FROM node:18-bullseye

# Install nginx and bash
RUN apt-get update \
 && apt-get install -y --no-install-recommends nginx procps bash ca-certificates \
 && rm -rf /var/lib/apt/lists/*

# Create a non-root user for dev
RUN useradd -m appuser || true

WORKDIR /app

# Copy package files first to leverage Docker cache for npm install
COPY frontend/package*.json ./

# Copy environment shell script (generates env-config.js from ENV at runtime)
COPY docker/dev/frontend/config/env.sh ./env.sh
# Note: ENV variables are set via docker-compose.yml, not from .env file

# Make env.sh executable
RUN chmod +x ./env.sh

# Copy nginx configuration for development
COPY docker/dev/frontend/nginx.conf /etc/nginx/conf.d/default.conf

# Make /app owned by the non-root user, then run npm as that user so
# node_modules are created with the correct owner and we avoid an expensive
# recursive chown later.
RUN chown appuser:appuser /app || true
USER appuser

# Install dependencies as non-root (faster overall because we avoid chown -R)
# Use npm ci without legacy peer deps to get a clean, reproducible install
RUN npm ci --no-audit --no-fund

# Switch back to root to add the start script and adjust nginx paths
USER root
COPY docker/dev/frontend/start.sh /start.sh
RUN chmod +x /start.sh

# Ensure nginx log/lib dirs are writable by the app user (small set)
RUN chown -R appuser:appuser /var/lib/nginx /var/log/nginx || true
# Remove default Debian nginx site so our dev config becomes the active default
RUN rm -f /etc/nginx/sites-enabled/default || true

USER appuser

EXPOSE 80 3000

CMD ["/start.sh"]