# this routing file is included in the hagrid http block
# it is assumed that hagrid runs on localhost:8080

# To protect against DOS, we limit the size of possible uploads.
client_max_body_size 1m;

location /vks/v1/by-email/ {
    rewrite "^/vks/v1/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break;
    default_type application/pgp-keys;
    add_header Content-Disposition 'attachment; filename="$1$2.asc"';
    try_files /$uri =404;
}

location /vks/v1/by-fingerprint/ {
    rewrite ^/vks/v1/by-fingerprint/(0x)?([^/][^/])(..*)$ /vks/v1/by-fingerprint/$2$3 break;
    default_type application/pgp-keys;
    add_header Content-Disposition 'attachment; filename="$2$3.asc"';
    try_files /by-fpr/$2/$3 @fallback;
}

location /vks/v1/by-keyid/ {
    rewrite ^/vks/v1/by-keyid/(0x)?([^/][^/])(.*)$ /vks/v1/by-keyid/$2$3 break;
    default_type application/pgp-keys;
    add_header Content-Disposition 'attachment; filename="$2$3.asc"';
    try_files /by-keyid/$2/$3 @fallback;
}

# Pass queries that we do not understand to hagrid.
location @fallback {
    proxy_pass http://127.0.0.1:8080;
}

# Common HKP requests.
location /pks/lookup {
    # sq keyserver get <KEYID>, gpg --receive-keys <KEYID>
    if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") {
        set $dir $2;
        set $file $3;
        rewrite . /vks/v1/by-keyid/$dir$file;
    }

    # gpg --receive-keys <FINGERPRINT>
    if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") {
        set $dir $2;
        set $file $3;
        rewrite . /vks/v1/by-fingerprint/$dir$file;
    }

    # gpg --locate-key <EMAIL>
    if ($args ~ "^op=get&options=mr&?search=(..)([^&]*)(@|%40)([^&]*)") {
        set $dir $1;
        set $local $2;
        set $horst $4;
        rewrite . /vks/v1/by-email/$dir$local%40$horst;
    }

    proxy_pass http://127.0.0.1:8080;
}

location /pks/add {
    proxy_pass http://127.0.0.1:8080;
}

location = / {
    proxy_cache static_cache;
    proxy_pass http://127.0.0.1:8080;
}

location = /about {
    proxy_cache static_cache;
    proxy_pass http://127.0.0.1:8080;
}

location = /apidoc {
    proxy_cache static_cache;
    proxy_pass http://127.0.0.1:8080;
}

location /vks/v1/ {
    proxy_pass http://127.0.0.1:8080;
}

location = /delete {
    proxy_pass http://127.0.0.1:8080;
}

location = /publish {
    proxy_pass http://127.0.0.1:8080;
}