doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add public pyramid API routes to nginx config
Some checks failed
Build and Push / build-all (push) Failing after 7m2s
Details

Browse source 
The pyramid state, colors, face, and pixel info endpoints need
to be accessible without JWT authentication for loading the canvas.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
doomtube 2026-01-11 17:12:10 -05:00
parent 22550fcc6c
commit 3c67397b7d
1 changed files with 81 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

81
openresty/nginx.conf
View file

@ -789,6 +789,87 @@ http {
add_header Cache-Control "no-store, no-cache" always;
}
# Public pyramid endpoints - no authentication required for canvas loading
location ~ ^/api/pyramid/(state|colors)$ {
limit_req zone=api_limit burst=20 nodelay;
# CORS headers
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type" always;
add_header Access-Control-Allow-Credentials "true" always;
if ($request_method = 'OPTIONS') {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Short cache for pyramid state
expires 5s;
add_header Cache-Control "public, max-age=5" always;
}
# Public pyramid face endpoints
location ~ ^/api/pyramid/face/[0-4]$ {
limit_req zone=api_limit burst=20 nodelay;
# CORS headers
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type" always;
add_header Access-Control-Allow-Credentials "true" always;
if ($request_method = 'OPTIONS') {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Short cache for face data
expires 5s;
add_header Cache-Control "public, max-age=5" always;
}
# Public pyramid pixel info endpoint
location ~ ^/api/pyramid/pixel/[0-4]/[0-9]+/[0-9]+$ {
limit_req zone=api_limit burst=20 nodelay;
# CORS headers
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type" always;
add_header Access-Control-Allow-Credentials "true" always;
if ($request_method = 'OPTIONS') {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# No cache for pixel info
expires -1;
add_header Cache-Control "no-store, no-cache" always;
}
# Other API endpoints (authenticated)
location /api/ {
limit_req zone=api_limit burst=20 nodelay;