiB
YAML
_format_version: '2.1'
|
|
_transform: true
|
|
consumers:
|
|
- username: DASHBOARD
|
|
- username: anon
|
|
- username: service_role
|
|
keyauth_credentials:
|
|
- consumer: anon
|
|
key: $SUPABASE_ANON_KEY
|
|
- consumer: service_role
|
|
key: $SUPABASE_SERVICE_KEY
|
|
acls:
|
|
- consumer: anon
|
|
group: anon
|
|
- consumer: service_role
|
|
group: admin
|
|
basicauth_credentials:
|
|
- consumer: DASHBOARD
|
|
username: $DASHBOARD_USERNAME
|
|
password: $DASHBOARD_PASSWORD
|
|
services:
|
|
- name: auth-v1-open
|
|
url: http://auth:9999/verify
|
|
routes:
|
|
- name: auth-v1-open
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/verify
|
|
plugins:
|
|
- name: cors
|
|
- name: auth-v1-open-callback
|
|
url: http://auth:9999/callback
|
|
routes:
|
|
- name: auth-v1-open-callback
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/callback
|
|
plugins:
|
|
- name: cors
|
|
- name: auth-v1-open-authorize
|
|
url: http://auth:9999/authorize
|
|
routes:
|
|
- name: auth-v1-open-authorize
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/authorize
|
|
plugins:
|
|
- name: cors
|
|
- name: auth-v1
|
|
_comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*'
|
|
url: http://auth:9999/
|
|
routes:
|
|
- name: auth-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
- name: rest-v1
|
|
_comment: 'PostgREST: /rest/v1/* -> http://rest:3000/*'
|
|
url: http://rest:3000/
|
|
routes:
|
|
- name: rest-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /rest/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: true
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
- name: graphql-v1
|
|
_comment: 'PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql'
|
|
url: http://rest:3000/rpc/graphql
|
|
routes:
|
|
- name: graphql-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /graphql/v1
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: true
|
|
- name: request-transformer
|
|
config:
|
|
add:
|
|
headers:
|
|
- Content-Profile:graphql_public
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
- name: realtime-v1-ws
|
|
_comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*'
|
|
url: http://realtime-dev.supabase-realtime:4000/socket
|
|
protocol: ws
|
|
routes:
|
|
- name: realtime-v1-ws
|
|
strip_path: true
|
|
paths:
|
|
- /realtime/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
- name: realtime-v1-rest
|
|
_comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*'
|
|
url: http://realtime-dev.supabase-realtime:4000/api
|
|
protocol: http
|
|
routes:
|
|
- name: realtime-v1-rest
|
|
strip_path: true
|
|
paths:
|
|
- /realtime/v1/api
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
- name: storage-v1
|
|
_comment: 'Storage: /storage/v1/* -> http://storage:5000/*'
|
|
url: http://storage:5000/
|
|
routes:
|
|
- name: storage-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /storage/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: functions-v1
|
|
_comment: 'Edge Functions: /functions/v1/* -> http://functions:9000/*'
|
|
url: http://functions:9000/
|
|
routes:
|
|
- name: functions-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /functions/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: analytics-v1
|
|
_comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
|
|
url: http://analytics:4000/
|
|
routes:
|
|
- name: analytics-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /analytics/v1/
|
|
- name: meta
|
|
_comment: 'pg-meta: /pg/* -> http://pg-meta:8080/*'
|
|
url: http://meta:8080/
|
|
routes:
|
|
- name: meta-all
|
|
strip_path: true
|
|
paths:
|
|
- /pg/
|
|
plugins:
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- name: mcp-blocker
|
|
_comment: 'Block direct access to /api/mcp'
|
|
url: http://studio:3000/api/mcp
|
|
routes:
|
|
- name: mcp-blocker-route
|
|
strip_path: true
|
|
paths:
|
|
- /api/mcp
|
|
plugins:
|
|
- name: request-termination
|
|
config:
|
|
status_code: 403
|
|
message: "Access is forbidden."
|
|
- name: mcp
|
|
_comment: 'MCP: /mcp -> http://studio:3000/api/mcp (local access)'
|
|
url: http://studio:3000/api/mcp
|
|
routes:
|
|
- name: mcp
|
|
strip_path: true
|
|
paths:
|
|
- /mcp
|
|
plugins:
|
|
- name: cors
|
|
- name: ip-restriction
|
|
config:
|
|
allow:
|
|
- 127.0.0.1
|
|
- ::1
|
|
- 172.19.0.1
|
|
deny: []
|
|
- name: dashboard
|
|
_comment: 'Studio: /* -> http://studio:3000/*'
|
|
url: http://studio:3000/
|
|
routes:
|
|
- name: dashboard-all
|
|
strip_path: true
|
|
paths:
|
|
- /
|
|
plugins:
|
|
- name: cors
|
|
- name: basic-auth
|
|
config:
|
|
hide_credentials: true
|