FROM node:16-bullseye

# Install nginx and bash
RUN apt-get update \
 && apt-get install -y --no-install-recommends nginx procps bash ca-certificates \
 && rm -rf /var/lib/apt/lists/*

# Create a non-root user for dev
RUN useradd -m appuser || true

WORKDIR /app

# Copy package files first to leverage Docker cache for npm install
COPY package*.json ./
COPY env.sh ./
COPY nginx.dev.conf /etc/nginx/conf.d/default.conf

# Make /app owned by the non-root user, then run npm as that user so
# node_modules are created with the correct owner and we avoid an expensive
# recursive chown later.
RUN chown appuser:appuser /app || true
USER appuser

# Install dependencies as non-root (faster overall because we avoid chown -R)
RUN npm ci --legacy-peer-deps --no-audit --no-fund

# Switch back to root to add the start script and adjust nginx paths
USER root
COPY start-dev.sh /start-dev.sh
RUN chmod +x /start-dev.sh

# Ensure nginx log/lib dirs are writable by the app user (small set)
RUN chown -R appuser:appuser /var/lib/nginx /var/log/nginx || true
# Remove default Debian nginx site so our dev config becomes the active default
RUN rm -f /etc/nginx/sites-enabled/default || true

USER appuser

EXPOSE 80 3000

CMD ["/start-dev.sh"]