FROM node:22-alpine AS base
WORKDIR /app

# Install dependencies
COPY package.json package-lock.json* ./
COPY prisma ./prisma/
RUN npm install

# Generate Prisma client
RUN npx prisma generate

# Development stage
FROM base AS development
COPY . .
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["npm", "run", "dev"]

# Build stage
FROM base AS build
COPY . .
RUN npm run build

# Production stage
FROM node:22-alpine AS production
WORKDIR /app
# su-exec for dropping privileges after fixing mounted volume permissions
RUN apk add --no-cache su-exec
# Copy compiled output and manifests
COPY --from=build /app/dist ./dist
COPY --from=build /app/package.json ./
COPY --from=build /app/package-lock.json* ./
COPY --from=build /app/prisma ./prisma
# Copy source files needed by prisma/seed.ts (imports ../src/config/env and ../src/utils/crypto)
COPY --from=build /app/src ./src
COPY --from=build /app/tsconfig.json ./
# Install production-only deps, tsx (needed for prisma db seed), and regenerate Prisma client
RUN npm ci --omit=dev && npm install tsx && npx prisma generate
COPY --from=build /app/docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh \
    && mkdir -p /app/uploads /app/logs /data/geoip \
    && chown -R node:node /app/uploads /app/logs /data/geoip

# Note: USER node is NOT set here — entrypoint runs as root to fix
# mounted volume permissions, then drops to node via su-exec
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["npm", "start"]