# ---------------------------  ENV-Key übernehmen  ---------------------------
# envsubst ersetzt ${MEDIA_API_KEY} durch den Wert aus docker-compose.yml


server {
    listen 80;
    server_name ${SERVER_NAME};

    root /usr/share/nginx/html;
    index index.html;



    # ---------- Geschützte Audio-Ressourcen ----------
    location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {

            # --------- Preflight direkt per IF ---------
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin "*";
            add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
            add_header Access-Control-Allow-Headers "Content-Type,X-API-Key,Keep-Alive,User-Agent,Cache-Control,Content-Type";
            add_header Access-Control-Max-Age 1728000;
            add_header Content-Length 0;
            return 204;
        }

        # --- Key-Check (nur GET/HEAD) ---
        if ($request_method != OPTIONS) {
            if ($http_x_api_key != "${MEDIA_API_KEY}") {
                return 401;
            }
        }

        # --- CORS & Cache ---
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Headers "Content-Type, X-API-Key,Keep-Alive,User-Agent,Cache-Control,Content-Type";
        add_header Cache-Control "public, max-age=2592000" always;

        # fehlende MIME-Types
        types { audio/opus opus; audio/flac flac; }

        try_files $uri =404;
    }

    # ---------- Website / Index ----------
    location / {
        try_files $uri $uri/ =404;
    }
}