# Build stage
FROM node:20-slim AS build

# Install Python and build tools for node-gyp
RUN apt-get update && \
    apt-get install -y python3 make g++ && \
    ln -s /usr/bin/python3 /usr/bin/python && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create app directory
ENV APP_DIR=/usr/src/app/
RUN mkdir -p ${APP_DIR}

# Install global dependencies
RUN npm install -g pm2 ts-node typescript
    
# Create a non-root user
ENV APP_USER=appuser
RUN adduser --disabled-password --gecos '' ${APP_USER}
WORKDIR ${APP_DIR}
RUN chown -R ${APP_USER}:${APP_USER} ${APP_DIR}

# Switch to non-root user
USER ${APP_USER}

# Copy package files and install dependencies
COPY --chown=${APP_USER}:${APP_USER} package.json package-lock.json ./
RUN npm install

# Copy source code
COPY --chown=${APP_USER}:${APP_USER} . .

# Rebuild native dependencies
RUN npm rebuild bcrypt --build-from-source

# Build the application
RUN npm run build:ts

# Production stage
FROM node:20-slim

# Install only production dependencies
ENV APP_DIR=/usr/src/app/
RUN mkdir -p ${APP_DIR}

# Create non-root user
ENV APP_USER=appuser
RUN adduser --disabled-password --gecos '' ${APP_USER}
WORKDIR ${APP_DIR}
RUN chown -R ${APP_USER}:${APP_USER} ${APP_DIR}

# Copy only necessary files from build stage
COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/dist ./dist
COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/package.json ./
COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/package-lock.json ./

# Install only production dependencies
USER ${APP_USER}
RUN npm ci --only=production

# Environment variables
ENV CI=true
ENV PORT=14000
ENV NODE_ENV=production

# Expose the application's port
EXPOSE ${PORT}

# Command to run the application
CMD ["npm", "start"]