_format_version: '2.1' _transform: true ### ### Consumers / Users ### consumers: - username: DASHBOARD - username: anon keyauth_credentials: - key: $SUPABASE_ANON_KEY - username: service_role keyauth_credentials: - key: $SUPABASE_SERVICE_KEY ### ### Access Control List ### acls: - consumer: anon group: anon - consumer: service_role group: admin ### ### Dashboard credentials ### basicauth_credentials: - consumer: DASHBOARD username: $DASHBOARD_USERNAME password: $DASHBOARD_PASSWORD ### ### API Routes ### services: ## Open Auth routes - name: auth-v1-open url: http://auth:9999/verify routes: - name: auth-v1-open strip_path: true paths: - /auth/v1/verify plugins: - name: cors - name: auth-v1-open-callback url: http://auth:9999/callback routes: - name: auth-v1-open-callback strip_path: true paths: - /auth/v1/callback plugins: - name: cors - name: auth-v1-open-authorize url: http://auth:9999/authorize routes: - name: auth-v1-open-authorize strip_path: true paths: - /auth/v1/authorize plugins: - name: cors ## Secure Auth routes - name: auth-v1 _comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*' url: http://auth:9999/ routes: - name: auth-v1-all strip_path: true paths: - /auth/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin - anon ## Secure REST routes - name: rest-v1 _comment: 'PostgREST: /rest/v1/* -> http://rest:3000/*' url: http://rest:3000/ routes: - name: rest-v1-all strip_path: true paths: - /rest/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: true - name: acl config: hide_groups_header: true allow: - admin - anon ## Secure GraphQL routes - name: graphql-v1 _comment: 'PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql' url: http://rest:3000/rpc/graphql routes: - name: graphql-v1-all strip_path: true paths: - /graphql/v1 plugins: - name: cors - name: key-auth config: hide_credentials: true - name: request-transformer config: add: headers: - Content-Profile:graphql_public - name: acl config: hide_groups_header: true allow: - admin - anon ## Secure Realtime routes - name: realtime-v1 _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*' url: http://realtime-dev.supabase-realtime:4000/socket/ routes: - name: realtime-v1-all strip_path: true paths: - /realtime/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin - anon ## Storage routes: the storage server manages its own auth - name: storage-v1 _comment: 'Storage: /storage/v1/* -> http://storage:5000/*' url: http://storage:5000/ routes: - name: storage-v1-all strip_path: true paths: - /storage/v1/ plugins: - name: cors ## Edge Functions routes - name: functions-v1 _comment: 'Edge Functions: /functions/v1/* -> http://functions:9000/*' url: http://functions:9000/ routes: - name: functions-v1-all strip_path: true paths: - /functions/v1/ plugins: - name: cors ## Analytics routes - name: analytics-v1 _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*' url: http://analytics:4000/ routes: - name: analytics-v1-all strip_path: true paths: - /analytics/v1/ ## Secure Database routes - name: meta _comment: 'pg-meta: /pg/* -> http://pg-meta:8080/*' url: http://meta:8080/ routes: - name: meta-all strip_path: true paths: - /pg/ plugins: - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin ## Protected Dashboard - catch all remaining routes - name: dashboard _comment: 'Studio: /* -> http://studio:3000/*' url: http://studio:3000/ routes: - name: dashboard-all strip_path: true paths: - / plugins: - name: cors - name: basic-auth config: hide_credentials: true