# ─────────────────────────────────────────────────────────────
# WASL — Nginx server block (API)
# Proxies to Laravel Octane (Swoole) on app:8000
# ─────────────────────────────────────────────────────────────

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    root /var/www/html/public;
    index index.php;

    charset utf-8;

    # ── Health check endpoint ──
    location = /up {
        access_log off;
        proxy_pass http://wasl_octane;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }

    # ── Block sensitive files ──
    location ~ /\.(?!well-known).* {
        deny all;
        access_log off;
        log_not_found off;
    }

    location ~* ^/(?:storage|app|bootstrap|config|database|resources|routes|tests|vendor|docker)(/.*)?$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # ── Static assets (cached) ──
    location ~* \.(?:css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ {
        access_log off;
        log_not_found off;
        expires 30d;
        add_header Cache-Control "public, immutable";
        try_files $uri =404;
    }

    # ── API rate limits (login & transfers throttled harder) ──
    location ~ ^/api/(auth|otp|login) {
        limit_req zone=login burst=5 nodelay;
        limit_req_status 429;
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ ^/api/(transfers|wallets/.*/transfer) {
        limit_req zone=transfer burst=3 nodelay;
        limit_req_status 429;
        try_files $uri $uri/ /index.php?$query_string;
    }

    # ── General API + app ──
    location / {
        limit_req zone=api burst=30 nodelay;
        limit_req_status 429;
        try_files $uri $uri/ /index.php?$query_string;
    }

    # ── PHP via Octane (Swoole) ──
    location ~ \.php$ {
        proxy_pass http://wasl_octane;
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_read_timeout 60s;
        proxy_send_timeout 60s;
        proxy_connect_timeout 5s;

        proxy_buffering off;
        proxy_request_buffering off;
    }

    # ── Custom error pages ──
    error_page 404 /index.php;
    error_page 429 = @ratelimit;
    location @ratelimit {
        default_type application/json;
        return 429 '{"success":false,"message":"Too many requests. Please slow down.","code":"RATE_LIMITED"}';
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
}