# DeckForge Apache Virtual Host
# Reverse proxy to Docker services on localhost
# SSL is terminated by the upstream load balancer

<VirtualHost *:80>
    ServerName optical-dev.oliver.solutions

    # Security headers
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"

    # Max upload size: 100 MB
    LimitRequestBody 104857600

    ProxyPreserveHost On
    ProxyRequests Off

    # ----------------------------------------------------------------
    # FastAPI backend — Apache strips the /ppt-tool prefix so FastAPI
    # receives plain /api/v1/... paths (it has no basePath awareness)
    # ----------------------------------------------------------------

    ProxyPass /ppt-tool/api/v1/ http://127.0.0.1:API_PORT/api/v1/ timeout=1800
    ProxyPassReverse /ppt-tool/api/v1/ http://127.0.0.1:API_PORT/api/v1/

    # Swagger / OpenAPI
    ProxyPass /ppt-tool/docs http://127.0.0.1:API_PORT/docs
    ProxyPassReverse /ppt-tool/docs http://127.0.0.1:API_PORT/docs
    ProxyPass /ppt-tool/openapi.json http://127.0.0.1:API_PORT/openapi.json
    ProxyPassReverse /ppt-tool/openapi.json http://127.0.0.1:API_PORT/openapi.json

    # Static files served by FastAPI
    ProxyPass /ppt-tool/app_data/ http://127.0.0.1:API_PORT/app_data/
    ProxyPassReverse /ppt-tool/app_data/ http://127.0.0.1:API_PORT/app_data/
    ProxyPass /ppt-tool/static/ http://127.0.0.1:API_PORT/static/
    ProxyPassReverse /ppt-tool/static/ http://127.0.0.1:API_PORT/static/

    # SSE: disable buffering so streaming responses reach client immediately
    <Location /ppt-tool/api/v1/>
        RequestHeader set Connection ""
        SetEnv proxy-sendchunked 1
        SetEnv no-gzip 1
    </Location>

    # ----------------------------------------------------------------
    # Next.js frontend — receives /ppt-tool/... paths intact
    # (Next.js basePath="/ppt-tool" handles the prefix internally)
    # Must come AFTER all /api/ and /static/ rules
    # ----------------------------------------------------------------

    # WebSocket support (HMR in debug, or any WS the app uses)
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/ppt-tool/(.*) ws://127.0.0.1:WEB_PORT/ppt-tool/$1 [P,L]

    ProxyPass /ppt-tool/ http://127.0.0.1:WEB_PORT/ppt-tool/
    ProxyPassReverse /ppt-tool/ http://127.0.0.1:WEB_PORT/ppt-tool/

    # Redirect /ppt-tool (no trailing slash) → /ppt-tool/ to avoid 404 after Next.js 308
    RedirectMatch ^/ppt-tool$ /ppt-tool/

    # Root — serve /var/www/html/index.html (Google LB health check needs 200 on GET /)
    DocumentRoot /var/www/html
    <Directory /var/www/html>
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/deckforge-error.log
    CustomLog ${APACHE_LOG_DIR}/deckforge-access.log combined
</VirtualHost>