include /etc/nginx/conf.d/include/cors;
include /etc/nginx/conf.d/include/track-download;

limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time

# ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones)
# this is important because we want only one format in cache keys and logs
set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) }

# default download rate to unlimited
set $limit_rate 0;

access_by_lua_block {
    if require("skynet.account").accounts_enabled() then
        -- check if portal is in authenticated only mode
        if require("skynet.account").is_access_unauthorized() then
            return require("skynet.account").exit_access_unauthorized()
        end

        -- check if portal is in subscription only mode
        if require("skynet.account").is_access_forbidden() then
            return require("skynet.account").exit_access_forbidden()
        end

        -- get account limits of currently authenticated user
        local limits = require("skynet.account").get_account_limits()

        -- apply download speed limit
        ngx.var.limit_rate = limits.download
    end
}

limit_rate_after 512k;
limit_rate $limit_rate;

proxy_read_timeout 600;
proxy_set_header User-Agent: Sia-Agent;

proxy_pass http://sia:9980/skynet/skylink/$skylink$path$is_args$args;