{
	order jwtauth before basicauth
}

:80 {
	encode zstd gzip

	handle_path /api/v1/* {
		rewrite * {path}
		reverse_proxy geodata:8000
	}

	redir /openapi.json /api/v1/openapi.json permanent

	handle_path /martin/* {
		rewrite * {path}
		reverse_proxy martin:3000
	}

	@is_admin {
		vars {http.auth.user.id} "demo"
	}

	handle_path /pgweb/* {
		jwtauth {
			sign_key {$SECRET_KEY}
			from_cookies user_session
		}

		rewrite * {path}
		reverse_proxy @is_admin pgweb:8081
		redir /login/ 401
	}

	handle_path /static/previews/* {
		rewrite * {path}
		file_server
	}

	# play nice with vue-router
	# https://caddy.community/t/caddy-with-vue-router/12352
	handle {
		root * /usr/share/caddy
		try_files {path}.html {path} /index.html
		file_server
	}
}