X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0bd1c28bed9a0756c61037947d5a9dccd5066f00..0d79612df7a9b744ecda195964992d992345c74e:/services/api/config/routes.rb

diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index 74d2aea80a..6975858035 100644
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -1,28 +1,54 @@
-Server::Application.routes.draw do
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+Rails.application.routes.draw do
   themes_for_rails
 
-  # See http://guides.rubyonrails.org/routing.html
+  # OPTIONS requests are not allowed at routes that use cookies.
+  ['/auth/*a', '/login', '/logout'].each do |nono|
+    match nono, to: 'user_sessions#cross_origin_forbidden', via: 'OPTIONS'
+  end
+  # OPTIONS at discovery and API paths get an empty response with CORS headers.
+  match '/discovery/v1/*a', to: 'static#empty', via: 'OPTIONS'
+  match '/arvados/v1/*a', to: 'static#empty', via: 'OPTIONS'
 
   namespace :arvados do
     namespace :v1 do
       resources :api_client_authorizations do
         post 'create_system_auth', on: :collection
+        get 'current', on: :collection
       end
       resources :api_clients
       resources :authorized_keys
       resources :collections do
         get 'provenance', on: :member
         get 'used_by', on: :member
+        post 'trash', on: :member
+        post 'untrash', on: :member
       end
       resources :groups do
         get 'contents', on: :collection
         get 'contents', on: :member
+        get 'shared', on: :collection
+        post 'trash', on: :member
+        post 'untrash', on: :member
       end
       resources :humans
       resources :job_tasks
+      resources :containers do
+        get 'auth', on: :member
+        post 'lock', on: :member
+        post 'unlock', on: :member
+        get 'secret_mounts', on: :member
+        get 'current', on: :collection
+      end
+      resources :container_requests
       resources :jobs do
         get 'queue', on: :collection
+        get 'queue_size', on: :collection
         post 'cancel', on: :member
+        post 'lock', on: :member
       end
       resources :keep_disks do
         post 'ping', on: :collection
@@ -35,8 +61,11 @@ Server::Application.routes.draw do
       resources :nodes do
         post 'ping', on: :member
       end
-      resources :pipeline_instances
+      resources :pipeline_instances do
+        post 'cancel', on: :member
+      end
       resources :pipeline_templates
+      resources :workflows
       resources :repositories do
         get 'get_all_permissions', on: :collection
       end
@@ -52,30 +81,41 @@ Server::Application.routes.draw do
         post 'activate', on: :member
         post 'setup', on: :collection
         post 'unsetup', on: :member
+        post 'update_uuid', on: :member
+        post 'merge', on: :collection
+        patch 'batch_update', on: :collection
       end
       resources :virtual_machines do
         get 'logins', on: :member
         get 'get_all_logins', on: :collection
       end
-      get '/permissions/:uuid', :to => 'links#get_permissions'
+      get '/permissions/:uuid', to: 'links#get_permissions'
     end
   end
 
+  if Rails.env == 'test'
+    post '/database/reset', to: 'database#reset'
+  end
+
   # omniauth
-  match '/auth/:provider/callback', :to => 'user_sessions#create'
-  match '/auth/failure', :to => 'user_sessions#failure'
+  match '/auth/:provider/callback', to: 'user_sessions#create', via: [:get, :post]
+  match '/auth/failure', to: 'user_sessions#failure', via: [:get, :post]
+  # not handled by omniauth provider -> 403 with no CORS headers.
+  get '/auth/*a', to: 'user_sessions#cross_origin_forbidden'
 
   # Custom logout
-  match '/login', :to => 'user_sessions#login'
-  match '/logout', :to => 'user_sessions#logout'
+  match '/login', to: 'user_sessions#login', via: [:get, :post]
+  match '/logout', to: 'user_sessions#logout', via: [:get, :post]
+
+  match '/discovery/v1/apis/arvados/v1/rest', to: 'arvados/v1/schema#index', via: [:get, :post]
 
-  match '/discovery/v1/apis/arvados/v1/rest', :to => 'arvados/v1/schema#index'
+  match '/static/login_failure', to: 'static#login_failure', as: :login_failure, via: [:get, :post]
 
-  match '/static/login_failure', :to => 'static#login_failure', :as => :login_failure
+  match '/_health/ping', to: 'arvados/v1/healthcheck#ping', via: [:get]
 
   # Send unroutable requests to an arbitrary controller
   # (ends up at ApplicationController#render_not_found)
-  match '*a', :to => 'static#render_not_found'
+  match '*a', to: 'static#render_not_found', via: [:get, :post, :put, :patch, :delete, :options]
 
-  root :to => 'static#home'
+  root to: 'static#home'
 end