# Doorman API Gateway - Docker Compose
#
# Quick Start:
#   1. Copy .env.example to .env and configure secrets
#   2. Run: docker compose up
#
# With Redis/MongoDB (production):
#   1. Set MEM_OR_EXTERNAL=REDIS in .env
#   2. Run: docker compose --profile production up

services:
  doorman:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        NEXT_PUBLIC_PROTECTED_USERS: ${NEXT_PUBLIC_PROTECTED_USERS:-}
        NEXT_PUBLIC_GATEWAY_URL: ${NEXT_PUBLIC_GATEWAY_URL:-}
    image: doorman:latest
    container_name: doorman
    ports:
      - "${PORT:-3001}:${PORT:-3001}"  # Backend API
      - "${WEB_PORT:-3000}:${WEB_PORT:-3000}"  # Web UI
    env_file:
      - .env
    environment:
      # Memory-mode dump settings (work for localhost and Docker on AWS)
      MEM_DUMP_PATH: ${MEM_DUMP_PATH:-/app/backend-services/generated/memory_dump.bin}
      MEM_AUTO_SAVE_ENABLED: ${MEM_AUTO_SAVE_ENABLED:-true}
      MEM_AUTO_SAVE_FREQ: ${MEM_AUTO_SAVE_FREQ:-300}
      # Encryption key for dumps (set a strong value in .env for real use)
      MEM_ENCRYPTION_KEY: ${MEM_ENCRYPTION_KEY:-change-me-in-prod}
      # Ensure logs are written to a Docker-managed volume, not the image
      LOGS_DIR: /app/backend-services/platform-logs
    volumes:
      - doorman-generated:/app/backend-services/generated
      - doorman-logs:/app/backend-services/platform-logs
    restart: unless-stopped
    healthcheck:
      # Always use HTTP for the internal healthcheck. TLS should be terminated
      # at the reverse proxy (Nginx/Traefik/ALB), and Uvicorn listens in plain HTTP.
      # Using HTTPS here will cause Uvicorn to log 'Invalid HTTP request received.'
      test: ["CMD", "sh", "-c", "curl -fsS http://localhost:$${PORT:-3001}/platform/monitor/liveness"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  # Redis - Enable with: docker compose --profile production up
  redis:
    image: redis:7-alpine
    container_name: doorman-redis
    profiles: ["production"]
    ports:
      - "${REDIS_PORT:-6379}:6379"
    volumes:
      - redis-data:/data
    restart: unless-stopped
    command: redis-server --appendonly yes
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 3s
      retries: 3

  # MongoDB - Enable with: docker compose --profile production up
  mongo:
    image: mongo:7
    container_name: doorman-mongo
    profiles: ["production"]
    ports:
      - "${MONGO_PORT:-27017}:27017"
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_DB_USER:-doorman_admin}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_DB_PASSWORD:-changeme}
    volumes:
      - mongo-data:/data/db
    restart: unless-stopped
    command: --replSet ${MONGO_REPLICA_SET_NAME:-rs0} --bind_ip_all
    healthcheck:
      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
      interval: 10s
      timeout: 5s
      retries: 3

volumes:
  redis-data:
  mongo-data:
  doorman-generated:
  doorman-logs: