FROM python:3.10-slim

RUN useradd -m -u 1000 user
ENV HOME=/home/user PATH=/home/user/.local/bin:$PATH

ENV PYTHONUNBUFFERED=1

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    libglib2.0-0 libsm6 libxrender1 libxext6 libxcb1 libgl1 libgomp1 \
    ffmpeg libavcodec-dev libavformat-dev libavutil-dev libswscale-dev \
    libavdevice-dev libopus-dev libvpx-dev libsrtp2-dev \
    build-essential git git-lfs curl \
    && rm -rf /var/lib/apt/lists/*

RUN pip install --no-cache-dir torch torchvision --index-url https://download.pytorch.org/whl/cpu

COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

# Resolve LFS pointers to real binary files, then drop .git
RUN git lfs install && \
    git lfs pull && \
    rm -rf .git

# Download face_mesh model (non-fatal if network blocked)
ENV FOCUSGUARD_CACHE_DIR=/app/.cache/focusguard
RUN python -c "\
try:\
  from models.face_mesh import _ensure_model; _ensure_model(); print('face_mesh model cached')\
except Exception as e:\
  print(f'face_mesh pre-download skipped: {e}')\
"

RUN python download_l2cs_weights.py || echo "[WARN] L2CS weights skipped"

RUN mkdir -p /app/data /app/.cache && chown -R user:user /app

USER user
EXPOSE 7860

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860", "--log-level", "info"]