1 Server::Application.routes.draw do
4 # OPTIONS requests are not allowed at routes that use cookies.
5 ['/auth/*a', '/login', '/logout'].each do |nono|
6 match nono, to: 'user_sessions#cross_origin_forbidden', via: 'OPTIONS'
8 # OPTIONS at discovery and API paths get an empty response with CORS headers.
9 match '/discovery/v1/*a', to: 'static#empty', via: 'OPTIONS'
10 match '/arvados/v1/*a', to: 'static#empty', via: 'OPTIONS'
14 resources :api_client_authorizations do
15 post 'create_system_auth', on: :collection
16 get 'current', on: :collection
18 resources :api_clients
19 resources :authorized_keys
20 resources :collections do
21 get 'provenance', on: :member
22 get 'used_by', on: :member
23 post 'trash', on: :member
24 post 'untrash', on: :member
27 get 'contents', on: :collection
28 get 'contents', on: :member
32 resources :containers do
33 get 'auth', on: :member
34 post 'lock', on: :member
35 post 'unlock', on: :member
36 get 'current', on: :collection
38 resources :container_requests
40 get 'queue', on: :collection
41 get 'queue_size', on: :collection
42 post 'cancel', on: :member
43 post 'lock', on: :member
45 resources :keep_disks do
46 post 'ping', on: :collection
48 resources :keep_services do
49 get 'accessible', on: :collection
54 post 'ping', on: :member
56 resources :pipeline_instances do
57 post 'cancel', on: :member
59 resources :pipeline_templates
61 resources :repositories do
62 get 'get_all_permissions', on: :collection
66 resources :user_agreements do
67 get 'signatures', on: :collection
68 post 'sign', on: :collection
71 get 'current', on: :collection
72 get 'system', on: :collection
73 post 'activate', on: :member
74 post 'setup', on: :collection
75 post 'unsetup', on: :member
77 resources :virtual_machines do
78 get 'logins', on: :member
79 get 'get_all_logins', on: :collection
81 get '/permissions/:uuid', to: 'links#get_permissions'
85 if Rails.env == 'test'
86 post '/database/reset', to: 'database#reset'
90 match '/auth/:provider/callback', to: 'user_sessions#create', via: [:get, :post]
91 match '/auth/failure', to: 'user_sessions#failure', via: [:get, :post]
92 # not handled by omniauth provider -> 403 with no CORS headers.
93 get '/auth/*a', to: 'user_sessions#cross_origin_forbidden'
96 match '/login', to: 'user_sessions#login', via: [:get, :post]
97 match '/logout', to: 'user_sessions#logout', via: [:get, :post]
99 match '/discovery/v1/apis/arvados/v1/rest', to: 'arvados/v1/schema#index', via: [:get, :post]
101 match '/static/login_failure', to: 'static#login_failure', as: :login_failure, via: [:get, :post]
103 # Send unroutable requests to an arbitrary controller
104 # (ends up at ApplicationController#render_not_found)
105 match '*a', to: 'static#render_not_found', via: [:get, :post, :put, :patch, :delete, :options]
107 root to: 'static#home'