116 lines
2.8 KiB
YAML
116 lines
2.8 KiB
YAML
# Kong declarative config — Supabase API gateway.
|
|
# Routes:
|
|
# /auth/v1/* → GoTrue
|
|
# /rest/v1/* → PostgREST
|
|
# /realtime/v1/* → Realtime
|
|
# /storage/v1/* → Storage API
|
|
# /pg/* → postgres-meta (Studio backend)
|
|
|
|
_format_version: "2.1"
|
|
_transform: true
|
|
|
|
consumers:
|
|
- username: anon
|
|
keyauth_credentials:
|
|
- key: ${SUPABASE_ANON_KEY}
|
|
- username: service_role
|
|
keyauth_credentials:
|
|
- key: ${SUPABASE_SERVICE_KEY}
|
|
|
|
acls:
|
|
- consumer: anon
|
|
group: anon
|
|
- consumer: service_role
|
|
group: admin
|
|
|
|
services:
|
|
- name: auth-v1-open
|
|
url: http://auth:9999/verify
|
|
routes:
|
|
- name: auth-v1-open
|
|
strip_path: true
|
|
paths: [/auth/v1/verify]
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: auth-v1-open-callback
|
|
url: http://auth:9999/callback
|
|
routes:
|
|
- name: auth-v1-open-callback
|
|
strip_path: true
|
|
paths: [/auth/v1/callback]
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: auth-v1-open-authorize
|
|
url: http://auth:9999/authorize
|
|
routes:
|
|
- name: auth-v1-open-authorize
|
|
strip_path: true
|
|
paths: [/auth/v1/authorize]
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: auth-v1
|
|
_comment: "GoTrue: /auth/v1/* -> http://auth:9999/*"
|
|
url: http://auth:9999/
|
|
routes:
|
|
- name: auth-v1-all
|
|
strip_path: true
|
|
paths: [/auth/v1/]
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config: { hide_credentials: false }
|
|
- name: acl
|
|
config: { hide_groups_header: true, allow: [admin, anon] }
|
|
|
|
- name: rest-v1
|
|
_comment: "PostgREST: /rest/v1/* -> http://rest:3000/*"
|
|
url: http://rest:3000/
|
|
routes:
|
|
- name: rest-v1-all
|
|
strip_path: true
|
|
paths: [/rest/v1/]
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config: { hide_credentials: true }
|
|
- name: acl
|
|
config: { hide_groups_header: true, allow: [admin, anon] }
|
|
|
|
- name: realtime-v1
|
|
_comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*"
|
|
url: http://realtime:4000/socket/
|
|
routes:
|
|
- name: realtime-v1-all
|
|
strip_path: true
|
|
paths: [/realtime/v1/]
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config: { hide_credentials: false }
|
|
- name: acl
|
|
config: { hide_groups_header: true, allow: [admin, anon] }
|
|
|
|
- name: storage-v1
|
|
_comment: "Storage: /storage/v1/* -> http://storage:5000/*"
|
|
url: http://storage:5000/
|
|
routes:
|
|
- name: storage-v1-all
|
|
strip_path: true
|
|
paths: [/storage/v1/]
|
|
plugins:
|
|
- name: cors
|
|
|
|
- name: meta
|
|
_comment: "pg-meta: /pg/* -> http://meta:8080/*"
|
|
url: http://meta:8080/
|
|
routes:
|
|
- name: meta-all
|
|
strip_path: true
|
|
paths: [/pg/]
|
|
plugins:
|
|
- name: key-auth
|
|
- name: acl
|
|
config: { hide_groups_header: true, allow: [admin] }
|