# ==============================================================================
# Stage 1: Build Frontend (Next.js)
# ==============================================================================
FROM node:20-slim AS frontend-builder
WORKDIR /app/frontend

# Install dependencies
COPY frontend/package*.json ./
RUN npm ci

# Copy source and build
COPY frontend/ .
# Disable telemetry during build
ENV NEXT_TELEMETRY_DISABLED=1
RUN npm run build

# ==============================================================================
# Stage 2: Final Image (Python + Node.js Runtime)
# ==============================================================================
FROM python:3.11-slim

# Build Arguments for Tunnel
ARG BASTION_URL="https://bastion.3prism.ai"
ARG HOST_ARCH="amd64"

# 1. Install System Dependencies & Node.js (for runtime)
# We need Node.js to run the Next.js production server (npm start)
RUN apt-get update && apt-get install -y \
    curl \
    nodejs \
    npm \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# 2. Create Python Virtual Environment and Install Dependencies
COPY requirements.txt .
RUN python -m venv /app/.venv && \
    /app/.venv/bin/pip install --no-cache-dir -r requirements.txt

# 3. Bake in Portwarden Client (The "Tunnel")
# This runs during build time to download the binary into the image
# 使用 -k 跳过 SSL 证书验证（bastion.3prism.ai 证书过期）
RUN echo "Downloading Portwarden Client from: ${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" && \
    curl -fsSLk "${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" -o /usr/local/bin/portwardenc && \
    chmod +x /usr/local/bin/portwardenc

# 4. Copy Frontend Build Artifacts
# We need package.json to run 'npm start'
COPY frontend/package*.json ./frontend/
# Copy the built .next folder and public assets
COPY --from=frontend-builder /app/frontend/.next ./frontend/.next
COPY --from=frontend-builder /app/frontend/public ./frontend/public
# Install ONLY production dependencies for frontend
WORKDIR /app/frontend
RUN npm ci --only=production

# 5. Copy Backend & Application Code
WORKDIR /app
COPY backend/ ./backend/
COPY *.py ./
COPY *.sh ./
COPY entrypoint.sh /usr/local/bin/

# Make scripts executable
RUN chmod +x /usr/local/bin/entrypoint.sh ./start_app.sh

# Environment Variables Defaults
ENV PW_LOCAL_PORT=3001
# Disable Next.js Telemetry
ENV NEXT_TELEMETRY_DISABLED=1

# Expose ports? 
# Technically tunnel needs NO EXPOSE, but for local debugging we might want it.
# EXPOSE 3000 8000

# Entrypoint & Command
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
# 启动前端 (Next.js 生产模式) 和后端 (FastAPI)
# 前端监听 3001 端口，后端监听 8000 端口
# 使用虚拟环境中的 Python 运行后端
CMD ["bash", "-c", "cd /app/frontend && npm start & cd /app/backend && /app/.venv/bin/python -m uvicorn app.main:app --host 0.0.0.0 --port 8000 && wait"]