# =============================================================================
# Stage 1: Builder
# =============================================================================

FROM node:22-slim AS builder

# Proxy for downloading dependencies (passed via --build-arg)
ARG HTTP_PROXY
ARG HTTPS_PROXY
ENV HTTP_PROXY=${HTTP_PROXY} \
    HTTPS_PROXY=${HTTPS_PROXY}

# China npm mirror
RUN npm config set registry https://registry.npmmirror.com

WORKDIR /app

# Copy package manifests first (layer caching for dependency install)
COPY package.json package-lock.json ./

# Install all dependencies (including devDependencies for building)
RUN npm ci

# Install Chromium for rebrowser-playwright
RUN npx playwright install chromium

# Copy source code
COPY tsconfig.json tsup.config.ts ./
COPY src/ src/

# Build the project
RUN npm run build

# Remove devDependencies to slim down node_modules for production
RUN npm prune --omit=dev

# =============================================================================
# Stage 2: Production
# =============================================================================

FROM node:22-slim

# Proxy for apt-get (passed via --build-arg)
ARG HTTP_PROXY
ARG HTTPS_PROXY
ENV HTTP_PROXY=${HTTP_PROXY} \
    HTTPS_PROXY=${HTTPS_PROXY}

# Install Chromium dependencies required by Playwright/rebrowser-playwright
RUN apt-get update && apt-get install -y --no-install-recommends \
    libnss3 \
    libnspr4 \
    libatk1.0-0 \
    libatk-bridge2.0-0 \
    libcups2 \
    libdrm2 \
    libdbus-1-3 \
    libxkbcommon0 \
    libxcomposite1 \
    libxdamage1 \
    libxfixes3 \
    libxrandr2 \
    libgbm1 \
    libpango-1.0-0 \
    libcairo2 \
    libasound2 \
    libatspi2.0-0 \
    libwayland-client0 \
    fonts-noto-cjk \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN groupadd --gid 1001 appuser \
    && useradd --uid 1001 --gid appuser --shell /bin/sh --create-home appuser

WORKDIR /app

# Copy built artifacts and production dependencies from builder
COPY --from=builder --chown=appuser:appuser /app/dist ./dist
COPY --from=builder --chown=appuser:appuser /app/node_modules ./node_modules
COPY --from=builder --chown=appuser:appuser /app/package.json ./package.json

# Copy Playwright browsers from builder
COPY --from=builder --chown=appuser:appuser /root/.cache/ms-playwright /home/appuser/.cache/ms-playwright

# Create data directory for cookies and API token
RUN mkdir -p /home/appuser/.social-mcp \
    && chown -R appuser:appuser /home/appuser/.social-mcp

# Switch to non-root user
USER appuser

# Environment defaults
ENV NODE_ENV=production \
    HOST=0.0.0.0 \
    PORT=3000 \
    HEADLESS=true \
    COOKIE_DIR=/home/appuser/.social-mcp \
    ALLOW_REMOTE=yes-i-understand-the-risk

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=10s \
    CMD node -e "fetch('http://localhost:3000/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"

CMD ["node", "dist/index.js"]