_format_version: '2.1' _transform: true consumers: - username: DASHBOARD - username: anon keyauth_credentials: - key: $SUPABASE_ANON_KEY - username: service_role keyauth_credentials: - key: $SUPABASE_SERVICE_KEY acls: - consumer: anon group: anon - consumer: service_role group: admin basicauth_credentials: - consumer: DASHBOARD username: '$DASHBOARD_USERNAME' password: '$DASHBOARD_PASSWORD' services: - name: auth-v1-open url: http://auth:9999/verify routes: - name: auth-v1-open strip_path: true paths: - /auth/v1/verify plugins: - name: cors - name: auth-v1-open-callback url: http://auth:9999/callback routes: - name: auth-v1-open-callback strip_path: true paths: - /auth/v1/callback plugins: - name: cors - name: auth-v1-open-authorize url: http://auth:9999/authorize routes: - name: auth-v1-open-authorize strip_path: true paths: - /auth/v1/authorize plugins: - name: cors - name: auth-v1-open-jwks url: http://auth:9999/.well-known/jwks.json routes: - name: auth-v1-open-jwks strip_path: true paths: - /auth/v1/.well-known/jwks.json plugins: - name: cors - name: auth-v1 url: http://auth:9999/ routes: - name: auth-v1-all strip_path: true paths: - /auth/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: request-transformer config: add: headers: - "Authorization: $LUA_AUTH_EXPR" replace: headers: - "Authorization: $LUA_AUTH_EXPR" - name: acl config: hide_groups_header: true allow: - admin - anon - name: rest-v1 url: http://rest:3000/ routes: - name: rest-v1-all strip_path: true paths: - /rest/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: request-transformer config: add: headers: - "Authorization: $LUA_AUTH_EXPR" replace: headers: - "Authorization: $LUA_AUTH_EXPR" - name: acl config: hide_groups_header: true allow: - admin - anon - name: graphql-v1 url: http://rest:3000/rpc/graphql routes: - name: graphql-v1-all strip_path: true paths: - /graphql/v1 plugins: - name: cors - name: key-auth config: hide_credentials: false - name: request-transformer config: add: headers: - "Content-Profile: graphql_public" - "Authorization: $LUA_AUTH_EXPR" replace: headers: - "Authorization: $LUA_AUTH_EXPR" - name: acl config: hide_groups_header: true allow: - admin - anon - name: realtime-v1-ws url: http://realtime-dev.supabase-realtime:4000/socket protocol: ws routes: - name: realtime-v1-ws strip_path: true paths: - /realtime/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: request-transformer config: add: headers: - "x-api-key:$LUA_RT_WS_EXPR" replace: querystring: - "apikey:$LUA_RT_WS_EXPR" - name: acl config: hide_groups_header: true allow: - admin - anon - name: realtime-v1-rest url: http://realtime-dev.supabase-realtime:4000/api protocol: http routes: - name: realtime-v1-rest strip_path: true paths: - /realtime/v1/api plugins: - name: cors - name: key-auth config: hide_credentials: false - name: request-transformer config: add: headers: - "Authorization: $LUA_AUTH_EXPR" replace: headers: - "Authorization: $LUA_AUTH_EXPR" - name: acl config: hide_groups_header: true allow: - admin - anon - name: storage-v1 url: http://storage:5000/ routes: - name: storage-v1-all strip_path: true paths: - /storage/v1/ plugins: - name: cors - name: request-transformer config: add: headers: - "Authorization: $LUA_AUTH_EXPR" replace: headers: - "Authorization: $LUA_AUTH_EXPR" - name: post-function config: access: - | local auth = kong.request.get_header("authorization") if auth == nil or auth == "" or auth:find("^%s*$") then kong.service.request.clear_header("authorization") end - name: functions-v1 url: http://functions:9000/ read_timeout: 150000 routes: - name: functions-v1-all strip_path: true paths: - /functions/v1/ plugins: - name: cors - name: well-known-oauth url: http://auth:9999/.well-known/oauth-authorization-server routes: - name: well-known-oauth strip_path: true paths: - /.well-known/oauth-authorization-server plugins: - name: cors - name: meta url: http://meta:8080/ routes: - name: meta-all strip_path: true paths: - /pg/ plugins: - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin - name: dashboard url: http://studio:3000/ routes: - name: dashboard-all strip_path: true paths: - / plugins: - name: cors - name: basic-auth config: hide_credentials: true