# Nginx configuration for push notifications with dark.side domain
# This should be added to the nginx-proxy-manager custom configuration
# or applied to the nginx configuration serving admin.dark.side

# CORS headers for push notifications - allows any origin within dark.side domain
# This pattern allows the callbacks to work regardless of subdomain
location ~ ^/(api/push|service-worker\.js|manifest\.json|pwa\.js) {
    # Set CORS headers for dark.side domains
    set $cors_origin "";
    if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
        set $cors_origin $http_origin;
    }

    # If no specific origin match, allow the dark.side domain generally
    if ($cors_origin = "") {
        set $cors_origin "https://admin.dark.side";
    }

    # Apply CORS headers
    add_header 'Access-Control-Allow-Origin' $cors_origin always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
    add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Max-Age' '3600' always;

    # Handle preflight OPTIONS requests
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Max-Age' '3600' always;
        add_header 'Content-Length' '0';
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        return 204;
    }

    # Proxy to the backend
    proxy_pass http://localhost:5100;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
}

# Additional location for the admin area with CORS support
location /Admin {
    # Basic CORS for admin area
    add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;

    proxy_pass http://localhost:5100/Admin;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
}