- name: login page
  on: path /login
  do: pass
- name: protected
  on: |
    !path glob("@tanstack-start/*")
    !path /@react-refresh
    !path /@vite/client
    !path regex("\?token=\w{5}-\w{5}")
    !path glob("/@id/*")
    !path glob("/api/v1/auth/*")
    !path glob("/auth/*")
    !path regex("[A-Za-z0-9_\-/]+\.(css|ts|js|mjs|svg|png|jpg|jpeg|gif|ico|webp|woff2?|eot|ttf|otf|txt)(\?.+)?")
    !path /api/v1/version
    !path /manifest.webmanifest
  do: require_auth
- name: proxy to backend
  on: path glob("/api/v1/*")
  do: proxy http://${API_ADDR}/
- name: proxy to auth api
  on: path glob("/auth/*")
  do: |
    rewrite /auth /api/v1/auth
    proxy http://${API_ADDR}/