102 lines
3.7 KiB
Ruby
102 lines
3.7 KiB
Ruby
Rails.application.routes.draw do
|
|
resource :session
|
|
resources :passwords, param: :token
|
|
resources :invitations, param: :token, only: [:show, :update]
|
|
mount ActionCable.server => "/cable"
|
|
|
|
# Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
|
|
|
|
# Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
|
|
# Can be used by load balancers and uptime monitors to verify that the app is live.
|
|
get "up" => "rails/health#show", :as => :rails_health_check
|
|
|
|
# Authentication routes
|
|
get "/signup", to: "users#new", as: :signup
|
|
post "/signup", to: "users#create"
|
|
get "/signin", to: "sessions#new", as: :signin
|
|
post "/signin", to: "sessions#create"
|
|
delete "/signout", to: "sessions#destroy", as: :signout
|
|
get "/totp-verification", to: "sessions#verify_totp", as: :totp_verification
|
|
post "/totp-verification", to: "sessions#verify_totp"
|
|
|
|
# WebAuthn authentication routes
|
|
post "/sessions/webauthn/challenge", to: "sessions#webauthn_challenge"
|
|
post "/sessions/webauthn/verify", to: "sessions#webauthn_verify"
|
|
|
|
# OIDC (OpenID Connect) routes
|
|
get "/.well-known/openid-configuration", to: "oidc#discovery"
|
|
get "/.well-known/jwks.json", to: "oidc#jwks"
|
|
get "/oauth/authorize", to: "oidc#authorize"
|
|
post "/oauth/authorize/consent", to: "oidc#consent", as: :oauth_consent
|
|
post "/oauth/token", to: "oidc#token"
|
|
post "/oauth/revoke", to: "oidc#revoke"
|
|
match "/oauth/userinfo", to: "oidc#userinfo", via: [:get, :post]
|
|
get "/logout", to: "oidc#logout"
|
|
|
|
# ForwardAuth / Trusted Header SSO
|
|
namespace :api do
|
|
get "/verify", to: "forward_auth#verify"
|
|
post "/csp-violation-report", to: "csp#violation_report"
|
|
end
|
|
|
|
# Authenticated routes
|
|
root "dashboard#index"
|
|
resource :profile, only: [:show, :update] do
|
|
member do
|
|
delete :revoke_consent
|
|
delete :revoke_all_consents
|
|
end
|
|
end
|
|
resource :active_sessions, only: [:show] do
|
|
member do
|
|
delete :logout_from_app
|
|
delete :revoke_consent
|
|
delete :revoke_all_consents
|
|
end
|
|
end
|
|
resources :sessions, only: [] do
|
|
member do
|
|
delete :destroy, action: :destroy_other
|
|
end
|
|
end
|
|
|
|
# TOTP (2FA) routes
|
|
get "/totp/new", to: "totp#new", as: :new_totp
|
|
post "/totp", to: "totp#create", as: :totp
|
|
delete "/totp", to: "totp#destroy"
|
|
get "/totp/backup_codes", to: "totp#backup_codes", as: :backup_codes_totp
|
|
post "/totp/verify_password", to: "totp#verify_password", as: :verify_password_totp
|
|
get "/totp/regenerate_backup_codes", to: "totp#regenerate_backup_codes", as: :regenerate_backup_codes_totp
|
|
post "/totp/regenerate_backup_codes", to: "totp#create_new_backup_codes", as: :create_new_backup_codes_totp
|
|
post "/totp/complete_setup", to: "totp#complete_setup", as: :complete_totp_setup
|
|
|
|
# WebAuthn (Passkeys) routes
|
|
get "/webauthn/new", to: "webauthn#new", as: :new_webauthn
|
|
post "/webauthn/challenge", to: "webauthn#challenge"
|
|
post "/webauthn/create", to: "webauthn#create"
|
|
delete "/webauthn/:id", to: "webauthn#destroy", as: :webauthn_credential
|
|
get "/webauthn/check", to: "webauthn#check"
|
|
|
|
# Admin routes
|
|
namespace :admin do
|
|
root "dashboard#index"
|
|
resources :users do
|
|
member do
|
|
post :resend_invitation
|
|
post :update_application_claims
|
|
delete :delete_application_claims
|
|
end
|
|
end
|
|
resources :applications do
|
|
member do
|
|
post :regenerate_credentials
|
|
end
|
|
end
|
|
resources :groups
|
|
end
|
|
|
|
# Render dynamic PWA files from app/views/pwa/* (remember to link manifest in application.html.erb)
|
|
# get "manifest" => "rails/pwa#manifest", as: :pwa_manifest
|
|
# get "service-worker" => "rails/pwa#service_worker", as: :pwa_service_worker
|
|
end
|