X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f19ce869a14511bb8031309a75fd9ee7acfeee6c..6c40c1c5b000b2eb0967df0f7ebaf613393501bc:/services/api/config/routes.rb diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb index 705822a6a5..87c4d91757 100644 --- a/services/api/config/routes.rb +++ b/services/api/config/routes.rb @@ -1,18 +1,27 @@ Server::Application.routes.draw do themes_for_rails - # See http://guides.rubyonrails.org/routing.html + # OPTIONS requests are not allowed at routes that use cookies. + ['/auth/*a', '/login', '/logout'].each do |nono| + match nono, to: 'user_sessions#cross_origin_forbidden', via: 'OPTIONS' + end + # OPTIONS at discovery and API paths get an empty response with CORS headers. + match '/discovery/v1/*a', to: 'static#empty', via: 'OPTIONS' + match '/arvados/v1/*a', to: 'static#empty', via: 'OPTIONS' namespace :arvados do namespace :v1 do resources :api_client_authorizations do post 'create_system_auth', on: :collection + get 'current', on: :collection end resources :api_clients resources :authorized_keys resources :collections do get 'provenance', on: :member get 'used_by', on: :member + post 'trash', on: :member + post 'untrash', on: :member end resources :groups do get 'contents', on: :collection @@ -20,6 +29,13 @@ Server::Application.routes.draw do end resources :humans resources :job_tasks + resources :containers do + get 'auth', on: :member + post 'lock', on: :member + post 'unlock', on: :member + get 'current', on: :collection + end + resources :container_requests resources :jobs do get 'queue', on: :collection get 'queue_size', on: :collection @@ -37,8 +53,11 @@ Server::Application.routes.draw do resources :nodes do post 'ping', on: :member end - resources :pipeline_instances + resources :pipeline_instances do + post 'cancel', on: :member + end resources :pipeline_templates + resources :workflows resources :repositories do get 'get_all_permissions', on: :collection end @@ -59,25 +78,31 @@ Server::Application.routes.draw do get 'logins', on: :member get 'get_all_logins', on: :collection end - get '/permissions/:uuid', :to => 'links#get_permissions' + get '/permissions/:uuid', to: 'links#get_permissions' end end + if Rails.env == 'test' + post '/database/reset', to: 'database#reset' + end + # omniauth - match '/auth/:provider/callback', :to => 'user_sessions#create' - match '/auth/failure', :to => 'user_sessions#failure' + match '/auth/:provider/callback', to: 'user_sessions#create', via: [:get, :post] + match '/auth/failure', to: 'user_sessions#failure', via: [:get, :post] + # not handled by omniauth provider -> 403 with no CORS headers. + get '/auth/*a', to: 'user_sessions#cross_origin_forbidden' # Custom logout - match '/login', :to => 'user_sessions#login' - match '/logout', :to => 'user_sessions#logout' + match '/login', to: 'user_sessions#login', via: [:get, :post] + match '/logout', to: 'user_sessions#logout', via: [:get, :post] - match '/discovery/v1/apis/arvados/v1/rest', :to => 'arvados/v1/schema#index' + match '/discovery/v1/apis/arvados/v1/rest', to: 'arvados/v1/schema#index', via: [:get, :post] - match '/static/login_failure', :to => 'static#login_failure', :as => :login_failure + match '/static/login_failure', to: 'static#login_failure', as: :login_failure, via: [:get, :post] # Send unroutable requests to an arbitrary controller # (ends up at ApplicationController#render_not_found) - match '*a', :to => 'static#render_not_found' + match '*a', to: 'static#render_not_found', via: [:get, :post, :put, :patch, :delete, :options] - root :to => 'static#home' + root to: 'static#home' end