# server/Dockerfile -- Production Node.js/Express API
# Base image: Debian slim for glibc compatibility (bcrypt, sharp)
# Security: non-root user, dumb-init for signal handling
# Size: ~180MB (vs ~1GB with node:22)

FROM node:22-slim AS base
WORKDIR /app
ENV NODE_ENV=production

# Install dumb-init for proper PID 1 signal handling
# Node.js doesn't handle SIGTERM correctly as PID 1
RUN apt-get update && apt-get install -y --no-install-recommends dumb-init \
    && rm -rf /var/lib/apt/lists/*

# Copy dependency manifests first for better layer caching
# Changes to source code won't invalidate npm install cache
COPY --chown=node:node package.json package-lock.json ./

# Use npm ci for deterministic installs; --omit=dev excludes devDependencies
RUN npm ci --omit=dev

# Copy application source with correct ownership
COPY --chown=node:node . .

# Switch to non-root user (provided by official Node.js image, uid=1000)
USER node

# Expose API port (documentation only -- actual mapping in docker-compose)
EXPOSE 3001

# Use dumb-init as PID 1, then run node directly (not npm start)
# This ensures SIGTERM is properly forwarded to the Node.js process
CMD ["dumb-init", "node", "server.js"]