feat: add proxy

fixtures/cors.template

@@ -0,0 +1,6 @@
+add_header 'Access-Control-Allow-Origin' '*';
+add_header 'Access-Control-Allow-Credentials' 'true';
+add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-StApps-Version';
+add_header 'Access-Control-Max-Age' 1728000;
+add_header 'Content-Type' 'text/plain charset=UTF-8';

fixtures/hiddenRoute.template

@@ -0,0 +1,8 @@
+location {{{ route }}} {
+
+    # use our custom request limit and allow bursts
+    # deliver them with no queuing delay
+    limit_req zone=customstappslimit burst=20;
+
+    return 404;
+}

fixtures/staticRoute.template

@@ -0,0 +1,40 @@
+location /_static/ {
+
+    # use our custom request limit and allow bursts
+    limit_req zone=customstappslimit burst=20 nodelay;
+
+    {{{ cors }}}
+
+    if ($request_method = 'OPTIONS') {
+	{{{ cors }}}
+        add_header 'Content-Length' '0';
+        return 204;
+    }
+    alias /static/;
+    expires 7d;
+    ## Check for file existing and if there, stop ##
+    if (-f $request_filename) {
+        break;
+    }
+    ## Check for file existing and if there, stop ##
+    if (-d $request_filename) {
+        break;
+    }
+	##Check for png
+    if (-e $request_filename.png) {
+        rewrite ^/(.*)$ /$1.png;
+        break;
+    }
+	##Check for gif
+    if (-e $request_filename.gif) {
+        rewrite ^/(.*)$ /$1.gif;
+        break;
+    }
+	##Check for jpg
+    if (-e $request_filename.jpg) {
+        rewrite ^/(.*)$ /$1.jpg;
+        break;
+    }
+	##Fallback rule if no match is found
+    rewrite ^/(.*/).*(small|medium|large|thumbnail)$ /$1default-$2.png;
+}

fixtures/visibleRoute.template

@@ -0,0 +1,41 @@
+location  {{{ route }}} {
+
+    # use our custom request limit and allow bursts
+    # deliver them with no queuing delay
+    limit_req zone=customstappslimit burst=20 nodelay;
+
+    # intercept OPTIONS request
+    # all other CORS headers are set by the backend(s)
+    # see https://gist.github.com/michiel/1064640/0dafeb1e8f71a26b94ea15e09e7e5f45bed14dda
+    if ($request_method = 'OPTIONS') {
+        {{{ cors }}}
+        add_header 'Content-Length' '0';
+        return 204;
+    }
+
+    # if client doesn't set a version header, we don't know which backend to choose
+    if ($http_x_stapps_version = "") {
+        # return Multiple Choices
+        return 300 'You have to supply a client/app version via the X-StApps-Version header!';
+    }
+
+    # Version is unsupported or never existed
+    if ($proxyurl = unsupported) {
+        {{{ cors }}}
+        return 404;
+    }
+    # The version existed, but is outdated now (App should update)
+    if ($proxyurl = outdated) {
+        return 404;
+    }
+    # The version is correct, but backend is not responding
+    if ($proxyurl = unavailable) {
+        {{{ cors }}}
+	    return 503;
+    }
+    limit_except GET OPTIONS POST {
+        deny all;
+    }
+    # backend is available
+    proxy_pass http://$proxyurl;
+}