FROM ubuntu:22.04

# Create non-root user
RUN useradd -m -u 1000 user

# Set environment variables
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH \
    JWT_ALGORITHM=RS256 \
    API_AUTH_TOKEN=secret \
    DASHBOARD_USERNAME=dashboard \
    DASHBOARD_PASSWORD=secret \
    SECRET_KEY_BASE=secret-key-base
# Install minimal dependencies
RUN apt-get update && apt-get install -y \
    curl \
    nginx \
    && rm -rf /var/lib/apt/lists/*

# Install Node.js and pnpm
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
    apt-get update && \
    apt-get install -y nodejs && \
    npm install -g corepack && \
    rm -rf /var/lib/apt/lists/*

# Enable pnpm
RUN corepack enable && corepack prepare pnpm@latest --activate

# Create directories and set permissions
RUN mkdir -p $HOME/app && \
    mkdir -p $HOME/app/docauth && \
    mkdir -p $HOME/app/aia && \
    mkdir -p /var/cache/nginx && \
    mkdir -p /var/log/nginx && \
    mkdir -p /var/lib/nginx && \
    mkdir -p /run/nginx && \
    touch /var/run/nginx.pid && \
    chown -R user:user $HOME && \
    chown -R user:user /var/cache/nginx && \
    chown -R user:user /var/log/nginx && \
    chown -R user:user /var/lib/nginx && \
    chown -R user:user /var/run/nginx.pid && \
    chown -R user:user /run/nginx

# Copy AI Assistant app
COPY --from=pspdfkit/ai-assistant:nightly /base $HOME/app/aia
COPY --chown=node:node service-config.yml /service-config.yml
RUN chown -R user:user $HOME/app/aia

# Copy nginx configuration and replace license key
COPY nginx.conf /etc/nginx/nginx.conf
RUN --mount=type=secret,id=DOCAUTH_LICENSE_KEY,mode=0444,required=true \
    sed -i "s/\$DOCAUTH_LICENSE_KEY/$(cat /run/secrets/DOCAUTH_LICENSE_KEY)/g" /etc/nginx/nginx.conf

# Copy web files
COPY --chown=user:user index.html $HOME/app/docauth/
COPY --chown=user:user document-authoring.js $HOME/app/docauth/
COPY --chown=user:user Sample.docx $HOME/app/docauth/

# Copy auth service files
COPY --chown=user:user auth-service.js $HOME/app/auth/
COPY --chown=user:user package.json $HOME/app/auth/

# Copy start script
COPY --chown=user:user start-services.sh $HOME/app/
RUN chmod +x $HOME/app/start-services.sh

# Install auth service dependencies
RUN cd $HOME/app/auth && pnpm install

# Switch to non-root user
USER user
WORKDIR $HOME/app

# Expose port 4000 for AI Assistant
EXPOSE 4000

CMD ["./start-services.sh"]