# ---------------------------  ENV-Key übernehmen  ---------------------------
# envsubst ersetzt ${MEDIA_API_KEY} durch den Wert aus docker-compose.yml

map $request_method $cors_preflight {
    "OPTIONS" 1;
    default   0;
}

server {
    listen 80;
    server_name ${SERVER_NAME};

    root /usr/share/nginx/html;
    index index.html;

    # ---------- Preflight (OPTIONS) ----------
    if ($cors_preflight = 1) {
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Headers "Content-Type, X-API-Key";
        add_header Content-Length 0;
        return 204;
    }

    # ---------- Geschützte Audio-Ressourcen ----------
    location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {

        # --- Key-Check (nur GET/HEAD) ---
        if ($request_method != "OPTIONS") {
            if ($http_x_api_key != "${MEDIA_API_KEY}") { return 401; }
        }

        # --- CORS & Cache ---
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Headers "Content-Type, X-API-Key";
        add_header Cache-Control "public, max-age=2592000" always;

        # fehlende MIME-Types
        types { audio/opus opus; audio/flac flac; }

        try_files $uri =404;
    }

    # ---------- Website / Index ----------
    location / {
        try_files $uri $uri/ =404;
    }
}