quivr/volumes/api/kong.yml

_format_version: '2.1'
_transform: true

###
### Consumers / Users
###
consumers:
  - username: DASHBOARD
  - username: anon
    keyauth_credentials:
      - key: $SUPABASE_ANON_KEY
  - username: service_role
    keyauth_credentials:
      - key: $SUPABASE_SERVICE_KEY

###
### Access Control List
###
acls:
  - consumer: anon
    group: anon
  - consumer: service_role
    group: admin

###
### Dashboard credentials
###
basicauth_credentials:
- consumer: DASHBOARD
  username: $DASHBOARD_USERNAME
  password: $DASHBOARD_PASSWORD


###
### API Routes
###
services:

  ## Open Auth routes
  - name: auth-v1-open
    url: http://auth:9999/verify
    routes:
      - name: auth-v1-open
        strip_path: true
        paths:
          - /auth/v1/verify
    plugins:
      - name: cors
  - name: auth-v1-open-callback
    url: http://auth:9999/callback
    routes:
      - name: auth-v1-open-callback
        strip_path: true
        paths:
          - /auth/v1/callback
    plugins:
      - name: cors
  - name: auth-v1-open-authorize
    url: http://auth:9999/authorize
    routes:
      - name: auth-v1-open-authorize
        strip_path: true
        paths:
          - /auth/v1/authorize
    plugins:
      - name: cors

  ## Secure Auth routes
  - name: auth-v1
    _comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*'
    url: http://auth:9999/
    routes:
      - name: auth-v1-all
        strip_path: true
        paths:
          - /auth/v1/
    plugins:
      - name: cors
      - name: key-auth
        config:
          hide_credentials: false
      - name: acl
        config:
          hide_groups_header: true
          allow:
            - admin
            - anon

  ## Secure REST routes
  - name: rest-v1
    _comment: 'PostgREST: /rest/v1/* -> http://rest:3000/*'
    url: http://rest:3000/
    routes:
      - name: rest-v1-all
        strip_path: true
        paths:
          - /rest/v1/
    plugins:
      - name: cors
      - name: key-auth
        config:
          hide_credentials: true
      - name: acl
        config:
          hide_groups_header: true
          allow:
            - admin
            - anon

  ## Secure GraphQL routes
  - name: graphql-v1
    _comment: 'PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql'
    url: http://rest:3000/rpc/graphql
    routes:
      - name: graphql-v1-all
        strip_path: true
        paths:
          - /graphql/v1
    plugins:
      - name: cors
      - name: key-auth
        config:
          hide_credentials: true
      - name: request-transformer
        config:
          add:
            headers:
              - Content-Profile:graphql_public
      - name: acl
        config:
          hide_groups_header: true
          allow:
            - admin
            - anon

  ## Secure Realtime routes
  - name: realtime-v1
    _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*'
    url: http://realtime-dev.supabase-realtime:4000/socket/
    routes:
      - name: realtime-v1-all
        strip_path: true
        paths:
          - /realtime/v1/
    plugins:
      - name: cors
      - name: key-auth
        config:
          hide_credentials: false
      - name: acl
        config:
          hide_groups_header: true
          allow:
            - admin
            - anon

  ## Storage routes: the storage server manages its own auth
  - name: storage-v1
    _comment: 'Storage: /storage/v1/* -> http://storage:5000/*'
    url: http://storage:5000/
    routes:
      - name: storage-v1-all
        strip_path: true
        paths:
          - /storage/v1/
    plugins:
      - name: cors

  ## Edge Functions routes
  - name: functions-v1
    _comment: 'Edge Functions: /functions/v1/* -> http://functions:9000/*'
    url: http://functions:9000/
    routes:
      - name: functions-v1-all
        strip_path: true
        paths:
          - /functions/v1/
    plugins:
      - name: cors

  ## Analytics routes
  - name: analytics-v1
    _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
    url: http://analytics:4000/
    routes:
      - name: analytics-v1-all
        strip_path: true
        paths:
          - /analytics/v1/

  ## Secure Database routes
  - name: meta
    _comment: 'pg-meta: /pg/* -> http://pg-meta:8080/*'
    url: http://meta:8080/
    routes:
      - name: meta-all
        strip_path: true
        paths:
          - /pg/
    plugins:
      - name: key-auth
        config:
          hide_credentials: false
      - name: acl
        config:
          hide_groups_header: true
          allow:
            - admin

  ## Protected Dashboard - catch all remaining routes
  - name: dashboard
    _comment: 'Studio: /* -> http://studio:3000/*'
    url: http://studio:3000/
    routes:
      - name: dashboard-all
        strip_path: true
        paths:
          - /
    plugins:
      - name: cors
      - name: basic-auth
        config:
          hide_credentials: true
feat(install): it now takes 30 seconds to install Quivr (#1780) # Description Please include a summary of the changes and the related issue. Please also include relevant motivation and context. ## Checklist before requesting a review Please delete options that are not relevant. - [ ] My code follows the style guidelines of this project - [ ] I have performed a self-review of my code - [ ] I have commented hard-to-understand areas - [ ] I have ideally added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] Any dependent changes have been merged ## Screenshots (if appropriate): 2023-12-02 02:26:06 +03:00			`_format_version: '2.1'`
			`_transform: true`

			`###`
			`### Consumers / Users`
			`###`
			`consumers:`
			`- username: DASHBOARD`
			`- username: anon`
			`keyauth_credentials:`
			`- key: $SUPABASE_ANON_KEY`
			`- username: service_role`
			`keyauth_credentials:`
			`- key: $SUPABASE_SERVICE_KEY`

			`###`
			`### Access Control List`
			`###`
			`acls:`
			`- consumer: anon`
			`group: anon`
			`- consumer: service_role`
			`group: admin`

			`###`
			`### Dashboard credentials`
			`###`
			`basicauth_credentials:`
			`- consumer: DASHBOARD`
			`username: $DASHBOARD_USERNAME`
			`password: $DASHBOARD_PASSWORD`


			`###`
			`### API Routes`
			`###`
			`services:`

			`## Open Auth routes`
			`- name: auth-v1-open`
			`url: http://auth:9999/verify`
			`routes:`
			`- name: auth-v1-open`
			`strip_path: true`
			`paths:`
			`- /auth/v1/verify`
			`plugins:`
			`- name: cors`
			`- name: auth-v1-open-callback`
			`url: http://auth:9999/callback`
			`routes:`
			`- name: auth-v1-open-callback`
			`strip_path: true`
			`paths:`
			`- /auth/v1/callback`
			`plugins:`
			`- name: cors`
			`- name: auth-v1-open-authorize`
			`url: http://auth:9999/authorize`
			`routes:`
			`- name: auth-v1-open-authorize`
			`strip_path: true`
			`paths:`
			`- /auth/v1/authorize`
			`plugins:`
			`- name: cors`

			`## Secure Auth routes`
			`- name: auth-v1`
			`_comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*'`
			`url: http://auth:9999/`
			`routes:`
			`- name: auth-v1-all`
			`strip_path: true`
			`paths:`
			`- /auth/v1/`
			`plugins:`
			`- name: cors`
			`- name: key-auth`
			`config:`
			`hide_credentials: false`
			`- name: acl`
			`config:`
			`hide_groups_header: true`
			`allow:`
			`- admin`
			`- anon`

			`## Secure REST routes`
			`- name: rest-v1`
			`_comment: 'PostgREST: /rest/v1/* -> http://rest:3000/*'`
			`url: http://rest:3000/`
			`routes:`
			`- name: rest-v1-all`
			`strip_path: true`
			`paths:`
			`- /rest/v1/`
			`plugins:`
			`- name: cors`
			`- name: key-auth`
			`config:`
			`hide_credentials: true`
			`- name: acl`
			`config:`
			`hide_groups_header: true`
			`allow:`
			`- admin`
			`- anon`

			`## Secure GraphQL routes`
			`- name: graphql-v1`
			`_comment: 'PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql'`
			`url: http://rest:3000/rpc/graphql`
			`routes:`
			`- name: graphql-v1-all`
			`strip_path: true`
			`paths:`
			`- /graphql/v1`
			`plugins:`
			`- name: cors`
			`- name: key-auth`
			`config:`
			`hide_credentials: true`
			`- name: request-transformer`
			`config:`
			`add:`
			`headers:`
			`- Content-Profile:graphql_public`
			`- name: acl`
			`config:`
			`hide_groups_header: true`
			`allow:`
			`- admin`
			`- anon`

			`## Secure Realtime routes`
			`- name: realtime-v1`
			`_comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*'`
			`url: http://realtime-dev.supabase-realtime:4000/socket/`
			`routes:`
			`- name: realtime-v1-all`
			`strip_path: true`
			`paths:`
			`- /realtime/v1/`
			`plugins:`
			`- name: cors`
			`- name: key-auth`
			`config:`
			`hide_credentials: false`
			`- name: acl`
			`config:`
			`hide_groups_header: true`
			`allow:`
			`- admin`
			`- anon`

			`## Storage routes: the storage server manages its own auth`
			`- name: storage-v1`
			`_comment: 'Storage: /storage/v1/* -> http://storage:5000/*'`
			`url: http://storage:5000/`
			`routes:`
			`- name: storage-v1-all`
			`strip_path: true`
			`paths:`
			`- /storage/v1/`
			`plugins:`
			`- name: cors`

			`## Edge Functions routes`
			`- name: functions-v1`
			`_comment: 'Edge Functions: /functions/v1/* -> http://functions:9000/*'`
			`url: http://functions:9000/`
			`routes:`
			`- name: functions-v1-all`
			`strip_path: true`
			`paths:`
			`- /functions/v1/`
			`plugins:`
			`- name: cors`

			`## Analytics routes`
			`- name: analytics-v1`
			`_comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'`
			`url: http://analytics:4000/`
			`routes:`
			`- name: analytics-v1-all`
			`strip_path: true`
			`paths:`
			`- /analytics/v1/`

			`## Secure Database routes`
			`- name: meta`
			`_comment: 'pg-meta: /pg/* -> http://pg-meta:8080/*'`
			`url: http://meta:8080/`
			`routes:`
			`- name: meta-all`
			`strip_path: true`
			`paths:`
			`- /pg/`
			`plugins:`
			`- name: key-auth`
			`config:`
			`hide_credentials: false`
			`- name: acl`
			`config:`
			`hide_groups_header: true`
			`allow:`
			`- admin`

			`## Protected Dashboard - catch all remaining routes`
			`- name: dashboard`
			`_comment: 'Studio: /* -> http://studio:3000/*'`
			`url: http://studio:3000/`
			`routes:`
			`- name: dashboard-all`
			`strip_path: true`
			`paths:`
			`- /`
			`plugins:`
			`- name: cors`
			`- name: basic-auth`
			`config:`
			`hide_credentials: true`