From 403e55374484d5471651b93ed70bd05e96f92f60 Mon Sep 17 00:00:00 2001
From: Robert Rapp <robert.rapp@mindboost.team>
Date: Thu, 17 Jul 2025 15:16:47 +0200
Subject: [PATCH] fresh try

---
 nginx/conf.d/default.conf.template | 57 +++++++++++++++---------------
 1 file changed, 28 insertions(+), 29 deletions(-)

diff --git a/nginx/conf.d/default.conf.template b/nginx/conf.d/default.conf.template
index aea6657..1c1f4ef 100644
--- a/nginx/conf.d/default.conf.template
+++ b/nginx/conf.d/default.conf.template
@@ -1,49 +1,48 @@
-# ---------------------------  ENV-Key übernehmen  ---------------------------
-# envsubst ersetzt ${MEDIA_API_KEY} durch den Wert aus docker-compose.yml
-
-
 server {
-    listen 80;
-    server_name ${SERVER_NAME};
+    listen       80;
+    server_name  ${SERVER_NAME};
 
-    root /usr/share/nginx/html;
-    index index.html;
+    root         /usr/share/nginx/html;
+    index        index.html;
 
-
-
-    # ---------- Geschützte Audio-Ressourcen ----------
+    # ———————————————— Audio + CORS + Key-Check ————————————————
     location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {
 
-            # --------- Preflight direkt per IF ---------
         if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin "*";
-            add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
-            add_header Access-Control-Allow-Headers "Content-Type,X-API-Key,Keep-Alive,User-Agent,Cache-Control,Content-Type";
-            add_header Access-Control-Max-Age 1728000;
-            add_header Content-Length 0;
+            add_header Access-Control-Allow-Origin  "*" always;
+            add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "X-API-Key, Content-Type, Keep-Alive, User-Agent, Cache-Control" always;
+            add_header Access-Control-Max-Age       1728000 always;
+            add_header Content-Length               0;
             return 204;
         }
 
-        # --- Key-Check (nur GET/HEAD) ---
-        if ($request_method != OPTIONS) {
-            if ($http_x_api_key != "${MEDIA_API_KEY}") {
-                return 401;
-            }
+
+        if ($http_x_api_key != "${MEDIA_API_KEY}") {
+            # (optional) WWW-Authenticate-Header für Clients
+            add_header WWW-Authenticate 'API key required' always;
+            return 401;
         }
 
-        # --- CORS & Cache ---
-        add_header Access-Control-Allow-Origin "*";
-        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
-        add_header Access-Control-Allow-Headers "Content-Type, X-API-Key,Keep-Alive,User-Agent,Cache-Control,Content-Type";
+        add_header Access-Control-Allow-Origin  "*" always;
+        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "X-API-Key, Content-Type, Keep-Alive, User-Agent, Cache-Control" always;
+
         add_header Cache-Control "public, max-age=2592000" always;
 
-        # fehlende MIME-Types
-        types { audio/opus opus; audio/flac flac; }
+        types {
+            audio/opus   opus;
+            audio/mpeg   mp3;
+            audio/mp4    m4a;
+            audio/aac    aac;
+            video/mp4    mp4;
+            video/webm   webm;
+        }
 
         try_files $uri =404;
     }
 
-    # ---------- Website / Index ----------
+    # ———————————————— Alle ande­ren Requests ————————————————
     location / {
         try_files $uri $uri/ =404;
     }