# Dockerfile optimisé pour la CI - variables injectées au runtime
FROM docker.io/library/debian:bookworm-slim

# Installation des dépendances système
RUN apt-get update && apt-get upgrade -y && \
    apt-get install -y --fix-missing \
    ca-certificates curl jq git \
    net-tools iputils-ping dnsutils \
    netcat-openbsd telnet procps && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Installation de Node.js
RUN curl -fsSL https://deb.nodesource.com/setup_19.x | bash - && \
    apt-get install -y nodejs && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

WORKDIR /leCoffre-front

# Copie des fichiers de dépendances
COPY package.json package-lock.json ./
RUN npm install --no-audit --no-fund

# Copie du code source
COPY . .

# Build avec des variables d'environnement par défaut (surchargées au runtime)
RUN NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL:-https} \
    NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST:-localhost} \
    NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT:-443} \
    NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL:-/api} \
    NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION:-v1} \
    NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST:-http://localhost:3000} \
    NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL:-https://qual-connexion.idnot.fr} \
    NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT:-/IdPOAuth2/authorize/idnot_idp_v1} \
    NEXT_PUBLIC_IDNOT_CLIENT_ID=${NEXT_PUBLIC_IDNOT_CLIENT_ID:-default_client_id} \
    NEXT_PUBLIC_IDNOT_REDIRECT_URI=${NEXT_PUBLIC_IDNOT_REDIRECT_URI:-http://localhost:3000/authorized-client} \
    NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=${NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED:-https://lecoffreio.4nkweb.com/authorized-client} \
    NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL:-http://localhost:3000} \
    NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL:-http://localhost:3000} \
    NEXT_PUBLIC_BACK_BASE=${NEXT_PUBLIC_BACK_BASE:-http://localhost:8080} \
    NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL:-http://localhost:8080/api} \
    NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=${NEXT_PUBLIC_DEFAULT_VALIDATOR_ID:-default_validator_id} \
    NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${NEXT_PUBLIC_DEFAULT_STORAGE_URLS:-http://localhost:8080/storage} \
    NEXT_PUBLIC_DOCAPOSTE_API_URL=${NEXT_PUBLIC_DOCAPOSTE_API_URL:-} \
    NEXT_PUBLIC_HOTJAR_SITE_ID=${NEXT_PUBLIC_HOTJAR_SITE_ID:-} \
    NEXT_PUBLIC_HOTJAR_VERSION=${NEXT_PUBLIC_HOTJAR_VERSION:-} \
    npm run build

# Configuration runtime
EXPOSE 8080
ENV NODE_ENV=production
ENV PORT=8080

# Utilisateur non-root
RUN useradd -m -u 1000 lecoffreuser && \
    mkdir -p /leCoffre-front && chown -R lecoffreuser:lecoffreuser /leCoffre-front

USER lecoffreuser

CMD ["node", "server.js"]