# ISO8601 시간을 "YYYY-MM-DD HH:mm:ss" 형식으로 변환
map $time_iso8601 $time_custom {
    "~^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})" "$1-$2-$3 $4:$5:$6";
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

# Go slog 포맷과 맞춘 JSON 액세스 로그
log_format json_combined escape=json
    '{'
    '"time":"$time_custom",'
    '"level":"INFO",'
    '"msg":"http_access",'
    '"svc":"baron-gateway",'
    '"status":$status,'
    '"method":"$request_method",'
    '"path":"$request_uri",'
    '"latency":"${request_time}s",'
    '"ip":"$remote_addr",'
    '"forwarded_for":"$http_x_forwarded_for",'
    '"user_agent":"$http_user_agent"'
    '}';

server {
    listen 5000;
    client_header_buffer_size 16k;
    large_client_header_buffers 4 64k;
    include /etc/nginx/mime.types;
    types {
        application/javascript mjs;
    }

    resolver 127.0.0.11 valid=10s ipv6=off;
    set $backend_upstream http://baron_backend:3000;
    set $userfront_upstream http://baron_userfront:5000;
    set $oathkeeper_upstream http://oathkeeper:4455;
    
    error_log /dev/stderr warn;
    access_log /var/log/nginx/access.log json_combined;

    # 안정성 튜닝
    client_max_body_size 10m;
    keepalive_timeout 65;

    # --- Backend API Proxy ---
    location /api {
        proxy_pass $backend_upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # --- Ory Stack Proxy (via Oathkeeper) ---
    # Kratos Public API
    location /auth {
        proxy_pass $oathkeeper_upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Hydra Public API
    location /oidc {
        proxy_pass $oathkeeper_upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # --- 내부 웹앱 프록시 (초기에는 Private Net 내부에서만 운영) ---
    # AdminFront (Vite Dev Server or Nginx)
    # location /admin {
    #     proxy_pass http://baron_adminfront:5173;
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_set_header X-Forwarded-Proto $scheme;
    #
    #     # WebSocket 지원 (Vite HMR)
    #     proxy_http_version 1.1;
    #     proxy_set_header Upgrade $http_upgrade;
    #     proxy_set_header Connection "upgrade";
    # }

    # DevFront (Vite Dev Server or Nginx)
    # location /dev {
    #     proxy_pass http://baron_devfront:5173;
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_set_header X-Forwarded-Proto $scheme;
    #
    #     # WebSocket 지원 (Vite HMR)
    #     proxy_http_version 1.1;
    #     proxy_set_header Upgrade $http_upgrade;
    #     proxy_set_header Connection "upgrade";
    # }

    # --- UserFront 정적 파일 프록시 ---
    location / {
        proxy_pass $userfront_upstream;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}