# Static files - Public access (no authentication required)
# Used for email logos, favicons, etc.
- id: "django:static:public"
  version: "v0.40.0"
  upstream:
    url: "${BACKEND_URL}"
    preserve_host: false
  match:
    url: "https://api.example.com/static<**>"
    methods:
      - GET
      - HEAD
      - OPTIONS
  authenticators:
    - handler: anonymous
  authorizer:
    handler: allow
  mutators:
    - handler: noop
  errors:
    - handler: json

# GraphQL API - Cookie session authentication
- id: "django:graphql:main"
  version: "v0.40.0"
  upstream:
    url: "${BACKEND_URL}"
    preserve_host: false
  match:
    url: "https://api.example.com/graphql/<**>"
    methods:
      - GET
      - POST
      - OPTIONS
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: header
  errors:
    - handler: json

# Upload endpoints - Cookie session authentication
- id: "django:api:upload:main"
  version: "v0.40.0"
  upstream:
    url: "${BACKEND_URL}"
    preserve_host: false
  match:
    url: "https://api.example.com/api/upload/<**>"
    methods:
      - POST
      - OPTIONS
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: header
  errors:
    - handler: json

# Media endpoints - Cookie session authentication
- id: "django:api:media:main"
  version: "v0.40.0"
  upstream:
    url: "${BACKEND_URL}"
    preserve_host: false
  match:
    url: "https://api.example.com/api/media/<**>"
    methods:
      - GET
      - OPTIONS
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: header
  errors:
    - handler: json

# Admin interface - Cookie session authentication
- id: "django:admin:main"
  version: "v0.40.0"
  upstream:
    url: "${BACKEND_URL}"
    preserve_host: false
  match:
    url: "https://api.example.com/admin/<**>"
    methods:
      - GET
      - POST
      - OPTIONS
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: header
  errors:
    - handler: json

# WebSocket Chat - Cookie session authentication
# AI chat assistant using Django Channels
- id: "django:ws:chat"
  version: "v0.40.0"
  upstream:
    url: "${BACKEND_URL}"
    preserve_host: false
  match:
    url: "https://api.example.com/ws/chat/<**>"
    methods:
      - GET
      - OPTIONS
  authenticators:
    - handler: cookie_session
  authorizer:
    handler: allow
  mutators:
    - handler: header
  errors:
    - handler: json