chore(release): [ci skip] bump quickstart image to sha256@fe8af1dc8be…

…a062b58823bb118c0a45a68fab3c630bbdc89700f7394b321db3d
GaloyMoney · Nov 20, 2023 · 12b44ea · 12b44ea
1 parent 063ee9d
commit 12b44ea
Show file tree

Hide file tree

Showing 9 changed files with 75 additions and 53 deletions.
diff --git a/quickstart/dev/ory/oathkeeper.yml b/quickstart/dev/ory/oathkeeper.yml
@@ -28,8 +28,9 @@ authenticators:
     config:
       check_session_url: http://kratos:4433/sessions/whoami
       preserve_path: true
+      preserve_query: true
       subject_from: identity.id
-      extra_from: identity.traits
+      extra_from: "@this"
 
   oauth2_introspection:
     enabled: true
@@ -73,6 +74,12 @@ mutators:
   noop:
     enabled: true
 
+  header:
+    enabled: true
+    config:
+      headers:
+        X-Appcheck-Jti: "{{ print .Extra.jti }}"
+
 errors:
   fallback:
     - json

diff --git a/quickstart/dev/ory/oathkeeper_rules.yaml b/quickstart/dev/ory/oathkeeper_rules.yaml
@@ -2,21 +2,8 @@
   upstream:
     url: "http://bats-tests:4012"
   match:
-    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|phone/captcha|phone/code|phone/login)>"
+    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<.*>"
     methods: ["GET", "POST", "OPTIONS"]
-  authenticators:
-    - handler: anonymous
-  authorizer:
-    handler: allow
-  mutators:
-    - handler: noop
-
-- id: device-login
-  upstream:
-    url: "http://bats-tests:4012"
-  match:
-    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/create/device-account"
-    methods: ["POST"]
   authenticators:
     - handler: jwt
       config:
@@ -29,10 +16,14 @@
           - file:///home/ory/jwks.json # ONLY FOR DEV, DO NOT USE IN PRODUCTION
         token_from:
           header: Appcheck
+    - handler: anonymous
   authorizer:
     handler: allow
   mutators:
-    - handler: noop
+    - handler: header
+      config:
+        headers:
+          X-Appcheck-Jti: "{{ print .Extra.jti }}"
 
 - id: galoy-ws
   upstream:
@@ -61,20 +52,33 @@
         token_from:
           header: Oauth2-Token
 
+    - handler: bearer_token
+      config:
+        token_from:
+          header: X-API-KEY
+        forward_http_headers:
+        - "X-API-KEY"
+        check_session_url: "http://bats-tests:5397/auth/check"
+        force_method: GET
+        preserve_path: true
+        preserve_query: true
+        subject_from: sub
+        extra_from: "@this"
     - handler: bearer_token
       config:
         check_session_url: http://kratos:4433/sessions/whoami
         preserve_path: true
         preserve_query: true
         subject_from: identity.id
         extra_from: "@this"
+
     - handler: anonymous
   authorizer:
     handler: allow
   mutators:
     - handler: id_token
       config: #! TODO: add aud: {"aud": ["https://api/graphql"] }
-        claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}" }'
+        claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}"}'
 
 - id: admin-backend
   upstream:

diff --git a/quickstart/docker-compose.tmpl.yml b/quickstart/docker-compose.tmpl.yml
@@ -1,8 +1,8 @@
 #@ load("@ytt:data", "data")
 
-#@ galoy_api_image_digest = "sha256@d731b98fe1376fcab05607d67bacc33d70aa96201fc1704c6872923adc8665a1"
-#@ galoy_trigger_image_digest = "sha256@f85d09436c222b1ea0c04bb868c39677147171f43b9dfeabe6fc087e855753d4"
-#@ mongodb_migrate_image_digest = "sha256@2e5d251c5f6213ef2ef9a440b49ccf4883b8e6136ce14fe73deabde4b4c493a8"
+#@ galoy_api_image_digest = "sha256@fe8af1dc8bea062b58823bb118c0a45a68fab3c630bbdc89700f7394b321db3d"
+#@ galoy_trigger_image_digest = "sha256@11c6a1f797fa3caa8b30d8416786dc0f2f9d158849b1637c1e1d0a06d61b39c2"
+#@ mongodb_migrate_image_digest = "sha256@90bdda943c088dd1a44ce02ab128b19eae4fd0abc574d2c7641a834a168e23ec"
 
 version: #@ data.values.version
 services:

diff --git a/quickstart/docker-compose.yml b/quickstart/docker-compose.yml
@@ -97,7 +97,7 @@ services:
     ports:
     - 5434:5432
   galoy:
-    image: us.gcr.io/galoy-org/galoy-api@sha256:d731b98fe1376fcab05607d67bacc33d70aa96201fc1704c6872923adc8665a1
+    image: us.gcr.io/galoy-org/galoy-api@sha256:fe8af1dc8bea062b58823bb118c0a45a68fab3c630bbdc89700f7394b321db3d
     env_file: ${HOST_PROJECT_PATH:-.}/${GALOY_QUICKSTART_PATH:-vendor/galoy-quickstart}/.env.galoy
     depends_on:
     - trigger
@@ -115,7 +115,7 @@ services:
         aliases:
         - bats-tests
   trigger:
-    image: us.gcr.io/galoy-org/galoy-api-trigger@sha256:f85d09436c222b1ea0c04bb868c39677147171f43b9dfeabe6fc087e855753d4
+    image: us.gcr.io/galoy-org/galoy-api-trigger@sha256:11c6a1f797fa3caa8b30d8416786dc0f2f9d158849b1637c1e1d0a06d61b39c2
     env_file: ${HOST_PROJECT_PATH:-.}/${GALOY_QUICKSTART_PATH:-vendor/galoy-quickstart}/.env.galoy
     depends_on:
     - lnd1
@@ -136,7 +136,7 @@ services:
     - MONGODB_ADVERTISED_HOSTNAME=127.0.0.1
     - MONGO_INITDB_DATABASE=galoy
   mongodb-migrate:
-    image: us.gcr.io/galoy-org/galoy-app-migrate@sha256:2e5d251c5f6213ef2ef9a440b49ccf4883b8e6136ce14fe73deabde4b4c493a8
+    image: us.gcr.io/galoy-org/galoy-app-migrate@sha256:90bdda943c088dd1a44ce02ab128b19eae4fd0abc574d2c7641a834a168e23ec
     depends_on:
     - mongodb
     environment:

diff --git a/quickstart/galoy/dev/ory/oathkeeper.yml b/quickstart/galoy/dev/ory/oathkeeper.yml
@@ -28,8 +28,9 @@ authenticators:
     config:
       check_session_url: http://kratos:4433/sessions/whoami
       preserve_path: true
+      preserve_query: true
       subject_from: identity.id
-      extra_from: identity.traits
+      extra_from: "@this"
 
   oauth2_introspection:
     enabled: true
@@ -73,6 +74,12 @@ mutators:
   noop:
     enabled: true
 
+  header:
+    enabled: true
+    config:
+      headers:
+        X-Appcheck-Jti: "{{ print .Extra.jti }}"
+
 errors:
   fallback:
     - json

diff --git a/quickstart/galoy/dev/ory/oathkeeper_rules.yaml b/quickstart/galoy/dev/ory/oathkeeper_rules.yaml
@@ -2,21 +2,8 @@
   upstream:
     url: "http://bats-tests:4012"
   match:
-    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|phone/captcha|phone/code|phone/login)>"
+    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<.*>"
     methods: ["GET", "POST", "OPTIONS"]
-  authenticators:
-    - handler: anonymous
-  authorizer:
-    handler: allow
-  mutators:
-    - handler: noop
-
-- id: device-login
-  upstream:
-    url: "http://bats-tests:4012"
-  match:
-    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/create/device-account"
-    methods: ["POST"]
   authenticators:
     - handler: jwt
       config:
@@ -29,10 +16,14 @@
           - file:///home/ory/jwks.json # ONLY FOR DEV, DO NOT USE IN PRODUCTION
         token_from:
           header: Appcheck
+    - handler: anonymous
   authorizer:
     handler: allow
   mutators:
-    - handler: noop
+    - handler: header
+      config:
+        headers:
+          X-Appcheck-Jti: "{{ print .Extra.jti }}"
 
 - id: galoy-ws
   upstream:
@@ -61,20 +52,33 @@
         token_from:
           header: Oauth2-Token
 
+    - handler: bearer_token
+      config:
+        token_from:
+          header: X-API-KEY
+        forward_http_headers:
+        - "X-API-KEY"
+        check_session_url: "http://bats-tests:5397/auth/check"
+        force_method: GET
+        preserve_path: true
+        preserve_query: true
+        subject_from: sub
+        extra_from: "@this"
     - handler: bearer_token
       config:
         check_session_url: http://kratos:4433/sessions/whoami
         preserve_path: true
         preserve_query: true
         subject_from: identity.id
         extra_from: "@this"
+
     - handler: anonymous
   authorizer:
     handler: allow
   mutators:
     - handler: id_token
       config: #! TODO: add aud: {"aud": ["https://api/graphql"] }
-        claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}" }'
+        claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}"}'
 
 - id: admin-backend
   upstream:

diff --git a/quickstart/vendir.lock.yml b/quickstart/vendir.lock.yml
@@ -2,26 +2,26 @@ apiVersion: vendir.k14s.io/v1alpha1
 directories:
 - contents:
   - git:
-      commitTitle: 'fix: decimals issue in notification service (#3577)...'
-      sha: 9edf1c319571c833f427024732d3575e45860c08
+      commitTitle: 'chore: adding rate limit on device account creation (#3568)...'
+      sha: 063ee9d625e733008b5240509812288b76acb4ab
       tags:
-      - 0.16.44-1-g9edf1c319
+      - 0.16.45-2-g063ee9d62
     path: ./
   path: dev
 - contents:
   - git:
-      commitTitle: 'fix: decimals issue in notification service (#3577)...'
-      sha: 9edf1c319571c833f427024732d3575e45860c08
+      commitTitle: 'chore: adding rate limit on device account creation (#3568)...'
+      sha: 063ee9d625e733008b5240509812288b76acb4ab
       tags:
-      - 0.16.44-1-g9edf1c319
+      - 0.16.45-2-g063ee9d62
     path: ./
   path: ./galoy
 - contents:
   - git:
-      commitTitle: 'fix: decimals issue in notification service (#3577)...'
-      sha: 9edf1c319571c833f427024732d3575e45860c08
+      commitTitle: 'chore: adding rate limit on device account creation (#3568)...'
+      sha: 063ee9d625e733008b5240509812288b76acb4ab
       tags:
-      - 0.16.44-1-g9edf1c319
+      - 0.16.45-2-g063ee9d62
     path: ./
   path: ./graphql
 kind: LockConfig
diff --git a/quickstart/vendir.yml b/quickstart/vendir.yml
@@ -6,7 +6,7 @@ directories:
   - path: ./
     git:
       url: https://github.com/GaloyMoney/galoy.git
-      ref: 9edf1c319571c833f427024732d3575e45860c08
+      ref: 063ee9d625e733008b5240509812288b76acb4ab
     includePaths:
     - core/api/dev/**/*
     excludePaths:
@@ -18,7 +18,7 @@ directories:
   - path: ./
     git:
       url: https://github.com/GaloyMoney/galoy.git
-      ref: 9edf1c319571c833f427024732d3575e45860c08
+      ref: 063ee9d625e733008b5240509812288b76acb4ab
     includePaths:
     - core/api/dev/**/*
     - core/api/test/bats/bitcoind_signer_descriptors.json
@@ -36,7 +36,7 @@ directories:
   - path: ./
     git:
       url: https://github.com/GaloyMoney/galoy.git
-      ref: 9edf1c319571c833f427024732d3575e45860c08
+      ref: 063ee9d625e733008b5240509812288b76acb4ab
     includePaths:
     - core/api/src/graphql/public/schema.graphql
     - core/api/src/graphql/admin/schema.graphql

diff --git a/quickstart/vendir/values.yml b/quickstart/vendir/values.yml
@@ -1,3 +1,3 @@
 #@data/values
 ---
-galoy_git_ref: 9edf1c319571c833f427024732d3575e45860c08
+galoy_git_ref: 063ee9d625e733008b5240509812288b76acb4ab