# Node.js backend
FROM node:20-alpine

# Build tools needed for better-sqlite3 native compilation
# su-exec for dropping privileges in entrypoint
# libstdc++ is kept at runtime (needed by better-sqlite3 native addon)
RUN apk add --no-cache python3 make g++ su-exec libstdc++

WORKDIR /app

COPY package*.json ./

RUN npm install --omit=dev

# Remove build tools after install to keep image small
# libstdc++ and su-exec are kept for runtime
RUN apk del python3 make g++

COPY . .

# Create data directory for SQLite
RUN mkdir -p /data
VOLUME /data

# Entrypoint fixes /data permissions then drops to node user
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh

EXPOSE 3001

HEALTHCHECK --interval=10s --timeout=5s --start-period=15s --retries=3 \
  CMD node -e "require('http').get('http://127.0.0.1:3001/api/health', r => { process.exit(r.statusCode === 200 ? 0 : 1) }).on('error', () => process.exit(1))"

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["node", "server.js"]