1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 Server::Application.routes.draw do
8 # OPTIONS requests are not allowed at routes that use cookies.
9 ['/auth/*a', '/login', '/logout'].each do |nono|
10 match nono, to: 'user_sessions#cross_origin_forbidden', via: 'OPTIONS'
12 # OPTIONS at discovery and API paths get an empty response with CORS headers.
13 match '/discovery/v1/*a', to: 'static#empty', via: 'OPTIONS'
14 match '/arvados/v1/*a', to: 'static#empty', via: 'OPTIONS'
18 resources :api_client_authorizations do
19 post 'create_system_auth', on: :collection
20 get 'current', on: :collection
22 resources :api_clients
23 resources :authorized_keys
24 resources :collections do
25 get 'provenance', on: :member
26 get 'used_by', on: :member
27 post 'trash', on: :member
28 post 'untrash', on: :member
31 get 'contents', on: :collection
32 get 'contents', on: :member
33 get 'shared', on: :collection
34 post 'trash', on: :member
35 post 'untrash', on: :member
39 resources :containers do
40 get 'auth', on: :member
41 post 'lock', on: :member
42 post 'unlock', on: :member
43 get 'secret_mounts', on: :member
44 get 'current', on: :collection
46 resources :container_requests
48 get 'queue', on: :collection
49 get 'queue_size', on: :collection
50 post 'cancel', on: :member
51 post 'lock', on: :member
53 resources :keep_disks do
54 post 'ping', on: :collection
56 resources :keep_services do
57 get 'accessible', on: :collection
62 post 'ping', on: :member
64 resources :pipeline_instances do
65 post 'cancel', on: :member
67 resources :pipeline_templates
69 resources :repositories do
70 get 'get_all_permissions', on: :collection
74 resources :user_agreements do
75 get 'signatures', on: :collection
76 post 'sign', on: :collection
79 get 'current', on: :collection
80 get 'system', on: :collection
81 post 'activate', on: :member
82 post 'setup', on: :collection
83 post 'unsetup', on: :member
84 post 'update_uuid', on: :member
85 post 'merge', on: :collection
87 resources :virtual_machines do
88 get 'logins', on: :member
89 get 'get_all_logins', on: :collection
91 get '/permissions/:uuid', to: 'links#get_permissions'
95 if Rails.env == 'test'
96 post '/database/reset', to: 'database#reset'
100 match '/auth/:provider/callback', to: 'user_sessions#create', via: [:get, :post]
101 match '/auth/failure', to: 'user_sessions#failure', via: [:get, :post]
102 # not handled by omniauth provider -> 403 with no CORS headers.
103 get '/auth/*a', to: 'user_sessions#cross_origin_forbidden'
106 match '/login', to: 'user_sessions#login', via: [:get, :post]
107 match '/logout', to: 'user_sessions#logout', via: [:get, :post]
109 match '/discovery/v1/apis/arvados/v1/rest', to: 'arvados/v1/schema#index', via: [:get, :post]
111 match '/static/login_failure', to: 'static#login_failure', as: :login_failure, via: [:get, :post]
113 match '/_health/ping', to: 'arvados/v1/healthcheck#ping', via: [:get]
115 # Send unroutable requests to an arbitrary controller
116 # (ends up at ApplicationController#render_not_found)
117 match '*a', to: 'static#render_not_found', via: [:get, :post, :put, :patch, :delete, :options]
119 root to: 'static#home'