# Use Node.js 20 Alpine Linux as base image (small and secure)
FROM node:20-alpine

# Set working directory
WORKDIR /app

# Create non-root user for security
RUN addgroup --system --gid 1001 apiserver && \
    adduser --system --uid 1001 --ingroup apiserver apiserver

# Install curl for health checks
RUN apk add --no-cache curl

# Copy package files first for better Docker layer caching
COPY package*.json ./

# Install dependencies
RUN npm ci --only=production && npm cache clean --force

# Copy configuration files
COPY config.json ./
COPY .env.production ./.env

# Copy server source code
COPY server.js ./

# Create necessary directories and set permissions
RUN mkdir -p /app/data /app/logs && \
    chown -R apiserver:apiserver /app

# Switch to non-root user
USER apiserver

# Expose port 3001
EXPOSE 3001

# Health check to ensure container stays healthy
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3001/api/v1/health \
      -H "Authorization: Bearer ${API_KEY:-your-secure-api-key-here}" || exit 1

# Set environment variables
ENV NODE_ENV=production
ENV PORT=3001
ENV API_ROOT_DIRECTORY=/app/data

# Start the API server
CMD ["node", "server.js"]