# ==================== BUILD STAGE ====================
FROM node:20-alpine AS builder
WORKDIR /app

# Install chromium build dependencies + git (for patch-package)
RUN apk add --no-cache \
    chromium \
    nss \
    freetype \
    harfbuzz \
    ca-certificates \
    ttf-freefont \
    git

# Copy package files
COPY package*.json ./

# Install all dependencies (incl dev) for patch-package
RUN npm ci --production=false

# Copy patch directory if present
COPY patches ./patches

# Apply patch-package (best-effort)
RUN npm run postinstall || true

# Copy application files
COPY server.js ./
COPY swagger.yml ./

# ==================== RUNTIME STAGE ====================
FROM node:20-alpine
WORKDIR /app

# Install Chromium runtime dependencies + su-exec
RUN apk add --no-cache \
    chromium \
    nss \
    freetype \
    harfbuzz \
    ca-certificates \
    ttf-freefont \
    su-exec

# Puppeteer / whatsapp-web.js settings
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
    PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser

# Create non-root service user
RUN addgroup -S whatsapp && \
    adduser -D -S -G whatsapp whatsapp

# Copy node_modules from builder
COPY --from=builder --chown=whatsapp:whatsapp /app/node_modules ./node_modules

# Copy application code
COPY --chown=whatsapp:whatsapp server.js ./
COPY --chown=whatsapp:whatsapp swagger.yml ./
COPY --chown=whatsapp:whatsapp package*.json ./

# Pre-create required folders (will be overwritten by volumes)
RUN mkdir -p /app/data /app/media /app/.wwebjs_cache /app/.wwebjs_auth

# ENTRYPOINT: fix permissions as root → switch to whatsapp → run server
ENTRYPOINT ["sh", "-c", "\
  mkdir -p /app/data /app/media /app/.wwebjs_cache /app/.wwebjs_auth && \
  chown -R whatsapp:whatsapp /app && \
  exec su-exec whatsapp node server.js \
"]

EXPOSE 3001