#!/bin/sh

# All env in this default.env can be overridden by env.local.

# All env in this default.env must NOT depend on any other env.  If they do, they
# must use single quotes to avoid early expansion before overrides in env.local
# are applied and must be added to the list of DELAYED_EVAL.

# This defines a mapping between the Magpie/Twitcher auth sub-request for the requested resource location including it.
# When the component is disabled, this variable is not defined, and therefore auth requests are not performed.
# This allows components to include this variable directly and provide a toggle mechanism between
# authenticated/secured and fully-open/public access, depending on the inclusion of this component or not.
export SECURE_DATA_PROXY_AUTH_INCLUDE="include /etc/nginx/conf.extra-service.d/secure-data-proxy/secure-data-auth.include;"

export SECURE_DATA_PROXY_ROOT='${BIRDHOUSE_DATA_PERSIST_ROOT}/secure-data-proxy'

# Define custom locations as needed.
# Other components/services can also use similar locations when combined with 'optional-components/secure-data-proxy'.
# They should use a similar 'secure-data-proxy' API service sub-path (i.e.: '/example' below) in Magpie/Twitcher
# to provide authenticated access control.
# WARNING:
#   This variable is intented as user-facing interface.
#   It is not recommended for other components to extent it directly to avoid parsing errors due to the
#   potential complexity involved with embedding multiple locations with nested braces, quotes, and template variables.
#   Instead, other components should define their own locations in their configuration to provide similar mechanism.
# Example:
#
#   # Following will mount 'SECURE_DATA_PROXY_ROOT' in 'proxy' container to '/data/secure-data-proxy/' directory.
#   # Any amount of subdirectories can then be mapped as desired.
#   export SECURE_DATA_PROXY_LOCATIONS='
#       # This directory will be acessible on the Web (if authorized) from '${BIRDHOUSE_FQDN_PUBLIC}/data/example/'.
#       # Access will be authorized using Magpie/Twitcher under the 'secure-data-proxy' API service.
#       location /data/example/ {
#           ${SECURE_DATA_PROXY_AUTH_INCLUDE}  # this must be specified as is to enable auth
#
#           alias /data/secure-data-proxy/example;   # will mount 'SECURE_DATA_PROXY_ROOT'
#       }
#       # ... add more locations here as needed, as long as they map to '/data/secure-data-proxy/...' subdirs.
#   '
#
# NOTE:
#   Other locations can be mapped the same way as above by leveraing the ${SECURE_DATA_PROXY_AUTH_INCLUDE} check.
#   In such case, the volume mount in 'proxy' service to match the 'alias' has to be managed by the maintainer.
export SECURE_DATA_PROXY_LOCATIONS=''

# add any new variables not already in 'VARS' or 'OPTIONAL_VARS' that must be replaced in templates here
# single quotes are important in below list to keep variable names intact until 'birdhouse-compose' parses them
EXTRA_VARS='
  $SECURE_DATA_PROXY_AUTH_INCLUDE
  $SECURE_DATA_PROXY_ROOT
'
# extend the original 'VARS' from 'birdhouse/birdhouse-compose.sh' to employ them for template substitution
# adding them to 'VARS', they will also be validated in case of override of 'default.env' using 'env.local'
VARS="$VARS $EXTRA_VARS"

OPTIONAL_VARS="
  $OPTIONAL_VARS
  \$SECURE_DATA_PROXY_LOCATIONS
"

# delayed since other components could extend it
export DELAYED_EVAL="
  $DELAYED_EVAL
  SECURE_DATA_PROXY_LOCATIONS
  SECURE_DATA_PROXY_ROOT
"

# add any component that this component requires to run
COMPONENT_DEPENDENCIES="
  ./components/magpie
  ./components/twitcher
  ./components/proxy
  ./components/wps_outputs-volume
"