317 lines
6.4 KiB
YAML
317 lines
6.4 KiB
YAML
_format_version: "3.0"
|
|
|
|
consumers:
|
|
- username: it0-system
|
|
jwt_secrets:
|
|
- key: it0-auth
|
|
algorithm: HS256
|
|
secret: "${JWT_SECRET}"
|
|
|
|
services:
|
|
- name: auth-service
|
|
url: http://auth-service:3001
|
|
routes:
|
|
- name: auth-routes
|
|
paths:
|
|
- /api/v1/auth
|
|
strip_path: false
|
|
- name: admin-routes
|
|
paths:
|
|
- /api/v1/admin
|
|
strip_path: false
|
|
|
|
- name: agent-service
|
|
url: http://agent-service:3002
|
|
routes:
|
|
- name: agent-routes
|
|
paths:
|
|
- /api/v1/agent
|
|
strip_path: false
|
|
- name: agent-ws
|
|
paths:
|
|
- /ws/agent
|
|
strip_path: false
|
|
protocols:
|
|
- http
|
|
- https
|
|
|
|
- name: agent-config-service
|
|
url: http://agent-service:3002
|
|
routes:
|
|
- name: agent-config-routes
|
|
paths:
|
|
- /api/v1/agent-config
|
|
strip_path: false
|
|
|
|
- name: ops-service
|
|
url: http://ops-service:3003
|
|
routes:
|
|
- name: ops-routes
|
|
paths:
|
|
- /api/v1/ops
|
|
strip_path: false
|
|
|
|
- name: inventory-service
|
|
url: http://inventory-service:3004
|
|
routes:
|
|
- name: inventory-routes
|
|
paths:
|
|
- /api/v1/inventory
|
|
strip_path: false
|
|
|
|
- name: monitor-service
|
|
url: http://monitor-service:3005
|
|
routes:
|
|
- name: monitor-routes
|
|
paths:
|
|
- /api/v1/monitor
|
|
strip_path: false
|
|
|
|
- name: comm-service
|
|
url: http://comm-service:3006
|
|
routes:
|
|
- name: comm-routes
|
|
paths:
|
|
- /api/v1/comm
|
|
strip_path: false
|
|
- name: comm-ws
|
|
paths:
|
|
- /ws/comm
|
|
strip_path: false
|
|
protocols:
|
|
- http
|
|
- https
|
|
|
|
- name: voice-service
|
|
url: http://voice-service:3008
|
|
routes:
|
|
- name: voice-ws
|
|
paths:
|
|
- /ws/voice
|
|
strip_path: false
|
|
protocols:
|
|
- http
|
|
- https
|
|
- name: voice-api
|
|
paths:
|
|
- /api/v1/voice
|
|
strip_path: false
|
|
- name: twilio-webhook
|
|
paths:
|
|
- /api/v1/twilio
|
|
strip_path: false
|
|
- name: voice-test
|
|
paths:
|
|
- /api/v1/test
|
|
strip_path: false
|
|
|
|
- name: audit-service
|
|
url: http://audit-service:3007
|
|
routes:
|
|
- name: audit-routes
|
|
paths:
|
|
- /api/v1/audit
|
|
strip_path: false
|
|
|
|
- name: version-service
|
|
url: http://version-service:3009
|
|
routes:
|
|
- name: version-routes
|
|
paths:
|
|
- /api/v1/versions
|
|
strip_path: false
|
|
- name: app-version-check-route
|
|
paths:
|
|
- /api/app/version
|
|
strip_path: false
|
|
- name: app-version-download-route
|
|
paths:
|
|
- /downloads/versions
|
|
strip_path: false
|
|
|
|
- name: billing-service
|
|
url: http://billing-service:3010
|
|
routes:
|
|
- name: billing-routes
|
|
paths:
|
|
- /api/v1/billing
|
|
strip_path: false
|
|
- name: billing-webhooks
|
|
paths:
|
|
- /api/v1/billing/webhooks
|
|
strip_path: false
|
|
|
|
- name: presence-service
|
|
url: http://presence-service:3011
|
|
routes:
|
|
- name: presence-routes
|
|
paths:
|
|
- /api/v1/presence
|
|
strip_path: false
|
|
- name: analytics-routes
|
|
paths:
|
|
- /api/v1/analytics
|
|
strip_path: false
|
|
|
|
- name: referral-service
|
|
url: http://referral-service:3012
|
|
routes:
|
|
# User-facing: GET /api/v1/referral/me, /me/referrals, /me/rewards
|
|
- name: referral-routes
|
|
paths:
|
|
- /api/v1/referral
|
|
strip_path: false
|
|
# Admin: /api/v1/referral/admin (JWT + role checked in service)
|
|
- name: referral-admin-routes
|
|
paths:
|
|
- /api/v1/referral/admin
|
|
strip_path: false
|
|
# Public validate: /api/v1/referral/validate?code=... (no JWT)
|
|
- name: referral-validate-public
|
|
paths:
|
|
- /api/v1/referral/validate
|
|
strip_path: false
|
|
|
|
plugins:
|
|
# ===== Global plugins (apply to ALL routes) =====
|
|
- name: cors
|
|
config:
|
|
origins:
|
|
- http://localhost:3000
|
|
- https://it0.szaiai.com
|
|
- http://it0.szaiai.com
|
|
- https://update.szaiai.com
|
|
methods:
|
|
- GET
|
|
- POST
|
|
- PUT
|
|
- DELETE
|
|
- PATCH
|
|
- OPTIONS
|
|
headers:
|
|
- Authorization
|
|
- Content-Type
|
|
- X-Tenant-Id
|
|
credentials: true
|
|
|
|
- name: rate-limiting
|
|
config:
|
|
minute: 120
|
|
policy: redis
|
|
redis_host: redis
|
|
redis_port: 6379
|
|
|
|
- name: file-log
|
|
config:
|
|
path: /dev/stdout
|
|
reopen: true
|
|
|
|
# ===== JWT per-service (NOT on auth-service) =====
|
|
- name: jwt
|
|
service: agent-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: agent-config-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: ops-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: inventory-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: monitor-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: comm-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
route: voice-api
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
route: twilio-webhook
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: audit-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
route: billing-routes
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
service: presence-service
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
route: admin-routes
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
# JWT for referral-service user routes (validate route is public — no JWT)
|
|
- name: jwt
|
|
route: referral-routes
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
- name: jwt
|
|
route: referral-admin-routes
|
|
config:
|
|
key_claim_name: kid
|
|
claims_to_verify:
|
|
- exp
|
|
|
|
# ===== Route-specific overrides =====
|
|
- name: rate-limiting
|
|
route: agent-ws
|
|
config:
|
|
minute: 30
|
|
policy: redis
|
|
redis_host: redis
|
|
|